00000006c7a987425fe49dd6202202f49a008fec11744fde7d286c464a9d00677dbe13ae2e9989fc642edecbb6106003b3aeb"], &(0x7f0000000080)='GPL\x04\x9c5\x14\xbfw-\xa0z\xe8.vY\n6\xf6I>\xc1\xab\x91\xb3\x97\xe4*\xbf\x1e\xa6\xcd\x8c\xd7t\'\xfc\x9a\x9e+qe\xf5+A\a\xbf\bP\xd8\x99\xdcR\xd0\x13\x17]\xdb\x1b/F <*\x05\xb7\"\xe3>Uo\xb2\xe3\xf3\x9a<\xde\x1f\xcaSd\x037\xec\x95aF\xbd\xbf\xcb\x11Pp\x19V1\xde]!\xa5\xea\x9ec\x8c+\xdbx\xa5\x01\xcaKn\xa3\x13\xd8%h\xf98,,?o\xab\xa6\xb4\xeeTy;N\xd2m\xae>R\"P)\xbb*\xc0\x00\x7fwuL?#\xce\xda\x98\t\xb9\xa9hJ\x94\n\xbc\xaa\x8c\xfc\xc7\x13>\xc4\"\xe9\xc88\x881\x8dA\xe9\xa4\x93\xf0\x19_\xe2Y\x96Q\xb8\x95\x04\xf5\xdb\xa1F%\xce#f\xf3=\x95\xdb\xa9/\x86ry\xca\xbfJ\xce\xdd\xc8Z\x8a\xf7\xa0\xfah\xd7g\xceQ6\xb9\xd0\xd1\x96lI\x9c\xb6\xbf4\xc2\x98\x86f\x97\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'}, 0x48) r0 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0xab, 0x501000) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000200)={0x2, {{0x2, 0x4e21, @loopback}}}, 0x88) [ 2415.372421] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2415.410260] CPU: 0 PID: 23653 Comm: syz-executor.2 Not tainted 5.0.0-rc8+ #89 [ 2415.417561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2415.426916] Call Trace: [ 2415.429520] dump_stack+0x172/0x1f0 [ 2415.433172] dump_header+0x10f/0xb6c [ 2415.436909] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2415.442046] ? ___ratelimit+0x60/0x595 [ 2415.445944] ? do_raw_spin_unlock+0x57/0x270 [ 2415.445968] oom_kill_process.cold+0x10/0x6f5 [ 2415.445991] ? task_will_free_mem+0x139/0x6e0 [ 2415.446014] out_of_memory+0x79a/0x1280 [ 2415.459397] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2415.459417] ? oom_killer_disable+0x280/0x280 [ 2415.459432] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2415.459458] mem_cgroup_out_of_memory+0x99/0xe0 [ 2415.472986] ? memcg_memory_event+0x40/0x40 [ 2415.473011] ? _raw_spin_unlock+0x2d/0x50 [ 2415.473034] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2415.473049] try_charge+0xfec/0x1570 [ 2415.482816] ? find_held_lock+0x35/0x130 [ 2415.482841] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2415.482866] ? kasan_check_read+0x11/0x20 [ 2415.513257] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2415.518113] mem_cgroup_try_charge+0x24d/0x5e0 [ 2415.522712] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2415.527656] wp_page_copy+0x408/0x1740 [ 2415.531568] ? find_held_lock+0x35/0x130 [ 2415.535643] ? pmd_pfn+0x1d0/0x1d0 [ 2415.535661] ? lock_downgrade+0x810/0x810 [ 2415.535677] ? __pte_alloc_kernel+0x220/0x220 [ 2415.535696] ? kasan_check_read+0x11/0x20 [ 2415.535712] ? do_raw_spin_unlock+0x57/0x270 [ 2415.543411] do_wp_page+0x2ed/0x1520 [ 2415.543429] ? rwlock_bug.part.0+0x90/0x90 [ 2415.543442] ? lock_acquire+0x16f/0x3f0 [ 2415.543457] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2415.543472] ? add_mm_counter_fast.part.0+0x40/0x40 [ 2415.578064] __handle_mm_fault+0x22db/0x3f20 [ 2415.582505] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2415.587357] ? find_held_lock+0x35/0x130 [ 2415.591426] ? handle_mm_fault+0x322/0xb30 [ 2415.595678] ? kasan_check_read+0x11/0x20 [ 2415.599842] handle_mm_fault+0x43f/0xb30 [ 2415.603921] __do_page_fault+0x5da/0xd60 [ 2415.608004] do_page_fault+0x71/0x581 [ 2415.611830] ? page_fault+0x8/0x30 [ 2415.615377] page_fault+0x1e/0x30 [ 2415.618831] RIP: 0033:0x40d1e8 [ 2415.622049] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf bf d4 4b 00 31 c0 e8 43 47 ff ff 31 ff e8 8c 43 ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d 7e 32 64 00 [ 2415.640953] RSP: 002b:00007fff02590240 EFLAGS: 00010246 [ 2415.646318] RAX: 000000005511976d RBX: 00000000727102e3 RCX: 0000001b2fb20000 [ 2415.653606] RDX: 0000000000000000 RSI: 000000000000176d RDI: ffffffff5511976d [ 2415.660875] RBP: 000000000000000d R08: 000000005511976d R09: 0000000055119771 22:48:08 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x400000000000000, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:48:08 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x3f4, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:08 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6a1, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) [ 2415.668146] R10: 00007fff025903d0 R11: 0000000000000246 R12: 000000000073bf88 [ 2415.675416] R13: 0000000080000000 R14: 00007fca96221008 R15: 000000000000000d 22:48:08 executing program 1: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) creat(&(0x7f0000000880)='./file0/f.le.\x00', 0x0) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) fstat(r0, 0x0) mlock2(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1) mkdirat(r0, &(0x7f0000000740)='./file0\x00', 0x0) mkdirat(r0, &(0x7f0000000580)='.//ile0\x00', 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f0000000140)='./file0/../file0\x00') 22:48:09 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x500000000000000, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:48:09 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x3f5, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:09 executing program 1: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x2, 0x0) setsockopt$IP_VS_SO_SET_EDIT(r0, 0x0, 0x483, &(0x7f0000000040)={0x4, @dev={0xac, 0x14, 0x14, 0x27}, 0x4e21, 0x3, 'lblcr\x00', 0x23, 0x6b, 0x2}, 0x2c) setsockopt$netrom_NETROM_IDLE(r0, 0x103, 0x7, &(0x7f0000000080)=0xf8, 0x4) ioctl$VT_RESIZE(r0, 0x5609, &(0x7f00000000c0)={0xffffffffffffff00, 0x5, 0x100000001}) fcntl$getownex(r0, 0x10, &(0x7f0000000100)={0x0, 0x0}) ioctl$sock_FIOSETOWN(r0, 0x8901, &(0x7f0000000140)=r1) ptrace$setregs(0xffffffffffffffff, r1, 0x100, &(0x7f0000000180)="4c4ac5e263afaef925b34055eeebfec37a1ccd95fcb4aa23d59f6dffd2b33678d55c8df5e66b5a0c2fac21ec1e7e3330e62917bfcb2aec537a53528f2f8cc958178fc170608c66dd9aa426d89a05343ba6d38155a1407b0bbe4f9c9ff82c11fc59cd646cca83a0172813b899e6454bf2735d3d5092499c58ab76ef00c5c138fea6d6825c27fb774d5249d5154788ce9bc6339addd9825cee6001b341c8b483f58942657a4a7895f3b72eaa3bea54fcdc8f9db442ff0aa0af05839f54a3a9e4c5d609d86d882c52d49fafbd963d21975879825c36e8ba765715982a980fa140010d3f7056e18ac6186f5e65a96037040bbdf2018fae78b098816da23f697b3b4922c8c458efb450fcc835b5f4eb184b7b88bffe8fadf37035a1074cd93214b3dd42d9abb3b1baf4c13e874838a3383a677439172e55d1619be76fe3b88e0c2d9ed268d0f0ab654060b06d0d99e444f53cb9560acf9e1d03ba24defd5f49d9181c4ef835afe0a9d5804fa7537bd83ece0bb224f541fa71c90b19901208c9f483187f45178395fec334cdd07438de27c4582eef768a5be812bc4a391c5bdaac329ea23e0e7b18bc6be18e2743a02d831589f6c57c502aa6f84c41258a41453a42409f2ad8d2d4dccef4d782299d416710ee1bd6de2ee4753fac7f1f6466a2c8cc5fdc2f4ca2285f142db82846de896d72126aaa87171439bd05ec4ad19351b91ffa49f1b9aa3273992811ff600ed8c35895b77d65b47f3313bbbf723e142d6e69b9fd117c9f110464605724151c8770d9c4e772d2fa1591206c0787f7ee1587495e02e5acbdd7a41fb504a667afd211fb65e85270bdb1bd09be566fdea113a39641877e386d7f4c16286e6533eb4b489c92391c8d31638accab20bda7262f0eb7a4673f1adbac547df9b73b7d3086fd256a419604e3ae81523e881f60a4c5a880dce8f060d717c1c6ac607112b7600ee7d9712393afbc94c829302bc63ccd3f806f565a3147d4cbbd205ff9be7186912db59edc7b6a1b7134796ac783ee5f7a66b7c49d3306295bc292f65435acef71649392760c2525844e752f6c690e920c62fb54d025d28faa2d74339686bce84e95af98fd33b9b5d2229eabb15403b7bd892f9e8feaede0d107b26a7d087c35c4c7e23b5948645a875c79f982bc24bdc772e70458c8b384dca990cb6c3158251a93065004755b36873da123a7e6d02a0e5a1d2dadaa607201bad2f30c64caba5e1e1e01850ee561ef82b82fba3e65ffff25df6be4d03fec584c0b3269f54a5e69752bde7f6e70ac0ef065699bf30b3cb39bf8d21287b049eee103ac95b845e8bae43932f2c0fef41b7beb8a5ed15c91792b36d1a7d27358921517d184a79e7b9b4a32934c9c2bb89ed6d6b0720188660aaaadfbb55f1069dfa6024adf00621623d394a63a288eee3c180dcc12af0f58210f06d1a1f225e29165dc9c730c9692a89558c0d121507888f66e99bed7ccf62a8e35da70d0089584c6fa21d44e956bc8aba4057dbecf62207e87d1cee4aa440224a31188fc70c46eb514a13f6046922fd9dd928b6fdded41e196db9c0082114515dcf70aaea7ced0af4ea183b5bf9483a4129b9261299385bd7a443220913923171b307d251feac550dadc44d7c6d6d9c30c513edee5d00dc5539229570bd2a7c778118b3d4515ccc4f50cd04bc61d3818834a43cf386e53ac38728b37cbe87ffc6bb86b603f4b0b43ea50be491ca42e0b64535fd936fe253d35d478aad6ad3240b271ae27498036978e122da387858b74eb4400990e92bb1d2e22ab84c50a9700bb850611404fb5e8797edeca101e40fb812a6550afb9aabb950762afd9d51217ecb3f219f51b36a95667582f5e5d24e02d1155dbeb7acafd31c1a5c3ae0fd17f6f423883e82b25b374db067bd31ba896b71a1eae22f412e4e5810a4ef352f42b2eadb85dff871bb6152d6159e8d0a7f4adda2bc3647af16f5afff5866c7c1db242a2858042fb9b3727f84dae56550006537578e27fa7473e495c9969958d49c1c86419f263c27a9e90c0c3827c2665ad187c86e673cc526ee79cf2a075d577564530f4a3413a28259f44d656f12a069dfdf1c651c12fcdc373a48f23481bca0d7749239ec68f4a30709ecac3083f225d1e32df1fd457719b002a0539e03a208347fecbb0e2fc74bfcac3daf06c7fefd033ad4505065bcba173d74f3b5b8a4a76cc28fdd8a941cec18c19ae012b752044ab38501dd293f20c5ac868e1956807d1dbe3716645cb20cc4811c108d9d2e26626aa6ac7722443327f868b16d3f52baf67580c4390b35aee80588ea1e09ce84dec00ce08d6877e894fd4052d4f135fdcce1daa3458e841ec912f4e8bf23527c2b8bf6055e263792209f6dcf8f2597aa418db72e9a6ee5c5ce088bcdffbc567265453d4f7e0a4a411792dc14593c23b41a5222b2eb5437ca1106a51b134f9798af1d8921e37c7f7a36ad165688f154122ce7b17e53c867fa7a0b87b55fa22dfd75eb628096fd3559ec29af5d595b0079b6fa96f2435a11b66a7d075cc561852a4ce8ace031e35a8ad3155faa6d9eb7b5b899e0e8451129fb6f131206ce08996afca2b0233d7ce7e049605c485ae5db6d3b65a60999e082a811f886bf06621ddf315db7c7ff901e94eeef495871370d29dec2dbcab17270dbcb15e509c3513f0add9cca9bbfd3a6ef0f6e3086777f3b4d501de19c3240c30d4f1a803638b74f38cee24f996ae23e672ae37f2fc9bc4b49704f04348810816edfe0f71b0139bef31be368994deb9d241ddebd7b032f0f096d30cb1d37ffb5ab93edb86a9163bb6e81cd1e68fa8a7b2d7a005f1be2e52abbc2c7758d51ad2fe1e9bb780bbbd901b9498475e978c83c5c903392210e344e3a73b78a88bcbea72e55f861c72fbfa5d2017f590e2f1881002029a70eba1ce6e98d5c32e103d475b48f108abebd0e089794d4ff0cfb41ed5135a80556988aa960ef9eec9c8c321ffefa360c8ccc4d1bbd405957a35f10fa42bab24c14c2a87a524f1e08c5f7c6ec0b311c9e401060241054b3132c207e3c881930199ac267f8abdd6d6a553fcccfcfb0aa5e433dd9738600d51fbeb5617198a9d5a8999cc9346cf705f8b3e61ceef2f84703fccce7d2bdb416fb8b56dc43a9574892645a63f4a568acb7a1a4738a8539a6b8cb84d1b3edc96a115875bfd84aa8e4308d6bc75178506c7053f77e9934406ef91e3f35514637c8ccc3b3894f5071578af7214383533700a300486e9dfa551c0191ed54a6a38fb106f883070fbec1320ccb034363c0342422345266e29206d544ba5e41b585f7168e166d734ebc51a57703b01120258f465352c5634c676ccd6d6508b6781f4c421f7399b18c0c28999365d7ccc6c2a7e74baafd70c764bfc21f118647d2c73afc0e4ab94251bf1090c70beed825ecaa459b684d5a699bab3b46d7a35bd2e55e8d80a7c227bd09300ce2a9390936beeba6eeb9af481983812094af0baaa865babecdf853f4b1cde2319f7523da11b1708fd1acfdc7b81ebf3c5265b5997ec242333867855b5289e36a2d304ab01f040bab0653a938bd1765291a7944bb00205aaff5db4625e5c417bf8eb2ca8a8ec1954bfd54d434e81f3178728c30d0369f36af99e0ebe592bbc9129714c0fc6e13e44ace3ee838b2939c79acae2ebeb1e58d529d1ccedd945ca265e1279f790d784d6ca3dfc39d553867d9a122ecc1ca69aa052fcc2af1bfdcaafeee7b9946f0fbd6c6cadc3230efe1f48a50c3157daec84200e57ab37e70f79e56d0c92e7d3160136ded021f3f06d0cfab5f8419e77fbab1a95296aa3aabaf33b091df524cbcb2743b2a0ce9e216a74f4c99bef654b68708334a4dcaa98ad435dd45575775fce783c374c5bf300fe2ea8081bfd557ea767483bc022b2a5fc15ed8d714ddbe454c2fbc887834451b132431bd5b19ce461fe92b69cbc51ac166ed0dc2a7427917f7265363ebf82528de0b1bac4baaad3832e880d7442127ee3f67d3dccce03585af3bfe513e54766acc5281de1be674ea278e05a343eeb0836b77dd070875803712420db6849b6801d4bb9b74206cf0cf35411a30575902edd69fe2d0d2766025016a4d15783ac8fc14f8ac90dbd04fea70acddcf4de331efa11401556406894de2fc644547e1960077ccd3112f0ae4032876a1844a756deb588636af1f953a1d0ef1050c1809e692186ca1159a95da6c08f493aeb3ce65fe3f40d2a2617bbd276e6e43de47be920e4a9654eedb9f2a4d27e3821e2e1800ef1083a18c60980b3494cc1febf95c84c60b0c95a07a70a0a393c9b0545a9ff15e4b2016daf654407d21c6d7d50913de9e429781bcce51eaeed2b5f44bb7e0a9f30b0faa80d015cc6ea8b2ca3dc51be936ad7bba4992666f07c7d27455d699b7004e367fb228cbf578e5d284594c7cabd7e89492564bb375b091b247d8fcba812c29944a5e4eaaebc254813e6f149c31222f4f027f11a2bcff5ba1043e015dcd84c5278fb161c83e53decb7b1cb786a5d58c1ab0af8412c87edb358981041575e2a2ddadfab098186c50951a7147d7da96433227698be15fa3b70420d12709c9c33d175b1cbed196c642dfbf7fe0f4ae47f2c9a195c7ef2a75696f43be91b62f899ca1671e1d58c09a5085d0942d6d1ee1becbd325a64807b5f64e1eb69624083409bb9e7502c73d5327cef3bd3e4cb6a89d97b9c5c15b1ac775651115afb29eb2d41fecd904444ed262a62aca0af7e09cdd9b815a66380032e33c7edc58ff7baa957642df1740abab27746aec9a1ba4ca247ff3dacbe7021562013c501e574e12c4e6574998b4db7ce6f52623d121d35f37354085f8fbd32eaad55882904c7a709a032bdf6f47386c3b59f2428277b899d747059b97d6a265d1d46ebf0b780a015d6911c9151459dac0d8ec1e2c6c275aae4e51ce57a1674dad7ad571da5ac5a1263602f9effc06511e0419990bf005debbe9a826fcfecc177310af0d6322e44f6bf41f05ac413d1d71dda48b9037c697466fc28628f15bf901020a1b098b487767f56af2bad05516b6fb4a26b08cc61090aac1291add333647bb7da78ba44ae5e9603a2b418e728935b94358c431b0e949290eb8683e8176b5f4b458d21bd701208f17e1e2717ca4fef3286828edb576a72b16cd4fb7e44f74e7d8c58c8b69fffa3b5afa3f1c5433ec39e64563fce590aa4693159b7393ae22eb30de048b14ee5ee1c610abb55a8be165132dae797317ec444cbe35ce4ef04ebfafc8dc497806d056f92e679d5f8838663dbb3ba74ff2a5ffcf6d8c9ac4eb9d08a1e8c8ad9840eee89ca0794363bbceebd9fa0e0b7ce4f038a524acacfb620222321af6d974cb063bab09ef2b429ae2ee2d56840908706a1ca3a31874b00852fb6eb8a1162a6974e46a732e315dbc9e2b7351f2d4219ba98f6ef6d41a841c1ae7dc71307a4ff327ebc7700aa1a37616073b6eac29ec3dbf8b05f21a6bf3ebf87977d50ee3bb5d8aa0371c1138c8e20c8688d1b5e0fd85cd03a4ce39fa2762e30db9be8c3111bf2235a029847d1b0c0e689517123323f787a3f12c4549e3c9a8fd4f85f802afc9b0971fa759ea5606445da54bc5f527f279e03c3c58abf83db850317c1d2a24188e3f2353fee1697674b9ac39e48113ac86c431c51579b2b19974b65c0279ca14e8fd3958125807abd0b33c830a9c0cdf862f7e959c4c621e91277e7a36788c06e81c18047bd51926bc0464c482bf735c021bd742e09191247f419d28ce9e1a55d98be5c8b7624f70d14f1") getsockopt$inet_sctp6_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000001180)={0x0, 0xffffffffffffff00, 0x2, 0x5, 0x1a61, 0x81, 0x100, 0x8000, {0x0, @in6={{0xa, 0x4e22, 0x81, @dev={0xfe, 0x80, [], 0x1e}, 0x400}}, 0x5f6, 0xfffffffffffffbb2, 0x1, 0x80, 0x1f}}, &(0x7f0000001240)=0xb0) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000001280)={r2, 0x7, 0x20}, 0xc) write$ppp(r0, &(0x7f00000012c0)="8b67757acf6487191d22eadc540e730d0b86a59d290db33a50c731bd320de5e4d8f28c54e810de7d1ce60d169ad9efb7fba1a48f81a746b8c12d4dbb6063a871181310e2f7a5bb15c402a5ae6c84383a4451cf3b990785b34ca4dc2bad557e66bdd410e0ab643a30b4a3ed03029c98aad0cd8d01e80b05598e962537c5ddc898327d238cd095fb144772c0598415de7016dab5919ad758076d125fbde4c7dc4624f77b1e5f16f3787e9f1efc161abf4b", 0xb0) r3 = accept4$inet(r0, &(0x7f0000001380)={0x2, 0x0, @remote}, &(0x7f00000013c0)=0x10, 0x80000) setsockopt$inet_msfilter(r3, 0x0, 0x29, &(0x7f0000001400)={@remote, @multicast2, 0x0, 0xa, [@local, @multicast2, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast2, @multicast2, @multicast2, @remote, @initdev={0xac, 0x1e, 0x1, 0x0}, @loopback, @dev={0xac, 0x14, 0x14, 0x1e}]}, 0x38) write$UHID_INPUT2(r0, &(0x7f0000001440)={0xc, 0xad, "8987db3e9aeaea3cb830ac154f76306769929cb60c09ecd5da283da7c584532c34c26501c18d52833f4ea8f44ab7b91c310d3de90e026ef3f46f364915be94618b1e8fe03bab533468c3af5a21cf8b1cb0b8b236ccf21bc5a982c6d57362621f44bfd8898c643248093b510624717c22ea78e88c93f3c314a018295b1c211a73d17d4c05fa882f1b33e30f90f429a2369bd9ef0fbba6b282e9fb606327e359c8f8f3fda037877b6d275557b942"}, 0xb3) ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000001500)) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000001580)={{{@in=@multicast2, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@empty}, 0x0, @in=@remote}}, &(0x7f0000001680)=0xe8) stat(&(0x7f00000016c0)='./file0\x00', &(0x7f0000001700)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) chown(&(0x7f0000001540)='./file0\x00', r4, r5) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x4058534c, &(0x7f0000001780)={0x9, 0x7fffffff, 0xff, 0x2, 0x7, 0x6}) setsockopt$IP_VS_SO_SET_TIMEOUT(r3, 0x0, 0x48a, &(0x7f0000001800)={0x2, 0x4, 0x101}, 0xc) r6 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000001840)='/dev/dlm-monitor\x00', 0x8000, 0x0) write$cgroup_subtree(r6, &(0x7f0000001880)={[{0x2d, 'pids'}]}, 0x6) ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04) r7 = dup3(r6, r0, 0x80000) setsockopt$l2tp_PPPOL2TP_SO_DEBUG(r7, 0x111, 0x1, 0x2, 0x4) r8 = accept4$nfc_llcp(r6, &(0x7f00000018c0), &(0x7f0000001940)=0x60, 0xa8b867c390e81114) ioctl$sock_TIOCOUTQ(r7, 0x5411, &(0x7f0000001980)) ioctl$KDENABIO(r6, 0x4b36) fchownat(r8, &(0x7f00000019c0)='./file0\x00', r4, r5, 0xd00) ioctl$sock_inet6_udp_SIOCINQ(r6, 0x541b, &(0x7f0000001a00)) ioctl$VIDIOC_G_SLICED_VBI_CAP(r0, 0xc0745645, &(0x7f0000001a40)={0xfffffffffffffffd, [0x3f, 0x50f, 0xffff, 0x8, 0x400, 0x5, 0xce, 0x373, 0x0, 0x80, 0x200, 0x0, 0x2, 0x9, 0x0, 0x2, 0x7, 0x1, 0x1, 0x10000, 0x4, 0xb6d, 0xfffffffffffffffd, 0x29e8, 0x4, 0x80000000, 0x2400, 0x3, 0x9, 0xe5, 0x9, 0x400, 0xffffffffffffffef, 0x3f, 0x7, 0x3, 0x3ff, 0x1ae, 0x4, 0x2, 0x10000, 0x3, 0x5, 0x10000, 0xfe7, 0x3f, 0xffffffffffffffff, 0x7], 0xf}) [ 2415.845900] memory: usage 307200kB, limit 307200kB, failcnt 5025 [ 2415.873223] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2415.914294] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2415.951683] Memory cgroup stats for /syz2: cache:12KB rss:124728KB rss_huge:30720KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:124800KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2416.063347] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=9032,uid=0 [ 2416.090141] Memory cgroup out of memory: Kill process 9032 (syz-executor.2) score 124 or sacrifice child [ 2416.100369] Killed process 9032 (syz-executor.2) total-vm:72444kB, anon-rss:2204kB, file-rss:35784kB, shmem-rss:0kB [ 2416.123142] oom_reaper: reaped process 9032 (syz-executor.2), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB [ 2416.147365] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 2416.167604] CPU: 1 PID: 23660 Comm: syz-executor.0 Not tainted 5.0.0-rc8+ #89 [ 2416.174890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2416.184243] Call Trace: [ 2416.186843] dump_stack+0x172/0x1f0 [ 2416.190493] dump_header+0x10f/0xb6c [ 2416.194225] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2416.199342] ? ___ratelimit+0x60/0x595 [ 2416.203233] ? do_raw_spin_unlock+0x57/0x270 [ 2416.207648] oom_kill_process.cold+0x10/0x6f5 [ 2416.212192] ? task_will_free_mem+0x139/0x6e0 [ 2416.216716] out_of_memory+0x79a/0x1280 [ 2416.220746] ? oom_killer_disable+0x280/0x280 [ 2416.225258] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2416.230382] mem_cgroup_out_of_memory+0x99/0xe0 [ 2416.235065] ? memcg_memory_event+0x40/0x40 [ 2416.239411] ? _raw_spin_unlock+0x2d/0x50 [ 2416.243567] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2416.248708] try_charge+0xfec/0x1570 [ 2416.252437] ? find_held_lock+0x35/0x130 [ 2416.256517] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2416.261393] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2416.266243] ? find_held_lock+0x35/0x130 [ 2416.270316] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2416.275184] memcg_kmem_charge_memcg+0x7c/0x130 [ 2416.279860] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2416.284369] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2416.289225] memcg_kmem_charge+0x13b/0x340 [ 2416.293474] __alloc_pages_nodemask+0x437/0x710 [ 2416.298159] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2416.303197] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2416.307791] ? trace_hardirqs_on+0x67/0x230 [ 2416.312121] ? kasan_check_read+0x11/0x20 [ 2416.316280] copy_process.part.0+0x3e0/0x79a0 [ 2416.320789] ? mark_held_locks+0x100/0x100 [ 2416.325027] ? debug_smp_processor_id+0x1c/0x20 [ 2416.329732] ? perf_trace_lock_acquire+0xf5/0x580 [ 2416.334603] ? __might_fault+0x12b/0x1e0 [ 2416.338692] ? __cleanup_sighand+0x70/0x70 [ 2416.342933] ? lock_downgrade+0x810/0x810 [ 2416.347101] _do_fork+0x257/0xfe0 [ 2416.350570] ? fork_idle+0x1d0/0x1d0 [ 2416.354313] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2416.359086] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2416.363858] ? do_syscall_64+0x26/0x610 [ 2416.367868] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2416.373254] ? do_syscall_64+0x26/0x610 [ 2416.377239] __x64_sys_clone+0xbf/0x150 [ 2416.381225] do_syscall_64+0x103/0x610 [ 2416.385146] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2416.390335] RIP: 0033:0x457e29 [ 2416.393537] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2416.412471] RSP: 002b:00007f028a93ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2416.420186] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 2416.427457] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000100 [ 2416.434746] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 2416.442056] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f028a93b6d4 [ 2416.449344] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 2416.456973] net_ratelimit: 26 callbacks suppressed [ 2416.456982] protocol 88fb is buggy, dev hsr_slave_0 [ 2416.467021] protocol 88fb is buggy, dev hsr_slave_1 22:48:09 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11]}, 0x2c) 22:48:09 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x3f6, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:09 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x600000000000000, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) [ 2416.472162] protocol 88fb is buggy, dev hsr_slave_0 [ 2416.477227] protocol 88fb is buggy, dev hsr_slave_1 [ 2416.485266] memory: usage 307196kB, limit 307200kB, failcnt 5891 [ 2416.491843] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2416.500163] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2416.524187] Memory cgroup stats for /syz0: cache:4836KB rss:120632KB rss_huge:28672KB shmem:160KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:120888KB inactive_file:0KB active_file:0KB unevictable:4780KB [ 2416.546827] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=25884,uid=0 [ 2416.565962] Memory cgroup out of memory: Kill process 25884 (syz-executor.0) score 124 or sacrifice child [ 2416.637214] Killed process 25884 (syz-executor.0) total-vm:72444kB, anon-rss:2208kB, file-rss:35784kB, shmem-rss:0kB [ 2416.710268] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 2416.734677] CPU: 1 PID: 23656 Comm: syz-executor.0 Not tainted 5.0.0-rc8+ #89 [ 2416.741963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2416.751313] Call Trace: [ 2416.753946] dump_stack+0x172/0x1f0 [ 2416.757594] dump_header+0x10f/0xb6c [ 2416.761315] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2416.766420] ? ___ratelimit+0x60/0x595 [ 2416.770305] ? do_raw_spin_unlock+0x57/0x270 [ 2416.774749] oom_kill_process.cold+0x10/0x6f5 [ 2416.779281] ? task_will_free_mem+0x139/0x6e0 [ 2416.783828] out_of_memory+0x79a/0x1280 [ 2416.787843] ? oom_killer_disable+0x280/0x280 [ 2416.792346] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2416.797466] mem_cgroup_out_of_memory+0x99/0xe0 [ 2416.802139] ? memcg_memory_event+0x40/0x40 [ 2416.806471] ? _raw_spin_unlock+0x2d/0x50 [ 2416.810623] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2416.815728] try_charge+0xb4a/0x1570 [ 2416.819453] ? find_held_lock+0x35/0x130 [ 2416.823535] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2416.828430] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2416.833309] ? find_held_lock+0x35/0x130 [ 2416.837382] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2416.842272] memcg_kmem_charge_memcg+0x7c/0x130 [ 2416.846949] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2416.851459] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2416.856315] memcg_kmem_charge+0x13b/0x340 [ 2416.860571] __alloc_pages_nodemask+0x437/0x710 [ 2416.865251] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2416.870282] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2416.874879] ? trace_hardirqs_on+0x67/0x230 [ 2416.879248] copy_process.part.0+0x3e0/0x79a0 [ 2416.883789] ? psi_memstall_leave+0x11c/0x180 [ 2416.888296] ? sched_clock+0x2e/0x50 [ 2416.892033] ? psi_memstall_leave+0x12e/0x180 [ 2416.896540] ? find_held_lock+0x35/0x130 [ 2416.900617] ? __lock_acquire+0x53b/0x4700 [ 2416.904884] ? __cleanup_sighand+0x70/0x70 [ 2416.909575] ? mark_held_locks+0x100/0x100 [ 2416.913821] ? perf_trace_lock_acquire+0xf5/0x580 [ 2416.918667] ? rcu_read_lock_sched_held+0x110/0x130 [ 2416.923690] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2416.929244] _do_fork+0x257/0xfe0 [ 2416.932711] ? fork_idle+0x1d0/0x1d0 [ 2416.936431] ? blkcg_maybe_throttle_current+0x5d4/0xfd0 [ 2416.941803] ? lock_downgrade+0x810/0x810 [ 2416.945970] ? blkcg_exit_queue+0x30/0x30 [ 2416.950123] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2416.954882] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2416.959661] ? do_syscall_64+0x26/0x610 [ 2416.963650] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2416.969051] ? do_syscall_64+0x26/0x610 [ 2416.973035] __x64_sys_clone+0xbf/0x150 [ 2416.977034] do_syscall_64+0x103/0x610 [ 2416.980932] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2416.986124] RIP: 0033:0x45a7f9 [ 2416.989324] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2417.008230] RSP: 002b:00007ffc56cc41d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2417.008461] protocol 88fb is buggy, dev hsr_slave_0 [ 2417.015946] RAX: ffffffffffffffda RBX: 00007f028a91a700 RCX: 000000000045a7f9 [ 2417.015956] RDX: 00007f028a91a9d0 RSI: 00007f028a919db0 RDI: 00000000003d0f00 [ 2417.015965] RBP: 00007ffc56cc43e0 R08: 00007f028a91a700 R09: 00007f028a91a700 [ 2417.015974] R10: 00007f028a91a9d0 R11: 0000000000000202 R12: 0000000000000000 [ 2417.015984] R13: 00007ffc56cc428f R14: 00007f028a91a9c0 R15: 000000000073bfac [ 2417.016309] protocol 88fb is buggy, dev hsr_slave_0 [ 2417.021247] protocol 88fb is buggy, dev hsr_slave_1 [ 2417.028485] protocol 88fb is buggy, dev hsr_slave_1 [ 2417.049253] memory: usage 304884kB, limit 307200kB, failcnt 5891 [ 2417.050905] protocol 88fb is buggy, dev hsr_slave_0 [ 2417.065173] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2417.068429] protocol 88fb is buggy, dev hsr_slave_1 [ 2417.077865] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2417.085662] Memory cgroup stats for /syz0: cache:4836KB rss:118616KB rss_huge:26624KB shmem:160KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:118740KB inactive_file:0KB active_file:0KB unevictable:4780KB [ 2417.104567] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=16157,uid=0 [ 2417.147079] Memory cgroup out of memory: Kill process 16157 (syz-executor.0) score 124 or sacrifice child [ 2417.157645] Killed process 16157 (syz-executor.0) total-vm:72444kB, anon-rss:2208kB, file-rss:35784kB, shmem-rss:0kB 22:48:10 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x52000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:10 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = syz_open_dev$dmmidi(&(0x7f0000000180)='/dev/dmmidi#\x00', 0xcb, 0x8000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') ioctl$UI_SET_MSCBIT(r1, 0x40045568, 0x4) sendmsg$TIPC_NL_MON_PEER_GET(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0xc0000100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="194fcfb102903a119f0c9a20250000b3f5c620747107c36535d0bb72e92c15fca2342f082061ba3397f7f259fa924d6336bc9442fe8efaaf2c5a3a57934088dba2c384d7ab2801d06c152603834c7cb4ad050e77e837281985ebfbf1cfe4b3a4f348d050a4fe63b9468cdcbf6ddf1146eefffab5c63e7140258bbd0b", @ANYRES16=r2, @ANYBLOB="00012dbd7000ffdbdf2513000000f4000500340002000800030004000000080003000100000008000400d20000000800010016000000080001000600000008000400070000004c00020008000400010001000800020007000000080003000100000008000400010800000800030015000000080001000200000008000100130000000800040041030000080002000500000014000200080001000500000008000200f8000000080001007564700008000100756470000800010075647000340002000800020007000000080002000100000008000200040000000800040002000000080001001b0000000800020001000080080001006962000008000100657468000c00060008000100800000006c00050008000100756470003c00020008000300ffffffff0800040001000000080003000000000008000200030000000800040024f2ef0a08000200020000000800030002000000080001007564700014000200080001000c00000008000400000000000800010069620000"], 0x180}, 0x1, 0x0, 0x0, 0x4040}, 0x80) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c000000000b0501ff0080fffd7fff2e0a0000000c000100010000007d0a00010c000200000022ff02f10000"], 0x2c}}, 0x0) 22:48:10 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12]}, 0x2c) 22:48:10 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x3f7, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2417.385642] netlink: 'syz-executor.1': attribute type 2 has an invalid length. [ 2417.497758] syz-executor.4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2417.525557] CPU: 1 PID: 23679 Comm: syz-executor.4 Not tainted 5.0.0-rc8+ #89 [ 2417.532845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2417.542199] Call Trace: [ 2417.544802] dump_stack+0x172/0x1f0 [ 2417.548446] dump_header+0x10f/0xb6c [ 2417.552171] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2417.557284] ? ___ratelimit+0x60/0x595 [ 2417.561188] ? do_raw_spin_unlock+0x57/0x270 [ 2417.565613] oom_kill_process.cold+0x10/0x6f5 [ 2417.570129] ? task_will_free_mem+0x139/0x6e0 [ 2417.574640] out_of_memory+0x79a/0x1280 [ 2417.578645] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2417.583796] ? oom_killer_disable+0x280/0x280 [ 2417.588294] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2417.593415] mem_cgroup_out_of_memory+0x99/0xe0 [ 2417.598107] ? memcg_memory_event+0x40/0x40 [ 2417.602444] ? _raw_spin_unlock+0x2d/0x50 [ 2417.606602] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2417.611716] try_charge+0xfec/0x1570 [ 2417.615437] ? find_held_lock+0x35/0x130 [ 2417.619520] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2417.624397] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2417.629249] ? find_held_lock+0x35/0x130 [ 2417.633320] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2417.638177] memcg_kmem_charge_memcg+0x7c/0x130 [ 2417.642854] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2417.647355] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2417.652231] memcg_kmem_charge+0x13b/0x340 [ 2417.656488] __alloc_pages_nodemask+0x437/0x710 [ 2417.661162] ? should_fail+0x14d/0x85c [ 2417.665071] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2417.670105] ? find_held_lock+0x35/0x130 [ 2417.674182] ? kasan_check_read+0x11/0x20 [ 2417.678334] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2417.683881] alloc_pages_current+0x107/0x210 [ 2417.688303] pte_alloc_one+0x1b/0x1a0 [ 2417.692129] __do_fault+0x2b9/0x4e0 [ 2417.695768] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2417.701313] __handle_mm_fault+0x2ae4/0x3f20 [ 2417.705745] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2417.710614] ? find_held_lock+0x35/0x130 [ 2417.714687] ? handle_mm_fault+0x322/0xb30 [ 2417.718951] ? kasan_check_read+0x11/0x20 [ 2417.723115] handle_mm_fault+0x43f/0xb30 [ 2417.727192] __do_page_fault+0x5da/0xd60 [ 2417.731277] do_page_fault+0x71/0x581 [ 2417.735084] ? page_fault+0x8/0x30 [ 2417.738633] page_fault+0x1e/0x30 [ 2417.742089] RIP: 0033:0x4016a7 [ 2417.745284] Code: 00 00 00 48 83 ec 08 48 8b 15 0d ee 64 00 48 8b 05 fe ed 64 00 48 39 d0 48 8d 8a 00 00 00 01 72 17 48 39 c8 73 12 48 8d 50 04 <89> 38 48 89 15 e0 ed 64 00 48 83 c4 08 c3 48 89 c6 bf d8 74 4c 00 [ 2417.764198] RSP: 002b:00007ffdc7152f90 EFLAGS: 00010287 [ 2417.769589] RAX: 0000001b2f120000 RBX: 0000000000000003 RCX: 0000001b30120000 [ 2417.776856] RDX: 0000001b2f120004 RSI: 00007ffdc7152d40 RDI: 0000000000000000 [ 2417.784129] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000004 [ 2417.791400] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000000 [ 2417.798683] R13: 0000000000000001 R14: 00000000000014c7 R15: 0000000000000004 [ 2417.831922] memory: usage 307200kB, limit 307200kB, failcnt 4308 [ 2417.843451] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2417.852902] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2417.864560] Memory cgroup stats for /syz4: cache:24KB rss:131080KB rss_huge:47104KB shmem:72KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:131196KB inactive_file:4KB active_file:4KB unevictable:0KB [ 2417.893937] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=21920,uid=0 [ 2417.916051] Memory cgroup out of memory: Kill process 21920 (syz-executor.4) score 1113 or sacrifice child [ 2417.926335] Killed process 21920 (syz-executor.4) total-vm:72576kB, anon-rss:2216kB, file-rss:35784kB, shmem-rss:0kB 22:48:11 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6a2, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:48:11 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x700000000000000, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:48:11 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x13]}, 0x2c) 22:48:11 executing program 1: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='cmdline\x00') exit(0x0) preadv(r0, &(0x7f0000000000)=[{&(0x7f0000000380)=""/126, 0x2f}], 0x327, 0x0) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffff9c, 0x84, 0x10, &(0x7f0000000040)=@sack_info={0x0, 0x5, 0x5}, &(0x7f0000000080)=0xc) setsockopt$inet_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000000c0)={r1, 0x7, 0x5, 0x8, 0x6, 0x2}, 0x14) setsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f0000000140)={0x1, 0x2}, 0x2) setsockopt$CAIFSO_LINK_SELECT(r0, 0x116, 0x7f, &(0x7f0000000180)=0x1f, 0x4) 22:48:11 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x56000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:11 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x3f8, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:11 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x14]}, 0x2c) 22:48:11 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x3f9, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:11 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6a3, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:48:11 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x7a030000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:11 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x15]}, 0x2c) 22:48:11 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x3fa, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:11 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x800000000000000, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:48:11 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6a4, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:48:11 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18]}, 0x2c) [ 2418.419644] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2418.500275] CPU: 1 PID: 23801 Comm: syz-executor.0 Not tainted 5.0.0-rc8+ #89 [ 2418.507583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2418.516933] Call Trace: [ 2418.519564] dump_stack+0x172/0x1f0 [ 2418.523206] dump_header+0x10f/0xb6c [ 2418.526944] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2418.532060] ? ___ratelimit+0x60/0x595 [ 2418.535963] ? do_raw_spin_unlock+0x57/0x270 [ 2418.540386] oom_kill_process.cold+0x10/0x6f5 [ 2418.544894] ? task_will_free_mem+0x139/0x6e0 [ 2418.549423] out_of_memory+0x79a/0x1280 [ 2418.553439] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2418.558563] ? oom_killer_disable+0x280/0x280 [ 2418.563064] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2418.568181] mem_cgroup_out_of_memory+0x99/0xe0 [ 2418.572887] ? memcg_memory_event+0x40/0x40 [ 2418.577264] ? _raw_spin_unlock+0x2d/0x50 [ 2418.581459] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2418.586592] try_charge+0xfec/0x1570 [ 2418.590326] ? find_held_lock+0x35/0x130 [ 2418.594415] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2418.599271] ? kasan_check_read+0x11/0x20 [ 2418.603447] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2418.608298] mem_cgroup_try_charge+0x24d/0x5e0 [ 2418.612900] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2418.618306] wp_page_copy+0x408/0x1740 [ 2418.622205] ? find_held_lock+0x35/0x130 [ 2418.626326] ? pmd_pfn+0x1d0/0x1d0 [ 2418.629910] ? lock_downgrade+0x810/0x810 [ 2418.634069] ? __pte_alloc_kernel+0x220/0x220 [ 2418.638574] ? kasan_check_read+0x11/0x20 [ 2418.642743] ? do_raw_spin_unlock+0x57/0x270 [ 2418.647171] do_wp_page+0x2ed/0x1520 [ 2418.651465] ? rwlock_bug.part.0+0x90/0x90 [ 2418.655705] ? lock_acquire+0x16f/0x3f0 [ 2418.659686] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2418.664366] ? add_mm_counter_fast.part.0+0x40/0x40 [ 2418.669398] __handle_mm_fault+0x22db/0x3f20 [ 2418.673822] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2418.678684] ? find_held_lock+0x35/0x130 [ 2418.682747] ? handle_mm_fault+0x322/0xb30 [ 2418.687021] ? kasan_check_read+0x11/0x20 [ 2418.691193] handle_mm_fault+0x43f/0xb30 [ 2418.695278] __do_page_fault+0x5da/0xd60 [ 2418.699362] do_page_fault+0x71/0x581 [ 2418.703167] ? page_fault+0x8/0x30 [ 2418.706714] page_fault+0x1e/0x30 [ 2418.710187] RIP: 0033:0x40d1e8 [ 2418.713383] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf bf d4 4b 00 31 c0 e8 43 47 ff ff 31 ff e8 8c 43 ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d 7e 32 64 00 [ 2418.732286] RSP: 002b:00007ffc56cc4240 EFLAGS: 00010246 [ 2418.737667] RAX: 000000005511976d RBX: 00000000727102e3 RCX: 0000001b2f620000 [ 2418.744938] RDX: 0000000000000000 RSI: 000000000000176d RDI: ffffffff5511976d [ 2418.752211] RBP: 000000000000000d R08: 000000005511976d R09: 0000000055119771 [ 2418.759488] R10: 00007ffc56cc43d0 R11: 0000000000000246 R12: 000000000073bf88 [ 2418.766780] R13: 0000000080000000 R14: 00007f028c93c008 R15: 000000000000000d [ 2418.808519] memory: usage 307200kB, limit 307200kB, failcnt 5925 [ 2418.820114] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2418.853821] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2418.874425] Memory cgroup stats for /syz0: cache:4836KB rss:120704KB rss_huge:28672KB shmem:160KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:4KB active_anon:120888KB inactive_file:0KB active_file:0KB unevictable:4780KB 22:48:12 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x8002, 0x0) ioctl$VIDIOC_G_EXT_CTRLS(r0, 0xc0185647, &(0x7f0000000200)={0xfffffff, 0x100, 0xffff, [], &(0x7f00000001c0)={0xa30001, 0x22f5, [], @string=&(0x7f0000000180)=0x4}}) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x6c00000000000000, 0x14000000}, 0xc, &(0x7f0000000440)={&(0x7f00000004c0)={0x14, 0x22, 0x18, 0x59, 0x0, {0x4}}, 0x14}}, 0x0) ioctl$UI_BEGIN_FF_ERASE(0xffffffffffffffff, 0xc00c55ca, &(0x7f00000000c0)={0x0, 0x4, 0x1000000005}) openat$uinput(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uinput\x00', 0x802, 0x0) r2 = syz_open_dev$sndctrl(&(0x7f00000001c0)='/dev/snd/controlC#\x00', 0x0, 0x800) read(r2, &(0x7f0000000400)=""/143, 0x8f) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) prctl$PR_GET_FP_MODE(0x2e) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/syz1\x00', 0x1ff) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000280)={0x0, 0x80000}) 22:48:12 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x3fb, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:12 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6a5, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:48:12 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x56]}, 0x2c) 22:48:12 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x900000000000000, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) [ 2418.903856] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=23754,uid=0 [ 2418.926373] Memory cgroup out of memory: Kill process 23754 (syz-executor.0) score 124 or sacrifice child [ 2418.936567] Killed process 23754 (syz-executor.0) total-vm:72576kB, anon-rss:2216kB, file-rss:35788kB, shmem-rss:0kB 22:48:12 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6a6, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) [ 2419.119857] syz-executor.2 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 2419.168630] CPU: 1 PID: 23841 Comm: syz-executor.2 Not tainted 5.0.0-rc8+ #89 [ 2419.175950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2419.185302] Call Trace: [ 2419.187895] dump_stack+0x172/0x1f0 [ 2419.191541] dump_header+0x10f/0xb6c [ 2419.195278] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2419.200396] ? ___ratelimit+0x60/0x595 [ 2419.204291] ? do_raw_spin_unlock+0x57/0x270 [ 2419.208719] oom_kill_process.cold+0x10/0x6f5 [ 2419.213248] ? task_will_free_mem+0x139/0x6e0 [ 2419.217790] out_of_memory+0x79a/0x1280 [ 2419.221799] ? oom_killer_disable+0x280/0x280 [ 2419.226306] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2419.231431] mem_cgroup_out_of_memory+0x99/0xe0 [ 2419.236117] ? memcg_memory_event+0x40/0x40 [ 2419.240461] ? _raw_spin_unlock+0x2d/0x50 [ 2419.244622] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2419.249733] try_charge+0xfec/0x1570 [ 2419.253460] ? find_held_lock+0x35/0x130 [ 2419.257564] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2419.262416] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2419.267266] ? find_held_lock+0x35/0x130 [ 2419.271338] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2419.276236] memcg_kmem_charge_memcg+0x7c/0x130 [ 2419.281007] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2419.285533] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2419.290383] memcg_kmem_charge+0x13b/0x340 [ 2419.294642] __alloc_pages_nodemask+0x437/0x710 [ 2419.299329] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2419.304359] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2419.308965] ? trace_hardirqs_on+0x67/0x230 [ 2419.313294] copy_process.part.0+0x3e0/0x79a0 [ 2419.317838] ? psi_memstall_leave+0x11c/0x180 [ 2419.322347] ? sched_clock+0x2e/0x50 [ 2419.326096] ? psi_memstall_leave+0x12e/0x180 [ 2419.330629] ? find_held_lock+0x35/0x130 [ 2419.334727] ? __lock_acquire+0x53b/0x4700 [ 2419.338993] ? __cleanup_sighand+0x70/0x70 [ 2419.343238] ? mark_held_locks+0x100/0x100 [ 2419.347501] ? perf_trace_lock_acquire+0xf5/0x580 [ 2419.352377] ? rcu_read_lock_sched_held+0x110/0x130 [ 2419.357420] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2419.362974] _do_fork+0x257/0xfe0 [ 2419.366446] ? fork_idle+0x1d0/0x1d0 [ 2419.370166] ? blkcg_maybe_throttle_current+0x5d4/0xfd0 [ 2419.375543] ? lock_downgrade+0x810/0x810 [ 2419.379704] ? blkcg_exit_queue+0x30/0x30 [ 2419.383874] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2419.388639] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2419.393403] ? do_syscall_64+0x26/0x610 [ 2419.397472] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2419.402871] ? do_syscall_64+0x26/0x610 [ 2419.406907] __x64_sys_clone+0xbf/0x150 [ 2419.410892] do_syscall_64+0x103/0x610 [ 2419.414792] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2419.420005] RIP: 0033:0x45a7f9 [ 2419.423220] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2419.442121] RSP: 002b:00007fff025901d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2419.449845] RAX: ffffffffffffffda RBX: 00007fca94220700 RCX: 000000000045a7f9 [ 2419.457129] RDX: 00007fca942209d0 RSI: 00007fca9421fdb0 RDI: 00000000003d0f00 22:48:12 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x98010000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:12 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x3fc, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:12 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6a7, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:48:12 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0xa00000000000000, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:48:12 executing program 1: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x800000000000000, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) [ 2419.464414] RBP: 00007fff025903e0 R08: 00007fca94220700 R09: 00007fca94220700 [ 2419.471686] R10: 00007fca942209d0 R11: 0000000000000202 R12: 0000000000000000 [ 2419.478956] R13: 00007fff0259028f R14: 00007fca942209c0 R15: 000000000073bf0c [ 2419.491812] memory: usage 307200kB, limit 307200kB, failcnt 5066 [ 2419.500121] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2419.543383] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2419.568887] Memory cgroup stats for /syz2: cache:12KB rss:123332KB rss_huge:28672KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:123424KB inactive_file:8KB active_file:4KB unevictable:0KB [ 2419.622676] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12232,uid=0 22:48:12 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6a8, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) [ 2419.709227] Memory cgroup out of memory: Kill process 12232 (syz-executor.2) score 124 or sacrifice child 22:48:12 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0xe00000000000000, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:48:12 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x2, 0x3, 0x0, 0x2, 0x2}, 0x10}}, 0x0) [ 2419.769036] Killed process 12232 (syz-executor.2) total-vm:72444kB, anon-rss:2204kB, file-rss:35784kB, shmem-rss:0kB [ 2419.893400] syz-executor.3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2419.922731] CPU: 1 PID: 23867 Comm: syz-executor.3 Not tainted 5.0.0-rc8+ #89 [ 2419.930040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2419.939391] Call Trace: [ 2419.942002] dump_stack+0x172/0x1f0 [ 2419.945664] dump_header+0x10f/0xb6c [ 2419.949393] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2419.954504] ? ___ratelimit+0x60/0x595 [ 2419.958402] ? do_raw_spin_unlock+0x57/0x270 [ 2419.962819] oom_kill_process.cold+0x10/0x6f5 [ 2419.967357] ? task_will_free_mem+0x139/0x6e0 [ 2419.971875] out_of_memory+0x79a/0x1280 [ 2419.975871] ? oom_killer_disable+0x280/0x280 [ 2419.980373] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2419.985497] mem_cgroup_out_of_memory+0x99/0xe0 [ 2419.990188] ? memcg_memory_event+0x40/0x40 [ 2419.994531] ? _raw_spin_unlock+0x2d/0x50 [ 2419.998680] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2420.003808] try_charge+0xfec/0x1570 [ 2420.007547] ? find_held_lock+0x35/0x130 [ 2420.011625] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2420.016478] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2420.021343] ? find_held_lock+0x35/0x130 [ 2420.025427] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2420.030291] memcg_kmem_charge_memcg+0x7c/0x130 [ 2420.034970] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2420.039481] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2420.044338] memcg_kmem_charge+0x13b/0x340 [ 2420.048588] __alloc_pages_nodemask+0x437/0x710 [ 2420.053326] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2420.058367] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2420.062963] ? trace_hardirqs_on+0x67/0x230 [ 2420.067305] ? kasan_check_read+0x11/0x20 [ 2420.071469] copy_process.part.0+0x3e0/0x79a0 [ 2420.075991] ? psi_memstall_leave+0x11c/0x180 [ 2420.080498] ? sched_clock+0x2e/0x50 [ 2420.084238] ? psi_memstall_leave+0x12e/0x180 [ 2420.088778] ? find_held_lock+0x35/0x130 [ 2420.092848] ? __lock_acquire+0x53b/0x4700 [ 2420.097101] ? __cleanup_sighand+0x70/0x70 [ 2420.101359] ? mark_held_locks+0x100/0x100 [ 2420.105605] ? perf_trace_lock_acquire+0xf5/0x580 [ 2420.110450] ? rcu_read_lock_sched_held+0x110/0x130 [ 2420.115465] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2420.121015] _do_fork+0x257/0xfe0 [ 2420.124479] ? fork_idle+0x1d0/0x1d0 [ 2420.128203] ? blkcg_maybe_throttle_current+0x5d4/0xfd0 [ 2420.133604] ? lock_downgrade+0x810/0x810 [ 2420.137775] ? blkcg_exit_queue+0x30/0x30 [ 2420.141950] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2420.146713] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2420.151477] ? do_syscall_64+0x26/0x610 [ 2420.155455] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2420.160822] ? do_syscall_64+0x26/0x610 [ 2420.164811] __x64_sys_clone+0xbf/0x150 [ 2420.168804] do_syscall_64+0x103/0x610 [ 2420.172720] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2420.177911] RIP: 0033:0x45a7f9 [ 2420.181122] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2420.200024] RSP: 002b:00007ffd944df8a8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2420.207733] RAX: ffffffffffffffda RBX: 00007fed655ac700 RCX: 000000000045a7f9 [ 2420.215011] RDX: 00007fed655ac9d0 RSI: 00007fed655abdb0 RDI: 00000000003d0f00 [ 2420.222283] RBP: 00007ffd944dfab0 R08: 00007fed655ac700 R09: 00007fed655ac700 [ 2420.229555] R10: 00007fed655ac9d0 R11: 0000000000000202 R12: 0000000000000000 [ 2420.236824] R13: 00007ffd944df95f R14: 00007fed655ac9c0 R15: 000000000073bfac 22:48:13 executing program 1: r0 = socket$inet(0x2, 0x0, 0x0) setsockopt$ARPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x61, &(0x7f0000000040)={'filter\x00', 0x4}, 0x68) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f00000000c0)={'erspan0\x00', 0x300}) r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$SIOCRSSL2CALL(r1, 0x89e2, &(0x7f0000000000)=@netrom) 22:48:13 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300]}, 0x2c) 22:48:13 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x14cb181800000000, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:48:13 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6a9, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) [ 2420.260737] memory: usage 307148kB, limit 307200kB, failcnt 6013 [ 2420.272747] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2420.299800] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2420.332450] Memory cgroup stats for /syz3: cache:0KB rss:121296KB rss_huge:34816KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:121460KB inactive_file:4KB active_file:0KB unevictable:0KB [ 2420.418272] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=21649,uid=0 [ 2420.472249] Memory cgroup out of memory: Kill process 21649 (syz-executor.3) score 1113 or sacrifice child [ 2420.601067] Killed process 21649 (syz-executor.3) total-vm:72576kB, anon-rss:2208kB, file-rss:35784kB, shmem-rss:0kB [ 2420.656592] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2420.677786] CPU: 1 PID: 23869 Comm: syz-executor.0 Not tainted 5.0.0-rc8+ #89 [ 2420.685070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2420.694418] Call Trace: [ 2420.697018] dump_stack+0x172/0x1f0 [ 2420.700673] dump_header+0x10f/0xb6c [ 2420.704424] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2420.709565] ? ___ratelimit+0x60/0x595 [ 2420.713459] ? do_raw_spin_unlock+0x57/0x270 [ 2420.717877] oom_kill_process.cold+0x10/0x6f5 [ 2420.722384] ? task_will_free_mem+0x139/0x6e0 [ 2420.726894] out_of_memory+0x79a/0x1280 [ 2420.730885] ? oom_killer_disable+0x280/0x280 [ 2420.735389] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2420.740512] mem_cgroup_out_of_memory+0x99/0xe0 [ 2420.745194] ? memcg_memory_event+0x40/0x40 [ 2420.749538] ? _raw_spin_unlock+0x2d/0x50 [ 2420.753694] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2420.758801] try_charge+0xfec/0x1570 [ 2420.762520] ? find_held_lock+0x35/0x130 [ 2420.766604] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2420.771463] ? kasan_check_read+0x11/0x20 [ 2420.775624] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2420.780477] mem_cgroup_try_charge+0x24d/0x5e0 [ 2420.785111] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2420.790061] wp_page_copy+0x408/0x1740 [ 2420.793969] ? find_held_lock+0x35/0x130 [ 2420.798039] ? pmd_pfn+0x1d0/0x1d0 [ 2420.801589] ? lock_downgrade+0x810/0x810 [ 2420.805740] ? __pte_alloc_kernel+0x220/0x220 [ 2420.810252] ? kasan_check_read+0x11/0x20 [ 2420.814403] ? do_raw_spin_unlock+0x57/0x270 [ 2420.818856] do_wp_page+0x2ed/0x1520 [ 2420.822579] ? rwlock_bug.part.0+0x90/0x90 [ 2420.826812] ? lock_acquire+0x16f/0x3f0 [ 2420.830800] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2420.835470] ? add_mm_counter_fast.part.0+0x40/0x40 [ 2420.840498] __handle_mm_fault+0x22db/0x3f20 [ 2420.844941] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2420.849795] ? find_held_lock+0x35/0x130 [ 2420.853864] ? handle_mm_fault+0x322/0xb30 [ 2420.858123] ? kasan_check_read+0x11/0x20 [ 2420.862280] handle_mm_fault+0x43f/0xb30 [ 2420.866355] __do_page_fault+0x5da/0xd60 [ 2420.870434] do_page_fault+0x71/0x581 [ 2420.874238] ? page_fault+0x8/0x30 [ 2420.877792] page_fault+0x1e/0x30 [ 2420.881246] RIP: 0033:0x40d1e8 [ 2420.884444] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf bf d4 4b 00 31 c0 e8 43 47 ff ff 31 ff e8 8c 43 ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d 7e 32 64 00 [ 2420.903345] RSP: 002b:00007ffc56cc4240 EFLAGS: 00010246 [ 2420.908741] RAX: 00000000f0870189 RBX: 0000000031530f3b RCX: 0000001b2f620000 [ 2420.916021] RDX: 0000000000000000 RSI: 0000000000000189 RDI: fffffffff0870189 [ 2420.923289] RBP: 0000000000000009 R08: 00000000f0870189 R09: 00000000f087018d [ 2420.930560] R10: 00007ffc56cc43d0 R11: 0000000000000246 R12: 000000000073bf88 [ 2420.937829] R13: 0000000080000000 R14: 00007f028c93c008 R15: 0000000000000009 [ 2420.957061] memory: usage 307200kB, limit 307200kB, failcnt 5956 [ 2420.965901] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2420.978499] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2420.984710] Memory cgroup stats for /syz0: cache:4836KB rss:120780KB rss_huge:28672KB shmem:160KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:120888KB inactive_file:0KB active_file:4KB unevictable:4780KB [ 2421.006786] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=23857,uid=0 [ 2421.021792] Memory cgroup out of memory: Kill process 23857 (syz-executor.0) score 124 or sacrifice child [ 2421.031873] Killed process 23857 (syz-executor.0) total-vm:72708kB, anon-rss:2224kB, file-rss:35788kB, shmem-rss:0kB 22:48:14 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6aa, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:48:14 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0xa0008000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:14 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30c]}, 0x2c) 22:48:14 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x1802000000000000, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:48:14 executing program 1: getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f00000007c0), 0x0) r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket(0x1e, 0x1, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, 0x0, &(0x7f0000000100)) connect$bt_l2cap(r1, &(0x7f0000000200)={0x1f, 0x187, {0xace2, 0xff, 0x923, 0x4, 0x8, 0x7}, 0x3, 0x8}, 0xe) fcntl$setownex(r0, 0xf, &(0x7f0000000140)) sendmsg(r1, &(0x7f00003bbfc8)={&(0x7f0000fdbf80)=@generic={0x10000000001e, "02ff0100000001000000000000000ae77f5bf86c48020002000000f1ffffff009a480075e6a50000de010300000000e4ff064b3f013a000000080000008f00000000ac50d5fe32c4000000007fffffff6a008356edb9a6341c1fd45624281e00070ecddd0206c39750c40000fd00000900000000000b0000db000004da36"}, 0x9e, 0x0}, 0x0) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r1, &(0x7f00000000c0)={0x5, 0x10, 0xfa00, {&(0x7f0000000280), 0xffffffffffffffff, 0x100000000000000}}, 0x152610) lsetxattr$security_selinux(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='security.selinux\x00', &(0x7f0000000500)='system_u:object_r:devicekit_disk_exec_t:s0\x00', 0x2b, 0x2) close(r1) lsetxattr$trusted_overlay_origin(&(0x7f0000000000)='./file0\x00', &(0x7f0000000180)='trusted.overlay.origin\x00', &(0x7f00000001c0)='y\x00', 0x2, 0x3) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, &(0x7f0000000240)) syz_open_dev$vbi(0x0, 0x2, 0x2) socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_dev$amidi(&(0x7f0000000540)='/dev/amidi#\x00', 0x7, 0x20000) 22:48:14 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x3fd, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2421.154514] syz-executor.4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 2421.200785] CPU: 1 PID: 7608 Comm: syz-executor.4 Not tainted 5.0.0-rc8+ #89 [ 2421.208013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2421.217376] Call Trace: [ 2421.219974] dump_stack+0x172/0x1f0 [ 2421.223612] dump_header+0x10f/0xb6c [ 2421.227338] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2421.232451] ? ___ratelimit+0x60/0x595 [ 2421.236346] ? do_raw_spin_unlock+0x57/0x270 [ 2421.240780] oom_kill_process.cold+0x10/0x6f5 [ 2421.245304] ? task_will_free_mem+0x139/0x6e0 [ 2421.249818] out_of_memory+0x79a/0x1280 [ 2421.253812] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2421.258947] ? oom_killer_disable+0x280/0x280 [ 2421.263453] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2421.268579] mem_cgroup_out_of_memory+0x99/0xe0 [ 2421.273255] ? memcg_memory_event+0x40/0x40 [ 2421.277603] ? _raw_spin_unlock+0x2d/0x50 [ 2421.281754] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2421.286887] try_charge+0xfec/0x1570 [ 2421.290606] ? find_held_lock+0x35/0x130 [ 2421.294682] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2421.299534] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2421.304379] ? find_held_lock+0x35/0x130 [ 2421.308448] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2421.313321] memcg_kmem_charge_memcg+0x7c/0x130 [ 2421.318033] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2421.322547] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2421.327399] memcg_kmem_charge+0x13b/0x340 [ 2421.331644] __alloc_pages_nodemask+0x437/0x710 [ 2421.336317] ? __pud_alloc+0x1d3/0x250 [ 2421.340215] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2421.345246] ? __pud_alloc+0x1d3/0x250 [ 2421.349147] ? lock_downgrade+0x810/0x810 [ 2421.353299] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2421.358891] alloc_pages_current+0x107/0x210 [ 2421.363305] ? do_raw_spin_unlock+0x57/0x270 [ 2421.367718] __pmd_alloc+0x41/0x460 [ 2421.371353] ? pmd_val+0x100/0x100 [ 2421.374903] pmd_alloc+0x10c/0x180 [ 2421.378451] copy_page_range+0x62e/0x1f90 [ 2421.382604] ? __lock_is_held+0xb6/0x140 [ 2421.386703] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2421.391740] ? vma_compute_subtree_gap+0x158/0x230 [ 2421.396704] ? vma_gap_callbacks_rotate+0x62/0x80 [ 2421.401559] ? pmd_alloc+0x180/0x180 [ 2421.405300] ? validate_mm_rb+0xa3/0xc0 [ 2421.409289] ? __vma_link_rb+0x279/0x370 [ 2421.413363] copy_process.part.0+0x56aa/0x79a0 [ 2421.417983] ? __cleanup_sighand+0x70/0x70 [ 2421.422265] _do_fork+0x257/0xfe0 [ 2421.425744] ? fork_idle+0x1d0/0x1d0 [ 2421.429499] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2421.434268] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2421.439044] ? do_syscall_64+0x26/0x610 [ 2421.443028] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2421.448392] ? do_syscall_64+0x26/0x610 [ 2421.452391] __x64_sys_clone+0xbf/0x150 [ 2421.456417] do_syscall_64+0x103/0x610 [ 2421.460332] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2421.465528] RIP: 0033:0x4563fa [ 2421.468727] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2421.488045] RSP: 002b:00007ffdc71530f0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2421.495760] RAX: ffffffffffffffda RBX: 00007ffdc71530f0 RCX: 00000000004563fa [ 2421.503055] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2421.510323] RBP: 00007ffdc7153130 R08: 0000000000000001 R09: 000000000189b940 [ 2421.517590] R10: 000000000189bc10 R11: 0000000000000246 R12: 0000000000000001 [ 2421.524861] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000004 22:48:14 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x3fe, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:14 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x2000000000000000, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) [ 2421.558700] memory: usage 307200kB, limit 307200kB, failcnt 4342 [ 2421.584369] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2421.616038] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2421.638812] Memory cgroup stats for /syz4: cache:24KB rss:129636KB rss_huge:45056KB shmem:72KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:129800KB inactive_file:0KB active_file:0KB unevictable:0KB 22:48:14 executing program 1: syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='children\x00') syz_open_dev$dmmidi(&(0x7f0000000040)='/dev/dmmidi#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$sndseq(0x0, 0x0, 0x0) pipe(&(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x10000014c) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x4, &(0x7f00000001c0)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 22:48:14 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x402, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2421.661997] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=22123,uid=0 [ 2421.684507] Memory cgroup out of memory: Kill process 22123 (syz-executor.4) score 1113 or sacrifice child [ 2421.698084] Killed process 22123 (syz-executor.4) total-vm:72576kB, anon-rss:2216kB, file-rss:35784kB, shmem-rss:0kB [ 2421.787038] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2421.826394] CPU: 1 PID: 7601 Comm: syz-executor.2 Not tainted 5.0.0-rc8+ #89 [ 2421.833595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2421.842950] Call Trace: [ 2421.845558] dump_stack+0x172/0x1f0 [ 2421.849218] dump_header+0x10f/0xb6c [ 2421.852943] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2421.858057] ? ___ratelimit+0x60/0x595 [ 2421.861954] ? do_raw_spin_unlock+0x57/0x270 [ 2421.866375] oom_kill_process.cold+0x10/0x6f5 [ 2421.870884] ? task_will_free_mem+0x139/0x6e0 [ 2421.875398] out_of_memory+0x79a/0x1280 [ 2421.879402] ? oom_killer_disable+0x280/0x280 [ 2421.883918] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2421.889035] mem_cgroup_out_of_memory+0x99/0xe0 [ 2421.893710] ? memcg_memory_event+0x40/0x40 [ 2421.898041] ? _raw_spin_unlock+0x2d/0x50 [ 2421.902195] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2421.907313] try_charge+0xfec/0x1570 [ 2421.911029] ? find_held_lock+0x35/0x130 [ 2421.915105] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2421.919961] ? kasan_check_read+0x11/0x20 [ 2421.924127] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2421.928997] mem_cgroup_try_charge+0x24d/0x5e0 [ 2421.933598] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2421.938549] wp_page_copy+0x408/0x1740 [ 2421.942446] ? find_held_lock+0x35/0x130 [ 2421.946531] ? pmd_pfn+0x1d0/0x1d0 [ 2421.950099] ? lock_downgrade+0x810/0x810 [ 2421.954252] ? swp_swapcount+0x540/0x540 [ 2421.958325] ? kasan_check_read+0x11/0x20 [ 2421.962478] ? do_raw_spin_unlock+0x57/0x270 [ 2421.966908] do_wp_page+0x2ed/0x1520 [ 2421.970634] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2421.975338] __handle_mm_fault+0x22db/0x3f20 [ 2421.979759] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2421.984617] ? find_held_lock+0x35/0x130 [ 2421.988681] ? handle_mm_fault+0x322/0xb30 [ 2421.992930] ? kasan_check_read+0x11/0x20 [ 2421.997085] handle_mm_fault+0x43f/0xb30 [ 2422.001156] __do_page_fault+0x5da/0xd60 [ 2422.005266] do_page_fault+0x71/0x581 [ 2422.009089] ? page_fault+0x8/0x30 [ 2422.012638] page_fault+0x1e/0x30 [ 2422.016097] RIP: 0033:0x45651e [ 2422.019295] Code: 5c 41 5d 41 5e 5d c3 48 c7 c2 d4 ff ff ff f7 d8 41 bd ff ff ff ff 64 89 02 64 8b 04 25 d0 02 00 00 41 39 c4 0f 85 2f 01 00 00 <64> 44 89 04 25 d4 02 00 00 45 85 f6 0f 85 7f 00 00 00 48 85 db 74 22:48:15 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x3f00000000000000, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:48:15 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6ab, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:48:15 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x403, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2422.038200] RSP: 002b:00007fff02590460 EFLAGS: 00010246 [ 2422.043564] RAX: 0000000000000001 RBX: 00007fff02590460 RCX: 00000000004563fa [ 2422.050848] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2422.058115] RBP: 00007fff025904a0 R08: 0000000000000001 R09: 0000000001fbd940 [ 2422.065385] R10: 0000000001fbdc10 R11: 0000000000000246 R12: 0000000000000001 [ 2422.072654] R13: 00000000000048cf R14: 0000000000000000 R15: 0000000000000002 [ 2422.528169] memory: usage 307196kB, limit 307200kB, failcnt 5098 [ 2422.541271] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2422.564092] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2422.578920] Memory cgroup stats for /syz2: cache:12KB rss:123376KB rss_huge:28672KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:123384KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2422.635213] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=23907,uid=0 [ 2422.664846] Memory cgroup out of memory: Kill process 23907 (syz-executor.2) score 124 or sacrifice child [ 2422.688507] Killed process 23907 (syz-executor.2) total-vm:72576kB, anon-rss:2212kB, file-rss:35784kB, shmem-rss:0kB [ 2422.731281] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2422.745949] CPU: 0 PID: 23938 Comm: syz-executor.2 Not tainted 5.0.0-rc8+ #89 [ 2422.753236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2422.762601] Call Trace: [ 2422.765232] dump_stack+0x172/0x1f0 [ 2422.768891] dump_header+0x10f/0xb6c [ 2422.772608] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2422.777708] ? ___ratelimit+0x60/0x595 [ 2422.781601] ? do_raw_spin_unlock+0x57/0x270 [ 2422.786015] oom_kill_process.cold+0x10/0x6f5 [ 2422.790523] ? task_will_free_mem+0x139/0x6e0 [ 2422.795033] out_of_memory+0x79a/0x1280 [ 2422.799028] ? oom_killer_disable+0x280/0x280 [ 2422.803519] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2422.808627] mem_cgroup_out_of_memory+0x99/0xe0 [ 2422.813305] ? memcg_memory_event+0x40/0x40 [ 2422.817645] ? _raw_spin_unlock+0x2d/0x50 [ 2422.821803] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2422.826926] try_charge+0xb4a/0x1570 [ 2422.830643] ? find_held_lock+0x35/0x130 [ 2422.834711] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2422.839561] ? kasan_check_read+0x11/0x20 [ 2422.843734] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2422.848588] mem_cgroup_try_charge+0x24d/0x5e0 [ 2422.853183] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2422.858119] wp_page_copy+0x408/0x1740 [ 2422.862013] ? find_held_lock+0x35/0x130 [ 2422.866107] ? pmd_pfn+0x1d0/0x1d0 [ 2422.869691] ? lock_downgrade+0x810/0x810 [ 2422.873857] ? swp_swapcount+0x540/0x540 [ 2422.877930] ? kasan_check_read+0x11/0x20 [ 2422.882085] ? do_raw_spin_unlock+0x57/0x270 [ 2422.886499] do_wp_page+0x2ed/0x1520 [ 2422.890220] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2422.894908] __handle_mm_fault+0x22db/0x3f20 [ 2422.899344] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2422.904219] ? find_held_lock+0x35/0x130 [ 2422.908289] ? handle_mm_fault+0x322/0xb30 [ 2422.912541] ? kasan_check_read+0x11/0x20 [ 2422.916702] handle_mm_fault+0x43f/0xb30 [ 2422.920786] __do_page_fault+0x5da/0xd60 [ 2422.924869] do_page_fault+0x71/0x581 [ 2422.928694] page_fault+0x1e/0x30 [ 2422.932153] RIP: 0010:__put_user_4+0x1c/0x30 [ 2422.936562] Code: 1f 00 c3 90 66 2e 0f 1f 84 00 00 00 00 00 65 48 8b 1c 25 40 ee 01 00 48 8b 9b 18 14 00 00 48 83 eb 03 48 39 d9 73 3c 0f 1f 00 <89> 01 31 c0 0f 1f 00 c3 66 90 66 2e 0f 1f 84 00 00 00 00 00 65 48 [ 2422.955457] RSP: 0018:ffff888030607f30 EFLAGS: 00010293 [ 2422.960816] RAX: 00000000000048cf RBX: 00007fffffffeffd RCX: 0000000001fbdc10 [ 2422.968096] RDX: dffffc0000000000 RSI: 1ffff11011c1e950 RDI: ffff88808e0f47a8 [ 2422.975363] RBP: ffff888030607f48 R08: ffff88808e0f4200 R09: 0000000000000001 [ 2422.982630] R10: ffffed1015d25bcf R11: ffff8880ae92de7b R12: 0000000000000000 [ 2422.989894] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2422.997203] ? schedule_tail+0xd8/0x130 [ 2423.001182] ret_from_fork+0x8/0x50 [ 2423.004825] RIP: 0033:0x4563fa [ 2423.008032] Code: Bad RIP value. [ 2423.011395] RSP: 002b:00007fff02590460 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2423.019104] RAX: 0000000000000000 RBX: 00007fff02590460 RCX: 00000000004563fa [ 2423.026387] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2423.033667] RBP: 00007fff025904a0 R08: 0000000000000001 R09: 0000000001fbd940 [ 2423.040949] R10: 0000000001fbdc10 R11: 0000000000000246 R12: 0000000000000001 [ 2423.048226] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000002 [ 2423.058562] net_ratelimit: 24 callbacks suppressed [ 2423.058570] protocol 88fb is buggy, dev hsr_slave_0 [ 2423.067727] memory: usage 305004kB, limit 307200kB, failcnt 5098 [ 2423.068603] protocol 88fb is buggy, dev hsr_slave_1 [ 2423.068678] protocol 88fb is buggy, dev hsr_slave_0 [ 2423.068728] protocol 88fb is buggy, dev hsr_slave_1 [ 2423.075356] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2423.104446] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2423.111463] Memory cgroup stats for /syz2: cache:12KB rss:121196KB rss_huge:26624KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:121236KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2423.140425] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=22949,uid=0 [ 2423.163817] Memory cgroup out of memory: Kill process 22949 (syz-executor.2) score 124 or sacrifice child [ 2423.176917] Killed process 22949 (syz-executor.2) total-vm:72444kB, anon-rss:2204kB, file-rss:35784kB, shmem-rss:0kB [ 2423.202225] oom_reaper: reaped process 22949 (syz-executor.2), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB [ 2423.224353] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2423.248429] protocol 88fb is buggy, dev hsr_slave_0 [ 2423.248441] protocol 88fb is buggy, dev hsr_slave_0 [ 2423.253498] protocol 88fb is buggy, dev hsr_slave_1 [ 2423.253618] CPU: 1 PID: 23946 Comm: syz-executor.0 Not tainted 5.0.0-rc8+ #89 [ 2423.258715] protocol 88fb is buggy, dev hsr_slave_1 [ 2423.263558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2423.263565] Call Trace: [ 2423.263588] dump_stack+0x172/0x1f0 [ 2423.263614] dump_header+0x10f/0xb6c [ 2423.263631] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2423.263647] ? ___ratelimit+0x60/0x595 [ 2423.271166] protocol 88fb is buggy, dev hsr_slave_0 [ 2423.275914] ? do_raw_spin_unlock+0x57/0x270 [ 2423.275937] oom_kill_process.cold+0x10/0x6f5 [ 2423.275959] ? task_will_free_mem+0x139/0x6e0 [ 2423.275984] out_of_memory+0x79a/0x1280 [ 2423.276007] ? oom_killer_disable+0x280/0x280 [ 2423.285507] protocol 88fb is buggy, dev hsr_slave_1 [ 2423.287913] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2423.287941] mem_cgroup_out_of_memory+0x99/0xe0 [ 2423.287961] ? memcg_memory_event+0x40/0x40 [ 2423.350087] ? _raw_spin_unlock+0x2d/0x50 [ 2423.354236] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2423.359347] try_charge+0xfec/0x1570 [ 2423.363076] ? find_held_lock+0x35/0x130 [ 2423.367152] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2423.372004] ? kasan_check_read+0x11/0x20 [ 2423.376182] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2423.381036] mem_cgroup_try_charge+0x24d/0x5e0 [ 2423.385662] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2423.390596] wp_page_copy+0x408/0x1740 [ 2423.394481] ? find_held_lock+0x35/0x130 [ 2423.398555] ? pmd_pfn+0x1d0/0x1d0 [ 2423.402117] ? lock_downgrade+0x810/0x810 [ 2423.406287] ? __pte_alloc_kernel+0x220/0x220 [ 2423.410796] ? kasan_check_read+0x11/0x20 [ 2423.414948] ? do_raw_spin_unlock+0x57/0x270 [ 2423.419357] do_wp_page+0x2ed/0x1520 [ 2423.423075] ? rwlock_bug.part.0+0x90/0x90 [ 2423.427311] ? lock_acquire+0x16f/0x3f0 [ 2423.431290] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2423.435963] ? add_mm_counter_fast.part.0+0x40/0x40 [ 2423.440991] __handle_mm_fault+0x22db/0x3f20 [ 2423.445402] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2423.450243] ? find_held_lock+0x35/0x130 [ 2423.454299] ? handle_mm_fault+0x322/0xb30 [ 2423.458561] ? kasan_check_read+0x11/0x20 [ 2423.462713] handle_mm_fault+0x43f/0xb30 [ 2423.466794] __do_page_fault+0x5da/0xd60 [ 2423.470871] do_page_fault+0x71/0x581 [ 2423.474666] ? page_fault+0x8/0x30 [ 2423.478218] page_fault+0x1e/0x30 [ 2423.481683] RIP: 0033:0x40d1e8 [ 2423.484872] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf bf d4 4b 00 31 c0 e8 43 47 ff ff 31 ff e8 8c 43 ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d 7e 32 64 00 [ 2423.504014] RSP: 002b:00007ffc56cc4240 EFLAGS: 00010246 [ 2423.509394] RAX: 00000000f0870189 RBX: 0000000031530f3b RCX: 0000001b2f620000 [ 2423.516659] RDX: 0000000000000000 RSI: 0000000000000189 RDI: fffffffff0870189 [ 2423.523928] RBP: 0000000000000009 R08: 00000000f0870189 R09: 00000000f087018d [ 2423.531208] R10: 00007ffc56cc43d0 R11: 0000000000000246 R12: 000000000073bf88 [ 2423.538470] R13: 0000000080000000 R14: 00007f028c93c008 R15: 0000000000000009 [ 2423.549921] memory: usage 307176kB, limit 307200kB, failcnt 5986 [ 2423.556698] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2423.564734] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2423.573987] Memory cgroup stats for /syz0: cache:4836KB rss:120712KB rss_huge:28672KB shmem:160KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:120880KB inactive_file:0KB active_file:0KB unevictable:4780KB [ 2423.596127] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=23788,uid=0 [ 2423.612250] Memory cgroup out of memory: Kill process 23788 (syz-executor.0) score 124 or sacrifice child [ 2423.626284] Killed process 23788 (syz-executor.0) total-vm:72576kB, anon-rss:2216kB, file-rss:35788kB, shmem-rss:0kB [ 2423.668308] syz-executor.4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 2423.684702] CPU: 1 PID: 7608 Comm: syz-executor.4 Not tainted 5.0.0-rc8+ #89 [ 2423.691898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2423.701247] Call Trace: [ 2423.703846] dump_stack+0x172/0x1f0 [ 2423.707487] dump_header+0x10f/0xb6c [ 2423.711210] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2423.716321] ? ___ratelimit+0x60/0x595 [ 2423.720230] ? do_raw_spin_unlock+0x57/0x270 [ 2423.724653] oom_kill_process.cold+0x10/0x6f5 [ 2423.729168] ? task_will_free_mem+0x139/0x6e0 [ 2423.733679] out_of_memory+0x79a/0x1280 [ 2423.737673] ? oom_killer_disable+0x280/0x280 [ 2423.742175] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2423.747293] mem_cgroup_out_of_memory+0x99/0xe0 [ 2423.751969] ? memcg_memory_event+0x40/0x40 [ 2423.756305] ? _raw_spin_unlock+0x2d/0x50 [ 2423.760459] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2423.765565] try_charge+0xfec/0x1570 [ 2423.769280] ? find_held_lock+0x35/0x130 [ 2423.773397] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2423.778248] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2423.783095] ? find_held_lock+0x35/0x130 [ 2423.787174] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2423.792040] memcg_kmem_charge_memcg+0x7c/0x130 [ 2423.796718] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2423.801233] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2423.806088] memcg_kmem_charge+0x13b/0x340 [ 2423.810336] __alloc_pages_nodemask+0x437/0x710 [ 2423.815025] ? debug_smp_processor_id+0x1c/0x20 [ 2423.819705] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2423.824731] ? copy_page_range+0x125a/0x1f90 [ 2423.829275] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2423.834829] alloc_pages_current+0x107/0x210 [ 2423.839253] pte_alloc_one+0x1b/0x1a0 [ 2423.843088] __pte_alloc+0x20/0x310 [ 2423.846730] copy_page_range+0x1529/0x1f90 [ 2423.850979] ? mark_held_locks+0x100/0x100 [ 2423.855246] ? pmd_alloc+0x180/0x180 [ 2423.858969] ? __rb_insert_augmented+0x231/0xdf0 [ 2423.863732] ? validate_mm_rb+0xa3/0xc0 [ 2423.867753] ? __vma_link_rb+0x279/0x370 [ 2423.871839] copy_process.part.0+0x56aa/0x79a0 [ 2423.876466] ? __cleanup_sighand+0x70/0x70 [ 2423.880732] _do_fork+0x257/0xfe0 [ 2423.884204] ? fork_idle+0x1d0/0x1d0 [ 2423.887934] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2423.892696] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2423.897461] ? do_syscall_64+0x26/0x610 [ 2423.901446] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2423.906814] ? do_syscall_64+0x26/0x610 [ 2423.910810] __x64_sys_clone+0xbf/0x150 [ 2423.914805] do_syscall_64+0x103/0x610 [ 2423.918705] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2423.923895] RIP: 0033:0x4563fa [ 2423.927092] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2423.945996] RSP: 002b:00007ffdc71530f0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2423.953711] RAX: ffffffffffffffda RBX: 00007ffdc71530f0 RCX: 00000000004563fa [ 2423.960986] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2423.968260] RBP: 00007ffdc7153130 R08: 0000000000000001 R09: 000000000189b940 [ 2423.975540] R10: 000000000189bc10 R11: 0000000000000246 R12: 0000000000000001 [ 2423.982817] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000004 [ 2423.994538] memory: usage 307200kB, limit 307200kB, failcnt 4370 [ 2424.002496] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2424.010105] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2424.017305] Memory cgroup stats for /syz4: cache:24KB rss:129796KB rss_huge:45056KB shmem:72KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:129804KB inactive_file:8KB active_file:0KB unevictable:0KB [ 2424.044260] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=23241,uid=0 [ 2424.059877] Memory cgroup out of memory: Kill process 23241 (syz-executor.4) score 1113 or sacrifice child 22:48:17 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0xb8010000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:17 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x404, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:17 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x4000000000000000, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:48:17 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0xfff7fffffffffffa, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_XEN_HVM_CONFIG(r1, 0x8070ae9f, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000000)='teql0\x00', 0x10) 22:48:17 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x320]}, 0x2c) [ 2424.070900] Killed process 23241 (syz-executor.4) total-vm:72576kB, anon-rss:2216kB, file-rss:35784kB, shmem-rss:0kB 22:48:17 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x405, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:17 executing program 1: timerfd_create(0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00') mq_timedreceive(r0, 0x0, 0x27d, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_INFO(r0, 0x80e85411, &(0x7f0000000000)=""/106) 22:48:17 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0xba030000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:17 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6ac, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:48:17 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ca]}, 0x2c) 22:48:17 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x4002000000000000, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:48:17 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = creat(&(0x7f0000000340)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="7570706572f7ffffffffffffff6c6530086c6f7765726469723d2e2f76696c65312c776f726b6469723d2e2f66696c653192a2383a76"]) chdir(&(0x7f0000000280)='./file0\x00') r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0) getpeername(r0, &(0x7f00000002c0)=@xdp={0x2c, 0x0, 0x0}, &(0x7f00000001c0)=0x80) write$binfmt_script(r1, &(0x7f0000000100)={'#! ', './file0', [{0x20, 'overlay\x00'}, {0x20, 'selinux*wlan0em0!'}], 0xa, "ec071fe48c3b1de4d9e7db5846d0c7e9ddfd75eee7c6d03232af5f31b402e39e9fbcceb19da1f8393111b45ede9458debef72bed14ae06430439c0cd6a6072d595ef3b04754522778636a27b6d0a39a27d906419b6ddb8067ed30c340dece836be2133731194bf5418740b0fd323caf265"}, 0x97) ioctl$sock_inet6_SIOCSIFDSTADDR(r1, 0x8918, &(0x7f0000000240)={@mcast2, 0x8, r3}) open(&(0x7f0000000000)='./file0\x00', 0x20102, 0x0) setsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000000080)=0x7, 0x4) fsync(r2) 22:48:17 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x406, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:17 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6ad, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) [ 2424.573230] overlayfs: unrecognized mount option "upper÷ÿÿÿÿÿÿÿle0lowerdir=./vile1" or missing value [ 2424.597304] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2424.639984] CPU: 1 PID: 24039 Comm: syz-executor.0 Not tainted 5.0.0-rc8+ #89 [ 2424.647282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2424.656636] Call Trace: [ 2424.659243] dump_stack+0x172/0x1f0 [ 2424.662894] dump_header+0x10f/0xb6c [ 2424.666619] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2424.671735] ? ___ratelimit+0x60/0x595 [ 2424.675648] ? do_raw_spin_unlock+0x57/0x270 [ 2424.680077] oom_kill_process.cold+0x10/0x6f5 [ 2424.684590] ? task_will_free_mem+0x139/0x6e0 [ 2424.689108] out_of_memory+0x79a/0x1280 [ 2424.693094] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2424.698212] ? oom_killer_disable+0x280/0x280 [ 2424.702714] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2424.707839] mem_cgroup_out_of_memory+0x99/0xe0 [ 2424.712522] ? memcg_memory_event+0x40/0x40 [ 2424.716873] ? _raw_spin_unlock+0x2d/0x50 [ 2424.721030] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2424.726146] try_charge+0xfec/0x1570 [ 2424.729868] ? find_held_lock+0x35/0x130 [ 2424.733947] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2424.738822] ? kasan_check_read+0x11/0x20 [ 2424.742991] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2424.747844] mem_cgroup_try_charge+0x24d/0x5e0 [ 2424.752444] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2424.757385] wp_page_copy+0x408/0x1740 [ 2424.761278] ? find_held_lock+0x35/0x130 [ 2424.765356] ? pmd_pfn+0x1d0/0x1d0 [ 2424.768907] ? lock_downgrade+0x810/0x810 [ 2424.773080] ? swp_swapcount+0x540/0x540 [ 2424.777170] ? kasan_check_read+0x11/0x20 [ 2424.781326] ? do_raw_spin_unlock+0x57/0x270 [ 2424.785758] do_wp_page+0x2ed/0x1520 [ 2424.789496] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2424.794218] __handle_mm_fault+0x22db/0x3f20 [ 2424.798683] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2424.803548] ? find_held_lock+0x35/0x130 [ 2424.807617] ? handle_mm_fault+0x322/0xb30 [ 2424.811882] ? kasan_check_read+0x11/0x20 [ 2424.816048] handle_mm_fault+0x43f/0xb30 [ 2424.820129] __do_page_fault+0x5da/0xd60 [ 2424.824212] do_page_fault+0x71/0x581 [ 2424.828023] ? page_fault+0x8/0x30 [ 2424.831570] page_fault+0x1e/0x30 [ 2424.835024] RIP: 0033:0x40aee8 [ 2424.838221] Code: 00 00 49 8d be 88 00 00 00 48 89 ea 48 89 de 0f 85 dd 00 00 00 e8 48 27 00 00 8b 05 22 d1 32 00 48 8b 15 b3 55 64 00 83 c0 01 <89> 05 12 d1 32 00 89 02 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f [ 2424.857126] RSP: 002b:00007ffc56cc42a0 EFLAGS: 00010202 [ 2424.862491] RAX: 0000000000000001 RBX: 0000001b2e620014 RCX: 0000001b2f620000 [ 2424.869779] RDX: 0000001b2e620000 RSI: 00000000000011fe RDI: ffffffffecafd1fe [ 2424.877052] RBP: 0000001b2e620018 R08: 00000000ecafd1fe R09: 00000000ecafd202 22:48:18 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x48744b8c00000000, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:48:18 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x407, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2424.884327] R10: 00007ffc56cc43d0 R11: 0000000000000246 R12: 0000001b2e62001c [ 2424.891595] R13: 000000000024feb2 R14: 000000000073bf00 R15: 000000000073bf0c [ 2424.904104] memory: usage 307200kB, limit 307200kB, failcnt 6022 [ 2424.918474] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2424.927897] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2424.957083] Memory cgroup stats for /syz0: cache:4836KB rss:120760KB rss_huge:28672KB shmem:160KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:120896KB inactive_file:4KB active_file:4KB unevictable:4780KB 22:48:18 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = eventfd(0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000040)={r1, 0x0, 0x0, r1}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) dup3(r3, r2, 0x0) 22:48:18 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f2]}, 0x2c) 22:48:18 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6ae, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) [ 2425.042064] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=23931,uid=0 [ 2425.145063] Memory cgroup out of memory: Kill process 23931 (syz-executor.0) score 124 or sacrifice child [ 2425.189995] Killed process 23931 (syz-executor.0) total-vm:72576kB, anon-rss:2216kB, file-rss:35784kB, shmem-rss:0kB [ 2425.259710] oom_reaper: reaped process 23931 (syz-executor.0), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 22:48:18 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0xbc030000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:18 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6af, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:48:18 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f4]}, 0x2c) 22:48:18 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x408, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:18 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070") r1 = syz_open_dev$usb(&(0x7f0000000180)='/dev/bus/usb/00#/00#\x00', 0x80000000007, 0x58081) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) clock_nanosleep(0x4, 0x0, &(0x7f0000000080)={r2, r3+10000000}, &(0x7f0000000140)) ioctl$FS_IOC_FSGETXATTR(r1, 0x802c550a, &(0x7f0000000100)={0x2, 0x0, 0x0, 0x740000, 0xf7ffffff7ff0bdbe}) ioctl$SCSI_IOCTL_GET_PCI(r1, 0x4004550c, &(0x7f0000000040)) 22:48:18 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x5000000000000000, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:48:18 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6b0, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) [ 2425.453355] syz-executor.3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 2425.524158] CPU: 1 PID: 8688 Comm: syz-executor.3 Not tainted 5.0.0-rc8+ #89 [ 2425.531367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2425.540722] Call Trace: [ 2425.543363] dump_stack+0x172/0x1f0 [ 2425.547032] dump_header+0x10f/0xb6c [ 2425.550748] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2425.555862] ? ___ratelimit+0x60/0x595 [ 2425.559754] ? do_raw_spin_unlock+0x57/0x270 [ 2425.564187] oom_kill_process.cold+0x10/0x6f5 [ 2425.568706] ? task_will_free_mem+0x139/0x6e0 [ 2425.573227] out_of_memory+0x79a/0x1280 [ 2425.577224] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2425.582339] ? oom_killer_disable+0x280/0x280 [ 2425.586843] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2425.591967] mem_cgroup_out_of_memory+0x99/0xe0 [ 2425.596644] ? memcg_memory_event+0x40/0x40 [ 2425.600984] ? _raw_spin_unlock+0x2d/0x50 [ 2425.605143] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2425.610253] try_charge+0xfec/0x1570 [ 2425.613978] ? find_held_lock+0x35/0x130 [ 2425.618054] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2425.622909] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2425.627756] ? find_held_lock+0x35/0x130 [ 2425.631836] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2425.636699] memcg_kmem_charge_memcg+0x7c/0x130 [ 2425.641376] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2425.645888] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2425.650741] memcg_kmem_charge+0x13b/0x340 [ 2425.654996] __alloc_pages_nodemask+0x437/0x710 [ 2425.659686] ? debug_smp_processor_id+0x1c/0x20 [ 2425.664364] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2425.669399] ? copy_page_range+0x125a/0x1f90 [ 2425.673835] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2425.679416] alloc_pages_current+0x107/0x210 [ 2425.683850] pte_alloc_one+0x1b/0x1a0 [ 2425.687670] __pte_alloc+0x20/0x310 [ 2425.691321] copy_page_range+0x1529/0x1f90 [ 2425.695563] ? mark_held_locks+0x100/0x100 [ 2425.699836] ? pmd_alloc+0x180/0x180 [ 2425.703561] ? __rb_insert_augmented+0x231/0xdf0 [ 2425.708322] ? validate_mm_rb+0xa3/0xc0 [ 2425.712304] ? __vma_link_rb+0x279/0x370 [ 2425.716381] copy_process.part.0+0x56aa/0x79a0 [ 2425.721008] ? __cleanup_sighand+0x70/0x70 [ 2425.725271] _do_fork+0x257/0xfe0 [ 2425.728743] ? fork_idle+0x1d0/0x1d0 [ 2425.732495] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2425.737261] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2425.742026] ? do_syscall_64+0x26/0x610 [ 2425.746009] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2425.751373] ? do_syscall_64+0x26/0x610 [ 2425.755375] __x64_sys_clone+0xbf/0x150 [ 2425.759377] do_syscall_64+0x103/0x610 [ 2425.763272] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2425.768464] RIP: 0033:0x4563fa [ 2425.771655] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2425.790581] RSP: 002b:00007ffd944dfb30 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2425.798290] RAX: ffffffffffffffda RBX: 00007ffd944dfb30 RCX: 00000000004563fa [ 2425.805572] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2425.812841] RBP: 00007ffd944dfb70 R08: 0000000000000001 R09: 0000000002439940 22:48:19 executing program 1: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) r3 = dup2(r0, r2) accept4$x25(r3, &(0x7f0000000040)={0x9, @remote}, &(0x7f0000000080)=0x12, 0x800) r4 = openat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x40, 0x100) getsockopt$bt_BT_POWER(r4, 0x112, 0x9, &(0x7f0000000140)=0x8001, &(0x7f0000000180)=0x1) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x7) [ 2425.820110] R10: 0000000002439c10 R11: 0000000000000246 R12: 0000000000000001 [ 2425.827377] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000003 22:48:19 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x8dffffff00000000, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:48:19 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6b1, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:48:19 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3fa]}, 0x2c) 22:48:19 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0xca010000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2425.903160] memory: usage 307200kB, limit 307200kB, failcnt 6054 [ 2425.963435] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 22:48:19 executing program 1: syz_emit_ethernet(0x3a, &(0x7f0000000080)={@local, @link_local, [], {@ipv4={0x800, {{0x9, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x0, 0x0, @remote, @local, {[@timestamp={0x44, 0x10, 0x7, 0x0, 0x0, [{}, {}, {}]}]}}, @igmp={0x0, 0x0, 0x0, @multicast1}}}}}, 0x0) lsetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=@known='system.advise\x00', &(0x7f00000000c0)=']\x00', 0x2, 0x2) 22:48:19 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500]}, 0x2c) 22:48:19 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6b2, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) [ 2426.008135] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2426.027531] Memory cgroup stats for /syz3: cache:0KB rss:120020KB rss_huge:32768KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:120084KB inactive_file:24KB active_file:0KB unevictable:0KB [ 2426.113917] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=23445,uid=0 [ 2426.138011] Memory cgroup out of memory: Kill process 23445 (syz-executor.3) score 1113 or sacrifice child [ 2426.160677] Killed process 23445 (syz-executor.3) total-vm:72576kB, anon-rss:2208kB, file-rss:35784kB, shmem-rss:0kB [ 2426.263000] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2426.274124] CPU: 0 PID: 7608 Comm: syz-executor.4 Not tainted 5.0.0-rc8+ #89 [ 2426.281337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2426.290688] Call Trace: [ 2426.293302] dump_stack+0x172/0x1f0 [ 2426.296946] dump_header+0x10f/0xb6c [ 2426.300668] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2426.305801] ? ___ratelimit+0x60/0x595 [ 2426.309706] ? do_raw_spin_unlock+0x57/0x270 [ 2426.314125] oom_kill_process.cold+0x10/0x6f5 [ 2426.318636] ? task_will_free_mem+0x139/0x6e0 [ 2426.323163] out_of_memory+0x79a/0x1280 [ 2426.327156] ? oom_killer_disable+0x280/0x280 [ 2426.331656] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2426.336794] mem_cgroup_out_of_memory+0x99/0xe0 [ 2426.341500] ? memcg_memory_event+0x40/0x40 [ 2426.345834] ? _raw_spin_unlock+0x2d/0x50 [ 2426.349989] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2426.355104] try_charge+0xfec/0x1570 [ 2426.358823] ? find_held_lock+0x35/0x130 [ 2426.362904] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2426.367761] ? kasan_check_read+0x11/0x20 [ 2426.371933] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2426.376797] mem_cgroup_try_charge+0x24d/0x5e0 [ 2426.381392] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2426.386331] wp_page_copy+0x408/0x1740 [ 2426.390241] ? find_held_lock+0x35/0x130 [ 2426.394316] ? pmd_pfn+0x1d0/0x1d0 [ 2426.397863] ? lock_downgrade+0x810/0x810 [ 2426.402056] ? swp_swapcount+0x540/0x540 [ 2426.406125] ? kasan_check_read+0x11/0x20 [ 2426.410293] ? do_raw_spin_unlock+0x57/0x270 [ 2426.414708] do_wp_page+0x2ed/0x1520 [ 2426.418445] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2426.423132] __handle_mm_fault+0x22db/0x3f20 [ 2426.427554] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2426.432405] ? find_held_lock+0x35/0x130 [ 2426.436475] ? handle_mm_fault+0x322/0xb30 [ 2426.440730] ? kasan_check_read+0x11/0x20 [ 2426.444902] handle_mm_fault+0x43f/0xb30 [ 2426.448985] __do_page_fault+0x5da/0xd60 [ 2426.453068] do_page_fault+0x71/0x581 [ 2426.456878] ? page_fault+0x8/0x30 [ 2426.460440] page_fault+0x1e/0x30 [ 2426.463911] RIP: 0033:0x455e71 [ 2426.467108] Code: 48 81 ec 98 00 00 00 0f 05 48 3d 00 f0 ff ff 48 89 c3 0f 87 e9 00 00 00 85 db 0f 88 2f 01 00 00 48 89 e2 89 de bf 01 00 00 00 0a 13 00 00 85 c0 0f 88 98 00 00 00 8b 44 24 18 25 00 f0 00 00 [ 2426.486009] RSP: 002b:00007ffdc7151fa0 EFLAGS: 00010206 [ 2426.491377] RAX: 0000000000000003 RBX: 0000000000000003 RCX: 0000000000455e50 [ 2426.498651] RDX: 00007ffdc7151fa0 RSI: 0000000000000003 RDI: 0000000000000001 [ 2426.505924] RBP: 000000000000475e R08: 0000000000000001 R09: 000000000189b940 [ 2426.513193] R10: 0000000000000000 R11: 0000000000000206 R12: 00007ffdc7153180 [ 2426.520461] R13: 000000000025048c R14: 0000000000000000 R15: 0000000000000004 [ 2426.540842] memory: usage 308404kB, limit 307200kB, failcnt 4395 [ 2426.548144] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2426.564591] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2426.576679] Memory cgroup stats for /syz4: cache:24KB rss:130144KB rss_huge:45056KB shmem:72KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:130244KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2426.605568] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=23975,uid=0 [ 2426.639797] Memory cgroup out of memory: Kill process 23975 (syz-executor.4) score 1113 or sacrifice child 22:48:19 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x409, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:19 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x91ffffff00000000, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:48:19 executing program 1: syz_open_dev$sndtimer(0x0, 0x0, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x801, 0x0) socket$can_raw(0x1d, 0x3, 0x1) ioctl$KVM_GET_XSAVE(r0, 0x9000aea4, &(0x7f00000004c0)) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000480), 0x8) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, 0x0, &(0x7f0000000380)) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000000)={0x0, 0x6, 0x0, 0x0, 0x0, 0x9917, 0xffff}, 0x0) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000300)={0x10001, 0x0, 0x0, 0x273e}, 0x0) unshare(0x40000000) setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f00000000c0), 0x4) ioctl$CAPI_MANUFACTURER_CMD(0xffffffffffffffff, 0xc0104320, 0x0) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cachefiles\x00', 0x200, 0x0) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x0, 0x0) ioctl$VIDIOC_G_AUDOUT(r2, 0x80345631, &(0x7f0000000040)) setgroups(0x1, &(0x7f0000001580)=[0x0]) connect$rose(0xffffffffffffffff, 0x0, 0x0) ioctl$DRM_IOCTL_MODESET_CTL(r1, 0x40086408, &(0x7f0000000080)={0x3}) 22:48:19 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0xca030000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:19 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c) [ 2426.657394] Killed process 23975 (syz-executor.4) total-vm:72576kB, anon-rss:2216kB, file-rss:35784kB, shmem-rss:0kB [ 2426.680852] oom_reaper: reaped process 23975 (syz-executor.4), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB [ 2426.811856] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 2426.842317] IPVS: ftp: loaded support on port[0] = 21 [ 2426.886909] CPU: 1 PID: 7595 Comm: syz-executor.0 Not tainted 5.0.0-rc8+ #89 [ 2426.894132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2426.903485] Call Trace: [ 2426.906085] dump_stack+0x172/0x1f0 [ 2426.909729] dump_header+0x10f/0xb6c [ 2426.909747] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2426.909774] ? ___ratelimit+0x60/0x595 [ 2426.909790] ? do_raw_spin_unlock+0x57/0x270 [ 2426.909811] oom_kill_process.cold+0x10/0x6f5 [ 2426.909833] ? task_will_free_mem+0x139/0x6e0 22:48:20 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700]}, 0x2c) [ 2426.909859] out_of_memory+0x79a/0x1280 [ 2426.909880] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2426.909897] ? oom_killer_disable+0x280/0x280 [ 2426.926960] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2426.927018] mem_cgroup_out_of_memory+0x99/0xe0 [ 2426.927034] ? memcg_memory_event+0x40/0x40 [ 2426.927057] ? _raw_spin_unlock+0x2d/0x50 [ 2426.927072] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2426.927088] try_charge+0xfec/0x1570 [ 2426.927105] ? find_held_lock+0x35/0x130 [ 2426.936083] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2426.936101] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2426.936116] ? find_held_lock+0x35/0x130 [ 2426.936135] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2426.936163] memcg_kmem_charge_memcg+0x7c/0x130 [ 2426.936178] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2426.936200] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2426.936219] memcg_kmem_charge+0x13b/0x340 [ 2426.945270] __alloc_pages_nodemask+0x437/0x710 [ 2426.945287] ? debug_smp_processor_id+0x1c/0x20 [ 2426.945306] ? __alloc_pages_slowpath+0x2900/0x2900 22:48:20 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x40a, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2426.945330] ? copy_page_range+0x125a/0x1f90 [ 2426.945348] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2426.945370] alloc_pages_current+0x107/0x210 [ 2426.945392] pte_alloc_one+0x1b/0x1a0 [ 2426.945408] __pte_alloc+0x20/0x310 [ 2426.954991] copy_page_range+0x1529/0x1f90 [ 2426.955007] ? mark_held_locks+0x100/0x100 [ 2426.955048] ? pmd_alloc+0x180/0x180 [ 2426.955064] ? __rb_insert_augmented+0x231/0xdf0 [ 2426.955081] ? validate_mm_rb+0xa3/0xc0 [ 2426.955101] ? __vma_link_rb+0x279/0x370 [ 2426.955126] copy_process.part.0+0x56aa/0x79a0 [ 2426.955173] ? __cleanup_sighand+0x70/0x70 [ 2426.964164] _do_fork+0x257/0xfe0 [ 2426.964188] ? fork_idle+0x1d0/0x1d0 [ 2426.964217] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2426.964232] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2426.964249] ? do_syscall_64+0x26/0x610 [ 2426.981297] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2426.981312] ? do_syscall_64+0x26/0x610 [ 2426.981334] __x64_sys_clone+0xbf/0x150 [ 2426.981354] do_syscall_64+0x103/0x610 [ 2426.981373] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2426.981385] RIP: 0033:0x4563fa [ 2426.981400] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2426.981408] RSP: 002b:00007ffc56cc4460 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2426.981421] RAX: ffffffffffffffda RBX: 00007ffc56cc4460 RCX: 00000000004563fa [ 2426.981431] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 22:48:20 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0xb13abe0624020000, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) [ 2426.981439] RBP: 00007ffc56cc44a0 R08: 0000000000000001 R09: 0000000002148940 [ 2426.981448] R10: 0000000002148c10 R11: 0000000000000246 R12: 0000000000000001 [ 2426.981457] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2427.057384] memory: usage 307196kB, limit 307200kB, failcnt 6060 22:48:20 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x40b, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2427.358385] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2427.365376] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 22:48:20 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6b3, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) [ 2427.388532] Memory cgroup stats for /syz0: cache:4836KB rss:120748KB rss_huge:28672KB shmem:160KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:120928KB inactive_file:4KB active_file:4KB unevictable:4780KB 22:48:20 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900]}, 0x2c) [ 2427.575662] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=24024,uid=0 [ 2427.595183] IPVS: ftp: loaded support on port[0] = 21 [ 2427.731818] Memory cgroup out of memory: Kill process 24024 (syz-executor.0) score 124 or sacrifice child 22:48:20 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x40c, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:21 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6b4, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) [ 2427.823919] Killed process 24024 (syz-executor.0) total-vm:72576kB, anon-rss:2216kB, file-rss:35784kB, shmem-rss:0kB 22:48:21 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00]}, 0x2c) 22:48:21 executing program 1: syz_open_dev$sndtimer(0x0, 0x0, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x801, 0x0) socket$can_raw(0x1d, 0x3, 0x1) ioctl$KVM_GET_XSAVE(r0, 0x9000aea4, &(0x7f00000004c0)) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000480), 0x8) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, 0x0, &(0x7f0000000380)) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000000)={0x0, 0x6, 0x0, 0x0, 0x0, 0x9917, 0xffff}, 0x0) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000300)={0x10001, 0x0, 0x0, 0x273e}, 0x0) unshare(0x40000000) setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f00000000c0), 0x4) ioctl$CAPI_MANUFACTURER_CMD(0xffffffffffffffff, 0xc0104320, 0x0) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cachefiles\x00', 0x200, 0x0) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x0, 0x0) ioctl$VIDIOC_G_AUDOUT(r2, 0x80345631, &(0x7f0000000040)) setgroups(0x1, &(0x7f0000001580)=[0x0]) connect$rose(0xffffffffffffffff, 0x0, 0x0) ioctl$DRM_IOCTL_MODESET_CTL(r1, 0x40086408, &(0x7f0000000080)={0x3}) [ 2427.932584] oom_reaper: reaped process 24024 (syz-executor.0), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 22:48:21 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0xcc030000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:21 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0xe803000000000000, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:48:21 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x40d, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:21 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6b5, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:48:21 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb00]}, 0x2c) 22:48:21 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0xce030000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:21 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x40e, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:21 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6b6, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:48:21 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc00]}, 0x2c) 22:48:21 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0xd0030000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:21 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0xf401000000000000, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) [ 2428.600687] syz-executor.4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 2428.655353] CPU: 1 PID: 7608 Comm: syz-executor.4 Not tainted 5.0.0-rc8+ #89 [ 2428.662561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2428.671910] Call Trace: [ 2428.674557] dump_stack+0x172/0x1f0 [ 2428.678217] dump_header+0x10f/0xb6c [ 2428.681936] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2428.687041] ? ___ratelimit+0x60/0x595 [ 2428.690965] ? do_raw_spin_unlock+0x57/0x270 [ 2428.695387] oom_kill_process.cold+0x10/0x6f5 [ 2428.699892] ? task_will_free_mem+0x139/0x6e0 [ 2428.704433] out_of_memory+0x79a/0x1280 [ 2428.708435] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2428.713546] ? oom_killer_disable+0x280/0x280 [ 2428.718038] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2428.723148] mem_cgroup_out_of_memory+0x99/0xe0 [ 2428.727831] ? memcg_memory_event+0x40/0x40 [ 2428.732194] ? _raw_spin_unlock+0x2d/0x50 [ 2428.736447] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2428.741570] try_charge+0xfec/0x1570 [ 2428.745282] ? find_held_lock+0x35/0x130 [ 2428.749352] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2428.754199] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2428.759074] ? find_held_lock+0x35/0x130 [ 2428.763138] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2428.768003] memcg_kmem_charge_memcg+0x7c/0x130 [ 2428.772691] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2428.777211] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2428.782060] memcg_kmem_charge+0x13b/0x340 [ 2428.786303] __alloc_pages_nodemask+0x437/0x710 [ 2428.790975] ? debug_smp_processor_id+0x1c/0x20 [ 2428.795647] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2428.800670] ? copy_page_range+0x125a/0x1f90 [ 2428.805081] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2428.810645] alloc_pages_current+0x107/0x210 [ 2428.815121] pte_alloc_one+0x1b/0x1a0 [ 2428.818942] __pte_alloc+0x20/0x310 [ 2428.822586] copy_page_range+0x1529/0x1f90 [ 2428.826826] ? mark_held_locks+0x100/0x100 [ 2428.831088] ? pmd_alloc+0x180/0x180 [ 2428.834826] ? __rb_insert_augmented+0x231/0xdf0 [ 2428.839590] ? validate_mm_rb+0xa3/0xc0 [ 2428.843572] ? __vma_link_rb+0x279/0x370 [ 2428.847650] copy_process.part.0+0x56aa/0x79a0 [ 2428.852276] ? __cleanup_sighand+0x70/0x70 [ 2428.856552] _do_fork+0x257/0xfe0 [ 2428.860023] ? fork_idle+0x1d0/0x1d0 [ 2428.863759] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2428.868550] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2428.873322] ? do_syscall_64+0x26/0x610 [ 2428.877300] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2428.882665] ? do_syscall_64+0x26/0x610 [ 2428.886644] __x64_sys_clone+0xbf/0x150 [ 2428.890627] do_syscall_64+0x103/0x610 [ 2428.894531] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2428.899737] RIP: 0033:0x4563fa [ 2428.902939] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2428.921842] RSP: 002b:00007ffdc71530f0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2428.929558] RAX: ffffffffffffffda RBX: 00007ffdc71530f0 RCX: 00000000004563fa [ 2428.936829] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2428.944099] RBP: 00007ffdc7153130 R08: 0000000000000001 R09: 000000000189b940 [ 2428.951370] R10: 000000000189bc10 R11: 0000000000000246 R12: 0000000000000001 [ 2428.958637] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000004 [ 2428.977631] memory: usage 307196kB, limit 307200kB, failcnt 4423 [ 2428.986029] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2428.994062] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2429.002335] Memory cgroup stats for /syz4: cache:24KB rss:128408KB rss_huge:43008KB shmem:72KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:128444KB inactive_file:8KB active_file:8KB unevictable:0KB [ 2429.027731] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8503,uid=0 [ 2429.046350] Memory cgroup out of memory: Kill process 8503 (syz-executor.4) score 1113 or sacrifice child [ 2429.062226] Killed process 8503 (syz-executor.4) total-vm:72444kB, anon-rss:2208kB, file-rss:35792kB, shmem-rss:0kB [ 2429.079815] oom_reaper: reaped process 8503 (syz-executor.4), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 2429.248445] net_ratelimit: 26 callbacks suppressed [ 2429.248452] protocol 88fb is buggy, dev hsr_slave_0 [ 2429.258533] protocol 88fb is buggy, dev hsr_slave_1 [ 2429.263639] protocol 88fb is buggy, dev hsr_slave_0 [ 2429.268722] protocol 88fb is buggy, dev hsr_slave_1 [ 2429.488426] protocol 88fb is buggy, dev hsr_slave_0 [ 2429.488454] protocol 88fb is buggy, dev hsr_slave_1 [ 2429.493661] protocol 88fb is buggy, dev hsr_slave_1 [ 2429.503933] protocol 88fb is buggy, dev hsr_slave_0 [ 2429.509121] protocol 88fb is buggy, dev hsr_slave_1 [ 2429.568414] protocol 88fb is buggy, dev hsr_slave_0 22:48:24 executing program 1: syz_open_dev$sndtimer(0x0, 0x0, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x801, 0x0) socket$can_raw(0x1d, 0x3, 0x1) ioctl$KVM_GET_XSAVE(r0, 0x9000aea4, &(0x7f00000004c0)) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000480), 0x8) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, 0x0, &(0x7f0000000380)) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000000)={0x0, 0x6, 0x0, 0x0, 0x0, 0x9917, 0xffff}, 0x0) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000300)={0x10001, 0x0, 0x0, 0x273e}, 0x0) unshare(0x40000000) setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f00000000c0), 0x4) ioctl$CAPI_MANUFACTURER_CMD(0xffffffffffffffff, 0xc0104320, 0x0) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cachefiles\x00', 0x200, 0x0) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x0, 0x0) ioctl$VIDIOC_G_AUDOUT(r2, 0x80345631, &(0x7f0000000040)) setgroups(0x1, &(0x7f0000001580)=[0x0]) connect$rose(0xffffffffffffffff, 0x0, 0x0) ioctl$DRM_IOCTL_MODESET_CTL(r1, 0x40086408, &(0x7f0000000080)={0x3}) 22:48:24 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x40f, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:24 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc03]}, 0x2c) 22:48:24 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0xf5ffffff00000000, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:48:24 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0xd4030000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:24 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6b7, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:48:25 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x410, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:25 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6b8, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) [ 2431.940140] IPVS: ftp: loaded support on port[0] = 21 [ 2432.020746] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2432.074606] CPU: 1 PID: 24332 Comm: syz-executor.3 Not tainted 5.0.0-rc8+ #89 [ 2432.081887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2432.081908] Call Trace: [ 2432.081960] dump_stack+0x172/0x1f0 [ 2432.081984] dump_header+0x10f/0xb6c [ 2432.082001] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2432.082016] ? ___ratelimit+0x60/0x595 [ 2432.082045] ? do_raw_spin_unlock+0x57/0x270 [ 2432.082080] oom_kill_process.cold+0x10/0x6f5 [ 2432.082115] ? task_will_free_mem+0x139/0x6e0 22:48:25 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0xfc00000000000000, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) [ 2432.082154] out_of_memory+0x79a/0x1280 [ 2432.082188] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2432.101442] ? oom_killer_disable+0x280/0x280 [ 2432.101457] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2432.101487] mem_cgroup_out_of_memory+0x99/0xe0 [ 2432.110441] ? memcg_memory_event+0x40/0x40 [ 2432.110463] ? _raw_spin_unlock+0x2d/0x50 [ 2432.110475] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2432.110489] try_charge+0xfec/0x1570 [ 2432.110501] ? find_held_lock+0x35/0x130 [ 2432.110521] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2432.110548] ? kasan_check_read+0x11/0x20 [ 2432.119409] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2432.119441] mem_cgroup_try_charge+0x24d/0x5e0 [ 2432.119462] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2432.119481] wp_page_copy+0x408/0x1740 [ 2432.119494] ? find_held_lock+0x35/0x130 [ 2432.119514] ? pmd_pfn+0x1d0/0x1d0 [ 2432.119551] ? lock_downgrade+0x810/0x810 [ 2432.128033] ? swp_swapcount+0x540/0x540 [ 2432.128050] ? kasan_check_read+0x11/0x20 [ 2432.128080] ? do_raw_spin_unlock+0x57/0x270 [ 2432.128097] do_wp_page+0x2ed/0x1520 [ 2432.128116] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2432.128140] __handle_mm_fault+0x22db/0x3f20 [ 2432.128160] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2432.128172] ? find_held_lock+0x35/0x130 [ 2432.137743] ? handle_mm_fault+0x322/0xb30 [ 2432.137783] ? kasan_check_read+0x11/0x20 [ 2432.137803] handle_mm_fault+0x43f/0xb30 [ 2432.137827] __do_page_fault+0x5da/0xd60 [ 2432.137851] do_page_fault+0x71/0x581 [ 2432.156040] ? page_fault+0x8/0x30 [ 2432.156064] page_fault+0x1e/0x30 22:48:25 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd00]}, 0x2c) [ 2432.156075] RIP: 0033:0x40e1a8 [ 2432.156090] Code: 48 8b 05 13 2d 30 00 48 89 08 48 8b 15 11 2d 30 00 48 89 42 08 48 8b 05 f6 2c 30 00 48 89 05 ff 2c 30 00 49 8d 81 c0 02 00 00 <48> 89 05 01 23 64 00 49 8b 89 c8 02 00 00 49 8b 91 c0 02 00 00 48 [ 2432.173763] RSP: 002b:00007ffd944dfb28 EFLAGS: 00010246 [ 2432.173785] RAX: 0000000002439c00 RBX: 00007ffd944dfb30 RCX: 0000000000710ea0 [ 2432.173794] RDX: 000000000040dfe0 RSI: 0000000000710e90 RDI: 0000000002439c20 [ 2432.173803] RBP: 00007ffd944dfb70 R08: 0000000000000001 R09: 0000000002439940 22:48:25 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0xd8030000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2432.173812] R10: 0000000002439c10 R11: 0000000000000202 R12: 0000000000000001 [ 2432.173821] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000003 [ 2432.203995] memory: usage 307200kB, limit 307200kB, failcnt 6082 [ 2432.302458] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 22:48:25 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6b9, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) [ 2432.494761] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2432.501657] Memory cgroup stats for /syz3: cache:0KB rss:118568KB rss_huge:30720KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:118720KB inactive_file:16KB active_file:16KB unevictable:0KB [ 2432.523410] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=23523,uid=0 [ 2432.538868] Memory cgroup out of memory: Kill process 23523 (syz-executor.3) score 1113 or sacrifice child [ 2432.549359] Killed process 23523 (syz-executor.3) total-vm:72576kB, anon-rss:2208kB, file-rss:35784kB, shmem-rss:0kB 22:48:25 executing program 1: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0xb13abe0624020000, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:48:25 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0xe0030000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2432.654520] syz-executor.2 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 2432.699102] CPU: 0 PID: 24345 Comm: syz-executor.2 Not tainted 5.0.0-rc8+ #89 [ 2432.706393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2432.715742] Call Trace: [ 2432.718372] dump_stack+0x172/0x1f0 [ 2432.722019] dump_header+0x10f/0xb6c [ 2432.725782] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2432.730903] ? ___ratelimit+0x60/0x595 [ 2432.734813] ? do_raw_spin_unlock+0x57/0x270 [ 2432.739245] oom_kill_process.cold+0x10/0x6f5 [ 2432.743760] ? task_will_free_mem+0x139/0x6e0 [ 2432.748290] out_of_memory+0x79a/0x1280 [ 2432.752297] ? oom_killer_disable+0x280/0x280 [ 2432.756845] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2432.761968] mem_cgroup_out_of_memory+0x99/0xe0 [ 2432.766657] ? memcg_memory_event+0x40/0x40 [ 2432.766698] ? _raw_spin_unlock+0x2d/0x50 [ 2432.766713] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2432.766731] try_charge+0xfec/0x1570 [ 2432.780271] ? find_held_lock+0x35/0x130 [ 2432.780297] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2432.780314] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2432.780330] ? find_held_lock+0x35/0x130 [ 2432.780347] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2432.780373] memcg_kmem_charge_memcg+0x7c/0x130 [ 2432.811334] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2432.815842] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2432.820694] memcg_kmem_charge+0x13b/0x340 [ 2432.824937] __alloc_pages_nodemask+0x437/0x710 [ 2432.829640] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2432.834681] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2432.839265] ? trace_hardirqs_on+0x67/0x230 [ 2432.843589] ? kasan_check_read+0x11/0x20 [ 2432.847755] copy_process.part.0+0x3e0/0x79a0 [ 2432.852276] ? psi_memstall_leave+0x11c/0x180 [ 2432.856796] ? sched_clock+0x2e/0x50 [ 2432.860526] ? psi_memstall_leave+0x12e/0x180 [ 2432.865043] ? find_held_lock+0x35/0x130 [ 2432.869116] ? __lock_acquire+0x53b/0x4700 [ 2432.873373] ? __cleanup_sighand+0x70/0x70 [ 2432.877634] ? mark_held_locks+0x100/0x100 [ 2432.881891] ? perf_trace_lock_acquire+0xf5/0x580 [ 2432.886757] ? rcu_read_lock_sched_held+0x110/0x130 [ 2432.891840] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2432.897400] _do_fork+0x257/0xfe0 [ 2432.900861] ? fork_idle+0x1d0/0x1d0 [ 2432.904608] ? blkcg_maybe_throttle_current+0x5d4/0xfd0 [ 2432.909975] ? lock_downgrade+0x810/0x810 [ 2432.914134] ? blkcg_exit_queue+0x30/0x30 [ 2432.918283] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2432.923056] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2432.927893] ? do_syscall_64+0x26/0x610 [ 2432.931897] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2432.937259] ? do_syscall_64+0x26/0x610 [ 2432.941239] __x64_sys_clone+0xbf/0x150 [ 2432.945215] do_syscall_64+0x103/0x610 [ 2432.949107] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2432.954295] RIP: 0033:0x45a7f9 [ 2432.957507] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2432.976424] RSP: 002b:00007fff025901d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2432.984154] RAX: ffffffffffffffda RBX: 00007fca94220700 RCX: 000000000045a7f9 [ 2432.991440] RDX: 00007fca942209d0 RSI: 00007fca9421fdb0 RDI: 00000000003d0f00 22:48:25 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0xfe80000000000000, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:48:26 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0xfec0000000000000, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:48:26 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6ba, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) [ 2432.998714] RBP: 00007fff025903e0 R08: 00007fca94220700 R09: 00007fca94220700 [ 2433.005983] R10: 00007fca942209d0 R11: 0000000000000202 R12: 0000000000000000 [ 2433.013252] R13: 00007fff0259028f R14: 00007fca942209c0 R15: 000000000073bf0c [ 2433.030702] memory: usage 307192kB, limit 307200kB, failcnt 5170 [ 2433.038054] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 22:48:26 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x411, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2433.046279] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 22:48:26 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0xe6030000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2433.086243] Memory cgroup stats for /syz2: cache:12KB rss:121928KB rss_huge:26624KB shmem:0KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:122112KB inactive_file:16KB active_file:16KB unevictable:0KB 22:48:26 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6bb, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:48:26 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x0, 0x0, 0x0, 0x0) r2 = openat$btrfs_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000180)={0x2, 0x0, [{0x0, 0x3, 0x2, 0x0, 0x80000001}, {0x0, 0x0, 0x10000000000000, 0x0, 0x0, 0x6, 0x2}]}) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000006c0)={0x0, 0x0, @pic={0x0, 0xfffffffffffffffd, 0x0, 0x0, 0xb3c}}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x484b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[], 0x0, 0x680}) ioctl$KVM_RUN(r3, 0xae80, 0x0) syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x8000000001e, 0xfffffffffffffffe) ioctl$IMSETDEVNAME(0xffffffffffffffff, 0x80184947, 0x0) [ 2433.206681] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=23994,uid=0 [ 2433.222571] Memory cgroup out of memory: Kill process 23994 (syz-executor.2) score 124 or sacrifice child [ 2433.233121] Killed process 23994 (syz-executor.2) total-vm:72576kB, anon-rss:2212kB, file-rss:35784kB, shmem-rss:0kB [ 2433.270226] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2433.285084] CPU: 0 PID: 24378 Comm: syz-executor.3 Not tainted 5.0.0-rc8+ #89 [ 2433.292361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2433.292367] Call Trace: [ 2433.292389] dump_stack+0x172/0x1f0 [ 2433.292411] dump_header+0x10f/0xb6c [ 2433.292426] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2433.292441] ? ___ratelimit+0x60/0x595 [ 2433.292457] ? do_raw_spin_unlock+0x57/0x270 [ 2433.325184] oom_kill_process.cold+0x10/0x6f5 [ 2433.329686] ? task_will_free_mem+0x139/0x6e0 [ 2433.334189] out_of_memory+0x79a/0x1280 [ 2433.338180] ? oom_killer_disable+0x280/0x280 [ 2433.342680] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2433.347804] mem_cgroup_out_of_memory+0x99/0xe0 [ 2433.352479] ? memcg_memory_event+0x40/0x40 [ 2433.356827] ? _raw_spin_unlock+0x2d/0x50 [ 2433.361010] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2433.366125] try_charge+0xfec/0x1570 [ 2433.369848] ? find_held_lock+0x35/0x130 [ 2433.373923] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2433.378789] ? kasan_check_read+0x11/0x20 [ 2433.382948] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2433.387844] mem_cgroup_try_charge+0x24d/0x5e0 [ 2433.392467] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2433.397397] wp_page_copy+0x408/0x1740 [ 2433.401287] ? find_held_lock+0x35/0x130 [ 2433.405387] ? pmd_pfn+0x1d0/0x1d0 [ 2433.408930] ? lock_downgrade+0x810/0x810 [ 2433.413091] ? swp_swapcount+0x540/0x540 [ 2433.417168] ? kasan_check_read+0x11/0x20 [ 2433.421320] ? do_raw_spin_unlock+0x57/0x270 [ 2433.425777] do_wp_page+0x2ed/0x1520 [ 2433.429538] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2433.434218] __handle_mm_fault+0x22db/0x3f20 [ 2433.438665] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2433.443510] ? find_held_lock+0x35/0x130 [ 2433.447593] ? handle_mm_fault+0x322/0xb30 [ 2433.451859] ? kasan_check_read+0x11/0x20 [ 2433.456037] handle_mm_fault+0x43f/0xb30 [ 2433.460112] __do_page_fault+0x5da/0xd60 [ 2433.464222] do_page_fault+0x71/0x581 [ 2433.468025] ? page_fault+0x8/0x30 [ 2433.471571] page_fault+0x1e/0x30 [ 2433.475024] RIP: 0033:0x45642e [ 2433.478227] Code: 00 00 85 c0 41 89 c5 0f 85 fc 00 00 00 64 8b 04 25 d0 02 00 00 41 39 c4 0f 84 12 02 00 00 48 8b 05 17 03 60 00 48 85 c0 74 04 <48> 83 00 04 64 8b 04 25 d0 02 00 00 64 89 04 25 d4 02 00 00 0f 31 [ 2433.497377] RSP: 002b:00007ffd944dfb30 EFLAGS: 00010206 [ 2433.502738] RAX: 0000000000a56248 RBX: 00007ffd944dfb30 RCX: 00000000004563fa [ 2433.510073] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2433.517340] RBP: 00007ffd944dfb70 R08: 0000000000000001 R09: 0000000002439940 [ 2433.524629] R10: 0000000002439c10 R11: 0000000000000246 R12: 0000000000000001 [ 2433.531897] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000003 [ 2433.555009] memory: usage 307196kB, limit 307200kB, failcnt 6106 22:48:26 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe00]}, 0x2c) 22:48:26 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0xff00000000000000, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:48:26 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0xe8030000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2433.567822] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 22:48:26 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6bc, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) [ 2433.611949] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2433.634649] Memory cgroup stats for /syz3: cache:0KB rss:118600KB rss_huge:30720KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:118708KB inactive_file:20KB active_file:16KB unevictable:0KB 22:48:26 executing program 1: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd00]}, 0x2c) 22:48:26 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf00]}, 0x2c) [ 2433.672916] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=23609,uid=0 [ 2433.727735] Memory cgroup out of memory: Kill process 23609 (syz-executor.3) score 1113 or sacrifice child 22:48:26 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0xff0f000000000000, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) [ 2433.776375] Killed process 23609 (syz-executor.3) total-vm:72576kB, anon-rss:2208kB, file-rss:35784kB, shmem-rss:0kB 22:48:27 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0xec000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2434.042303] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2434.062686] CPU: 1 PID: 8688 Comm: syz-executor.3 Not tainted 5.0.0-rc8+ #89 [ 2434.069959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2434.079323] Call Trace: [ 2434.081924] dump_stack+0x172/0x1f0 [ 2434.085571] dump_header+0x10f/0xb6c [ 2434.089300] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2434.094410] ? ___ratelimit+0x60/0x595 [ 2434.098302] ? do_raw_spin_unlock+0x57/0x270 [ 2434.102720] oom_kill_process.cold+0x10/0x6f5 [ 2434.107225] ? task_will_free_mem+0x139/0x6e0 [ 2434.111732] out_of_memory+0x79a/0x1280 [ 2434.115711] ? oom_killer_disable+0x280/0x280 [ 2434.120218] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2434.125338] mem_cgroup_out_of_memory+0x99/0xe0 [ 2434.130017] ? memcg_memory_event+0x40/0x40 [ 2434.134364] ? _raw_spin_unlock+0x2d/0x50 [ 2434.138518] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2434.143637] try_charge+0xb4a/0x1570 [ 2434.147355] ? find_held_lock+0x35/0x130 [ 2434.151426] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2434.156281] ? kasan_check_read+0x11/0x20 [ 2434.160461] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2434.165312] mem_cgroup_try_charge+0x24d/0x5e0 [ 2434.169901] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2434.174866] wp_page_copy+0x408/0x1740 [ 2434.178757] ? find_held_lock+0x35/0x130 [ 2434.182843] ? pmd_pfn+0x1d0/0x1d0 [ 2434.186395] ? lock_downgrade+0x810/0x810 [ 2434.190548] ? swp_swapcount+0x540/0x540 [ 2434.194628] ? kasan_check_read+0x11/0x20 [ 2434.198784] ? do_raw_spin_unlock+0x57/0x270 [ 2434.203214] do_wp_page+0x2ed/0x1520 [ 2434.206946] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2434.211644] __handle_mm_fault+0x22db/0x3f20 [ 2434.216120] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2434.220997] ? find_held_lock+0x35/0x130 [ 2434.225061] ? handle_mm_fault+0x322/0xb30 [ 2434.229375] ? kasan_check_read+0x11/0x20 [ 2434.233540] handle_mm_fault+0x43f/0xb30 [ 2434.237627] __do_page_fault+0x5da/0xd60 [ 2434.241703] do_page_fault+0x71/0x581 [ 2434.245504] ? page_fault+0x8/0x30 [ 2434.249080] page_fault+0x1e/0x30 [ 2434.252547] RIP: 0033:0x40c0b8 [ 2434.255741] Code: 3d bc bf 32 00 00 0f 85 8e 04 00 00 e8 81 a2 04 00 85 c0 89 c5 0f 88 cd 03 00 00 0f 84 7c 02 00 00 89 c6 bf 56 d6 4b 00 31 c0 63 58 ff ff c7 44 24 30 00 00 00 00 e8 26 5c ff ff 49 89 c5 48 [ 2434.274661] RSP: 002b:00007ffd944dfb80 EFLAGS: 00010246 [ 2434.280048] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 00000000004563fa [ 2434.287312] RDX: 0000000000000000 RSI: 0000000000003e79 RDI: 00000000004bd656 [ 2434.294576] RBP: 0000000000003e79 R08: 0000000000000001 R09: 0000000002439940 [ 2434.301840] R10: 0000000002439c10 R11: 0000000000000246 R12: 0000000000000000 [ 2434.309100] R13: 0000000000000001 R14: 0000000000000fb9 R15: 0000000000000003 [ 2434.344312] memory: usage 307160kB, limit 307200kB, failcnt 6106 [ 2434.359712] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2434.367261] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2434.382605] Memory cgroup stats for /syz3: cache:0KB rss:118676KB rss_huge:30720KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:118700KB inactive_file:16KB active_file:24KB unevictable:0KB [ 2434.411500] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=24359,uid=0 [ 2434.434167] Memory cgroup out of memory: Kill process 24359 (syz-executor.3) score 1113 or sacrifice child 22:48:27 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x412, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:27 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup\x00', 0x200002, 0x0) fchdir(r1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000005c0), &(0x7f0000000600)=0xc) ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f00000007c0)=ANY=[]) dup3(0xffffffffffffffff, r0, 0x80000) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$midi(0x0, 0x0, 0x200000) syz_open_dev$vcsn(&(0x7f0000000280)='/dev/vcs#\x00', 0x1, 0x20000) unlinkat(0xffffffffffffffff, &(0x7f00000004c0)='./file0/file0\x00', 0x0) rmdir(&(0x7f0000001540)='./file0/file0\x00') perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7ffffffffffb, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x1) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) ppoll(&(0x7f00000001c0)=[{r3}], 0x2000000000000127, &(0x7f0000000240)={0x77359400}, &(0x7f0000001340), 0x8) umount2(&(0x7f0000000340)='./file0\x00', 0x0) ioctl$EVIOCGNAME(r2, 0x80404506, &(0x7f0000000640)=""/243) r4 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000200)='cgroup.procs\x00', 0x2, 0x0) rmdir(&(0x7f0000000400)='./file0\x00') write$cgroup_pid(r4, &(0x7f00000000c0), 0x12) 22:48:27 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1100]}, 0x2c) 22:48:27 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6bd, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:48:27 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0xffffffff00000000, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:48:27 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0xf0020000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2434.445512] Killed process 24359 (syz-executor.3) total-vm:72576kB, anon-rss:2208kB, file-rss:35784kB, shmem-rss:0kB [ 2434.467517] oom_reaper: reaped process 24359 (syz-executor.3), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 22:48:27 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1200]}, 0x2c) 22:48:27 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0xf2030000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:27 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6be, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:48:27 executing program 1: syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0x2280, &(0x7f0000000100)="1bd354bbce293b05000000f4d02fd9958eacb512f9e4f1a1c3a2e595e23421eb32588f61f01940ca81a23a2d7e97f2c156b99686b17e387a143947879af86d136feb8132370306c315b187589c741298b83cbb204825d1db0e5908c16bcc791cd17fec0bf0dd70e98fca1c48cb79102ca2cb474344ec252ea995e3e2157ccbb7e23d") 22:48:27 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0xf4030000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:27 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0xffffffffa0008000, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:48:27 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x413, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:28 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1300]}, 0x2c) 22:48:28 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6bf, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:48:28 executing program 1: r0 = dup3(0xffffffffffffff9c, 0xffffffffffffffff, 0x80000) ioctl$KVM_PPC_ALLOCATE_HTAB(r0, 0xc004aea7, &(0x7f0000000000)=0x4) r1 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r1, 0x1f00000000000000, 0xce, 0x0, 0x0) 22:48:28 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x414, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:28 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1400]}, 0x2c) [ 2435.070418] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 2435.125173] CPU: 0 PID: 24504 Comm: syz-executor.0 Not tainted 5.0.0-rc8+ #89 [ 2435.132467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2435.141819] Call Trace: [ 2435.144416] dump_stack+0x172/0x1f0 [ 2435.148070] dump_header+0x10f/0xb6c [ 2435.151802] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2435.156917] ? ___ratelimit+0x60/0x595 [ 2435.160811] ? do_raw_spin_unlock+0x57/0x270 [ 2435.165240] oom_kill_process.cold+0x10/0x6f5 [ 2435.169748] ? task_will_free_mem+0x139/0x6e0 [ 2435.174265] out_of_memory+0x79a/0x1280 [ 2435.178254] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2435.183371] ? oom_killer_disable+0x280/0x280 [ 2435.187922] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2435.193048] mem_cgroup_out_of_memory+0x99/0xe0 [ 2435.197723] ? memcg_memory_event+0x40/0x40 [ 2435.202150] ? _raw_spin_unlock+0x2d/0x50 [ 2435.206304] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2435.211412] try_charge+0xfec/0x1570 [ 2435.215124] ? find_held_lock+0x35/0x130 [ 2435.219196] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2435.224048] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2435.228914] ? find_held_lock+0x35/0x130 [ 2435.232987] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2435.237847] memcg_kmem_charge_memcg+0x7c/0x130 [ 2435.242521] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2435.247073] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2435.251921] memcg_kmem_charge+0x13b/0x340 [ 2435.256165] __alloc_pages_nodemask+0x437/0x710 [ 2435.260844] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2435.265874] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2435.270462] ? trace_hardirqs_on+0x67/0x230 [ 2435.274805] ? kasan_check_read+0x11/0x20 [ 2435.278974] copy_process.part.0+0x3e0/0x79a0 [ 2435.283482] ? psi_memstall_leave+0x11c/0x180 [ 2435.287981] ? sched_clock+0x2e/0x50 [ 2435.291721] ? psi_memstall_leave+0x12e/0x180 [ 2435.296239] ? find_held_lock+0x35/0x130 [ 2435.300330] ? __lock_acquire+0x53b/0x4700 [ 2435.304579] ? __cleanup_sighand+0x70/0x70 [ 2435.308838] ? mark_held_locks+0x100/0x100 [ 2435.313095] ? perf_trace_lock_acquire+0xf5/0x580 [ 2435.317948] ? rcu_read_lock_sched_held+0x110/0x130 [ 2435.322972] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2435.328530] _do_fork+0x257/0xfe0 [ 2435.331996] ? fork_idle+0x1d0/0x1d0 [ 2435.335731] ? blkcg_maybe_throttle_current+0x5d4/0xfd0 [ 2435.341106] ? lock_downgrade+0x810/0x810 [ 2435.345291] ? blkcg_exit_queue+0x30/0x30 [ 2435.349455] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2435.354215] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2435.358973] ? do_syscall_64+0x26/0x610 [ 2435.362959] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2435.368330] ? do_syscall_64+0x26/0x610 [ 2435.372331] __x64_sys_clone+0xbf/0x150 [ 2435.376334] do_syscall_64+0x103/0x610 [ 2435.380234] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2435.385442] RIP: 0033:0x45a7f9 [ 2435.388635] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2435.407542] RSP: 002b:00007ffc56cc41d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2435.415256] RAX: ffffffffffffffda RBX: 00007f028a93b700 RCX: 000000000045a7f9 [ 2435.422528] RDX: 00007f028a93b9d0 RSI: 00007f028a93adb0 RDI: 00000000003d0f00 [ 2435.429822] RBP: 00007ffc56cc43e0 R08: 00007f028a93b700 R09: 00007f028a93b700 [ 2435.437108] R10: 00007f028a93b9d0 R11: 0000000000000202 R12: 0000000000000000 [ 2435.444380] R13: 00007ffc56cc428f R14: 00007f028a93b9c0 R15: 000000000073bf0c 22:48:28 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uinput\x00', 0x2, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x802, 0x0) write$uinput_user_dev(r1, &(0x7f0000000880)={'syz0\x00'}, 0x45c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) dup2(r2, r1) 22:48:28 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000002, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:48:28 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1500]}, 0x2c) 22:48:28 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x415, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2435.568489] net_ratelimit: 25 callbacks suppressed [ 2435.568497] protocol 88fb is buggy, dev hsr_slave_0 [ 2435.578646] protocol 88fb is buggy, dev hsr_slave_1 [ 2435.583818] protocol 88fb is buggy, dev hsr_slave_0 [ 2435.588942] protocol 88fb is buggy, dev hsr_slave_1 [ 2435.729439] protocol 88fb is buggy, dev hsr_slave_0 [ 2435.729818] protocol 88fb is buggy, dev hsr_slave_0 [ 2435.734612] protocol 88fb is buggy, dev hsr_slave_1 [ 2435.739582] protocol 88fb is buggy, dev hsr_slave_1 [ 2435.750015] protocol 88fb is buggy, dev hsr_slave_0 [ 2435.755171] protocol 88fb is buggy, dev hsr_slave_1 [ 2435.788777] memory: usage 307156kB, limit 307200kB, failcnt 6087 [ 2435.798739] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2435.822261] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2435.836680] Memory cgroup stats for /syz0: cache:4836KB rss:119532KB rss_huge:26624KB shmem:160KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:119744KB inactive_file:0KB active_file:4KB unevictable:4780KB [ 2435.865852] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=24128,uid=0 [ 2435.892713] Memory cgroup out of memory: Kill process 24128 (syz-executor.0) score 124 or sacrifice child [ 2435.912482] Killed process 24128 (syz-executor.0) total-vm:72576kB, anon-rss:2216kB, file-rss:35784kB, shmem-rss:0kB [ 2435.986552] syz-executor.4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2436.013557] CPU: 1 PID: 24531 Comm: syz-executor.4 Not tainted 5.0.0-rc8+ #89 [ 2436.020856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2436.030218] Call Trace: [ 2436.032852] dump_stack+0x172/0x1f0 [ 2436.036506] dump_header+0x10f/0xb6c [ 2436.040243] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2436.045364] ? ___ratelimit+0x60/0x595 [ 2436.049267] ? do_raw_spin_unlock+0x57/0x270 [ 2436.053696] oom_kill_process.cold+0x10/0x6f5 [ 2436.058215] ? task_will_free_mem+0x139/0x6e0 [ 2436.062739] out_of_memory+0x79a/0x1280 [ 2436.066788] ? oom_killer_disable+0x280/0x280 [ 2436.071305] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2436.076434] mem_cgroup_out_of_memory+0x99/0xe0 [ 2436.081119] ? memcg_memory_event+0x40/0x40 [ 2436.085464] ? _raw_spin_unlock+0x2d/0x50 [ 2436.089630] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2436.094751] try_charge+0xfec/0x1570 [ 2436.098504] ? find_held_lock+0x35/0x130 [ 2436.102594] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2436.107458] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2436.112318] ? find_held_lock+0x35/0x130 [ 2436.116400] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2436.121274] memcg_kmem_charge_memcg+0x7c/0x130 [ 2436.126047] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2436.130570] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2436.135432] memcg_kmem_charge+0x13b/0x340 [ 2436.139689] __alloc_pages_nodemask+0x437/0x710 [ 2436.144382] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2436.149419] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2436.154019] ? trace_hardirqs_on+0x67/0x230 [ 2436.158367] copy_process.part.0+0x3e0/0x79a0 [ 2436.162894] ? mark_held_locks+0x100/0x100 [ 2436.167150] ? debug_smp_processor_id+0x1c/0x20 [ 2436.171843] ? perf_trace_lock_acquire+0xf5/0x580 [ 2436.176710] ? __might_fault+0x12b/0x1e0 [ 2436.180821] ? __cleanup_sighand+0x70/0x70 [ 2436.185075] ? lock_downgrade+0x810/0x810 [ 2436.189263] _do_fork+0x257/0xfe0 [ 2436.192742] ? fork_idle+0x1d0/0x1d0 [ 2436.196509] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2436.201290] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2436.206063] ? do_syscall_64+0x26/0x610 [ 2436.210052] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2436.215433] ? do_syscall_64+0x26/0x610 [ 2436.219434] __x64_sys_clone+0xbf/0x150 [ 2436.223427] do_syscall_64+0x103/0x610 [ 2436.227343] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2436.232551] RIP: 0033:0x457e29 [ 2436.235756] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2436.254688] RSP: 002b:00007f753d616c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2436.262411] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 2436.269798] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000100 [ 2436.277085] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 2436.284367] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f753d6176d4 [ 2436.291648] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 2436.313321] memory: usage 307200kB, limit 307200kB, failcnt 4463 [ 2436.323662] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 22:48:29 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0xfa030000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:29 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1800]}, 0x2c) 22:48:29 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x416, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:29 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000040)=@fragment, 0x318) setsockopt$inet6_opts(r1, 0x29, 0x39, &(0x7f0000000080)=@srh={0x0, 0x6, 0x4, 0x3, 0x1, 0x40, 0x5, [@empty, @local, @mcast1]}, 0x38) setsockopt$inet6_opts(r1, 0x29, 0x39, 0x0, 0x0) [ 2436.335524] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2436.396518] Memory cgroup stats for /syz4: cache:24KB rss:127060KB rss_huge:40960KB shmem:72KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:127216KB inactive_file:4KB active_file:0KB unevictable:0KB [ 2436.492143] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8533,uid=0 [ 2436.524990] Memory cgroup out of memory: Kill process 8533 (syz-executor.4) score 1113 or sacrifice child [ 2436.555013] Killed process 8533 (syz-executor.4) total-vm:72444kB, anon-rss:2208kB, file-rss:35792kB, shmem-rss:0kB [ 2436.634918] syz-executor.4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2436.655191] CPU: 1 PID: 24526 Comm: syz-executor.4 Not tainted 5.0.0-rc8+ #89 [ 2436.662486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2436.671848] Call Trace: [ 2436.674452] dump_stack+0x172/0x1f0 [ 2436.678099] dump_header+0x10f/0xb6c [ 2436.681837] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2436.686961] ? ___ratelimit+0x60/0x595 [ 2436.690864] ? do_raw_spin_unlock+0x57/0x270 [ 2436.695296] oom_kill_process.cold+0x10/0x6f5 [ 2436.699829] ? task_will_free_mem+0x139/0x6e0 [ 2436.704352] out_of_memory+0x79a/0x1280 [ 2436.708354] ? oom_killer_disable+0x280/0x280 [ 2436.712867] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2436.717995] mem_cgroup_out_of_memory+0x99/0xe0 [ 2436.722682] ? memcg_memory_event+0x40/0x40 [ 2436.727027] ? _raw_spin_unlock+0x2d/0x50 [ 2436.731200] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2436.736323] try_charge+0xb4a/0x1570 [ 2436.740051] ? find_held_lock+0x35/0x130 [ 2436.744141] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2436.749006] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2436.753865] ? find_held_lock+0x35/0x130 [ 2436.757942] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2436.762836] memcg_kmem_charge_memcg+0x7c/0x130 [ 2436.767524] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2436.772045] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2436.776905] memcg_kmem_charge+0x13b/0x340 [ 2436.781164] __alloc_pages_nodemask+0x437/0x710 [ 2436.785857] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2436.790900] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2436.795498] ? trace_hardirqs_on+0x67/0x230 [ 2436.799853] copy_process.part.0+0x3e0/0x79a0 [ 2436.804369] ? psi_memstall_leave+0x11c/0x180 [ 2436.808887] ? sched_clock+0x2e/0x50 [ 2436.812615] ? psi_memstall_leave+0x12e/0x180 [ 2436.817123] ? find_held_lock+0x35/0x130 [ 2436.821200] ? __lock_acquire+0x53b/0x4700 [ 2436.825464] ? __cleanup_sighand+0x70/0x70 [ 2436.829722] ? mark_held_locks+0x100/0x100 [ 2436.833972] ? perf_trace_lock_acquire+0xf5/0x580 [ 2436.838917] ? rcu_read_lock_sched_held+0x110/0x130 [ 2436.843947] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2436.849510] _do_fork+0x257/0xfe0 [ 2436.852994] ? fork_idle+0x1d0/0x1d0 [ 2436.856726] ? blkcg_maybe_throttle_current+0x5d4/0xfd0 [ 2436.862205] ? lock_downgrade+0x810/0x810 [ 2436.866375] ? blkcg_exit_queue+0x30/0x30 [ 2436.870545] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2436.875319] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2436.880093] ? do_syscall_64+0x26/0x610 [ 2436.884085] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2436.889465] ? do_syscall_64+0x26/0x610 [ 2436.893458] __x64_sys_clone+0xbf/0x150 [ 2436.897448] do_syscall_64+0x103/0x610 [ 2436.901355] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2436.906565] RIP: 0033:0x45a7f9 [ 2436.909795] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2436.928712] RSP: 002b:00007ffdc7152e68 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2436.936434] RAX: ffffffffffffffda RBX: 00007f753d5f6700 RCX: 000000000045a7f9 [ 2436.943714] RDX: 00007f753d5f69d0 RSI: 00007f753d5f5db0 RDI: 00000000003d0f00 [ 2436.950999] RBP: 00007ffdc7153070 R08: 00007f753d5f6700 R09: 00007f753d5f6700 [ 2436.958277] R10: 00007f753d5f69d0 R11: 0000000000000202 R12: 0000000000000000 [ 2436.965571] R13: 00007ffdc7152f1f R14: 00007f753d5f69c0 R15: 000000000073bfac [ 2437.018615] memory: usage 305012kB, limit 307200kB, failcnt 4463 [ 2437.025130] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2437.088555] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2437.095077] Memory cgroup stats for /syz4: cache:24KB rss:124996KB rss_huge:38912KB shmem:72KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:125068KB inactive_file:4KB active_file:0KB unevictable:0KB [ 2437.158444] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8554,uid=0 [ 2437.188574] Memory cgroup out of memory: Kill process 8554 (syz-executor.4) score 1113 or sacrifice child [ 2437.218671] Killed process 8554 (syz-executor.4) total-vm:72444kB, anon-rss:2208kB, file-rss:35792kB, shmem-rss:0kB [ 2437.233193] oom_reaper: reaped process 8554 (syz-executor.4), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 2437.249033] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 2437.278702] CPU: 0 PID: 24589 Comm: syz-executor.0 Not tainted 5.0.0-rc8+ #89 [ 2437.285999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2437.295365] Call Trace: [ 2437.297975] dump_stack+0x172/0x1f0 [ 2437.301633] dump_header+0x10f/0xb6c [ 2437.305368] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2437.310494] ? ___ratelimit+0x60/0x595 [ 2437.314400] ? do_raw_spin_unlock+0x57/0x270 [ 2437.318836] oom_kill_process.cold+0x10/0x6f5 [ 2437.323355] ? task_will_free_mem+0x139/0x6e0 [ 2437.327878] out_of_memory+0x79a/0x1280 [ 2437.331883] ? oom_killer_disable+0x280/0x280 [ 2437.336394] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2437.341523] mem_cgroup_out_of_memory+0x99/0xe0 [ 2437.346209] ? memcg_memory_event+0x40/0x40 [ 2437.350558] ? _raw_spin_unlock+0x2d/0x50 [ 2437.354723] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2437.359842] try_charge+0xfec/0x1570 [ 2437.363569] ? find_held_lock+0x35/0x130 [ 2437.367653] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2437.372512] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2437.377371] ? find_held_lock+0x35/0x130 [ 2437.381453] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2437.386325] memcg_kmem_charge_memcg+0x7c/0x130 [ 2437.391009] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2437.395536] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2437.400397] memcg_kmem_charge+0x13b/0x340 [ 2437.404655] __alloc_pages_nodemask+0x437/0x710 [ 2437.409348] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2437.414387] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2437.418987] ? trace_hardirqs_on+0x67/0x230 [ 2437.423323] ? kasan_check_read+0x11/0x20 [ 2437.427495] copy_process.part.0+0x3e0/0x79a0 [ 2437.432010] ? psi_memstall_leave+0x11c/0x180 [ 2437.436556] ? sched_clock+0x2e/0x50 [ 2437.440309] ? psi_memstall_leave+0x12e/0x180 [ 2437.444830] ? find_held_lock+0x35/0x130 [ 2437.448916] ? __lock_acquire+0x53b/0x4700 [ 2437.453185] ? __cleanup_sighand+0x70/0x70 [ 2437.457438] ? mark_held_locks+0x100/0x100 [ 2437.461710] ? perf_trace_lock_acquire+0xf5/0x580 [ 2437.466586] ? rcu_read_lock_sched_held+0x110/0x130 [ 2437.471618] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2437.477249] _do_fork+0x257/0xfe0 [ 2437.480748] ? fork_idle+0x1d0/0x1d0 [ 2437.484509] ? blkcg_maybe_throttle_current+0x5d4/0xfd0 [ 2437.490145] ? lock_downgrade+0x810/0x810 [ 2437.494314] ? blkcg_exit_queue+0x30/0x30 [ 2437.498486] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2437.503267] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2437.508045] ? do_syscall_64+0x26/0x610 [ 2437.512043] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2437.517422] ? do_syscall_64+0x26/0x610 [ 2437.521418] __x64_sys_clone+0xbf/0x150 [ 2437.525416] do_syscall_64+0x103/0x610 [ 2437.529326] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2437.534529] RIP: 0033:0x45a7f9 [ 2437.537739] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2437.556677] RSP: 002b:00007ffc56cc41d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2437.564400] RAX: ffffffffffffffda RBX: 00007f028a93b700 RCX: 000000000045a7f9 [ 2437.571686] RDX: 00007f028a93b9d0 RSI: 00007f028a93adb0 RDI: 00000000003d0f00 [ 2437.578971] RBP: 00007ffc56cc43e0 R08: 00007f028a93b700 R09: 00007f028a93b700 [ 2437.586252] R10: 00007f028a93b9d0 R11: 0000000000000202 R12: 0000000000000000 [ 2437.593533] R13: 00007ffc56cc428f R14: 00007f028a93b9c0 R15: 000000000073bf0c [ 2437.609929] memory: usage 307172kB, limit 307200kB, failcnt 6110 [ 2437.616412] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2437.623719] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2437.634070] Memory cgroup stats for /syz0: cache:4836KB rss:119624KB rss_huge:26624KB shmem:160KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:119752KB inactive_file:4KB active_file:8KB unevictable:4780KB [ 2437.658993] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=24564,uid=0 [ 2437.674952] Memory cgroup out of memory: Kill process 24564 (syz-executor.0) score 124 or sacrifice child 22:48:30 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2003]}, 0x2c) 22:48:30 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6c0, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:48:30 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000003, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:48:30 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x417, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:30 executing program 1: r0 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x8, 0x4000) getsockname$packet(0xffffffffffffff9c, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f00000000c0)=0x14) sendmsg$can_raw(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x1d, r1}, 0x10, &(0x7f0000000180)={&(0x7f0000000140)=@can={{0x3, 0xf3, 0x2570000000000, 0x40}, 0x6, 0x2, 0x0, 0x0, "113248557fdbb2f9"}, 0x10}, 0x1, 0x0, 0x0, 0xb8d9165acc82ca8}, 0x10) r2 = socket$inet6(0xa, 0x7, 0x80000000029e0) setsockopt$inet_mreqsrc(r2, 0x10d, 0xa, &(0x7f0000013ff4)={@remote, @loopback, @broadcast}, 0xc) [ 2437.685711] Killed process 24564 (syz-executor.0) total-vm:72708kB, anon-rss:2224kB, file-rss:35784kB, shmem-rss:0kB 22:48:30 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00]}, 0x2c) 22:48:31 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x418, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:31 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6c1, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:48:31 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0xfc020000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:31 executing program 1: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x0, 0x1) readahead(r0, 0x3, 0xb623) r1 = add_key$keyring(&(0x7f0000000140)='keyring\x00', &(0x7f0000000200)={'syz'}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$link(0x8, 0x0, r1) 22:48:31 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:48:31 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000]}, 0x2c) 22:48:31 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x419, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:31 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6c2, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:48:31 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000000)={r0}) ioctl$sock_proto_private(r0, 0x89e5, &(0x7f0000000240)="4026ad497878e81cac16f3a0dc53682543b0e112f372008eae9630b0a0db39b6256ec3fe656e49edccdacccb3f60f62a1c9a1ef70f0cef6d7a3fbc838627fbe0794372d88e168354964435a8db1d12cc2a42f36aba948ff16064eaf4f1deb0ba47baca99cc6865e004f49e0f1562647831b04a9f388d72bca199fb1e4a4771c4669e6258ff52a0893aa470bf5d9f43204380605f221c57d324b39ac85d032e9d3c507b4a61ca6965f3f14444aaa7ea8fcc2dbbc27c33a1f4e16d60ab5e5c716fd3d173f72fdafe67ca1c") bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x4) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000700)=ANY=[]) r3 = eventfd2(0x0, 0x0) setsockopt$kcm_KCM_RECV_DISABLE(r2, 0x119, 0x1, &(0x7f0000000180)=0x800, 0x4) ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000200)=r3) sendmsg$tipc(r2, &(0x7f0000000840)={&(0x7f00000001c0)=@id={0x1e, 0x3, 0x1, {0x4e24}}, 0x10, &(0x7f0000000780)=[{&(0x7f0000000340)="c993833affcf57836b5e295883fb157945b289ed45474f810c45618932014a940897eefb7ac0460ba4abd1e0118c9f6629", 0x31}, {&(0x7f0000000380)="7024b65c4fa923a1efa58ddc01e79a6fd25fd2be36e5450aa4595fa24b8de511c2036cad476fc7eb6345230e9f7008767ce1ba0b48d91f4256004f601f48", 0x3e}, {&(0x7f00000003c0)="1e38d3b546453503e378944dde310f10eeac3989adf7b95f9fe0bfd76bb9df078a345ebe55f6e85b843efc426efe9e46c63b2facea9a9d316726a07ecb6145d7df5bcf8bc1151788fe091ee633e2b631aadb9cae497120f7a3a120c6311ec19a41662781153675e51fbc4cbc794a6dfb4401091f4dbf4d5efe196f0bb939884b71687b01c6024f8258d9e0f7b7128a92a476746fe5603835393eda42f62cd3c677e50d01d92619d8fc7e8f986c7d3e3b48f83b05f989d4b0fed25c47f8aad5a0924cc3aed5b44a5cd025695407ce27d1ccfcd3e4842a1938b59f3d011824308d092235d3", 0xe4}, {&(0x7f0000000580)="ccb3efe08eb88ead401ab4e0d620343b2c810f6335", 0x15}, {&(0x7f00000005c0)="ee64fe66213b79fb95be269211015b5806e4ade769e6f7e5103d9a9e0310dd967e59db79135579371955cafc59f662c9ebf6f8ae9e7ad87d105765b740b5478db4c91ad274e19375ba443351e272351bd967d1bc3375b507f639b950d8b1cdae1e968be0904d5887825c1bd2d111d1574e0cfd07c17d3480bc57e422eb1fd24abf", 0x81}, {&(0x7f0000000680)="ad900d1deca11e5def6b195ba5a2458d2e9b8e5f52b0f5163073017455fb0a6a66b42a0ae01fc80a07feb9a907676cc77a628485754a6b51600b64ad", 0x3c}, {&(0x7f00000006c0)="c358d35c8d7b79b8857b7558159284cbc95406194e57d5dc5d375cfc86bc809968d1b813c1b114e668d085532300e58c8e94fde8c210e22d359318a5d4f5909bc12638a9673c771518fb23483541356fa312f31b8b8735255020e53fcb7cbc40fc908d87e68b9e1a9c859e80aff55118115e585f1d9179f7158a3f0725cc57a43f1d65663cc233660528482bc46f6fd463ab9323e97609a4539947051939123a860378abb9ea6fce062f09c0dd9dcbcf", 0xb0}], 0x7, &(0x7f0000000800)="b726631bf33e", 0x6, 0x40}, 0x20000001) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f00000000c0)={0x8000000000000000, 0x1, 0x0, &(0x7f00000004c0)=""/156, 0x0, 0x3}) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000040)=0xfffffffffffffffd) 22:48:31 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6c3, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) [ 2438.191384] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2438.223748] CPU: 1 PID: 24641 Comm: syz-executor.0 Not tainted 5.0.0-rc8+ #89 [ 2438.231187] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2438.240553] Call Trace: [ 2438.243157] dump_stack+0x172/0x1f0 [ 2438.246834] dump_header+0x10f/0xb6c [ 2438.250577] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2438.255699] ? ___ratelimit+0x60/0x595 [ 2438.259605] ? do_raw_spin_unlock+0x57/0x270 [ 2438.264038] oom_kill_process.cold+0x10/0x6f5 [ 2438.268564] ? task_will_free_mem+0x139/0x6e0 [ 2438.273089] out_of_memory+0x79a/0x1280 [ 2438.277088] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2438.282207] ? oom_killer_disable+0x280/0x280 [ 2438.286717] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2438.291850] mem_cgroup_out_of_memory+0x99/0xe0 [ 2438.296542] ? memcg_memory_event+0x40/0x40 [ 2438.300890] ? _raw_spin_unlock+0x2d/0x50 [ 2438.305051] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2438.310172] try_charge+0xfec/0x1570 [ 2438.313895] ? find_held_lock+0x35/0x130 [ 2438.317982] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2438.322850] ? kasan_check_read+0x11/0x20 [ 2438.327025] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2438.331905] mem_cgroup_try_charge+0x24d/0x5e0 [ 2438.336514] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2438.341467] wp_page_copy+0x408/0x1740 [ 2438.345365] ? find_held_lock+0x35/0x130 [ 2438.349448] ? pmd_pfn+0x1d0/0x1d0 [ 2438.353006] ? lock_downgrade+0x810/0x810 [ 2438.357169] ? __pte_alloc_kernel+0x220/0x220 [ 2438.361682] ? kasan_check_read+0x11/0x20 [ 2438.365844] ? do_raw_spin_unlock+0x57/0x270 [ 2438.370270] do_wp_page+0x2ed/0x1520 [ 2438.374001] ? rwlock_bug.part.0+0x90/0x90 [ 2438.378247] ? lock_acquire+0x16f/0x3f0 [ 2438.382235] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2438.386919] ? add_mm_counter_fast.part.0+0x40/0x40 [ 2438.391964] __handle_mm_fault+0x22db/0x3f20 [ 2438.396395] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2438.401256] ? find_held_lock+0x35/0x130 [ 2438.405337] ? handle_mm_fault+0x322/0xb30 [ 2438.409680] ? kasan_check_read+0x11/0x20 [ 2438.413856] handle_mm_fault+0x43f/0xb30 [ 2438.417945] __do_page_fault+0x5da/0xd60 [ 2438.422035] do_page_fault+0x71/0x581 [ 2438.425867] ? page_fault+0x8/0x30 [ 2438.429422] page_fault+0x1e/0x30 [ 2438.432887] RIP: 0033:0x40d1e8 [ 2438.436094] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf bf d4 4b 00 31 c0 e8 43 47 ff ff 31 ff e8 8c 43 ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d 7e 32 64 00 [ 2438.455008] RSP: 002b:00007ffc56cc4240 EFLAGS: 00010246 [ 2438.460383] RAX: 00000000184b121a RBX: 00000000625bf3c6 RCX: 0000001b2f620000 [ 2438.467667] RDX: 0000000000000000 RSI: 000000000000121a RDI: ffffffff184b121a [ 2438.474951] RBP: 0000000000000023 R08: 00000000184b121a R09: 00000000184b121e [ 2438.482233] R10: 00007ffc56cc43d0 R11: 0000000000000246 R12: 000000000073bf88 22:48:31 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000005, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:48:31 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x84000, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r2, 0xc0505350, &(0x7f0000000200)={{0x1, 0x7ff}, {0x5, 0x2}, 0x9, 0x7, 0x7}) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_IRQCHIP(r0, 0x8208ae63, &(0x7f0000000100)={0x2}) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x484b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = fcntl$dupfd(r4, 0x406, r1) write$ppp(r5, &(0x7f0000000000)="3198b8b3d7d422ae81408e3c26bf54ea6d8eeddcb0d76aa5319628cbab79", 0x1e) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2438.489517] R13: 0000000080000000 R14: 00007f028c93c008 R15: 000000000000002c 22:48:31 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6c4, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:48:31 executing program 1: lookup_dcookie(0x5, &(0x7f0000000100)=""/54, 0x36) msync(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x400001) ioctl$TIOCSWINSZ(0xffffffffffffffff, 0x5414, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000140)='/dev/uinput\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) mkdirat$cgroup(r0, 0x0, 0x1ff) fchdir(r0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x80, 0x0) ioctl$KVM_S390_UCAS_MAP(r1, 0x4018ae50, &(0x7f00000000c0)={0x4, 0xc5e7, 0xfffffffffffffbff}) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) sendmsg$TIPC_CMD_DISABLE_BEARER(0xffffffffffffffff, 0x0, 0x4000000) umount2(&(0x7f0000000280)='./file0\x00', 0x0) setsockopt$bt_BT_SECURITY(0xffffffffffffffff, 0x112, 0x4, &(0x7f0000000200)={0x0, 0x6}, 0x2) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x19, 0x0, 0x0) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f00000002c0)='IPVS\x00') sendmsg$IPVS_CMD_GET_DAEMON(r1, &(0x7f0000000400)={&(0x7f0000000240), 0xc, &(0x7f00000003c0)={&(0x7f0000000300)={0xa0, r2, 0x600, 0x70bd2a, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x7f80000000000}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x4}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x101}, @IPVS_CMD_ATTR_DAEMON={0x6c, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @local}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x10001}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e20}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @initdev={0xac, 0x1e, 0x1, 0x0}}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth1_to_hsr\x00'}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @initdev={0xac, 0x1e, 0x0, 0x0}}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0xffffffffffffff6a}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x10001}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x3}]}, 0xa0}, 0x1, 0x0, 0x0, 0x80}, 0x40001) pipe2$9p(0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xa, &(0x7f0000000100)='wlan1]\\,/\x00'}, 0x30) accept4$llc(r1, &(0x7f0000000440)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f0000000480)=0x10, 0x0) syz_genetlink_get_family_id$nbd(&(0x7f0000000200)='nbd\x00') [ 2438.829035] memory: usage 307176kB, limit 307200kB, failcnt 6144 [ 2438.868878] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2438.909651] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2438.938167] Memory cgroup stats for /syz0: cache:4968KB rss:119564KB rss_huge:26624KB shmem:160KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:119776KB inactive_file:0KB active_file:4KB unevictable:4780KB [ 2438.983284] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=24618,uid=0 [ 2439.009293] Memory cgroup out of memory: Kill process 24618 (syz-executor.0) score 124 or sacrifice child [ 2439.025830] Killed process 24618 (syz-executor.0) total-vm:72576kB, anon-rss:2216kB, file-rss:35784kB, shmem-rss:0kB [ 2439.098112] syz-executor.2 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 2439.118467] CPU: 1 PID: 24660 Comm: syz-executor.2 Not tainted 5.0.0-rc8+ #89 [ 2439.125802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2439.135172] Call Trace: [ 2439.137804] dump_stack+0x172/0x1f0 [ 2439.141467] dump_header+0x10f/0xb6c [ 2439.145204] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2439.150332] ? ___ratelimit+0x60/0x595 [ 2439.154234] ? do_raw_spin_unlock+0x57/0x270 [ 2439.158668] oom_kill_process.cold+0x10/0x6f5 [ 2439.163187] ? task_will_free_mem+0x139/0x6e0 [ 2439.167718] out_of_memory+0x79a/0x1280 [ 2439.171725] ? oom_killer_disable+0x280/0x280 [ 2439.176238] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2439.181371] mem_cgroup_out_of_memory+0x99/0xe0 [ 2439.186059] ? memcg_memory_event+0x40/0x40 [ 2439.190408] ? _raw_spin_unlock+0x2d/0x50 [ 2439.194574] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2439.199694] try_charge+0xfec/0x1570 [ 2439.203424] ? find_held_lock+0x35/0x130 [ 2439.207514] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2439.212500] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2439.217372] ? find_held_lock+0x35/0x130 [ 2439.221462] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2439.226338] memcg_kmem_charge_memcg+0x7c/0x130 [ 2439.231028] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2439.235560] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2439.240428] memcg_kmem_charge+0x13b/0x340 [ 2439.244691] __alloc_pages_nodemask+0x437/0x710 [ 2439.249383] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2439.254423] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2439.259029] ? trace_hardirqs_on+0x67/0x230 [ 2439.263386] copy_process.part.0+0x3e0/0x79a0 [ 2439.267917] ? mark_held_locks+0x100/0x100 [ 2439.272192] ? debug_smp_processor_id+0x1c/0x20 [ 2439.276878] ? perf_trace_lock_acquire+0xf5/0x580 [ 2439.281744] ? __might_fault+0x12b/0x1e0 [ 2439.285864] ? __cleanup_sighand+0x70/0x70 [ 2439.290122] ? lock_downgrade+0x810/0x810 [ 2439.294310] _do_fork+0x257/0xfe0 [ 2439.297823] ? fork_idle+0x1d0/0x1d0 [ 2439.301576] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2439.306358] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2439.311132] ? do_syscall_64+0x26/0x610 [ 2439.315128] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2439.320508] ? do_syscall_64+0x26/0x610 [ 2439.324512] __x64_sys_clone+0xbf/0x150 [ 2439.328523] do_syscall_64+0x103/0x610 [ 2439.332451] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2439.337658] RIP: 0033:0x457e29 [ 2439.340870] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2439.359813] RSP: 002b:00007fca9421fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2439.367544] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 2439.374827] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000100 [ 2439.382110] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 2439.389397] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fca942206d4 [ 2439.396680] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 2439.406854] memory: usage 307200kB, limit 307200kB, failcnt 5220 [ 2439.413948] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2439.421838] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2439.428554] Memory cgroup stats for /syz2: cache:12KB rss:120784KB rss_huge:24576KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:120924KB inactive_file:4KB active_file:0KB unevictable:0KB [ 2439.450162] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=27964,uid=0 [ 2439.474284] Memory cgroup out of memory: Kill process 27964 (syz-executor.2) score 124 or sacrifice child 22:48:32 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x1000000000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:32 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6c5, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:48:32 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000006, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) [ 2439.490226] Killed process 27964 (syz-executor.2) total-vm:72444kB, anon-rss:2204kB, file-rss:35784kB, shmem-rss:0kB [ 2439.632868] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2439.658142] CPU: 1 PID: 24654 Comm: syz-executor.2 Not tainted 5.0.0-rc8+ #89 [ 2439.665442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2439.674816] Call Trace: [ 2439.677427] dump_stack+0x172/0x1f0 [ 2439.681083] dump_header+0x10f/0xb6c [ 2439.684828] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2439.689949] ? ___ratelimit+0x60/0x595 [ 2439.693852] ? do_raw_spin_unlock+0x57/0x270 [ 2439.698283] oom_kill_process.cold+0x10/0x6f5 [ 2439.702826] ? task_will_free_mem+0x139/0x6e0 [ 2439.707354] out_of_memory+0x79a/0x1280 [ 2439.711361] ? oom_killer_disable+0x280/0x280 [ 2439.715880] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2439.721017] mem_cgroup_out_of_memory+0x99/0xe0 [ 2439.725702] ? memcg_memory_event+0x40/0x40 [ 2439.730047] ? _raw_spin_unlock+0x2d/0x50 [ 2439.734214] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2439.739334] try_charge+0xb4a/0x1570 [ 2439.743061] ? find_held_lock+0x35/0x130 [ 2439.747151] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2439.752021] ? kasan_check_read+0x11/0x20 [ 2439.756196] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2439.761069] mem_cgroup_try_charge+0x24d/0x5e0 [ 2439.765675] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2439.770624] __handle_mm_fault+0x1e26/0x3f20 [ 2439.775057] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2439.779914] ? find_held_lock+0x35/0x130 [ 2439.783996] ? handle_mm_fault+0x322/0xb30 [ 2439.788262] ? kasan_check_read+0x11/0x20 [ 2439.792434] handle_mm_fault+0x43f/0xb30 [ 2439.796524] __do_page_fault+0x5da/0xd60 [ 2439.800622] do_page_fault+0x71/0x581 [ 2439.804435] ? page_fault+0x8/0x30 [ 2439.807991] page_fault+0x1e/0x30 [ 2439.811460] RIP: 0033:0x45a7dd [ 2439.814669] Code: 5b 5d f3 c3 66 0f 1f 84 00 00 00 00 00 48 c7 c0 ea ff ff ff 48 85 ff 0f 84 e0 8e fb ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 <48> 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 [ 2439.833583] RSP: 002b:00007fff025901d8 EFLAGS: 00010202 [ 2439.838963] RAX: ffffffffffffffea RBX: 00007fca941ff700 RCX: 00007fca941ff700 [ 2439.846244] RDX: 00000000003d0f00 RSI: 00007fca941fedb0 RDI: 000000000040ed80 [ 2439.853536] RBP: 00007fff025903e0 R08: 00007fca941ff9d0 R09: 00007fca941ff700 [ 2439.860844] R10: 00007fca941fedc0 R11: 0000000000000246 R12: 0000000000000000 [ 2439.868123] R13: 00007fff0259028f R14: 00007fca941ff9c0 R15: 000000000073bfac [ 2439.910016] memory: usage 304888kB, limit 307200kB, failcnt 5220 [ 2439.920278] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2439.928105] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2439.935968] Memory cgroup stats for /syz2: cache:12KB rss:118768KB rss_huge:22528KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:118776KB inactive_file:4KB active_file:0KB unevictable:0KB [ 2439.960962] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=7754,uid=0 [ 2439.977000] Memory cgroup out of memory: Kill process 7754 (syz-executor.2) score 124 or sacrifice child [ 2439.989145] Killed process 7754 (syz-executor.2) total-vm:72444kB, anon-rss:2204kB, file-rss:35784kB, shmem-rss:0kB [ 2440.050122] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2440.061025] CPU: 1 PID: 24671 Comm: syz-executor.3 Not tainted 5.0.0-rc8+ #89 [ 2440.068320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2440.077684] Call Trace: [ 2440.080294] dump_stack+0x172/0x1f0 [ 2440.083945] dump_header+0x10f/0xb6c [ 2440.087677] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2440.092818] ? ___ratelimit+0x60/0x595 [ 2440.096724] ? do_raw_spin_unlock+0x57/0x270 [ 2440.101155] oom_kill_process.cold+0x10/0x6f5 [ 2440.105671] ? task_will_free_mem+0x139/0x6e0 [ 2440.110193] out_of_memory+0x79a/0x1280 [ 2440.114193] ? oom_killer_disable+0x280/0x280 [ 2440.118701] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2440.123865] mem_cgroup_out_of_memory+0x99/0xe0 [ 2440.128557] ? memcg_memory_event+0x40/0x40 [ 2440.132906] ? _raw_spin_unlock+0x2d/0x50 [ 2440.137071] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2440.142189] try_charge+0xfec/0x1570 [ 2440.145917] ? find_held_lock+0x35/0x130 [ 2440.150004] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2440.154873] ? kasan_check_read+0x11/0x20 [ 2440.159046] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2440.163906] mem_cgroup_try_charge+0x24d/0x5e0 [ 2440.168515] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2440.173523] __handle_mm_fault+0x1e26/0x3f20 [ 2440.177962] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2440.182829] ? find_held_lock+0x35/0x130 [ 2440.186905] ? handle_mm_fault+0x322/0xb30 [ 2440.191173] ? kasan_check_read+0x11/0x20 [ 2440.195343] handle_mm_fault+0x43f/0xb30 [ 2440.199428] __do_page_fault+0x5da/0xd60 [ 2440.203517] do_page_fault+0x71/0x581 [ 2440.207344] ? page_fault+0x8/0x30 [ 2440.210907] page_fault+0x1e/0x30 [ 2440.214369] RIP: 0033:0x40f98f [ 2440.217579] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 2440.236492] RSP: 002b:00007ffd944df8f0 EFLAGS: 00010206 [ 2440.241874] RAX: 00007fed6558c000 RBX: 0000000000020000 RCX: 0000000000457e7a [ 2440.249153] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 2440.256431] RBP: 00007ffd944df9d0 R08: ffffffffffffffff R09: 0000000000000000 [ 2440.263709] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd944dfab0 [ 2440.270992] R13: 00007fed655ac700 R14: 0000000000000005 R15: 000000000073bfac [ 2440.283635] memory: usage 307168kB, limit 307200kB, failcnt 6127 [ 2440.291085] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2440.298813] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2440.306004] Memory cgroup stats for /syz3: cache:0KB rss:117360KB rss_huge:28672KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:117428KB inactive_file:8KB active_file:8KB unevictable:0KB [ 2440.328019] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=24454,uid=0 [ 2440.347427] Memory cgroup out of memory: Kill process 24454 (syz-executor.3) score 1113 or sacrifice child [ 2440.358196] Killed process 24454 (syz-executor.3) total-vm:72708kB, anon-rss:2216kB, file-rss:35784kB, shmem-rss:0kB 22:48:33 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5600]}, 0x2c) 22:48:33 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x41a, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:33 executing program 1: syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x4) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0) clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, &(0x7f00000003c0)={0x53, 0x0, 0x6, 0x0, @scatter={0x0, 0x200000, 0x0}, &(0x7f0000000580)="5f39203a1ec6", 0x0, 0x0, 0x0, 0x0, 0x0}) getresuid(0x0, 0x0, 0x0) ioctl$PPPIOCCONNECT(0xffffffffffffffff, 0x4004743a, 0x0) ioctl$FS_IOC_SETVERSION(r0, 0x40087602, 0x0) r2 = getpid() r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0xa0000, 0x0) r4 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000180)='SEG6\x00') sendmsg$SEG6_CMD_SETHMAC(r3, &(0x7f00000004c0)={&(0x7f00000000c0), 0xc, &(0x7f0000000480)={&(0x7f0000000780)=ANY=[@ANYBLOB="1400bc78", @ANYRES16=r4, @ANYBLOB="000527bd7000fcdbdf250100000089617f0efeb5ec9e73ede2d7db425fb309badd0ad2ea92bf9c180b4f9811e7e9bab015efceedbd9b93c01cc83fe38a31f3e1ea591021936f990406eab5f1c62033731a4f6f9d73f7a94e70dadd079de6e2b68e79d37ea335f2270bfe6b1578a69d9392c11ff1bd36181f1edbb04ff55f1499be9fb00cc267bb9abe939b90e66091cca4d307d1a0358e16b0e66b05b60634c8377d3a8e5eb9219e471a2ae04a4ba4b89dd8731a351403197992fa7149dd6e22ed501ce76d91cd0ff4891ec755e6bea152ac7d4a65af8b5f9ec33c95d2c91dbce2d404d00d42866e5fe7a37a2dbcc6030b1f22bde2a0fc85392f94cedd7749c2adf4aaf92068b4e5d40ed6ff4a200e7fc457fdf5550ad1a47dfc0fc06320ecde2ffa38b785e09a48b689ae27330cc38e4845aca8a4589459646446d8b37d15352cd53d3ea676af163b2b42aaf5f5d1f28ad403a23806a16ced7aa1103030c940eac3bda722c553b8ad2d9e62384bd28edc5ff40b21768d9738ffbb7dadb4bb25f035e8518e2cd8597c28a66f2ccf751b0fa834ef6cb43ac3d5da0a3c4788a040aa8cbfe2789832010992"], 0x14}}, 0x0) rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) r5 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000340)='/dev/cachefiles\x00', 0x103800, 0x0) ioctl$RNDCLEARPOOL(r5, 0x5206, &(0x7f0000000380)=0x400) ptrace(0x4206, r2) ptrace(0x8, r2) mmap(&(0x7f00000be000/0x3000)=nil, 0x3000, 0x0, 0x100132, 0xffffffffffffffff, 0x1) prctl$PR_TASK_PERF_EVENTS_DISABLE(0x1f) r6 = openat$proc_capi20ncci(0xffffffffffffff9c, 0x0, 0x200000, 0x0) bpf$BPF_PROG_DETACH(0x9, 0x0, 0x2ad) r7 = syz_open_dev$radio(&(0x7f0000000500)='/dev/radio#\x00', 0x3, 0x2) write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f00000005c0)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000540)={0xffffffffffffffff}, 0x2, 0xe}}, 0x20) write$RDMA_USER_CM_CMD_NOTIFY(r7, &(0x7f0000000600)={0xf, 0x8, 0xfa00, {r8, 0x1}}, 0x10) openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cachefiles\x00', 0x8001, 0x0) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r6, 0x84, 0x18, &(0x7f0000000640)={0x0, 0x81}, &(0x7f0000000680)=0x8) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r5, 0x84, 0x5, &(0x7f00000006c0)={r9, @in={{0x2, 0x4e21, @multicast1}}}, 0x84) ioctl$SG_GET_REQUEST_TABLE(r1, 0x2286, &(0x7f00000001c0)) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$ASHMEM_SET_PROT_MASK(0xffffffffffffffff, 0x40087705, 0x0) 22:48:33 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6c6, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:48:33 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x4000000000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:33 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000007, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:48:33 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6c7, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:48:33 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x8000a0ffffffff]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:33 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x41b, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:33 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xca03]}, 0x2c) 22:48:33 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_DEL_MFC_PROXY(r0, 0x29, 0x7, &(0x7f00000000c0)={{0xa, 0x0, 0x0, @ipv4}, {0xa, 0x0, 0x0, @local}}, 0x5c) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x480042, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r1, 0xc0505350, &(0x7f0000000140)={{0x0, 0xfffffffffffffc00}, {0x6, 0x8001}, 0xffffffffffff589e, 0x1, 0x81}) syz_open_dev$midi(&(0x7f0000000080)='/dev/midi#\x00', 0x1252, 0x8000) ioctl$RNDCLEARPOOL(r1, 0x5206, &(0x7f0000000040)=0x4) 22:48:33 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000008, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) [ 2440.726369] syz-executor.3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 2440.739947] CPU: 1 PID: 8688 Comm: syz-executor.3 Not tainted 5.0.0-rc8+ #89 [ 2440.747155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2440.756516] Call Trace: [ 2440.759130] dump_stack+0x172/0x1f0 [ 2440.762804] dump_header+0x10f/0xb6c [ 2440.766547] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2440.771667] ? ___ratelimit+0x60/0x595 [ 2440.775572] ? do_raw_spin_unlock+0x57/0x270 [ 2440.780004] oom_kill_process.cold+0x10/0x6f5 [ 2440.784521] ? task_will_free_mem+0x139/0x6e0 [ 2440.789046] out_of_memory+0x79a/0x1280 [ 2440.793038] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2440.798158] ? oom_killer_disable+0x280/0x280 [ 2440.802673] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2440.807825] mem_cgroup_out_of_memory+0x99/0xe0 [ 2440.812512] ? memcg_memory_event+0x40/0x40 [ 2440.816871] ? _raw_spin_unlock+0x2d/0x50 [ 2440.821036] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2440.826154] try_charge+0xfec/0x1570 [ 2440.829881] ? find_held_lock+0x35/0x130 [ 2440.833967] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2440.838840] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2440.843697] ? find_held_lock+0x35/0x130 [ 2440.847807] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2440.852683] memcg_kmem_charge_memcg+0x7c/0x130 [ 2440.857368] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2440.861889] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2440.866754] memcg_kmem_charge+0x13b/0x340 [ 2440.871036] __alloc_pages_nodemask+0x437/0x710 [ 2440.875730] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2440.880764] ? save_stack+0x45/0xd0 [ 2440.884435] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 2440.889572] ? __lock_acquire+0x53b/0x4700 [ 2440.893832] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2440.899395] alloc_pages_current+0x107/0x210 [ 2440.903929] pte_alloc_one+0x1b/0x1a0 [ 2440.907754] __pte_alloc+0x20/0x310 [ 2440.911422] copy_page_range+0x1529/0x1f90 [ 2440.915672] ? __lock_is_held+0xb6/0x140 [ 2440.919791] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2440.924841] ? pmd_alloc+0x180/0x180 [ 2440.928580] ? validate_mm_rb+0xa3/0xc0 [ 2440.932577] ? __vma_link_rb+0x279/0x370 [ 2440.936661] copy_process.part.0+0x56aa/0x79a0 [ 2440.941295] ? __cleanup_sighand+0x70/0x70 [ 2440.945574] _do_fork+0x257/0xfe0 [ 2440.949055] ? fork_idle+0x1d0/0x1d0 [ 2440.952821] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2440.957594] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2440.962363] ? do_syscall_64+0x26/0x610 [ 2440.966355] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2440.971734] ? do_syscall_64+0x26/0x610 [ 2440.975731] __x64_sys_clone+0xbf/0x150 [ 2440.979724] do_syscall_64+0x103/0x610 [ 2440.983630] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2440.988832] RIP: 0033:0x4563fa [ 2440.992040] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2441.010951] RSP: 002b:00007ffd944dfb30 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2441.018677] RAX: ffffffffffffffda RBX: 00007ffd944dfb30 RCX: 00000000004563fa 22:48:34 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6c8, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) [ 2441.025958] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2441.033240] RBP: 00007ffd944dfb70 R08: 0000000000000001 R09: 0000000002439940 [ 2441.040519] R10: 0000000002439c10 R11: 0000000000000246 R12: 0000000000000001 [ 2441.047818] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000003 [ 2441.058528] memory: usage 307200kB, limit 307200kB, failcnt 6150 [ 2441.064827] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2441.082968] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2441.091836] Memory cgroup stats for /syz3: cache:0KB rss:117408KB rss_huge:28672KB [ 2441.095875] shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:117428KB inactive_file:8KB active_file:16KB unevictable:0KB 22:48:34 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf203]}, 0x2c) 22:48:34 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6c9, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:48:34 executing program 1: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) keyctl$clear(0x7, r0) r1 = syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x927e, 0x2) setsockopt$inet6_dccp_buf(r1, 0x21, 0x8d, &(0x7f0000000080)="b5a32903f487df2848f08510e1e4cba1845cee3b03b3d2a95fd5b3725e65a097e84f7827", 0x24) getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000001c0)={{{@in=@loopback, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@initdev}, 0x0, @in=@dev}}, &(0x7f0000000100)=0xe8) ioctl$SIOCAX25ADDUID(r1, 0x89e1, &(0x7f00000002c0)={0x3, @null, r2}) mlock2(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0) [ 2441.252496] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=24757,uid=0 22:48:34 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000009, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) [ 2441.329230] Memory cgroup out of memory: Kill process 24757 (syz-executor.3) score 1113 or sacrifice child 22:48:34 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf403]}, 0x2c) [ 2441.397533] Killed process 24757 (syz-executor.3) total-vm:72576kB, anon-rss:2208kB, file-rss:35784kB, shmem-rss:0kB [ 2441.434824] oom_reaper: reaped process 24757 (syz-executor.3), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 22:48:34 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$GIO_UNIMAP(r2, 0x4b66, &(0x7f00000008c0)={0x1, &(0x7f0000000740)=[{}]}) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000540)='/dev/vcs\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000140)='btrfs\x00', &(0x7f0000000900)='./file0\x00', 0x0, 0x0, &(0x7f00000007c0), 0x0, 0x0) syz_mount_image$ntfs(0x0, &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000000180), 0x0, 0x0) getsockopt$inet_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x7f, 0x3, 0x1c8}, 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f00000001c0)=@abs, 0x6e, &(0x7f0000000c00)}, 0x0) ppoll(&(0x7f0000000240)=[{r3, 0x210e}, {r2, 0x40}], 0x2, &(0x7f0000000300)={0x0, 0x1c9c380}, &(0x7f0000000340)={0x7}, 0x8) recvfrom$inet6(r2, &(0x7f0000000940)=""/4096, 0x1000, 0x1, &(0x7f0000000280)={0xa, 0x4e22, 0x58, @mcast2, 0x3}, 0x1c) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ptrace$getenv(0x4201, 0x0, 0x0, 0x0) mount$overlay(0x404000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}]}) ioctl$KIOCSOUND(r3, 0x4b2f, 0xff) setxattr$security_smack_entry(0x0, &(0x7f0000000840)='security.SMACK64MMAP\x00', &(0x7f0000000880)='[}$keyring\x00', 0xb, 0x2) ioctl$KDGKBMETA(r3, 0x4b62, 0x0) close(0xffffffffffffffff) ioctl$TIOCGSID(r3, 0x5429, &(0x7f0000000700)) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f0000000040)={0x2, [0x0, 0x0]}, &(0x7f0000000480)=0xc) syz_genetlink_get_family_id$ipvs(&(0x7f00000004c0)='IPVS\x00') sendto(r3, &(0x7f0000000580)="9227303d8a801e20f3c10ebb33ea106cd27e7eb3d67a5f46b5d82865a2b65da1f11a6c0922422ce150e488a8e908e0b26a2318ec76f026b63277a57e010cd01634fbbdc9827272d7f17cf83489a3e9b14b870868b934b2a85eb15701ad125a910e1cd93cbb9855cdf944f8327aa2f8f9454d1e6ec61f9d016ca52250697ba7b65d7749608bc1ce1cfd1663cb9dc88781b7633367954402b3d2419c72fe710946f8f0dff6642f0a4afb2a784ac9829bf0af4aeb9039f4eaad0d7e77b1a82d51d8dcafaf1714888e0851296284f7c6c2dc52d0e9d6d0080f5a4d", 0xd9, 0x20000000, 0x0, 0x0) stat(&(0x7f0000000440)='./file0\x00', &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0}) setxattr$system_posix_acl(&(0x7f0000000180)='./file1\x00', &(0x7f0000000380)='system.posix_acl_default\x00', &(0x7f00000003c0)={{}, {0x1, 0x3}, [{0x2, 0x0, r4}, {0x2, 0x1}, {0x2, 0x1}], {0x4, 0x7}, [{}, {0x8, 0x4}, {0x8, 0x4}, {0x8, 0x7}], {0x10, 0x4}}, 0x5c, 0x0) [ 2441.450912] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 2441.539100] CPU: 0 PID: 24770 Comm: syz-executor.0 Not tainted 5.0.0-rc8+ #89 [ 2441.546508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2441.546514] Call Trace: [ 2441.546550] dump_stack+0x172/0x1f0 [ 2441.546582] dump_header+0x10f/0xb6c [ 2441.546608] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2441.546624] ? ___ratelimit+0x60/0x595 [ 2441.546640] ? do_raw_spin_unlock+0x57/0x270 [ 2441.546662] oom_kill_process.cold+0x10/0x6f5 [ 2441.546683] ? task_will_free_mem+0x139/0x6e0 [ 2441.558630] out_of_memory+0x79a/0x1280 [ 2441.558657] ? oom_killer_disable+0x280/0x280 [ 2441.558673] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2441.558699] mem_cgroup_out_of_memory+0x99/0xe0 [ 2441.558715] ? memcg_memory_event+0x40/0x40 [ 2441.558736] ? _raw_spin_unlock+0x2d/0x50 [ 2441.615003] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2441.620135] try_charge+0xfec/0x1570 [ 2441.623900] ? find_held_lock+0x35/0x130 [ 2441.627998] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2441.632883] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2441.637733] ? find_held_lock+0x35/0x130 [ 2441.641865] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2441.646728] memcg_kmem_charge_memcg+0x7c/0x130 [ 2441.651401] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2441.655908] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2441.660765] memcg_kmem_charge+0x13b/0x340 [ 2441.665046] __alloc_pages_nodemask+0x437/0x710 [ 2441.669728] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2441.674763] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2441.679363] ? trace_hardirqs_on+0x67/0x230 [ 2441.683700] ? kasan_check_read+0x11/0x20 [ 2441.687863] copy_process.part.0+0x3e0/0x79a0 [ 2441.692369] ? psi_memstall_leave+0x11c/0x180 [ 2441.696877] ? sched_clock+0x2e/0x50 [ 2441.700602] ? psi_memstall_leave+0x12e/0x180 [ 2441.705139] ? find_held_lock+0x35/0x130 [ 2441.709212] ? __lock_acquire+0x53b/0x4700 [ 2441.713463] ? __cleanup_sighand+0x70/0x70 [ 2441.717724] ? mark_held_locks+0x100/0x100 [ 2441.721974] ? perf_trace_lock_acquire+0xf5/0x580 [ 2441.726825] ? rcu_read_lock_sched_held+0x110/0x130 [ 2441.731848] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2441.737408] _do_fork+0x257/0xfe0 [ 2441.740878] ? fork_idle+0x1d0/0x1d0 [ 2441.744599] ? blkcg_maybe_throttle_current+0x5d4/0xfd0 [ 2441.749999] ? lock_downgrade+0x810/0x810 [ 2441.754164] ? blkcg_exit_queue+0x30/0x30 [ 2441.758321] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2441.763081] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2441.767843] ? do_syscall_64+0x26/0x610 [ 2441.771825] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2441.777196] ? do_syscall_64+0x26/0x610 [ 2441.781187] __x64_sys_clone+0xbf/0x150 [ 2441.785173] do_syscall_64+0x103/0x610 [ 2441.789077] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2441.794267] RIP: 0033:0x45a7f9 [ 2441.797506] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2441.816422] RSP: 002b:00007ffc56cc41d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2441.824133] RAX: ffffffffffffffda RBX: 00007f028a91a700 RCX: 000000000045a7f9 [ 2441.831404] RDX: 00007f028a91a9d0 RSI: 00007f028a919db0 RDI: 00000000003d0f00 [ 2441.838675] RBP: 00007ffc56cc43e0 R08: 00007f028a91a700 R09: 00007f028a91a700 [ 2441.845949] R10: 00007f028a91a9d0 R11: 0000000000000202 R12: 0000000000000000 [ 2441.853217] R13: 00007ffc56cc428f R14: 00007f028a91a9c0 R15: 000000000073bfac [ 2441.886686] memory: usage 307148kB, limit 307200kB, failcnt 6160 [ 2441.898450] net_ratelimit: 26 callbacks suppressed [ 2441.898457] protocol 88fb is buggy, dev hsr_slave_0 [ 2441.908610] protocol 88fb is buggy, dev hsr_slave_1 [ 2441.913725] protocol 88fb is buggy, dev hsr_slave_0 [ 2441.918839] protocol 88fb is buggy, dev hsr_slave_1 [ 2441.925108] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2441.962811] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2441.969198] protocol 88fb is buggy, dev hsr_slave_0 [ 2441.969254] protocol 88fb is buggy, dev hsr_slave_1 [ 2441.969395] protocol 88fb is buggy, dev hsr_slave_0 [ 2441.969440] protocol 88fb is buggy, dev hsr_slave_1 [ 2441.978456] protocol 88fb is buggy, dev hsr_slave_0 [ 2441.986723] Memory cgroup stats for /syz0: cache:4968KB rss:119612KB rss_huge:26624KB shmem:160KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:119792KB inactive_file:12KB active_file:0KB unevictable:4780KB [ 2441.989805] protocol 88fb is buggy, dev hsr_slave_1 [ 2442.026522] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=24751,uid=0 [ 2442.056176] Memory cgroup out of memory: Kill process 24751 (syz-executor.0) score 124 or sacrifice child [ 2442.073324] Killed process 24751 (syz-executor.0) total-vm:72576kB, anon-rss:2216kB, file-rss:35784kB, shmem-rss:0kB 22:48:35 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x100000000000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:35 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x41c, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:35 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6ca, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:48:35 executing program 1: r0 = socket$vsock_stream(0x28, 0x1, 0x0) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x28, 0x6, &(0x7f0000581000)={{{@in, @in6=@mcast2}}}, &(0x7f0000000040)=0xe8) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x0, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000080)=0x0) write$P9_RGETLOCK(r1, &(0x7f00000000c0)={0x41, 0x37, 0x1, {0x1, 0x8, 0x7, r2, 0x23, 'vboxnet1]:nodev\\eth0eth1%vmnet1^\xd6&\xfe'}}, 0x41) 22:48:35 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfa03]}, 0x2c) 22:48:35 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x2000000a, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:48:35 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000]}, 0x2c) 22:48:35 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6cb, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:48:35 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'vlan0\x00', 0x1000000802}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'vlan0\x00\x00\xf6\xff\xff\xff\xff\xff\xff\xff\x00', {0x2, 0x0, @loopback}}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x6000, 0x0) setsockopt$inet_mreqn(r2, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2, @loopback}, 0xc) r3 = socket$nl_route(0x10, 0x3, 0x0) dup3(r3, r1, 0x0) 22:48:35 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x2000000b, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:48:35 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x41d, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:35 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000a0]}, 0x2c) [ 2442.426403] syz-executor.4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 2442.469066] CPU: 0 PID: 7608 Comm: syz-executor.4 Not tainted 5.0.0-rc8+ #89 [ 2442.476277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2442.485630] Call Trace: [ 2442.488229] dump_stack+0x172/0x1f0 [ 2442.491880] dump_header+0x10f/0xb6c [ 2442.495622] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2442.500746] ? ___ratelimit+0x60/0x595 [ 2442.504667] ? do_raw_spin_unlock+0x57/0x270 [ 2442.509097] oom_kill_process.cold+0x10/0x6f5 [ 2442.513604] ? task_will_free_mem+0x139/0x6e0 [ 2442.518120] out_of_memory+0x79a/0x1280 [ 2442.522111] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2442.527233] ? oom_killer_disable+0x280/0x280 [ 2442.531751] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2442.536886] mem_cgroup_out_of_memory+0x99/0xe0 [ 2442.541570] ? memcg_memory_event+0x40/0x40 [ 2442.545911] ? _raw_spin_unlock+0x2d/0x50 [ 2442.550111] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2442.555232] try_charge+0xfec/0x1570 [ 2442.558961] ? find_held_lock+0x35/0x130 [ 2442.563106] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2442.567966] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2442.572814] ? find_held_lock+0x35/0x130 [ 2442.576887] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2442.581751] memcg_kmem_charge_memcg+0x7c/0x130 [ 2442.586470] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2442.591037] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2442.595891] memcg_kmem_charge+0x13b/0x340 [ 2442.600143] __alloc_pages_nodemask+0x437/0x710 [ 2442.604816] ? debug_smp_processor_id+0x1c/0x20 [ 2442.609499] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2442.614539] ? copy_page_range+0x125a/0x1f90 [ 2442.619250] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2442.624836] alloc_pages_current+0x107/0x210 [ 2442.629284] pte_alloc_one+0x1b/0x1a0 [ 2442.633107] __pte_alloc+0x20/0x310 [ 2442.636784] copy_page_range+0x1529/0x1f90 [ 2442.641028] ? mark_held_locks+0x100/0x100 [ 2442.645307] ? pmd_alloc+0x180/0x180 [ 2442.649036] ? __rb_insert_augmented+0x231/0xdf0 [ 2442.653810] ? validate_mm_rb+0xa3/0xc0 [ 2442.657803] ? __vma_link_rb+0x279/0x370 [ 2442.661892] copy_process.part.0+0x56aa/0x79a0 [ 2442.666518] ? __cleanup_sighand+0x70/0x70 [ 2442.670801] _do_fork+0x257/0xfe0 [ 2442.674269] ? fork_idle+0x1d0/0x1d0 [ 2442.678004] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2442.682800] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2442.687574] ? do_syscall_64+0x26/0x610 [ 2442.691550] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2442.696947] ? do_syscall_64+0x26/0x610 [ 2442.700938] __x64_sys_clone+0xbf/0x150 [ 2442.704937] do_syscall_64+0x103/0x610 [ 2442.708848] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2442.714074] RIP: 0033:0x4563fa [ 2442.717284] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2442.736185] RSP: 002b:00007ffdc71530f0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2442.743916] RAX: ffffffffffffffda RBX: 00007ffdc71530f0 RCX: 00000000004563fa [ 2442.751186] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2442.758458] RBP: 00007ffdc7153130 R08: 0000000000000001 R09: 000000000189b940 22:48:36 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x200000000000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2442.765727] R10: 000000000189bc10 R11: 0000000000000246 R12: 0000000000000001 [ 2442.772997] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000004 [ 2442.790302] memory: usage 307200kB, limit 307200kB, failcnt 4496 [ 2442.812838] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 22:48:36 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000]}, 0x2c) 22:48:36 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x41e, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2442.847882] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 22:48:36 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") r1 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x8, 0x80) ioctl$EVIOCRMFF(r1, 0x40044581, &(0x7f0000000040)=0x100000000) fanotify_init(0x1, 0x2) ioctl$SIOCX25SFACILITIES(r1, 0x89e3, &(0x7f0000000240)={0x48, 0x7, 0x9, 0xfffffffffffffffc, 0x40, 0x81}) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f00000000c0)='ip6_vti0\x00', 0x10) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @remote}, 0x1c) ioctl$PIO_FONT(0xffffffffffffffff, 0x4b61, &(0x7f0000000140)="6205f820970cbc431ad56842a71a7d3cf0b3f69e731b9635b78e3f62e7c192b85d500967d201b20c15cfb454a8adfd31c0d3d72fb6221c12fcee1940482600f8e5db793a8e68cba06ee8dffb834fb101967f74c3e4ccf429296fc66b2ded8bbfc31b7045eee0354a70f820a279c2252ad8acb7701798acb93437988305219b4b9013a3565e1ab87b6b90c5d0a5c399d654da4aa07f9247e9dcb745a3705b719da87ec370b34a5b6b0fc483c0e7676d5d1a38e6436424") setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000000080), 0xffffffffffffff62) [ 2442.903515] Memory cgroup stats for /syz4: cache:24KB rss:125752KB rss_huge:38912KB shmem:72KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:125788KB inactive_file:0KB active_file:4KB unevictable:0KB 22:48:36 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000501, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:48:36 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x300000000000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:36 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0x2c) [ 2442.971492] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=24612,uid=0 [ 2443.009405] Memory cgroup out of memory: Kill process 24612 (syz-executor.4) score 1113 or sacrifice child [ 2443.040937] Killed process 24612 (syz-executor.4) total-vm:72576kB, anon-rss:2216kB, file-rss:35784kB, shmem-rss:0kB [ 2443.056989] oom_reaper: reaped process 24612 (syz-executor.4), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 22:48:36 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6cc, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:48:36 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x41f, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:36 executing program 1: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x2000000b, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:48:36 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000600, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:48:36 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x400000000000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:36 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000]}, 0x2c) 22:48:36 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000]}, 0x2c) 22:48:36 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6cd, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:48:36 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x420, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:36 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x500000000000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:36 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0x2, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:48:36 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6ce, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:48:36 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5000000]}, 0x2c) 22:48:36 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x421, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:39 executing program 1: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000501, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:48:39 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x600000000000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:39 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6cf, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:48:39 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xe, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:48:39 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x422, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:39 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000]}, 0x2c) 22:48:39 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000]}, 0x2c) 22:48:39 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6d0, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:48:39 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x700000000000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:39 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0x11, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:48:39 executing program 1: fstat(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0}) socket$tipc(0x1e, 0x10000007, 0x0) setfsuid(r0) prctl$PR_GET_NAME(0x25, &(0x7f00000000c0)=""/202) 22:48:39 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6d1, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:48:39 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x423, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:39 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000]}, 0x2c) 22:48:39 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x800000000000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2446.775053] syz-executor.2 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 2446.795126] CPU: 0 PID: 7601 Comm: syz-executor.2 Not tainted 5.0.0-rc8+ #89 [ 2446.802338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2446.811687] Call Trace: [ 2446.814285] dump_stack+0x172/0x1f0 [ 2446.817936] dump_header+0x10f/0xb6c [ 2446.821659] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2446.826768] ? ___ratelimit+0x60/0x595 [ 2446.830697] ? do_raw_spin_unlock+0x57/0x270 [ 2446.835117] oom_kill_process.cold+0x10/0x6f5 [ 2446.839620] ? task_will_free_mem+0x139/0x6e0 [ 2446.844136] out_of_memory+0x79a/0x1280 [ 2446.848124] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2446.853240] ? oom_killer_disable+0x280/0x280 [ 2446.857745] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2446.862882] mem_cgroup_out_of_memory+0x99/0xe0 [ 2446.867593] ? memcg_memory_event+0x40/0x40 [ 2446.871965] ? _raw_spin_unlock+0x2d/0x50 [ 2446.876127] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2446.881246] try_charge+0xfec/0x1570 [ 2446.884967] ? find_held_lock+0x35/0x130 [ 2446.889055] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2446.893915] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2446.898764] ? find_held_lock+0x35/0x130 [ 2446.902867] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2446.907733] memcg_kmem_charge_memcg+0x7c/0x130 [ 2446.912418] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2446.916932] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2446.921797] memcg_kmem_charge+0x13b/0x340 [ 2446.926052] __alloc_pages_nodemask+0x437/0x710 [ 2446.930734] ? debug_smp_processor_id+0x1c/0x20 [ 2446.935423] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2446.940464] ? copy_page_range+0x125a/0x1f90 [ 2446.944884] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2446.950440] alloc_pages_current+0x107/0x210 [ 2446.954904] pte_alloc_one+0x1b/0x1a0 [ 2446.958733] __pte_alloc+0x20/0x310 [ 2446.962398] copy_page_range+0x1529/0x1f90 [ 2446.966637] ? mark_held_locks+0x100/0x100 [ 2446.970909] ? pmd_alloc+0x180/0x180 [ 2446.974635] ? __rb_insert_augmented+0x231/0xdf0 [ 2446.979405] ? validate_mm_rb+0xa3/0xc0 [ 2446.983388] ? __vma_link_rb+0x279/0x370 [ 2446.987469] copy_process.part.0+0x56aa/0x79a0 [ 2446.992091] ? __cleanup_sighand+0x70/0x70 [ 2446.996364] _do_fork+0x257/0xfe0 [ 2446.999834] ? fork_idle+0x1d0/0x1d0 [ 2447.003574] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2447.008354] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2447.008866] IPVS: ftp: loaded support on port[0] = 21 [ 2447.013131] ? do_syscall_64+0x26/0x610 [ 2447.013146] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2447.013160] ? do_syscall_64+0x26/0x610 [ 2447.013180] __x64_sys_clone+0xbf/0x150 [ 2447.013214] do_syscall_64+0x103/0x610 [ 2447.013232] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2447.044716] RIP: 0033:0x4563fa [ 2447.047914] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2447.049302] IPVS: ftp: loaded support on port[0] = 21 22:48:40 executing program 1: clock_getres(0x3, &(0x7f0000000080)) socket$inet_udplite(0x2, 0x2, 0x88) clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) unshare(0x40040000) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000040)=""/11, 0xb) socketpair$unix(0x1, 0x0, 0x0, 0x0) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)='\n') 22:48:40 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x424, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:40 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6d2, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) [ 2447.066819] RSP: 002b:00007fff02590460 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2447.066835] RAX: ffffffffffffffda RBX: 00007fff02590460 RCX: 00000000004563fa [ 2447.066844] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2447.066853] RBP: 00007fff025904a0 R08: 0000000000000001 R09: 0000000001fbd940 [ 2447.066863] R10: 0000000001fbdc10 R11: 0000000000000246 R12: 0000000000000001 [ 2447.066871] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000002 [ 2447.072585] memory: usage 307200kB, limit 307200kB, failcnt 5277 22:48:40 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xfffffffd, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:48:40 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x900000000000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2447.164460] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2447.175529] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2447.182678] Memory cgroup stats for /syz2: cache:12KB rss:119488KB rss_huge:22528KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:119616KB inactive_file:8KB active_file:4KB unevictable:0KB [ 2447.268914] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=24844,uid=0 22:48:40 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6d3, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:48:40 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0xa00000000000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2447.313893] Memory cgroup out of memory: Kill process 24844 (syz-executor.2) score 124 or sacrifice child [ 2447.352220] Killed process 24844 (syz-executor.2) total-vm:72576kB, anon-rss:2212kB, file-rss:35784kB, shmem-rss:0kB 22:48:40 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x3}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) [ 2447.406849] syz-executor.3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 2447.410586] oom_reaper: reaped process 24844 (syz-executor.2), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB [ 2447.447431] CPU: 0 PID: 8688 Comm: syz-executor.3 Not tainted 5.0.0-rc8+ #89 [ 2447.454625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2447.463979] Call Trace: [ 2447.466576] dump_stack+0x172/0x1f0 [ 2447.470255] dump_header+0x10f/0xb6c [ 2447.473983] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2447.479099] ? ___ratelimit+0x60/0x595 [ 2447.483011] ? do_raw_spin_unlock+0x57/0x270 [ 2447.487688] oom_kill_process.cold+0x10/0x6f5 [ 2447.492199] ? task_will_free_mem+0x139/0x6e0 [ 2447.496721] out_of_memory+0x79a/0x1280 [ 2447.500729] ? oom_killer_disable+0x280/0x280 [ 2447.505234] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2447.510355] mem_cgroup_out_of_memory+0x99/0xe0 [ 2447.515040] ? memcg_memory_event+0x40/0x40 [ 2447.519381] ? _raw_spin_unlock+0x2d/0x50 [ 2447.523532] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2447.528645] try_charge+0xfec/0x1570 [ 2447.532382] ? find_held_lock+0x35/0x130 [ 2447.536461] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2447.541328] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2447.546192] ? find_held_lock+0x35/0x130 [ 2447.550267] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2447.555129] memcg_kmem_charge_memcg+0x7c/0x130 [ 2447.559813] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2447.564337] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2447.569190] memcg_kmem_charge+0x13b/0x340 [ 2447.573436] __alloc_pages_nodemask+0x437/0x710 [ 2447.578119] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2447.583144] ? save_stack+0xa9/0xd0 [ 2447.586820] ? anon_vma_fork+0x1ea/0x4a0 [ 2447.590911] ? copy_process.part.0+0x350f/0x79a0 [ 2447.595678] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2447.601226] alloc_pages_current+0x107/0x210 [ 2447.605650] __pmd_alloc+0x41/0x460 [ 2447.609284] ? pmd_val+0x100/0x100 [ 2447.612836] pmd_alloc+0x10c/0x180 [ 2447.616392] copy_page_range+0x62e/0x1f90 [ 2447.620763] ? __lock_is_held+0xb6/0x140 [ 2447.624890] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2447.629913] ? vma_compute_subtree_gap+0x158/0x230 [ 2447.634860] ? vma_gap_callbacks_rotate+0x62/0x80 [ 2447.639707] ? pmd_alloc+0x180/0x180 [ 2447.643434] ? validate_mm_rb+0xa3/0xc0 [ 2447.647422] ? __vma_link_rb+0x279/0x370 [ 2447.651497] copy_process.part.0+0x56aa/0x79a0 [ 2447.656119] ? __cleanup_sighand+0x70/0x70 [ 2447.660402] _do_fork+0x257/0xfe0 [ 2447.663869] ? fork_idle+0x1d0/0x1d0 [ 2447.667618] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2447.672411] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2447.677178] ? do_syscall_64+0x26/0x610 [ 2447.681157] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2447.686522] ? do_syscall_64+0x26/0x610 [ 2447.690535] __x64_sys_clone+0xbf/0x150 [ 2447.694518] do_syscall_64+0x103/0x610 [ 2447.698419] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2447.703616] RIP: 0033:0x4563fa [ 2447.706834] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2447.725741] RSP: 002b:00007ffd944dfb30 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2447.733481] RAX: ffffffffffffffda RBX: 00007ffd944dfb30 RCX: 00000000004563fa [ 2447.740753] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2447.748098] RBP: 00007ffd944dfb70 R08: 0000000000000001 R09: 0000000002439940 [ 2447.755366] R10: 0000000002439c10 R11: 0000000000000246 R12: 0000000000000001 [ 2447.762671] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000003 22:48:40 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0xb00000000000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2447.790846] memory: usage 307200kB, limit 307200kB, failcnt 6182 [ 2447.816218] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2447.824397] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 22:48:41 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6d4, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) [ 2447.835899] Memory cgroup stats for /syz3: cache:0KB rss:115944KB rss_huge:26624KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:116084KB inactive_file:12KB active_file:4KB unevictable:0KB [ 2447.865447] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=11134,uid=0 [ 2447.881825] Memory cgroup out of memory: Kill process 11134 (syz-executor.3) score 1113 or sacrifice child [ 2447.908876] Killed process 11134 (syz-executor.3) total-vm:72576kB, anon-rss:2200kB, file-rss:35788kB, shmem-rss:0kB [ 2447.976230] syz-executor.2 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 2448.009929] CPU: 1 PID: 7601 Comm: syz-executor.2 Not tainted 5.0.0-rc8+ #89 [ 2448.017133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2448.026483] Call Trace: [ 2448.029110] dump_stack+0x172/0x1f0 [ 2448.032753] dump_header+0x10f/0xb6c [ 2448.036483] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2448.041589] ? ___ratelimit+0x60/0x595 [ 2448.045483] ? do_raw_spin_unlock+0x57/0x270 [ 2448.049905] oom_kill_process.cold+0x10/0x6f5 [ 2448.054415] ? task_will_free_mem+0x139/0x6e0 [ 2448.058930] out_of_memory+0x79a/0x1280 [ 2448.062956] ? oom_killer_disable+0x280/0x280 [ 2448.067485] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2448.072606] mem_cgroup_out_of_memory+0x99/0xe0 [ 2448.077277] ? memcg_memory_event+0x40/0x40 [ 2448.081609] ? _raw_spin_unlock+0x2d/0x50 [ 2448.085760] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2448.090878] try_charge+0xfec/0x1570 [ 2448.094605] ? find_held_lock+0x35/0x130 [ 2448.098678] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2448.103524] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2448.108392] ? find_held_lock+0x35/0x130 [ 2448.112463] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2448.117354] memcg_kmem_charge_memcg+0x7c/0x130 [ 2448.122057] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2448.126593] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2448.131460] memcg_kmem_charge+0x13b/0x340 [ 2448.135704] __alloc_pages_nodemask+0x437/0x710 [ 2448.140408] ? debug_smp_processor_id+0x1c/0x20 [ 2448.145089] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2448.150117] ? copy_page_range+0x125a/0x1f90 [ 2448.154527] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2448.160078] alloc_pages_current+0x107/0x210 [ 2448.164490] pte_alloc_one+0x1b/0x1a0 [ 2448.168299] __pte_alloc+0x20/0x310 [ 2448.171934] copy_page_range+0x1529/0x1f90 [ 2448.176174] ? mark_held_locks+0x100/0x100 [ 2448.180456] ? pmd_alloc+0x180/0x180 [ 2448.184170] ? vma_compute_subtree_gap+0x158/0x230 [ 2448.189105] ? validate_mm_rb+0xa3/0xc0 [ 2448.193083] ? __vma_link_rb+0x279/0x370 [ 2448.197157] copy_process.part.0+0x56aa/0x79a0 [ 2448.201789] ? __cleanup_sighand+0x70/0x70 [ 2448.206058] _do_fork+0x257/0xfe0 [ 2448.208525] net_ratelimit: 25 callbacks suppressed [ 2448.208532] protocol 88fb is buggy, dev hsr_slave_0 [ 2448.209529] ? fork_idle+0x1d0/0x1d0 [ 2448.214613] protocol 88fb is buggy, dev hsr_slave_1 [ 2448.219515] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2448.219537] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2448.219567] ? do_syscall_64+0x26/0x610 [ 2448.219582] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2448.219595] ? do_syscall_64+0x26/0x610 [ 2448.219614] __x64_sys_clone+0xbf/0x150 [ 2448.219634] do_syscall_64+0x103/0x610 [ 2448.219665] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2448.223570] protocol 88fb is buggy, dev hsr_slave_0 [ 2448.228377] RIP: 0033:0x4563fa [ 2448.228393] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2448.228401] RSP: 002b:00007fff02590460 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2448.228417] RAX: ffffffffffffffda RBX: 00007fff02590460 RCX: 00000000004563fa [ 2448.228426] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2448.228435] RBP: 00007fff025904a0 R08: 0000000000000001 R09: 0000000001fbd940 [ 2448.228444] R10: 0000000001fbdc10 R11: 0000000000000246 R12: 0000000000000001 [ 2448.228452] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000002 [ 2448.228797] protocol 88fb is buggy, dev hsr_slave_0 [ 2448.233372] protocol 88fb is buggy, dev hsr_slave_1 [ 2448.238009] protocol 88fb is buggy, dev hsr_slave_1 [ 2448.238089] protocol 88fb is buggy, dev hsr_slave_0 [ 2448.288415] protocol 88fb is buggy, dev hsr_slave_0 [ 2448.291665] protocol 88fb is buggy, dev hsr_slave_1 [ 2448.291741] protocol 88fb is buggy, dev hsr_slave_0 [ 2448.375675] memory: usage 304868kB, limit 307200kB, failcnt 5288 [ 2448.393278] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2448.417561] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2448.426405] Memory cgroup stats for /syz2: cache:12KB rss:117476KB rss_huge:20480KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:117456KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2448.455199] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=13223,uid=0 [ 2448.487657] Memory cgroup out of memory: Kill process 13223 (syz-executor.2) score 124 or sacrifice child [ 2448.506425] Killed process 13223 (syz-executor.2) total-vm:72444kB, anon-rss:2204kB, file-rss:35784kB, shmem-rss:0kB [ 2448.551903] syz-executor.4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 2448.597823] CPU: 1 PID: 7608 Comm: syz-executor.4 Not tainted 5.0.0-rc8+ #89 [ 2448.605037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2448.614415] Call Trace: [ 2448.617013] dump_stack+0x172/0x1f0 [ 2448.620697] dump_header+0x10f/0xb6c [ 2448.624432] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2448.629543] ? ___ratelimit+0x60/0x595 [ 2448.633448] ? do_raw_spin_unlock+0x57/0x270 [ 2448.637881] oom_kill_process.cold+0x10/0x6f5 [ 2448.642392] ? task_will_free_mem+0x139/0x6e0 [ 2448.646904] out_of_memory+0x79a/0x1280 [ 2448.650894] ? oom_killer_disable+0x280/0x280 [ 2448.655411] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2448.660530] mem_cgroup_out_of_memory+0x99/0xe0 [ 2448.665210] ? memcg_memory_event+0x40/0x40 [ 2448.669595] ? _raw_spin_unlock+0x2d/0x50 [ 2448.673752] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2448.678903] try_charge+0xfec/0x1570 [ 2448.682623] ? find_held_lock+0x35/0x130 [ 2448.686703] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2448.691559] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2448.696412] ? find_held_lock+0x35/0x130 [ 2448.700494] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2448.705429] memcg_kmem_charge_memcg+0x7c/0x130 [ 2448.710110] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2448.714616] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2448.719475] memcg_kmem_charge+0x13b/0x340 [ 2448.723724] __alloc_pages_nodemask+0x437/0x710 [ 2448.728418] ? debug_smp_processor_id+0x1c/0x20 [ 2448.733146] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2448.738181] ? copy_page_range+0x125a/0x1f90 [ 2448.742613] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2448.748162] alloc_pages_current+0x107/0x210 [ 2448.752586] pte_alloc_one+0x1b/0x1a0 [ 2448.756398] __pte_alloc+0x20/0x310 [ 2448.760035] copy_page_range+0x1529/0x1f90 [ 2448.764276] ? mark_held_locks+0x100/0x100 [ 2448.768552] ? pmd_alloc+0x180/0x180 [ 2448.772279] ? __rb_insert_augmented+0x231/0xdf0 [ 2448.777044] ? validate_mm_rb+0xa3/0xc0 [ 2448.781032] ? __vma_link_rb+0x279/0x370 [ 2448.785107] copy_process.part.0+0x56aa/0x79a0 [ 2448.789720] ? __cleanup_sighand+0x70/0x70 [ 2448.794000] _do_fork+0x257/0xfe0 [ 2448.797465] ? fork_idle+0x1d0/0x1d0 [ 2448.801196] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2448.805957] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2448.810718] ? do_syscall_64+0x26/0x610 [ 2448.814715] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2448.820086] ? do_syscall_64+0x26/0x610 [ 2448.824077] __x64_sys_clone+0xbf/0x150 [ 2448.828093] do_syscall_64+0x103/0x610 [ 2448.831991] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2448.837184] RIP: 0033:0x4563fa [ 2448.840385] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2448.859284] RSP: 002b:00007ffdc71530f0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2448.866996] RAX: ffffffffffffffda RBX: 00007ffdc71530f0 RCX: 00000000004563fa [ 2448.874266] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2448.881546] RBP: 00007ffdc7153130 R08: 0000000000000001 R09: 000000000189b940 [ 2448.888845] R10: 000000000189bc10 R11: 0000000000000246 R12: 0000000000000001 22:48:42 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9000000]}, 0x2c) 22:48:42 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0xc00000000000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2448.896179] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000004 [ 2448.915951] memory: usage 307200kB, limit 307200kB, failcnt 4541 [ 2448.930018] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2448.955927] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2448.982258] Memory cgroup stats for /syz4: cache:24KB rss:124416KB rss_huge:36864KB shmem:72KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:124440KB inactive_file:8KB active_file:0KB unevictable:0KB [ 2449.045797] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8578,uid=0 [ 2449.093877] Memory cgroup out of memory: Kill process 8578 (syz-executor.4) score 1113 or sacrifice child [ 2449.110868] Killed process 8578 (syz-executor.4) total-vm:72444kB, anon-rss:2208kB, file-rss:35792kB, shmem-rss:0kB [ 2449.203814] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 2449.230375] CPU: 0 PID: 25139 Comm: syz-executor.0 Not tainted 5.0.0-rc8+ #89 [ 2449.237662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2449.247017] Call Trace: [ 2449.249625] dump_stack+0x172/0x1f0 [ 2449.253268] dump_header+0x10f/0xb6c [ 2449.257006] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2449.262142] ? ___ratelimit+0x60/0x595 [ 2449.266056] ? do_raw_spin_unlock+0x57/0x270 [ 2449.270479] oom_kill_process.cold+0x10/0x6f5 [ 2449.274997] ? task_will_free_mem+0x139/0x6e0 [ 2449.279516] out_of_memory+0x79a/0x1280 [ 2449.283522] ? oom_killer_disable+0x280/0x280 [ 2449.288023] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2449.293157] mem_cgroup_out_of_memory+0x99/0xe0 [ 2449.297835] ? memcg_memory_event+0x40/0x40 [ 2449.302176] ? _raw_spin_unlock+0x2d/0x50 [ 2449.306337] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2449.311448] try_charge+0xfec/0x1570 [ 2449.315170] ? find_held_lock+0x35/0x130 [ 2449.319256] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2449.324149] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2449.329001] ? find_held_lock+0x35/0x130 [ 2449.333103] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2449.337982] memcg_kmem_charge_memcg+0x7c/0x130 [ 2449.342655] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2449.347180] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2449.352043] memcg_kmem_charge+0x13b/0x340 [ 2449.356293] __alloc_pages_nodemask+0x437/0x710 [ 2449.360977] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2449.366017] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2449.371069] ? do_huge_pmd_anonymous_page+0x420/0x1550 [ 2449.376362] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2449.381916] alloc_pages_current+0x107/0x210 [ 2449.386343] pte_alloc_one+0x1b/0x1a0 [ 2449.390156] __pte_alloc+0x20/0x310 [ 2449.393820] __handle_mm_fault+0x33ca/0x3f20 [ 2449.398247] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2449.403099] ? find_held_lock+0x35/0x130 [ 2449.407165] ? handle_mm_fault+0x322/0xb30 [ 2449.411440] ? kasan_check_read+0x11/0x20 [ 2449.415650] handle_mm_fault+0x43f/0xb30 [ 2449.419730] __do_page_fault+0x5da/0xd60 [ 2449.423835] do_page_fault+0x71/0x581 [ 2449.427687] ? page_fault+0x8/0x30 [ 2449.431234] page_fault+0x1e/0x30 [ 2449.434695] RIP: 0033:0x40bba4 [ 2449.437892] Code: 33 00 89 48 24 48 89 58 18 31 c0 48 8b 8c 04 10 01 00 00 48 89 8c 02 30 bf 73 00 48 83 c0 08 48 83 f8 48 75 e6 e8 2c 72 ff ff <83> 05 59 44 53 00 01 80 7c 24 0b 00 74 0b f6 44 24 0c 01 0f 84 cd [ 2449.456802] RSP: 002b:00007ffc56cc4310 EFLAGS: 00010217 [ 2449.462174] RAX: 0000000000000000 RBX: ffffffffffffffff RCX: 0000000000457e29 [ 2449.469450] RDX: 0000000000000000 RSI: 0000000000000081 RDI: 000000000073bf08 [ 2449.476733] RBP: 000000000073bf00 R08: 00007f028a93b700 R09: 0000000000255e2d [ 2449.484027] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000000009f1 [ 2449.491557] R13: 0000000000000000 R14: 0000000000000003 R15: 000000000073bf0c [ 2449.517887] memory: usage 307200kB, limit 307200kB, failcnt 6201 [ 2449.536189] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2449.544864] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2449.558808] Memory cgroup stats for /syz0: cache:4832KB rss:118436KB rss_huge:24576KB shmem:160KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:118528KB inactive_file:4KB active_file:0KB unevictable:4780KB [ 2449.591218] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15332,uid=0 [ 2449.613846] Memory cgroup out of memory: Kill process 15332 (syz-executor.0) score 121 or sacrifice child [ 2449.625423] Killed process 15332 (syz-executor.0) total-vm:72828kB, anon-rss:2232kB, file-rss:34816kB, shmem-rss:0kB [ 2449.692851] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2449.719000] CPU: 1 PID: 25141 Comm: syz-executor.2 Not tainted 5.0.0-rc8+ #89 [ 2449.726299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2449.735663] Call Trace: [ 2449.738258] dump_stack+0x172/0x1f0 [ 2449.741899] dump_header+0x10f/0xb6c [ 2449.745617] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2449.750725] ? ___ratelimit+0x60/0x595 [ 2449.754620] ? do_raw_spin_unlock+0x57/0x270 [ 2449.759040] oom_kill_process.cold+0x10/0x6f5 [ 2449.763555] ? task_will_free_mem+0x139/0x6e0 [ 2449.768067] out_of_memory+0x79a/0x1280 [ 2449.772062] ? oom_killer_disable+0x280/0x280 [ 2449.776574] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2449.781694] mem_cgroup_out_of_memory+0x99/0xe0 [ 2449.786401] ? memcg_memory_event+0x40/0x40 [ 2449.790754] ? _raw_spin_unlock+0x2d/0x50 [ 2449.794921] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2449.800030] try_charge+0xfec/0x1570 [ 2449.803745] ? find_held_lock+0x35/0x130 [ 2449.807832] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2449.812695] ? kasan_check_read+0x11/0x20 [ 2449.816862] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2449.821712] mem_cgroup_try_charge+0x24d/0x5e0 [ 2449.826321] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2449.831258] wp_page_copy+0x408/0x1740 [ 2449.835151] ? find_held_lock+0x35/0x130 [ 2449.839225] ? pmd_pfn+0x1d0/0x1d0 [ 2449.842812] ? lock_downgrade+0x810/0x810 [ 2449.846968] ? swp_swapcount+0x540/0x540 [ 2449.851037] ? kasan_check_read+0x11/0x20 [ 2449.855191] ? do_raw_spin_unlock+0x57/0x270 [ 2449.859611] do_wp_page+0x2ed/0x1520 [ 2449.863337] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2449.868049] __handle_mm_fault+0x22db/0x3f20 [ 2449.872501] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2449.877359] ? find_held_lock+0x35/0x130 [ 2449.881425] ? handle_mm_fault+0x322/0xb30 [ 2449.885730] ? kasan_check_read+0x11/0x20 [ 2449.889934] handle_mm_fault+0x43f/0xb30 [ 2449.894011] __do_page_fault+0x5da/0xd60 [ 2449.898119] do_page_fault+0x71/0x581 [ 2449.901929] ? page_fault+0x8/0x30 [ 2449.905474] page_fault+0x1e/0x30 [ 2449.908933] RIP: 0033:0x40bb8d [ 2449.912134] Code: 48 10 8b 4c 24 4c 88 58 20 48 8b 5c 24 50 80 60 20 01 48 89 2d 7c 03 33 00 89 48 24 48 89 58 18 31 c0 48 8b 8c 04 10 01 00 00 <48> 89 8c 02 30 bf 73 00 48 83 c0 08 48 83 f8 48 75 e6 e8 2c 72 ff [ 2449.931065] RSP: 002b:00007fff02590310 EFLAGS: 00010297 [ 2449.936446] RAX: 0000000000000030 RBX: ffffffffffffffff RCX: 0000000000000000 [ 2449.943715] RDX: 00000000000000a0 RSI: 00007fca941fedb0 RDI: 000000000073bfa8 [ 2449.950989] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 00007fca941ff700 [ 2449.958263] R10: 00007fca941ff9d0 R11: 0000000000000202 R12: 0000000000000068 [ 2449.965542] R13: 0000000000000001 R14: 0000000000000005 R15: 000000000073bfac [ 2450.098482] memory: usage 307200kB, limit 307200kB, failcnt 5300 [ 2450.104786] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2450.153591] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2450.193191] Memory cgroup stats for /syz2: cache:12KB rss:119512KB rss_huge:22528KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:119612KB inactive_file:4KB active_file:4KB unevictable:0KB [ 2450.288824] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=25135,uid=0 [ 2450.315655] Memory cgroup out of memory: Kill process 25135 (syz-executor.2) score 124 or sacrifice child [ 2450.325616] Killed process 25135 (syz-executor.2) total-vm:72576kB, anon-rss:2212kB, file-rss:35784kB, shmem-rss:0kB 22:48:45 executing program 1: socketpair$unix(0x1, 0x4, 0x0, 0x0) fcntl$getown(0xffffffffffffffff, 0x9) clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_IO(r0, 0x2285, &(0x7f00000003c0)={0x53, 0x0, 0x6, 0x0, @scatter={0x0, 0x200000, 0x0}, &(0x7f0000000580)="5f39203a1ec6", 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cachefiles\x00', 0x800, 0x0) ioctl$VIDIOC_TRY_EXT_CTRLS(r1, 0xc0205649, 0x0) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)={0x0, 0x0, 0x500}) write$binfmt_script(0xffffffffffffffff, &(0x7f00000005c0)=ANY=[@ANYBLOB="2321202e2f66696c65302020406367726f75707070703070726f63656d31202f6465762f636163686566696c6573000a644e8ffd2c4bb5ed4f225c2c94062a2462bfae7476f69961167b3b2f9673f94ee775ddcad1b3fb33d0b30b0b140b635f846561b70d919a24a43fdeb443be2125f1122ceed2d587faed49f505e5801224da15dbafa306cb95817350c545559a69c4c7015ae63e769bb2d4b924d15dfb36b0d252015b9f0b60a127c1da414bcbe8bf537da9a077c2b9010b9b8fd2a0210497e3006816ae6f00d1b3430f435f3fb1755f560a39ce48e5ada88d69af96776431897f41127baa5f61118f0429461611420daa76f68858d7603b5754a12fc4407c77a1ad20d45b42b6a71233447081dab88819ca5606aa7c70bdf0eaa22e02940d40e45b35db908bd0271805273fe084de1f8995699f5df625"], 0x139) setfsuid(0x0) fstat(0xffffffffffffffff, 0x0) ptrace(0x4206, r2) ptrace(0x8, r2) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(0xffffffffffffffff, 0x4010ae74, 0x0) socket$unix(0x1, 0x7, 0x0) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000440)={0x0, @in={{0x2, 0x0, @empty}}, 0x1}, 0x0) 22:48:45 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x4}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:48:45 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x425, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:45 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0xc03000000000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:45 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6d5, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:48:45 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000]}, 0x2c) 22:48:45 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6d6, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:48:45 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0xd00000000000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:45 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb000000]}, 0x2c) [ 2452.429607] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2452.550075] CPU: 1 PID: 25158 Comm: syz-executor.3 Not tainted 5.0.0-rc8+ #89 [ 2452.557384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2452.566735] Call Trace: [ 2452.569332] dump_stack+0x172/0x1f0 [ 2452.572978] dump_header+0x10f/0xb6c [ 2452.576705] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2452.581819] ? ___ratelimit+0x60/0x595 [ 2452.585712] ? do_raw_spin_unlock+0x57/0x270 [ 2452.590329] oom_kill_process.cold+0x10/0x6f5 [ 2452.594839] ? task_will_free_mem+0x139/0x6e0 [ 2452.599349] out_of_memory+0x79a/0x1280 [ 2452.603337] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2452.608453] ? oom_killer_disable+0x280/0x280 [ 2452.612958] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2452.618085] mem_cgroup_out_of_memory+0x99/0xe0 [ 2452.622766] ? memcg_memory_event+0x40/0x40 [ 2452.627116] ? _raw_spin_unlock+0x2d/0x50 [ 2452.631274] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2452.636388] try_charge+0xfec/0x1570 [ 2452.640105] ? find_held_lock+0x35/0x130 [ 2452.644188] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2452.649044] ? kasan_check_read+0x11/0x20 [ 2452.653205] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2452.658054] mem_cgroup_try_charge+0x24d/0x5e0 [ 2452.662647] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2452.667587] wp_page_copy+0x408/0x1740 [ 2452.671481] ? find_held_lock+0x35/0x130 [ 2452.675593] ? pmd_pfn+0x1d0/0x1d0 [ 2452.679139] ? lock_downgrade+0x810/0x810 [ 2452.683299] ? swp_swapcount+0x540/0x540 [ 2452.687369] ? kasan_check_read+0x11/0x20 [ 2452.691524] ? do_raw_spin_unlock+0x57/0x270 [ 2452.695953] do_wp_page+0x2ed/0x1520 [ 2452.699685] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2452.704372] __handle_mm_fault+0x22db/0x3f20 [ 2452.708818] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2452.713681] ? find_held_lock+0x35/0x130 [ 2452.717750] ? handle_mm_fault+0x322/0xb30 [ 2452.722016] ? kasan_check_read+0x11/0x20 [ 2452.726172] handle_mm_fault+0x43f/0xb30 [ 2452.730254] __do_page_fault+0x5da/0xd60 [ 2452.734340] do_page_fault+0x71/0x581 [ 2452.738142] ? page_fault+0x8/0x30 [ 2452.741690] page_fault+0x1e/0x30 [ 2452.745144] RIP: 0033:0x40e1d6 [ 2452.748339] Code: 23 64 00 49 8b 89 c8 02 00 00 49 8b 91 c0 02 00 00 48 89 4a 08 49 8b 89 c8 02 00 00 48 89 11 48 c7 05 da 22 64 00 00 00 00 00 <48> c7 05 b7 2c 30 00 90 0e 71 00 31 d2 48 c7 05 a2 2c 30 00 90 0e [ 2452.767458] RSP: 002b:00007ffd944dfb28 EFLAGS: 00010246 [ 2452.772840] RAX: 0000000002439c00 RBX: 00007ffd944dfb30 RCX: 0000000000a504a0 [ 2452.780130] RDX: 0000000000a504a0 RSI: 0000000000710e90 RDI: 0000000002439c20 [ 2452.787399] RBP: 00007ffd944dfb70 R08: 0000000000000001 R09: 0000000002439940 22:48:45 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x5}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:48:46 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0xe00000000000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2452.794668] R10: 0000000002439c10 R11: 0000000000000202 R12: 0000000000000001 [ 2452.801934] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000003 22:48:46 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6d7, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:48:46 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x10, 0x2, 0x0) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="24000000250007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) socket$netlink(0x10, 0x3, 0xf) ioctl$LOOP_CLR_FD(0xffffffffffffffff, 0x4c01) 22:48:46 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x7}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) [ 2453.329749] memory: usage 307108kB, limit 307200kB, failcnt 6212 [ 2453.336053] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2453.350103] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2453.364122] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2453.372816] Memory cgroup stats for /syz3: cache:0KB rss:115992KB rss_huge:26624KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:116080KB inactive_file:4KB active_file:0KB unevictable:0KB [ 2453.425505] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=25132,uid=0 [ 2453.485941] Memory cgroup out of memory: Kill process 25132 (syz-executor.3) score 1113 or sacrifice child [ 2453.549030] Killed process 25132 (syz-executor.3) total-vm:72576kB, anon-rss:2208kB, file-rss:35788kB, shmem-rss:0kB [ 2453.578836] oom_reaper: reaped process 25132 (syz-executor.3), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB [ 2453.622410] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2453.681047] CPU: 0 PID: 8688 Comm: syz-executor.3 Not tainted 5.0.0-rc8+ #89 [ 2453.688258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2453.697608] Call Trace: [ 2453.700206] dump_stack+0x172/0x1f0 [ 2453.703851] dump_header+0x10f/0xb6c [ 2453.707576] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2453.712688] ? ___ratelimit+0x60/0x595 [ 2453.716577] ? do_raw_spin_unlock+0x57/0x270 [ 2453.720995] oom_kill_process.cold+0x10/0x6f5 [ 2453.725530] ? task_will_free_mem+0x139/0x6e0 [ 2453.730047] out_of_memory+0x79a/0x1280 [ 2453.734049] ? oom_killer_disable+0x280/0x280 [ 2453.738552] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2453.743676] mem_cgroup_out_of_memory+0x99/0xe0 [ 2453.748348] ? memcg_memory_event+0x40/0x40 [ 2453.752685] ? _raw_spin_unlock+0x2d/0x50 [ 2453.756836] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2453.761947] try_charge+0xb4a/0x1570 [ 2453.765667] ? find_held_lock+0x35/0x130 [ 2453.769745] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2453.774615] ? kasan_check_read+0x11/0x20 [ 2453.778793] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2453.783649] mem_cgroup_try_charge+0x24d/0x5e0 [ 2453.788247] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2453.793186] wp_page_copy+0x408/0x1740 [ 2453.797077] ? find_held_lock+0x35/0x130 [ 2453.801155] ? pmd_pfn+0x1d0/0x1d0 [ 2453.804700] ? lock_downgrade+0x810/0x810 [ 2453.808857] ? swp_swapcount+0x540/0x540 [ 2453.812924] ? kasan_check_read+0x11/0x20 [ 2453.817121] ? do_raw_spin_unlock+0x57/0x270 [ 2453.821572] do_wp_page+0x2ed/0x1520 [ 2453.825295] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2453.829984] __handle_mm_fault+0x22db/0x3f20 [ 2453.834405] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2453.839250] ? find_held_lock+0x35/0x130 [ 2453.843317] ? handle_mm_fault+0x322/0xb30 [ 2453.847572] ? kasan_check_read+0x11/0x20 [ 2453.851751] handle_mm_fault+0x43f/0xb30 [ 2453.855836] __do_page_fault+0x5da/0xd60 [ 2453.860003] do_page_fault+0x71/0x581 [ 2453.863812] ? page_fault+0x8/0x30 [ 2453.867358] page_fault+0x1e/0x30 [ 2453.870811] RIP: 0033:0x45655a [ 2453.874005] Code: 48 85 db 74 b6 41 bc ca 00 00 00 eb 0c 0f 1f 00 48 8b 5b 08 48 85 db 74 a2 48 8b 3b 48 8b 47 10 48 85 c0 74 05 ff d0 48 8b 3b ff 4f 28 0f 94 c0 84 c0 74 db 8b 47 2c 85 c0 74 d4 45 31 d2 ba [ 2453.892912] RSP: 002b:00007ffd944dfb30 EFLAGS: 00010246 [ 2453.898273] RAX: 0000000000000000 RBX: 00007ffd944dfb30 RCX: 00000000004563fa [ 2453.905540] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000a54fc8 [ 2453.912810] RBP: 00007ffd944dfb70 R08: 0000000000000001 R09: 0000000002439940 [ 2453.920078] R10: 0000000002439c10 R11: 0000000000000246 R12: 00000000000000ca [ 2453.927351] R13: 0000000000003edc R14: 0000000000000000 R15: 0000000000000003 [ 2453.949051] memory: usage 304984kB, limit 307200kB, failcnt 6213 [ 2453.955684] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2453.970868] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2453.985165] Memory cgroup stats for /syz3: cache:0KB rss:114016KB rss_huge:24576KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:114008KB inactive_file:0KB active_file:8KB unevictable:0KB [ 2454.013897] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=4979,uid=0 [ 2454.036997] Memory cgroup out of memory: Kill process 4979 (syz-executor.3) score 1113 or sacrifice child [ 2454.047209] Killed process 4979 (syz-executor.3) total-vm:72444kB, anon-rss:2200kB, file-rss:35788kB, shmem-rss:0kB 22:48:47 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x426, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:47 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0xf00000000000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:47 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6d8, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:48:47 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x8}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:48:47 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x3, 0x0, "baa2b674beefcc3dbe642a8c8249db69b69b1191df6c0d47ed92730674243874ccd2249d3d4576f2de2301a3df83e6fb592ad4e5228df9da22c1d457f16251fd24c1b02bf6dfdf6c4194980c9bd19c5b"}, 0xd8) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) listen(r1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c) [ 2454.100915] syz-executor.2 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 2454.166548] CPU: 1 PID: 25202 Comm: syz-executor.2 Not tainted 5.0.0-rc8+ #89 [ 2454.173841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2454.183193] Call Trace: [ 2454.185809] dump_stack+0x172/0x1f0 [ 2454.189456] dump_header+0x10f/0xb6c [ 2454.193176] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2454.198297] ? ___ratelimit+0x60/0x595 [ 2454.202217] ? do_raw_spin_unlock+0x57/0x270 [ 2454.206666] oom_kill_process.cold+0x10/0x6f5 [ 2454.211173] ? task_will_free_mem+0x139/0x6e0 [ 2454.215677] out_of_memory+0x79a/0x1280 [ 2454.219667] ? oom_killer_disable+0x280/0x280 [ 2454.224183] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2454.229310] mem_cgroup_out_of_memory+0x99/0xe0 [ 2454.233985] ? memcg_memory_event+0x40/0x40 [ 2454.238322] ? _raw_spin_unlock+0x2d/0x50 [ 2454.242480] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2454.247604] try_charge+0xfec/0x1570 [ 2454.251321] ? find_held_lock+0x35/0x130 [ 2454.255398] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2454.260248] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2454.265100] ? find_held_lock+0x35/0x130 [ 2454.269212] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2454.274091] memcg_kmem_charge_memcg+0x7c/0x130 [ 2454.278766] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2454.283284] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2454.288137] memcg_kmem_charge+0x13b/0x340 [ 2454.292413] __alloc_pages_nodemask+0x437/0x710 [ 2454.297107] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2454.302148] copy_process.part.0+0x3e0/0x79a0 [ 2454.306651] ? psi_memstall_leave+0x11c/0x180 [ 2454.311155] ? sched_clock+0x2e/0x50 [ 2454.314881] ? psi_memstall_leave+0x12e/0x180 [ 2454.319382] ? find_held_lock+0x35/0x130 [ 2454.323481] ? __lock_acquire+0x53b/0x4700 [ 2454.327762] ? __cleanup_sighand+0x70/0x70 [ 2454.332033] ? mark_held_locks+0x100/0x100 [ 2454.336322] ? perf_trace_lock_acquire+0xf5/0x580 [ 2454.341185] ? rcu_read_lock_sched_held+0x110/0x130 [ 2454.346206] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2454.351760] _do_fork+0x257/0xfe0 [ 2454.355239] ? fork_idle+0x1d0/0x1d0 [ 2454.358961] ? blkcg_maybe_throttle_current+0x5d4/0xfd0 [ 2454.364329] ? lock_downgrade+0x810/0x810 [ 2454.368487] ? blkcg_exit_queue+0x30/0x30 [ 2454.369560] net_ratelimit: 25 callbacks suppressed [ 2454.369571] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 2454.372692] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2454.372708] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2454.372724] ? do_syscall_64+0x26/0x610 [ 2454.372738] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2454.372770] ? do_syscall_64+0x26/0x610 [ 2454.410811] __x64_sys_clone+0xbf/0x150 [ 2454.414808] do_syscall_64+0x103/0x610 [ 2454.418722] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2454.423929] RIP: 0033:0x45a7f9 [ 2454.427125] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2454.446028] RSP: 002b:00007fff025901d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2454.448543] protocol 88fb is buggy, dev hsr_slave_0 [ 2454.453747] RAX: ffffffffffffffda RBX: 00007fca941ff700 RCX: 000000000045a7f9 [ 2454.453783] RDX: 00007fca941ff9d0 RSI: 00007fca941fedb0 RDI: 00000000003d0f00 [ 2454.453793] RBP: 00007fff025903e0 R08: 00007fca941ff700 R09: 00007fca941ff700 [ 2454.453801] R10: 00007fca941ff9d0 R11: 0000000000000202 R12: 0000000000000000 [ 2454.453826] R13: 00007fff0259028f R14: 00007fca941ff9c0 R15: 000000000073bfac [ 2454.454119] protocol 88fb is buggy, dev hsr_slave_0 [ 2454.459091] protocol 88fb is buggy, dev hsr_slave_1 [ 2454.466268] protocol 88fb is buggy, dev hsr_slave_1 [ 2454.511273] protocol 88fb is buggy, dev hsr_slave_0 22:48:47 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x1000000000000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2454.516389] protocol 88fb is buggy, dev hsr_slave_1 [ 2454.528422] protocol 88fb is buggy, dev hsr_slave_0 [ 2454.528428] protocol 88fb is buggy, dev hsr_slave_0 [ 2454.528484] protocol 88fb is buggy, dev hsr_slave_1 [ 2454.648461] memory: usage 307116kB, limit 307200kB, failcnt 5326 [ 2454.654734] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2454.696339] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2454.706956] Memory cgroup stats for /syz2: cache:12KB rss:119624KB rss_huge:22528KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:119612KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2454.730327] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=25175,uid=0 22:48:47 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc000000]}, 0x2c) 22:48:47 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x427, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:47 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6d9, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:48:47 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x9}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:48:47 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x1003000000000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:47 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000001c0)='/dev/snd/seq\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") flistxattr(r0, &(0x7f0000000340)=""/243, 0xfffffd47) [ 2454.747034] Memory cgroup out of memory: Kill process 25175 (syz-executor.2) score 124 or sacrifice child [ 2454.758286] Killed process 25175 (syz-executor.2) total-vm:72576kB, anon-rss:2212kB, file-rss:35784kB, shmem-rss:0kB 22:48:48 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x428, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:48 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6da, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:48:48 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x1100000000000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:48 executing program 1: openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu\x00', 0x200002, 0x0) ptrace$getregset(0x4204, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='.\x00', 0x0, 0x0) symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f0000000300)='./file2\x00') 22:48:48 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x429, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:48 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc030000]}, 0x2c) 22:48:48 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0xa}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:48:48 executing program 1: r0 = inotify_init() fcntl$setownex(0xffffffffffffffff, 0xf, 0x0) r1 = inotify_add_watch(r0, &(0x7f0000000080)='.\x00', 0xfe) r2 = open(&(0x7f0000000040)='./file0\x00', 0x200c2, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(r2, 0xc0206434, &(0x7f0000000000)={0x4, 0x0, 0x10001, 0x5}) ioctl$DRM_IOCTL_AGP_UNBIND(r0, 0x40106437, &(0x7f00000000c0)={r3, 0x2734}) write$binfmt_elf64(r2, &(0x7f0000001a40)=ANY=[@ANYBLOB="093d38fc3c7c7c6afafe7609236e1f52f5a27d2f15b78f8defdedfd1aa7cf8e89490d3d11009d6167dc67157b37a90823d6c677bf8117c964aacb21253d240bc25ce519a7fcfd6236acd11ea506e87d11bb67f1cab0f02379b191d64e35a8fb3b5b9f9929b72f9774543330d4e74fc06fddee0f898dae2a926772a5a96be59a84e98a42b6ade0fc4d08b212e6628f67af1d2dd54e830a0c3fe523359aa542f92c59ebe8c76407029d387d7784c4fc340f53e91bb01f895d2abc39cb296be4213", @ANYRES64=r1, @ANYRES16=r1, @ANYRES64, @ANYRESHEX=r2], 0xe4) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r2, r2, &(0x7f00000001c0), 0xa198) 22:48:48 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6db, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:48:48 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x42a, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:48 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd000000]}, 0x2c) 22:48:48 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x1200000000000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:48 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0xc}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:48:48 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x42b, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:48 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6dc, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) [ 2455.396991] syz-executor.2 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 2455.428571] CPU: 1 PID: 7601 Comm: syz-executor.2 Not tainted 5.0.0-rc8+ #89 [ 2455.435787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2455.445145] Call Trace: [ 2455.447744] dump_stack+0x172/0x1f0 [ 2455.451391] dump_header+0x10f/0xb6c [ 2455.455112] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2455.460226] ? ___ratelimit+0x60/0x595 [ 2455.464117] ? do_raw_spin_unlock+0x57/0x270 [ 2455.468550] oom_kill_process.cold+0x10/0x6f5 [ 2455.473055] ? task_will_free_mem+0x139/0x6e0 [ 2455.477571] out_of_memory+0x79a/0x1280 [ 2455.481573] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2455.486811] ? oom_killer_disable+0x280/0x280 [ 2455.491318] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2455.496438] mem_cgroup_out_of_memory+0x99/0xe0 [ 2455.501116] ? memcg_memory_event+0x40/0x40 [ 2455.505453] ? _raw_spin_unlock+0x2d/0x50 [ 2455.509617] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2455.514723] try_charge+0xfec/0x1570 [ 2455.518451] ? find_held_lock+0x35/0x130 [ 2455.522531] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2455.527385] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2455.532237] ? find_held_lock+0x35/0x130 [ 2455.536309] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2455.541177] memcg_kmem_charge_memcg+0x7c/0x130 [ 2455.545851] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2455.550359] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2455.555229] memcg_kmem_charge+0x13b/0x340 [ 2455.559489] __alloc_pages_nodemask+0x437/0x710 [ 2455.564169] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2455.569194] ? save_stack+0xa9/0xd0 [ 2455.572835] ? anon_vma_fork+0x1ea/0x4a0 [ 2455.576909] ? copy_process.part.0+0x350f/0x79a0 [ 2455.581688] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2455.587237] alloc_pages_current+0x107/0x210 [ 2455.591657] __pmd_alloc+0x41/0x460 [ 2455.595289] ? pmd_val+0x100/0x100 [ 2455.598847] pmd_alloc+0x10c/0x180 [ 2455.602394] copy_page_range+0x62e/0x1f90 [ 2455.606556] ? __lock_is_held+0xb6/0x140 [ 2455.610643] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2455.615670] ? vma_compute_subtree_gap+0x158/0x230 [ 2455.621092] ? vma_gap_callbacks_rotate+0x62/0x80 [ 2455.625938] ? pmd_alloc+0x180/0x180 [ 2455.629674] ? validate_mm_rb+0xa3/0xc0 [ 2455.633662] ? __vma_link_rb+0x279/0x370 [ 2455.637750] copy_process.part.0+0x56aa/0x79a0 [ 2455.642386] ? __cleanup_sighand+0x70/0x70 [ 2455.646654] _do_fork+0x257/0xfe0 [ 2455.650126] ? fork_idle+0x1d0/0x1d0 [ 2455.653863] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2455.658642] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2455.663416] ? do_syscall_64+0x26/0x610 [ 2455.667400] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2455.672765] ? do_syscall_64+0x26/0x610 [ 2455.676767] __x64_sys_clone+0xbf/0x150 [ 2455.680766] do_syscall_64+0x103/0x610 [ 2455.684675] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2455.689864] RIP: 0033:0x4563fa [ 2455.693058] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2455.711963] RSP: 002b:00007fff02590460 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2455.719674] RAX: ffffffffffffffda RBX: 00007fff02590460 RCX: 00000000004563fa [ 2455.726980] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2455.734263] RBP: 00007fff025904a0 R08: 0000000000000001 R09: 0000000001fbd940 [ 2455.741546] R10: 0000000001fbdc10 R11: 0000000000000246 R12: 0000000000000001 [ 2455.748823] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000002 22:48:49 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6dd, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:48:49 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x1300000000000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:49 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x42c, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2455.938466] memory: usage 307200kB, limit 307200kB, failcnt 5363 [ 2455.947103] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2455.977175] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 22:48:49 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6de, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) [ 2456.002597] Memory cgroup stats for /syz2: cache:12KB rss:119648KB rss_huge:22528KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:119624KB inactive_file:8KB active_file:0KB unevictable:0KB [ 2456.070509] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=25209,uid=0 [ 2456.126057] Memory cgroup out of memory: Kill process 25209 (syz-executor.2) score 124 or sacrifice child [ 2456.138682] Killed process 25209 (syz-executor.2) total-vm:72576kB, anon-rss:2212kB, file-rss:35788kB, shmem-rss:0kB 22:48:49 executing program 1: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x4}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:48:49 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x10}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:48:49 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x1400000000000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2456.224214] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2456.357704] CPU: 0 PID: 25409 Comm: syz-executor.4 Not tainted 5.0.0-rc8+ #89 [ 2456.365032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2456.374394] Call Trace: [ 2456.376993] dump_stack+0x172/0x1f0 [ 2456.380640] dump_header+0x10f/0xb6c [ 2456.384379] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2456.389488] ? ___ratelimit+0x60/0x595 [ 2456.389505] ? do_raw_spin_unlock+0x57/0x270 [ 2456.389525] oom_kill_process.cold+0x10/0x6f5 [ 2456.397816] ? task_will_free_mem+0x139/0x6e0 [ 2456.397843] out_of_memory+0x79a/0x1280 [ 2456.397867] ? oom_killer_disable+0x280/0x280 [ 2456.415283] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2456.420423] mem_cgroup_out_of_memory+0x99/0xe0 [ 2456.425133] ? memcg_memory_event+0x40/0x40 [ 2456.429490] ? _raw_spin_unlock+0x2d/0x50 [ 2456.433677] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2456.438802] try_charge+0xfec/0x1570 [ 2456.442537] ? find_held_lock+0x35/0x130 [ 2456.446645] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2456.451513] ? kasan_check_read+0x11/0x20 [ 2456.455673] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2456.460525] mem_cgroup_try_charge+0x24d/0x5e0 [ 2456.465132] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2456.470074] wp_page_copy+0x408/0x1740 [ 2456.473966] ? find_held_lock+0x35/0x130 [ 2456.478063] ? pmd_pfn+0x1d0/0x1d0 [ 2456.481636] ? lock_downgrade+0x810/0x810 [ 2456.485798] ? swp_swapcount+0x540/0x540 [ 2456.489869] ? kasan_check_read+0x11/0x20 [ 2456.494023] ? do_raw_spin_unlock+0x57/0x270 [ 2456.498450] do_wp_page+0x2ed/0x1520 [ 2456.502207] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2456.506896] __handle_mm_fault+0x22db/0x3f20 [ 2456.511315] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2456.516164] ? find_held_lock+0x35/0x130 [ 2456.520233] ? handle_mm_fault+0x322/0xb30 [ 2456.524494] ? kasan_check_read+0x11/0x20 [ 2456.528657] handle_mm_fault+0x43f/0xb30 [ 2456.532744] __do_page_fault+0x5da/0xd60 [ 2456.536834] do_page_fault+0x71/0x581 [ 2456.540636] ? page_fault+0x8/0x30 [ 2456.544213] page_fault+0x1e/0x30 [ 2456.547680] RIP: 0033:0x40aee8 [ 2456.550873] Code: 00 00 49 8d be 88 00 00 00 48 89 ea 48 89 de 0f 85 dd 00 00 00 e8 48 27 00 00 8b 05 22 d1 32 00 48 8b 15 b3 55 64 00 83 c0 01 <89> 05 12 d1 32 00 89 02 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f [ 2456.569798] RSP: 002b:00007ffdc7152f30 EFLAGS: 00010202 [ 2456.575160] RAX: 0000000000000001 RBX: 0000001b2f120014 RCX: 0000001b30120000 [ 2456.582433] RDX: 0000001b2f120000 RSI: 00000000000011fe RDI: ffffffffecafd1fe [ 2456.589736] RBP: 0000001b2f120018 R08: 00000000ecafd1fe R09: 00000000ecafd202 [ 2456.597011] R10: 00007ffdc7153060 R11: 0000000000000246 R12: 0000001b2f12001c [ 2456.604290] R13: 0000000000257a44 R14: 000000000073bf00 R15: 000000000073bf0c [ 2456.626292] memory: usage 307200kB, limit 307200kB, failcnt 4587 [ 2456.634100] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2456.645432] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 22:48:49 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe000000]}, 0x2c) 22:48:49 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x42d, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:49 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x240}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:48:49 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x6, &(0x7f0000000140)="06a39d059b5f") prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0) prctl$PR_GET_THP_DISABLE(0x2a) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r1 = syz_open_dev$usbmon(0x0, 0x3ff, 0x0) capset(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xfffeffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0x0, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x8000, 0x0) r4 = msgget(0x0, 0x11) ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000003c0)=0x1) kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) write$cgroup_int(r2, 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000280)) r5 = add_key(&(0x7f0000000100)='keyring\x00', &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffff8) r6 = add_key$keyring(&(0x7f0000000200)='keyring\x00', &(0x7f0000000240)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc) syz_genetlink_get_family_id$ipvs(&(0x7f0000000300)='IPVS\x00') msgctl$MSG_STAT(r4, 0xb, &(0x7f0000000440)=""/176) sendmsg$IPVS_CMD_GET_CONFIG(r1, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x10000018}, 0xc, &(0x7f0000000380)={&(0x7f0000000640)=ANY=[@ANYBLOB="020026bd7000fddbdf250d00000070000300080007004e210000140002006e6c6d6f6e300000000000000000000008000500ac14142a080007004e24000008000800fb0000000800010003000000140006000000000000040000000000000004980000000000000000000000080008b48d00000014ff01006772653000005c000000f38247b7b03d20b4c59936778e00000000000014000300080001000300000008000500ac1414bb3c000200080002004e2300000800080000100000080004000000000208000600ff7f0000a000090000000000080004005e000000080002004e24000008000600fb0f000008000600002c00020008000500760100000800080000020000080007003807000008000700ffffffff0800080004000000d1d4103d3300658d79a5ef2a13f2e42b7ee4580000000000000000000000"], 0x1}, 0x1, 0x0, 0x0, 0x40}, 0x4050) keyctl$negate(0xd, r5, 0x41f4, r6) close(r3) socket$can_raw(0x1d, 0x3, 0x1) write$FUSE_NOTIFY_INVAL_INODE(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x2, 0x0, {0x0, 0x8}}, 0x28) readv(r1, &(0x7f0000000340), 0x3) [ 2456.651890] Memory cgroup stats for /syz4: cache:24KB rss:123128KB rss_huge:34816KB shmem:72KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:123172KB inactive_file:8KB active_file:8KB unevictable:0KB [ 2456.673196] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8609,uid=0 [ 2456.707589] Memory cgroup out of memory: Kill process 8609 (syz-executor.4) score 1113 or sacrifice child 22:48:50 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x42e, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2456.775066] Killed process 8609 (syz-executor.4) total-vm:72444kB, anon-rss:2208kB, file-rss:35792kB, shmem-rss:0kB [ 2456.852338] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 2456.887126] CPU: 0 PID: 7595 Comm: syz-executor.0 Not tainted 5.0.0-rc8+ #89 22:48:50 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") set_mempolicy(0x4002, &(0x7f0000000140)=0x6, 0x9) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SCSI_IOCTL_GET_BUS_NUMBER(r1, 0x5386, &(0x7f0000000080)) r2 = socket(0x1e, 0x5, 0x0) getsockopt(r2, 0x800000010f, 0x20080000000081, &(0x7f00004ad000), &(0x7f0000a3c000)=0xfffffffffffffeaf) [ 2456.894325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2456.903679] Call Trace: [ 2456.906278] dump_stack+0x172/0x1f0 [ 2456.909920] dump_header+0x10f/0xb6c [ 2456.913650] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2456.918756] ? ___ratelimit+0x60/0x595 [ 2456.922641] ? do_raw_spin_unlock+0x57/0x270 [ 2456.927052] oom_kill_process.cold+0x10/0x6f5 [ 2456.931550] ? task_will_free_mem+0x139/0x6e0 [ 2456.936073] out_of_memory+0x79a/0x1280 [ 2456.940078] ? oom_killer_disable+0x280/0x280 [ 2456.944572] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 22:48:50 executing program 1: r0 = syz_open_dev$sndctrl(&(0x7f000000a000)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000140)=0x100000008001) readv(r0, &(0x7f0000000100)=[{&(0x7f0000000500)=""/188, 0xbc}], 0x1) r1 = gettid() timer_create(0x0, &(0x7f0000066000)={0x0, 0x12, 0x0, @thr={&(0x7f0000000180)="7b0583356b38fc1989455591fd23eef8a45d1adc028559d74f6da466ed79c9c5ab848e756e8c6751700044a6c36e6ef875a436f543974277b3173b8d1dfee45f0eca176330e395700152f3c3f427a3c63c7e663a1ebc38112b1b8397e1c70441b094bf34423800e566454a52beac1e58cef0866c079b1e5a1109194bd39c59091c90f7375584e45c4d52919ab2670ff449f80ffc5e08c08a7ee5eaaf7782ff62d88a16b6b17868fece43e55044d4d2ff4a", &(0x7f0000000240)="a0865471a218707f6afa6d3a0d18ef806ad684b5ce31088c3e3c7359449d841461d93d8385e021e09975ac857af3e6366f2956143850b2eb4e44b380ff49f3701bb35f0b9204c7158b5867e4aae79422db4a01be49fb06f2c986980d34c44b487a443696fa1cbd196a8d92901d0d3403740c201224701fc0dbad7d4d7188a62e58925ebbb090b19ab5eb43bd330e2745c81d15936cdbc15847794618710d6dee8d7034857b13cd9062fe432464561132d050bc95df578eb2b308e6c2d2b240cc0c2f9fdc2a49d13508d744a4f1c9dd69"}}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vcan0\x00'}) tkill(r1, 0x1000000000016) [ 2456.949668] mem_cgroup_out_of_memory+0x99/0xe0 [ 2456.954327] ? memcg_memory_event+0x40/0x40 [ 2456.958656] ? _raw_spin_unlock+0x2d/0x50 [ 2456.962815] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2456.967927] try_charge+0xfec/0x1570 [ 2456.971647] ? find_held_lock+0x35/0x130 [ 2456.975721] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2456.980571] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2456.985426] ? find_held_lock+0x35/0x130 [ 2456.989506] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2456.994377] memcg_kmem_charge_memcg+0x7c/0x130 [ 2456.999051] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2457.003539] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2457.008386] memcg_kmem_charge+0x13b/0x340 [ 2457.012615] __alloc_pages_nodemask+0x437/0x710 [ 2457.017280] ? debug_smp_processor_id+0x1c/0x20 [ 2457.021959] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2457.026990] ? copy_page_range+0x125a/0x1f90 [ 2457.031407] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2457.036988] alloc_pages_current+0x107/0x210 [ 2457.041436] pte_alloc_one+0x1b/0x1a0 [ 2457.045275] __pte_alloc+0x20/0x310 [ 2457.048917] copy_page_range+0x1529/0x1f90 22:48:50 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x1, 0xffffffff00000001, 0x8, 0x27db}, 0x2c) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = getpid() perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0x8001, 0xfffffffffffff856, 0x8, 0x1, 0x0, 0x83, 0x2034, 0x1, 0x9, 0x3, 0x81, 0x101, 0x7fffffff, 0xd18, 0x3ff, 0x81, 0x140000000, 0xab, 0x8001, 0x0, 0x9, 0x8, 0xffffffffffff3b4e, 0xfffffffffffffff9, 0x1000, 0x8, 0x7, 0x7, 0x7, 0x0, 0x8, 0x3, 0x1000, 0x4, 0x7, 0x8, 0x0, 0xffffffffffffff01, 0x1, @perf_bp={&(0x7f0000000000), 0x4}, 0x8020, 0x9, 0x6, 0x0, 0x8, 0x0, 0x5}, r2, 0x4, r1, 0x9) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000001c0)={r0, 0x0, 0x0}, 0x18) [ 2457.053155] ? mark_held_locks+0x100/0x100 [ 2457.057421] ? pmd_alloc+0x180/0x180 [ 2457.061198] ? __rb_insert_augmented+0x231/0xdf0 [ 2457.065963] ? validate_mm_rb+0xa3/0xc0 [ 2457.069948] ? __vma_link_rb+0x279/0x370 [ 2457.074028] copy_process.part.0+0x56aa/0x79a0 [ 2457.078635] ? __cleanup_sighand+0x70/0x70 [ 2457.082870] _do_fork+0x257/0xfe0 [ 2457.086328] ? fork_idle+0x1d0/0x1d0 [ 2457.090066] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2457.094847] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2457.099606] ? do_syscall_64+0x26/0x610 [ 2457.103590] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2457.108949] ? do_syscall_64+0x26/0x610 [ 2457.112957] __x64_sys_clone+0xbf/0x150 [ 2457.116943] do_syscall_64+0x103/0x610 [ 2457.120841] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2457.126043] RIP: 0033:0x4563fa [ 2457.129254] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2457.148172] RSP: 002b:00007ffc56cc4460 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2457.155876] RAX: ffffffffffffffda RBX: 00007ffc56cc4460 RCX: 00000000004563fa [ 2457.163150] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2457.170425] RBP: 00007ffc56cc44a0 R08: 0000000000000001 R09: 0000000002148940 [ 2457.177687] R10: 0000000002148c10 R11: 0000000000000246 R12: 0000000000000001 [ 2457.184936] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 22:48:50 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6df, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:48:50 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="f9e100000000000000f2ffffffffffff601010d68ff4268ef60dd4951e254800000000009500000000000000e9af68fce1e3af8e532da3034d4738cb2679ff297e39a8eb29b1784553acf6b4ea922b3dc748ed8a6f27785100ee059bcd3268f570be55b5aa07d890abb32e842ea5684b3b3fdc334a696b7cb742ce8257f08a2633f7b6d11d9b38d8ddf8a59fd4e5371d05a09c0b7f5de8a0810863a2deaa33a762733b044e4659ce8254ede725d18794753be45701305e86683dbd1d5d1f84da89ea105846e014f6b682a820d83b4d7c23459929a9ca3f1aed8f7f42b72e31a08f09a47fe83504c9706e873e16258104af42f7e243f954bdfc42ba1337d3c24c99b7dcfd6da29d3ffc5b82c901e88c4e439c4534248a1aa0cb3b33a7f1dd184e61e0bb06c9d3973228a5723e8ecd33175ef989471836e526d292117d1d"], &(0x7f0000000100)='GPL\x00'}, 0x48) 22:48:50 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x501}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) [ 2457.198801] memory: usage 307200kB, limit 307200kB, failcnt 6259 [ 2457.205013] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2457.255475] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2457.286948] Memory cgroup stats for /syz0: cache:4832KB rss:117120KB rss_huge:22528KB shmem:160KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:117288KB inactive_file:8KB active_file:4KB unevictable:4780KB [ 2457.326251] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=31953,uid=0 [ 2457.366510] Memory cgroup out of memory: Kill process 31953 (syz-executor.0) score 121 or sacrifice child [ 2457.386260] Killed process 31953 (syz-executor.0) total-vm:72840kB, anon-rss:2232kB, file-rss:34816kB, shmem-rss:0kB [ 2457.413247] oom_reaper: reaped process 31953 (syz-executor.0), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB [ 2457.419129] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2457.448693] CPU: 0 PID: 25438 Comm: syz-executor.2 Not tainted 5.0.0-rc8+ #89 [ 2457.455979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2457.465337] Call Trace: [ 2457.467940] dump_stack+0x172/0x1f0 [ 2457.471589] dump_header+0x10f/0xb6c [ 2457.475312] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2457.480422] ? ___ratelimit+0x60/0x595 [ 2457.484318] ? do_raw_spin_unlock+0x57/0x270 [ 2457.488981] oom_kill_process.cold+0x10/0x6f5 [ 2457.493493] ? task_will_free_mem+0x139/0x6e0 [ 2457.498040] out_of_memory+0x79a/0x1280 [ 2457.498078] ? oom_killer_disable+0x280/0x280 [ 2457.506547] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2457.506575] mem_cgroup_out_of_memory+0x99/0xe0 [ 2457.506590] ? memcg_memory_event+0x40/0x40 [ 2457.516351] ? _raw_spin_unlock+0x2d/0x50 [ 2457.516366] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2457.516380] try_charge+0xfec/0x1570 [ 2457.524862] ? find_held_lock+0x35/0x130 [ 2457.524885] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2457.524906] ? kasan_check_read+0x11/0x20 [ 2457.546707] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2457.551557] mem_cgroup_try_charge+0x24d/0x5e0 [ 2457.556181] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2457.561123] wp_page_copy+0x408/0x1740 [ 2457.565016] ? find_held_lock+0x35/0x130 [ 2457.569093] ? pmd_pfn+0x1d0/0x1d0 [ 2457.572637] ? lock_downgrade+0x810/0x810 [ 2457.576800] ? swp_swapcount+0x540/0x540 [ 2457.580871] ? kasan_check_read+0x11/0x20 [ 2457.585029] ? do_raw_spin_unlock+0x57/0x270 [ 2457.589457] do_wp_page+0x2ed/0x1520 [ 2457.593187] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2457.597874] __handle_mm_fault+0x22db/0x3f20 [ 2457.602298] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2457.607147] ? find_held_lock+0x35/0x130 [ 2457.611215] ? handle_mm_fault+0x322/0xb30 [ 2457.615473] ? kasan_check_read+0x11/0x20 [ 2457.619793] handle_mm_fault+0x43f/0xb30 [ 2457.623874] __do_page_fault+0x5da/0xd60 [ 2457.627956] do_page_fault+0x71/0x581 [ 2457.631763] ? page_fault+0x8/0x30 [ 2457.635317] page_fault+0x1e/0x30 [ 2457.638769] RIP: 0033:0x40e1a8 [ 2457.641977] Code: 48 8b 05 13 2d 30 00 48 89 08 48 8b 15 11 2d 30 00 48 89 42 08 48 8b 05 f6 2c 30 00 48 89 05 ff 2c 30 00 49 8d 81 c0 02 00 00 <48> 89 05 01 23 64 00 49 8b 89 c8 02 00 00 49 8b 91 c0 02 00 00 48 [ 2457.660879] RSP: 002b:00007fff02590458 EFLAGS: 00010246 [ 2457.666240] RAX: 0000000001fbdc00 RBX: 00007fff02590460 RCX: 0000000000710ea0 [ 2457.673761] RDX: 000000000040dfe0 RSI: 0000000000710e90 RDI: 0000000001fbdc20 [ 2457.681049] RBP: 00007fff025904a0 R08: 0000000000000001 R09: 0000000001fbd940 [ 2457.688321] R10: 0000000001fbdc10 R11: 0000000000000202 R12: 0000000000000001 [ 2457.695590] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000002 [ 2457.714790] memory: usage 307160kB, limit 307200kB, failcnt 5400 [ 2457.722258] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2457.734944] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2457.742454] Memory cgroup stats for /syz2: cache:12KB rss:119640KB rss_huge:22528KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:119644KB inactive_file:4KB active_file:4KB unevictable:0KB [ 2457.770333] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=25351,uid=0 [ 2457.792000] Memory cgroup out of memory: Kill process 25351 (syz-executor.2) score 124 or sacrifice child [ 2457.804305] Killed process 25351 (syz-executor.2) total-vm:72576kB, anon-rss:2212kB, file-rss:35788kB, shmem-rss:0kB [ 2457.827499] oom_reaper: reaped process 25351 (syz-executor.2), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB [ 2457.853635] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2457.874832] CPU: 0 PID: 7601 Comm: syz-executor.2 Not tainted 5.0.0-rc8+ #89 [ 2457.882031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2457.891392] Call Trace: [ 2457.893993] dump_stack+0x172/0x1f0 [ 2457.897638] dump_header+0x10f/0xb6c [ 2457.901360] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2457.906472] ? ___ratelimit+0x60/0x595 [ 2457.910370] ? do_raw_spin_unlock+0x57/0x270 [ 2457.914802] oom_kill_process.cold+0x10/0x6f5 [ 2457.919314] ? task_will_free_mem+0x139/0x6e0 [ 2457.923829] out_of_memory+0x79a/0x1280 [ 2457.927831] ? oom_killer_disable+0x280/0x280 [ 2457.932338] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2457.937457] mem_cgroup_out_of_memory+0x99/0xe0 [ 2457.942130] ? memcg_memory_event+0x40/0x40 [ 2457.946480] ? _raw_spin_unlock+0x2d/0x50 [ 2457.950636] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2457.955746] try_charge+0xb4a/0x1570 [ 2457.959471] ? find_held_lock+0x35/0x130 [ 2457.963549] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2457.968410] ? kasan_check_read+0x11/0x20 [ 2457.972573] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2457.977431] mem_cgroup_try_charge+0x24d/0x5e0 [ 2457.982029] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2457.986981] wp_page_copy+0x408/0x1740 [ 2457.990878] ? find_held_lock+0x35/0x130 [ 2457.994956] ? pmd_pfn+0x1d0/0x1d0 [ 2457.998508] ? lock_downgrade+0x810/0x810 [ 2458.002667] ? swp_swapcount+0x540/0x540 [ 2458.006738] ? kasan_check_read+0x11/0x20 [ 2458.010900] ? do_raw_spin_unlock+0x57/0x270 [ 2458.015322] do_wp_page+0x2ed/0x1520 [ 2458.019056] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2458.023744] __handle_mm_fault+0x22db/0x3f20 [ 2458.028176] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2458.033026] ? find_held_lock+0x35/0x130 [ 2458.037099] ? handle_mm_fault+0x322/0xb30 [ 2458.041432] ? kasan_check_read+0x11/0x20 [ 2458.045627] handle_mm_fault+0x43f/0xb30 [ 2458.049710] __do_page_fault+0x5da/0xd60 [ 2458.053803] do_page_fault+0x71/0x581 [ 2458.057609] ? page_fault+0x8/0x30 [ 2458.061159] page_fault+0x1e/0x30 [ 2458.064612] RIP: 0033:0x45655a [ 2458.067819] Code: 48 85 db 74 b6 41 bc ca 00 00 00 eb 0c 0f 1f 00 48 8b 5b 08 48 85 db 74 a2 48 8b 3b 48 8b 47 10 48 85 c0 74 05 ff d0 48 8b 3b ff 4f 28 0f 94 c0 84 c0 74 db 8b 47 2c 85 c0 74 d4 45 31 d2 ba [ 2458.086724] RSP: 002b:00007fff02590460 EFLAGS: 00010246 [ 2458.092086] RAX: 0000000000000000 RBX: 00007fff02590460 RCX: 00000000004563fa [ 2458.099357] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000a54fc8 [ 2458.106622] RBP: 00007fff025904a0 R08: 0000000000000001 R09: 0000000001fbd940 [ 2458.113919] R10: 0000000001fbdc10 R11: 0000000000000246 R12: 00000000000000ca [ 2458.121203] R13: 00000000000049b6 R14: 0000000000000000 R15: 0000000000000002 [ 2458.140519] memory: usage 307040kB, limit 307200kB, failcnt 5411 [ 2458.146785] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2458.161693] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2458.167929] Memory cgroup stats for /syz2: cache:12KB rss:119628KB rss_huge:22528KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:119604KB inactive_file:4KB active_file:4KB unevictable:0KB [ 2458.196945] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=25424,uid=0 [ 2458.219078] Memory cgroup out of memory: Kill process 25424 (syz-executor.2) score 124 or sacrifice child [ 2458.234758] Killed process 25424 (syz-executor.2) total-vm:72576kB, anon-rss:2212kB, file-rss:35788kB, shmem-rss:0kB [ 2458.280209] syz-executor.3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 2458.292222] CPU: 1 PID: 8688 Comm: syz-executor.3 Not tainted 5.0.0-rc8+ #89 [ 2458.299416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2458.308772] Call Trace: [ 2458.311380] dump_stack+0x172/0x1f0 [ 2458.315022] dump_header+0x10f/0xb6c [ 2458.318761] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2458.323893] ? ___ratelimit+0x60/0x595 [ 2458.327793] ? do_raw_spin_unlock+0x57/0x270 [ 2458.332220] oom_kill_process.cold+0x10/0x6f5 [ 2458.336730] ? task_will_free_mem+0x139/0x6e0 [ 2458.341246] out_of_memory+0x79a/0x1280 [ 2458.345236] ? oom_killer_disable+0x280/0x280 [ 2458.349734] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2458.354850] mem_cgroup_out_of_memory+0x99/0xe0 [ 2458.359523] ? memcg_memory_event+0x40/0x40 [ 2458.363864] ? _raw_spin_unlock+0x2d/0x50 [ 2458.368016] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2458.373121] try_charge+0xfec/0x1570 [ 2458.376851] ? find_held_lock+0x35/0x130 [ 2458.380928] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2458.385780] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2458.390654] ? find_held_lock+0x35/0x130 [ 2458.394719] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2458.399583] memcg_kmem_charge_memcg+0x7c/0x130 [ 2458.404255] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2458.408759] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2458.413614] memcg_kmem_charge+0x13b/0x340 [ 2458.417864] __alloc_pages_nodemask+0x437/0x710 [ 2458.422567] ? debug_smp_processor_id+0x1c/0x20 [ 2458.427252] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2458.432305] ? copy_page_range+0x125a/0x1f90 [ 2458.436720] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2458.442270] alloc_pages_current+0x107/0x210 [ 2458.446692] pte_alloc_one+0x1b/0x1a0 [ 2458.450531] __pte_alloc+0x20/0x310 [ 2458.454169] copy_page_range+0x1529/0x1f90 [ 2458.458406] ? mark_held_locks+0x100/0x100 [ 2458.462704] ? pmd_alloc+0x180/0x180 [ 2458.466424] ? __rb_insert_augmented+0x231/0xdf0 [ 2458.471188] ? validate_mm_rb+0xa3/0xc0 [ 2458.475169] ? __vma_link_rb+0x279/0x370 [ 2458.479249] copy_process.part.0+0x56aa/0x79a0 [ 2458.483872] ? __cleanup_sighand+0x70/0x70 [ 2458.488142] _do_fork+0x257/0xfe0 [ 2458.491607] ? fork_idle+0x1d0/0x1d0 [ 2458.495342] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2458.500106] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2458.504868] ? do_syscall_64+0x26/0x610 [ 2458.508849] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2458.514218] ? do_syscall_64+0x26/0x610 [ 2458.518202] __x64_sys_clone+0xbf/0x150 [ 2458.522188] do_syscall_64+0x103/0x610 [ 2458.526090] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2458.531279] RIP: 0033:0x4563fa [ 2458.534473] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2458.553375] RSP: 002b:00007ffd944dfb30 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2458.561087] RAX: ffffffffffffffda RBX: 00007ffd944dfb30 RCX: 00000000004563fa [ 2458.568353] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2458.575622] RBP: 00007ffd944dfb70 R08: 0000000000000001 R09: 0000000002439940 [ 2458.582893] R10: 0000000002439c10 R11: 0000000000000246 R12: 0000000000000001 [ 2458.590166] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000003 [ 2458.600888] memory: usage 307200kB, limit 307200kB, failcnt 6254 [ 2458.607723] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2458.615564] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2458.623252] Memory cgroup stats for /syz3: cache:0KB rss:114668KB rss_huge:24576KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:114800KB inactive_file:16KB active_file:16KB unevictable:0KB [ 2458.645491] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=25260,uid=0 [ 2458.661640] Memory cgroup out of memory: Kill process 25260 (syz-executor.3) score 1113 or sacrifice child [ 2458.672429] Killed process 25260 (syz-executor.3) total-vm:72576kB, anon-rss:2208kB, file-rss:35784kB, shmem-rss:0kB [ 2458.716093] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 2458.744091] CPU: 1 PID: 25477 Comm: syz-executor.0 Not tainted 5.0.0-rc8+ #89 [ 2458.751379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2458.760726] Call Trace: [ 2458.763323] dump_stack+0x172/0x1f0 [ 2458.766965] dump_header+0x10f/0xb6c [ 2458.770689] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2458.775804] ? ___ratelimit+0x60/0x595 [ 2458.779708] oom_kill_process.cold+0x10/0x6f5 [ 2458.784215] ? task_will_free_mem+0x139/0x6e0 [ 2458.788728] out_of_memory+0x79a/0x1280 [ 2458.792716] ? oom_killer_disable+0x280/0x280 [ 2458.797214] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2458.802341] mem_cgroup_out_of_memory+0x99/0xe0 [ 2458.807017] ? memcg_memory_event+0x40/0x40 [ 2458.811352] ? _raw_spin_unlock+0x2d/0x50 [ 2458.815502] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2458.820617] try_charge+0xfec/0x1570 [ 2458.824335] ? find_held_lock+0x35/0x130 [ 2458.828409] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2458.833258] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2458.838104] ? find_held_lock+0x35/0x130 [ 2458.842177] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2458.847068] memcg_kmem_charge_memcg+0x7c/0x130 [ 2458.851741] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2458.856285] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2458.861139] memcg_kmem_charge+0x13b/0x340 [ 2458.865383] __alloc_pages_nodemask+0x437/0x710 [ 2458.870078] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2458.875103] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2458.879730] ? trace_hardirqs_on+0x67/0x230 [ 2458.884052] ? kasan_check_read+0x11/0x20 [ 2458.888231] copy_process.part.0+0x3e0/0x79a0 [ 2458.892765] ? __handle_mm_fault+0x21a9/0x3f20 [ 2458.897370] ? perf_pending_event+0x110/0x110 [ 2458.901871] ? __handle_mm_fault+0x21a9/0x3f20 [ 2458.906469] ? lock_downgrade+0x810/0x810 [ 2458.910621] ? migration_entry_to_page+0x320/0x320 [ 2458.915570] ? lru_cache_add+0x21c/0x590 [ 2458.919675] ? __cleanup_sighand+0x70/0x70 [ 2458.923913] ? __handle_mm_fault+0x7cd/0x3f20 [ 2458.928441] ? __do_page_fault+0x610/0xd60 [ 2458.932708] ? find_held_lock+0x35/0x130 [ 2458.936790] _do_fork+0x257/0xfe0 [ 2458.940275] ? fork_idle+0x1d0/0x1d0 [ 2458.943994] ? debug_smp_processor_id+0x1c/0x20 [ 2458.948683] ? perf_swevent_put_recursion_context+0x1f/0xa0 [ 2458.954398] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2458.959974] ? __perf_sw_event+0x7a/0xa0 [ 2458.964056] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2458.968818] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2458.973576] ? do_syscall_64+0x26/0x610 [ 2458.977556] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2458.982921] ? do_syscall_64+0x26/0x610 [ 2458.986911] __x64_sys_clone+0xbf/0x150 [ 2458.990895] do_syscall_64+0x103/0x610 [ 2458.994799] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2458.999997] RIP: 0033:0x45a7f9 [ 2459.003193] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2459.022097] RSP: 002b:00007ffc56cc41d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2459.029809] RAX: ffffffffffffffda RBX: 00007f028a91a700 RCX: 000000000045a7f9 [ 2459.037106] RDX: 00007f028a91a9d0 RSI: 00007f028a919db0 RDI: 00000000003d0f00 [ 2459.044377] RBP: 00007ffc56cc43e0 R08: 00007f028a91a700 R09: 00007f028a91a700 [ 2459.051645] R10: 00007f028a91a9d0 R11: 0000000000000202 R12: 0000000000000000 [ 2459.058909] R13: 00007ffc56cc428f R14: 00007f028a91a9c0 R15: 000000000073bfac [ 2459.077551] memory: usage 307128kB, limit 307200kB, failcnt 6267 [ 2459.087321] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2459.112232] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2459.125247] Memory cgroup stats for /syz0: cache:4832KB rss:117232KB rss_huge:22528KB shmem:160KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:117276KB inactive_file:4KB active_file:8KB unevictable:4780KB [ 2459.155445] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=25477,uid=0 [ 2459.181114] Memory cgroup out of memory: Kill process 25477 (syz-executor.0) score 121 or sacrifice child [ 2459.201485] Killed process 25477 (syz-executor.0) total-vm:72576kB, anon-rss:2164kB, file-rss:35008kB, shmem-rss:0kB [ 2459.239833] oom_reaper: reaped process 25477 (syz-executor.0), now anon-rss:0kB, file-rss:34048kB, shmem-rss:0kB [ 2459.251799] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2459.287081] CPU: 1 PID: 25438 Comm: syz-executor.2 Not tainted 5.0.0-rc8+ #89 [ 2459.294366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2459.303714] Call Trace: [ 2459.306310] dump_stack+0x172/0x1f0 [ 2459.309952] dump_header+0x10f/0xb6c [ 2459.313676] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2459.318797] ? ___ratelimit+0x60/0x595 [ 2459.322687] ? do_raw_spin_unlock+0x57/0x270 [ 2459.327108] oom_kill_process.cold+0x10/0x6f5 [ 2459.331614] ? task_will_free_mem+0x139/0x6e0 [ 2459.336128] out_of_memory+0x79a/0x1280 [ 2459.340169] ? oom_killer_disable+0x280/0x280 [ 2459.344671] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2459.349799] mem_cgroup_out_of_memory+0x99/0xe0 [ 2459.354480] ? memcg_memory_event+0x40/0x40 [ 2459.358824] ? _raw_spin_unlock+0x2d/0x50 [ 2459.362981] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2459.368090] try_charge+0xfec/0x1570 [ 2459.371810] ? find_held_lock+0x35/0x130 [ 2459.375887] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2459.380742] ? kasan_check_read+0x11/0x20 [ 2459.384909] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2459.389761] mem_cgroup_try_charge+0x24d/0x5e0 [ 2459.394366] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2459.399307] __handle_mm_fault+0x1e26/0x3f20 [ 2459.403803] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2459.408651] ? find_held_lock+0x35/0x130 [ 2459.412717] ? handle_mm_fault+0x322/0xb30 [ 2459.417064] ? kasan_check_read+0x11/0x20 [ 2459.421241] handle_mm_fault+0x43f/0xb30 [ 2459.425317] __do_page_fault+0x5da/0xd60 [ 2459.429395] do_page_fault+0x71/0x581 [ 2459.433199] ? page_fault+0x8/0x30 [ 2459.436748] page_fault+0x1e/0x30 [ 2459.440211] RIP: 0033:0x40f98f [ 2459.443407] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 2459.462310] RSP: 002b:00007fff02590220 EFLAGS: 00010206 [ 2459.467676] RAX: 00007fca941df000 RBX: 0000000000020000 RCX: 0000000000457e7a [ 2459.474949] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 22:48:52 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x1500000000000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2459.482219] RBP: 00007fff02590300 R08: ffffffffffffffff R09: 0000000000000000 [ 2459.489661] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff025903e0 [ 2459.497020] R13: 00007fca941ff700 R14: 0000000000000005 R15: 000000000073bfac [ 2459.520323] memory: usage 304664kB, limit 307200kB, failcnt 5411 [ 2459.527433] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2459.542587] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2459.554243] Memory cgroup stats for /syz2: cache:12KB rss:117552KB rss_huge:20480KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:117444KB inactive_file:0KB active_file:8KB unevictable:0KB [ 2459.583074] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=21905,uid=0 [ 2459.614791] Memory cgroup out of memory: Kill process 21905 (syz-executor.2) score 124 or sacrifice child [ 2459.634487] Killed process 21905 (syz-executor.2) total-vm:72444kB, anon-rss:2204kB, file-rss:35784kB, shmem-rss:0kB 22:48:52 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf000000]}, 0x2c) 22:48:52 executing program 1: socketpair$unix(0x1, 0x10, 0x0, &(0x7f0000000300)) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x6) mkdir(&(0x7f00000002c0)='./bus\x00', 0x20) inotify_init1(0x80000) r2 = openat$dlm_plock(0xffffffffffffff9c, 0x0, 0x290040, 0x0) get_thread_area(&(0x7f0000000000)={0x4, 0x0, 0xffffffffffffffff, 0x7fffffff, 0x3, 0x100000, 0x307954d6, 0x14fb, 0x8ea000000000000, 0x5e9}) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000040)={0xffffffffffffff5e, 0x400000000bfa, 0x367125d2, 0x6, 0x400004}, 0xffffffffffffff4e) setsockopt$inet_udp_encap(r2, 0x11, 0x64, 0x0, 0x0) prctl$PR_GET_SECUREBITS(0x1b) r3 = inotify_init() ioctl$VIDIOC_DBG_G_REGISTER(r2, 0xc0385650, &(0x7f0000000180)={{0x0, @name="e6c2f80525031fd0a72bb36f8dd91979329f994ef958fe447a4d1981f9d914ac"}, 0x8, 0xc4}) inotify_add_watch(r3, &(0x7f0000000100)='./file0\x00', 0x4000000080000005) ioctl$VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000080)={0xa8, 0xf, 0x7}) ioctl$KDSKBMETA(0xffffffffffffffff, 0x4b63, &(0x7f0000000200)=0x7) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x4, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xed}, 0x0, 0x0, 0x0, 0x0, 0x10001}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PIO_UNISCRNMAP(r2, 0x4b6a, &(0x7f0000000f40)="31d96da88b0cce5062747ce237ca24f05b05df66b34814c1cdb2db3642a7c880224c03d6cffd67b36c7f1a51ae9aeaa3892b040ba2105d77d4e4579d745ad601f19c26d1260bcd5435ae4ad35d123f7e809a7b0576431fde9f78c3260a3837b52ef6437c404147add96892a9d3a67dcf93c198c3b7727cd266c20c5e584c28ae0843064b8f7f199db8641f71a407775e0090bbedee63a4640e1f012e5ca95bd14b5aa0da642b552ae4aa2b869458dec283c16f25c67068fc528a793f75c81acac8ee6596d79c449ade5eeee330c460ebc0d46c076e871b6426d521c571a95d0fa800de30a110e719ffde8f103773daaaec8c313aa3be0bdaa6e7e796df3975a8e37aee6d10579f8afe6552f187c262b32e92ced8b5f01e40ab8904400f00000000000000000000000000000058b4721949da012002cb7f4ac8fe195c1388861be8cd45020083b0089b23f86603321faf83e794bea1ece8051e9996306347bd562aa2437fa6bdb57086302926b8af069b8d331ebf5c0e1a7f163e6d711af330efdfae413fafef9acf1d53c2f74172d031de4d4ca321583e35a14a92e82bdbea3c127a033b32059fbadce23a3e87957f8238886aa9380000000018888c4c20ba104342e8c9d85a9dcf06abbb7a2905d37839bff6f8641ebce172c60a8d368cd4a94af484749dc4ccdd380bbf5d501302d50e79d3536eab5a12abdd347dac985c4349ec712661df947315514e45a515417e6b00000000000000002bdacdb2631c83a90dbca3aa7e5936f8aa413a75c7780309e1c10000000000000009b4f55241cd2b6e83b29fc6cefe050d7d562360718e25bbdb2d34264d6a741cbbed50422f5d4687cf") r4 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000240)={@remote, 0x0, 0x0, 0x2, 0x1}, 0x20) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(0xffffffffffffffff, 0xc0a45322, 0x0) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000600), 0x0) get_thread_area(&(0x7f0000000480)={0x81fa, 0x20001000, 0x1000, 0x4, 0x3ff, 0x5, 0x6, 0xfcd1, 0x4, 0x81}) accept4$unix(r1, &(0x7f0000000400)=@abs, &(0x7f00000004c0)=0x24, 0x807fd) ioctl$FIBMAP(r4, 0x1, &(0x7f0000000140)=0x4) r5 = syz_open_procfs(0x0, &(0x7f0000000980)='net/ip6_flowlabel\x00n\xc01\x14\x894X\xed\xc1\xc9\xd8\xdcK\x00\x00\xae\x98&@\xd0\xe6\xbbQ\xff\a\x00\x00\x00\x00\x00\x00\xaa1\x91\x98\xe9\x1f\nMCi|+\xcd\xf9N\xdc\xc5\xa2*\x13\x8f\xf3;\xd6d2\xeb\xe5\x14\x0e\x8b\xda\xb7\xfc9h(mf\'\xa19q\x93\"}G3\xc1E\xe6e6\xc6\xc2u\x11%`\xe7+0\x97\x84;\\\xda\xc4\x80\xc3\xa8\x14Ts\xcb\xde\x84\x1d\xc7\xcc;\xb18') sendfile(r4, r5, &(0x7f00000000c0)=0x209, 0x5a) 22:48:52 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:48:52 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6e0, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:48:52 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x42f, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:52 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x1800000000000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2459.660396] oom_reaper: reaped process 21905 (syz-executor.2), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 22:48:52 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6e1, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:48:52 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x430, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:53 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000]}, 0x2c) 22:48:53 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x2e03000000000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:53 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x431, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:53 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11000000]}, 0x2c) 22:48:53 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6e2, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:48:53 executing program 1: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000]}, 0x2c) [ 2460.768457] net_ratelimit: 26 callbacks suppressed [ 2460.768465] protocol 88fb is buggy, dev hsr_slave_0 [ 2460.768489] protocol 88fb is buggy, dev hsr_slave_1 [ 2460.773665] protocol 88fb is buggy, dev hsr_slave_1 [ 2460.778627] protocol 88fb is buggy, dev hsr_slave_0 [ 2460.778679] protocol 88fb is buggy, dev hsr_slave_1 [ 2460.783871] protocol 88fb is buggy, dev hsr_slave_0 [ 2460.804177] protocol 88fb is buggy, dev hsr_slave_1 [ 2460.809439] protocol 88fb is buggy, dev hsr_slave_0 [ 2460.814594] protocol 88fb is buggy, dev hsr_slave_1 [ 2461.088437] protocol 88fb is buggy, dev hsr_slave_0 22:48:56 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x3}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:48:56 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x4000000000000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:56 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x432, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:56 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6e3, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:48:56 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12000000]}, 0x2c) 22:48:56 executing program 1: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x501}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:48:56 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x4e02000000000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:56 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x13000000]}, 0x2c) 22:48:56 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x433, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:56 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6e4, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:48:56 executing program 1: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:48:56 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x434, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2463.234459] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2463.273883] CPU: 0 PID: 25607 Comm: syz-executor.2 Not tainted 5.0.0-rc8+ #89 [ 2463.281177] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2463.290529] Call Trace: [ 2463.293126] dump_stack+0x172/0x1f0 [ 2463.296773] dump_header+0x10f/0xb6c [ 2463.300511] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2463.300529] ? ___ratelimit+0x60/0x595 [ 2463.300544] ? do_raw_spin_unlock+0x57/0x270 [ 2463.300567] oom_kill_process.cold+0x10/0x6f5 [ 2463.309567] ? task_will_free_mem+0x139/0x6e0 [ 2463.309593] out_of_memory+0x79a/0x1280 [ 2463.309612] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2463.309631] ? oom_killer_disable+0x280/0x280 [ 2463.309644] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2463.309686] mem_cgroup_out_of_memory+0x99/0xe0 [ 2463.309702] ? memcg_memory_event+0x40/0x40 [ 2463.309726] ? _raw_spin_unlock+0x2d/0x50 [ 2463.309740] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2463.323117] try_charge+0xfec/0x1570 [ 2463.323146] ? find_held_lock+0x35/0x130 [ 2463.323169] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2463.323192] ? kasan_check_read+0x11/0x20 [ 2463.323214] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2463.323232] mem_cgroup_try_charge+0x24d/0x5e0 [ 2463.323254] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2463.323289] __handle_mm_fault+0x1e26/0x3f20 [ 2463.336847] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2463.336863] ? find_held_lock+0x35/0x130 [ 2463.336879] ? handle_mm_fault+0x322/0xb30 [ 2463.336910] ? kasan_check_read+0x11/0x20 [ 2463.336931] handle_mm_fault+0x43f/0xb30 [ 2463.336955] __do_page_fault+0x5da/0xd60 [ 2463.336983] do_page_fault+0x71/0x581 [ 2463.336997] ? page_fault+0x8/0x30 [ 2463.337013] page_fault+0x1e/0x30 [ 2463.337025] RIP: 0033:0x45a7dd [ 2463.337049] Code: 5b 5d f3 c3 66 0f 1f 84 00 00 00 00 00 48 c7 c0 ea ff ff ff 48 85 ff 0f 84 e0 8e fb ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 <48> 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 [ 2463.337060] RSP: 002b:00007fff025901d8 EFLAGS: 00010202 [ 2463.459337] RAX: ffffffffffffffea RBX: 00007fca94220700 RCX: 00007fca94220700 [ 2463.466614] RDX: 00000000003d0f00 RSI: 00007fca9421fdb0 RDI: 000000000040ed80 [ 2463.473907] RBP: 00007fff025903e0 R08: 00007fca942209d0 R09: 00007fca94220700 22:48:56 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x4}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:48:56 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x5200000000000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2463.481177] R10: 00007fca9421fdc0 R11: 0000000000000246 R12: 0000000000000000 [ 2463.488724] R13: 00007fff0259028f R14: 00007fca942209c0 R15: 000000000073bf0c [ 2463.521823] memory: usage 307200kB, limit 307200kB, failcnt 5455 22:48:56 executing program 1: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) [ 2463.540366] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2463.562682] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 22:48:56 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6e5, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) [ 2463.597616] Memory cgroup stats for /syz2: cache:12KB rss:119472KB rss_huge:22528KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:119668KB inactive_file:4KB active_file:0KB unevictable:0KB 22:48:56 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x5600000000000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2463.660575] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=25483,uid=0 [ 2463.678066] Memory cgroup out of memory: Kill process 25483 (syz-executor.2) score 124 or sacrifice child 22:48:56 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x5}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) [ 2463.751279] Killed process 25483 (syz-executor.2) total-vm:72576kB, anon-rss:2208kB, file-rss:35788kB, shmem-rss:0kB 22:48:57 executing program 1: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) [ 2463.981182] syz-executor.3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2464.038300] CPU: 1 PID: 25640 Comm: syz-executor.3 Not tainted 5.0.0-rc8+ #89 [ 2464.045605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2464.054957] Call Trace: [ 2464.057586] dump_stack+0x172/0x1f0 [ 2464.061247] dump_header+0x10f/0xb6c [ 2464.064974] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2464.070089] ? ___ratelimit+0x60/0x595 [ 2464.074014] ? do_raw_spin_unlock+0x57/0x270 [ 2464.078439] oom_kill_process.cold+0x10/0x6f5 [ 2464.082963] ? task_will_free_mem+0x139/0x6e0 [ 2464.087473] out_of_memory+0x79a/0x1280 [ 2464.091466] ? oom_killer_disable+0x280/0x280 [ 2464.095971] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2464.101093] mem_cgroup_out_of_memory+0x99/0xe0 [ 2464.105769] ? memcg_memory_event+0x40/0x40 [ 2464.110147] ? _raw_spin_unlock+0x2d/0x50 [ 2464.114300] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2464.119410] try_charge+0xfec/0x1570 [ 2464.123125] ? find_held_lock+0x35/0x130 [ 2464.127216] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2464.132070] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2464.136918] ? find_held_lock+0x35/0x130 [ 2464.140987] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2464.145844] memcg_kmem_charge_memcg+0x7c/0x130 [ 2464.150517] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2464.155030] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2464.159882] memcg_kmem_charge+0x13b/0x340 [ 2464.164137] __alloc_pages_nodemask+0x437/0x710 [ 2464.168849] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2464.173878] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2464.178465] ? trace_hardirqs_on+0x67/0x230 [ 2464.182808] copy_process.part.0+0x3e0/0x79a0 [ 2464.187320] ? mark_held_locks+0x100/0x100 [ 2464.191572] ? debug_smp_processor_id+0x1c/0x20 [ 2464.196246] ? perf_trace_lock_acquire+0xf5/0x580 [ 2464.201107] ? __might_fault+0x12b/0x1e0 [ 2464.205202] ? __cleanup_sighand+0x70/0x70 [ 2464.209462] ? lock_downgrade+0x810/0x810 [ 2464.213648] _do_fork+0x257/0xfe0 [ 2464.217174] ? fork_idle+0x1d0/0x1d0 [ 2464.220920] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2464.225677] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2464.230441] ? do_syscall_64+0x26/0x610 [ 2464.234419] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2464.239799] ? do_syscall_64+0x26/0x610 [ 2464.243794] __x64_sys_clone+0xbf/0x150 [ 2464.247789] do_syscall_64+0x103/0x610 [ 2464.251690] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2464.256884] RIP: 0033:0x457e29 [ 2464.260085] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2464.278985] RSP: 002b:00007fed655abc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2464.286709] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 2464.293980] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000100 [ 2464.301251] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 2464.308525] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fed655ac6d4 [ 2464.315813] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff 22:48:57 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x14000000]}, 0x2c) 22:48:57 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6e6, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:48:57 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x7a03000000000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:57 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x6}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) [ 2464.357613] memory: usage 307152kB, limit 307200kB, failcnt 6289 [ 2464.390862] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2464.403578] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2464.413936] Memory cgroup stats for /syz3: cache:124KB rss:113228KB rss_huge:22528KB shmem:84KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:113428KB inactive_file:4KB active_file:8KB unevictable:0KB [ 2464.488953] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=6633,uid=0 [ 2464.512064] Memory cgroup out of memory: Kill process 6633 (syz-executor.3) score 1113 or sacrifice child [ 2464.526260] Killed process 6633 (syz-executor.3) total-vm:72444kB, anon-rss:2200kB, file-rss:35788kB, shmem-rss:0kB [ 2464.607497] syz-executor.3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2464.627471] CPU: 0 PID: 25631 Comm: syz-executor.3 Not tainted 5.0.0-rc8+ #89 [ 2464.634771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2464.644134] Call Trace: [ 2464.646737] dump_stack+0x172/0x1f0 [ 2464.650382] dump_header+0x10f/0xb6c [ 2464.654105] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2464.659223] ? ___ratelimit+0x60/0x595 [ 2464.663115] ? do_raw_spin_unlock+0x57/0x270 [ 2464.667537] oom_kill_process.cold+0x10/0x6f5 [ 2464.672055] ? task_will_free_mem+0x139/0x6e0 [ 2464.676569] out_of_memory+0x79a/0x1280 [ 2464.680558] ? oom_killer_disable+0x280/0x280 [ 2464.685064] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2464.690182] mem_cgroup_out_of_memory+0x99/0xe0 [ 2464.694860] ? memcg_memory_event+0x40/0x40 [ 2464.699200] ? _raw_spin_unlock+0x2d/0x50 [ 2464.703351] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2464.708459] try_charge+0xb4a/0x1570 [ 2464.712195] ? find_held_lock+0x35/0x130 [ 2464.716274] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2464.721127] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2464.725975] ? find_held_lock+0x35/0x130 [ 2464.730052] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2464.734915] memcg_kmem_charge_memcg+0x7c/0x130 [ 2464.739635] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2464.744149] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2464.749004] memcg_kmem_charge+0x13b/0x340 [ 2464.753255] __alloc_pages_nodemask+0x437/0x710 [ 2464.757936] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2464.762961] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2464.767583] ? trace_hardirqs_on+0x67/0x230 [ 2464.771920] copy_process.part.0+0x3e0/0x79a0 [ 2464.776428] ? psi_memstall_leave+0x11c/0x180 [ 2464.780930] ? sched_clock+0x2e/0x50 [ 2464.784655] ? psi_memstall_leave+0x12e/0x180 [ 2464.789155] ? find_held_lock+0x35/0x130 [ 2464.793227] ? __lock_acquire+0x53b/0x4700 [ 2464.797481] ? __cleanup_sighand+0x70/0x70 [ 2464.801724] ? mark_held_locks+0x100/0x100 [ 2464.805967] ? perf_trace_lock_acquire+0xf5/0x580 [ 2464.810821] ? rcu_read_lock_sched_held+0x110/0x130 [ 2464.815845] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2464.821397] _do_fork+0x257/0xfe0 [ 2464.824868] ? fork_idle+0x1d0/0x1d0 [ 2464.828589] ? blkcg_maybe_throttle_current+0x5d4/0xfd0 [ 2464.833960] ? lock_downgrade+0x810/0x810 [ 2464.838120] ? blkcg_exit_queue+0x30/0x30 [ 2464.842275] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2464.847044] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2464.851815] ? do_syscall_64+0x26/0x610 [ 2464.855801] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2464.861170] ? do_syscall_64+0x26/0x610 [ 2464.865198] __x64_sys_clone+0xbf/0x150 [ 2464.869202] do_syscall_64+0x103/0x610 [ 2464.873102] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2464.878296] RIP: 0033:0x45a7f9 [ 2464.881493] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2464.900406] RSP: 002b:00007ffd944df8a8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2464.908124] RAX: ffffffffffffffda RBX: 00007fed6558b700 RCX: 000000000045a7f9 [ 2464.915400] RDX: 00007fed6558b9d0 RSI: 00007fed6558adb0 RDI: 00000000003d0f00 [ 2464.922671] RBP: 00007ffd944dfab0 R08: 00007fed6558b700 R09: 00007fed6558b700 [ 2464.929941] R10: 00007fed6558b9d0 R11: 0000000000000202 R12: 0000000000000000 [ 2464.937211] R13: 00007ffd944df95f R14: 00007fed6558b9c0 R15: 000000000073c04c [ 2464.963819] memory: usage 304816kB, limit 307200kB, failcnt 6289 [ 2464.975682] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2464.983931] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2464.995813] Memory cgroup stats for /syz3: cache:124KB rss:111228KB rss_huge:20480KB shmem:84KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:111284KB inactive_file:4KB active_file:8KB unevictable:0KB [ 2465.024238] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=7566,uid=0 [ 2465.047146] Memory cgroup out of memory: Kill process 7566 (syz-executor.3) score 1113 or sacrifice child 22:48:58 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x435, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:58 executing program 1: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x40, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x10000000002, 0xfe) connect$inet6(r0, 0x0, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x3096, 0x800000000000000) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x41) getsockopt$inet6_int(r1, 0x29, 0xcb, &(0x7f0000000180), &(0x7f00000001c0)=0x4) mlockall(0x400000003) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$BLKTRACETEARDOWN(r1, 0x1276, 0x0) ioctl$FICLONE(r0, 0x40049409, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) getsockname(r0, &(0x7f00000000c0)=@ethernet={0x0, @remote}, &(0x7f0000000200)=0x80) ioctl$VIDIOC_SUBDEV_S_SELECTION(r1, 0xc040563e, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4, {0x8, 0x3, 0x4, 0xae9c}}) shmat(0x0, &(0x7f0000ffb000/0x4000)=nil, 0x4000) msync(&(0x7f0000929000/0x2000)=nil, 0x2000, 0x0) 22:48:58 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x9801000000000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:58 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6e7, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:48:58 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x15000000]}, 0x2c) 22:48:58 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x7}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) [ 2465.057241] Killed process 7566 (syz-executor.3) total-vm:72444kB, anon-rss:2200kB, file-rss:35788kB, shmem-rss:0kB 22:48:58 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18000000]}, 0x2c) 22:48:58 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0xb801000000000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:58 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6e8, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:48:58 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x436, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:48:58 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20030000]}, 0x2c) 22:48:58 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x8}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:48:58 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x437, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2467.008468] net_ratelimit: 25 callbacks suppressed [ 2467.008477] protocol 88fb is buggy, dev hsr_slave_0 [ 2467.018686] protocol 88fb is buggy, dev hsr_slave_0 [ 2467.018718] protocol 88fb is buggy, dev hsr_slave_1 [ 2467.023917] protocol 88fb is buggy, dev hsr_slave_0 [ 2467.029404] protocol 88fb is buggy, dev hsr_slave_1 [ 2467.033997] protocol 88fb is buggy, dev hsr_slave_1 [ 2467.039609] protocol 88fb is buggy, dev hsr_slave_0 [ 2467.044270] protocol 88fb is buggy, dev hsr_slave_0 [ 2467.049514] protocol 88fb is buggy, dev hsr_slave_1 [ 2467.054360] protocol 88fb is buggy, dev hsr_slave_1 22:49:01 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6e9, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:49:01 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0xba03000000000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:01 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000]}, 0x2c) 22:49:01 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x438, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:01 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x9}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:49:01 executing program 1: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x40, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x10000000002, 0xfe) connect$inet6(r0, 0x0, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x3096, 0x800000000000000) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x41) getsockopt$inet6_int(r1, 0x29, 0xcb, &(0x7f0000000180), &(0x7f00000001c0)=0x4) mlockall(0x400000003) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$BLKTRACETEARDOWN(r1, 0x1276, 0x0) ioctl$FICLONE(r0, 0x40049409, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) getsockname(r0, &(0x7f00000000c0)=@ethernet={0x0, @remote}, &(0x7f0000000200)=0x80) ioctl$VIDIOC_SUBDEV_S_SELECTION(r1, 0xc040563e, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4, {0x8, 0x3, 0x4, 0xae9c}}) shmat(0x0, &(0x7f0000ffb000/0x4000)=nil, 0x4000) msync(&(0x7f0000929000/0x2000)=nil, 0x2000, 0x0) 22:49:02 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}, 0x2c) 22:49:02 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x439, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2468.967042] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2469.033913] CPU: 1 PID: 25798 Comm: syz-executor.0 Not tainted 5.0.0-rc8+ #89 [ 2469.041229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2469.050580] Call Trace: [ 2469.053178] dump_stack+0x172/0x1f0 [ 2469.056837] dump_header+0x10f/0xb6c [ 2469.060576] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2469.065707] ? ___ratelimit+0x60/0x595 [ 2469.069609] ? do_raw_spin_unlock+0x57/0x270 [ 2469.074039] oom_kill_process.cold+0x10/0x6f5 [ 2469.078551] ? task_will_free_mem+0x139/0x6e0 [ 2469.083154] out_of_memory+0x79a/0x1280 [ 2469.087139] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2469.092249] ? oom_killer_disable+0x280/0x280 [ 2469.096744] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2469.101864] mem_cgroup_out_of_memory+0x99/0xe0 [ 2469.106536] ? memcg_memory_event+0x40/0x40 [ 2469.110888] ? _raw_spin_unlock+0x2d/0x50 [ 2469.115048] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2469.120165] try_charge+0xfec/0x1570 [ 2469.123878] ? find_held_lock+0x35/0x130 [ 2469.127945] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2469.132807] ? kasan_check_read+0x11/0x20 [ 2469.136994] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2469.141855] mem_cgroup_try_charge+0x24d/0x5e0 [ 2469.146448] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2469.151386] wp_page_copy+0x408/0x1740 [ 2469.155273] ? find_held_lock+0x35/0x130 [ 2469.159357] ? pmd_pfn+0x1d0/0x1d0 [ 2469.162900] ? lock_downgrade+0x810/0x810 [ 2469.167068] ? __pte_alloc_kernel+0x220/0x220 [ 2469.171569] ? kasan_check_read+0x11/0x20 [ 2469.175720] ? do_raw_spin_unlock+0x57/0x270 [ 2469.180137] do_wp_page+0x2ed/0x1520 [ 2469.183852] ? rwlock_bug.part.0+0x90/0x90 [ 2469.188085] ? lock_acquire+0x16f/0x3f0 [ 2469.192089] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2469.196759] ? add_mm_counter_fast.part.0+0x40/0x40 [ 2469.201813] __handle_mm_fault+0x22db/0x3f20 [ 2469.206235] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2469.211075] ? find_held_lock+0x35/0x130 [ 2469.215136] ? handle_mm_fault+0x322/0xb30 [ 2469.219389] ? kasan_check_read+0x11/0x20 [ 2469.223561] handle_mm_fault+0x43f/0xb30 [ 2469.227634] __do_page_fault+0x5da/0xd60 [ 2469.231738] do_page_fault+0x71/0x581 [ 2469.235537] ? page_fault+0x8/0x30 [ 2469.239090] page_fault+0x1e/0x30 [ 2469.242575] RIP: 0033:0x40d1e8 [ 2469.245764] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf bf d4 4b 00 31 c0 e8 43 47 ff ff 31 ff e8 8c 43 ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d 7e 32 64 00 [ 2469.264684] RSP: 002b:00007ffc56cc4240 EFLAGS: 00010246 [ 2469.270043] RAX: 000000000fa86a61 RBX: 00000000395f19ed RCX: 0000001b2f620000 [ 2469.277308] RDX: 0000000000000000 RSI: 0000000000000a61 RDI: ffffffff0fa86a61 22:49:02 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6ea, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) [ 2469.284576] RBP: 0000000000000003 R08: 000000000fa86a61 R09: 000000000fa86a65 [ 2469.291856] R10: 00007ffc56cc43d0 R11: 0000000000000246 R12: 000000000073bf88 [ 2469.299122] R13: 0000000080000000 R14: 00007f028c93c008 R15: 0000000000000003 22:49:02 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0xa}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:49:02 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x43a, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2469.499503] memory: usage 307148kB, limit 307200kB, failcnt 6301 [ 2469.525697] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 22:49:02 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x56000000]}, 0x2c) [ 2469.547334] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2469.562750] Memory cgroup stats for /syz0: cache:4832KB rss:115736KB rss_huge:20480KB shmem:160KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:115988KB [ 2469.562974] inactive_file:4KB active_file:0KB unevictable:4780KB [ 2469.639979] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=839,uid=0 22:49:02 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x43b, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2469.714367] Memory cgroup out of memory: Kill process 839 (syz-executor.0) score 121 or sacrifice child [ 2469.734456] Killed process 839 (syz-executor.0) total-vm:72840kB, anon-rss:2232kB, file-rss:34816kB, shmem-rss:0kB 22:49:03 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0xbc03000000000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:03 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0008000]}, 0x2c) 22:49:03 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6eb, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:49:03 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0xe}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:49:04 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2180, 0x81) r1 = accept4$vsock_stream(0xffffffffffffff9c, &(0x7f0000000100)={0x28, 0x0, 0x0, @reserved}, 0x10, 0x800) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f00000007c0)=0x0) getpgrp(r2) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000840)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_GET(r0, &(0x7f0000000940)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x42000}, 0xc, &(0x7f0000000900)={&(0x7f0000000880)={0x50, r3, 0x801, 0x70bd2a, 0x25dfdbfc, {}, [@TIPC_NLA_SOCK={0x30, 0x2, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x1}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x7fff}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x8}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x8}]}, @TIPC_NLA_SOCK={0xc, 0x2, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x7}]}]}, 0x50}}, 0x40044) lstat(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r6 = gettid() ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000240)=0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r9 = getpgid(0xffffffffffffffff) sendmsg$nl_netfilter(r0, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20004000}, 0xc, &(0x7f00000002c0)={&(0x7f0000002400)=ANY=[@ANYBLOB="5c040000130700032cbd7000ffdbdf250700000af10cec110cc0c8c202b6d17bc77b94a62901ba873ef68533d6831cc0f049a60453b6ba1dc7c7f66a2ac8c4395475965fc455918e89f2bc3441711e377ffeb644d7b773df828287216c50c8ffcaab381b5851ba07140f0d2b419e7322412e098f058dc6e5a5a1c65bfc2e44403721f3c61ced769e6b581ebc7d96a82b1b3d98cf60f18cae05ebfc89145a8e20b8eac04d9fd27463be7568680292264f95aa650800b0a32053a58d35a86e8708002f00", @ANYRES32=r1, @ANYBLOB="40000e0014000700fe8000000000000000000000000000bb0400870008001a00ac1e010108000100", @ANYRES32=r4, @ANYPTR64=&(0x7f0000000780)=ANY=[@ANYRESHEX=r4, @ANYRES32=r9, @ANYPTR=&(0x7f00000006c0)=ANY=[@ANYRES64=0x0, @ANYPTR, @ANYRES16=r6, @ANYRES64=r9, @ANYPTR64, @ANYRESOCT=r1], @ANYRES64=r8, @ANYRESHEX=r7], @ANYRES32=r6, @ANYBLOB="0c008d00513600000000000008002000", @ANYRES16=r5, @ANYRESDEC=0x0, @ANYRES32=r8, @ANYBLOB='\b\x00z\x00', @ANYRES32=r9, @ANYBLOB="0c000b000800000000000000c8b36c985c38a524df2fe8de92e25516d3489e118c84fd6a302261a7ef8b642d9c0c68588e56e1e3f85f0f5fc7a4fdc207d3540d77fc3455ecba109d91e9b0b43f2c2afebceaca816e3cf95f1b764c01bd76694f4a6345779e7140e0d89f300bbe7895902ef41c973dd4e1600914ec8dc83b749cd8112ae9613c371fc1b2d2f68a3ebf57a07699f32620e0f39e507211d9500e5c8dfd3f757516f7577f92dde7156c96bec70ed828d2dde5df7806a0945191774053f9671cfd71e419339a1866a0a69eeaf28581eaa43d8b10279bc112036dbe9dd9ea0cd9b63e7ac88496e55227c4d21a948eb191e580fbfc222ca7adb9c419751176448ab9617c02b80ecea37c2bb3f8df116e03eb5a1b99c1e56eb8bf4e17566cebd69a12a6561ba98c69a863671e12865dec57a2190dc3e32c53513f0f0135646680807cb090a3c76d40eeac5f31044965fae6513c050cf1e248bb2f8c82cf70223498f58e5fb78423b13d853dc101b1d0bc2ebe7781cb4c495648f681baa322833a5ef6bb9835a5778989136f4c74e85ecaa539b1e70267a0f047c0084396ed886225ff6f93940e6412425bba8316715443ecc9c942278c01c236fc5175c551ea21e19bac49d176f3a9530ce2bbeef7f0f812bdf9f919042fb6a8cbed7dc6c1372cdb309aef917a7d06b1c8a2ddc3b92422cafa4f4114003700ccd59b3d5e9394f84d29cbb760b617fb00ffcc1a78d7cefd89c287dc6cc63a6c2ce2930981b62b940ffe912b1797b71637dbea094858eb4e162e82ca2856e5f40a7fa414b8b22c1c2b2b03a024dec4c16ae71cff4ced197ad1e42a0da1d4a54ee0176831a7af9f0b122ad8e3768acdc2c2ca093a2c32d331641d4adbae6858b1aed64c639e9b819299259ab95a3c78cb97000fa4a261a36f683723629b4193cbee03aad2c50429911371ffaf27bde5fde459c858b9f92cc4f64af373f78842d8b7baf5dece392657265aff0e6e63e8bd6e4e04d33d6d1ef20eb8a3ca084838b970a4a5509b0c0034007b45273eb8d41a478c2c299f194c075c0a70be1c4084ce44dc3cd1b0240c39a12232d35e27fb1565d526656cc117c1c0820aac2b1af7d6cf44894c7099a131e36bc2044b4e785ab0ae7c0a3dfbad049dd70a000000"], 0x46a}}, 0x40800) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) ioctl$BLKFLSBUF(r0, 0x1261, &(0x7f0000000980)=0x1) syz_mount_image$nfs(&(0x7f0000000340)='nfs\x00', &(0x7f0000000380)='./file0\x00', 0x44f, 0x7, &(0x7f0000001dc0)=[{&(0x7f00000003c0)="662c00c3cf87435d0e2f2fbe9e9285391db981f38c03f3752529e81cc0", 0x1d, 0xea8}, {&(0x7f0000000400)="aaf1bdd882c7051c020e49b53e80c87d6777f63113ed075c89c1a43c30537e8a4efa7a867a42e739c187a1d0b6334a6e2382221aca0989b55a826dcbbfbf40df8ace387599015173844de2f334b3e5ed71d1de9b79bc9c37c42cbf9fa531a9387f7978e83c3d33a564e61d85870d809ef963004ad600aa542a285e339de58db4b92a61504859d2d0c2a93e211f7a8dadb2c45978181b5c112ac35639b90e5fee2a952369e2af3e49cbe357f52870bfd504c9764a69d3c02e7c286e", 0xbb, 0x1}, {&(0x7f00000004c0)="a99c34216d1d2263ff1a2ab29127a61dc2e6dd90acced1bfe21358ffc8e01564979ea1e438892cd3a98b09f36f40a239b075c9279537afe4988a44192b500f323175acd7365956485364a4cfc62995d29034f422472d11ead91c4589e74e94f67d0107812d6eebb1de04f9cc6b6662ac2d29e1f34bec5f844740000c30ed8c5c46fcddba1a78cc497a2718f28d601a9b", 0x90, 0x8}, {&(0x7f0000000580)="9b4d712cb18471e1823dda600b9ffc4f223be7c5742683244bad4167c5b9d5e5ccac44f37d83522b5903cf2c6f4b751cd12b2527656b7320401f817f2af71ca84c8f83634b1c01c92db5863a4f1fe26621420146195fcf3a7405d4be9c042b6bf6e3325bbdc30c44bc71a78c9449c3fb8a6300d51bd6440d8eedb30df23eada2f0a7db56fc62b533e0bee419b1eed4c9e624b839be6b89f7d7251aa84e10528102a3ed14556309e1d31c1c37cd72e3b0099547074f5626fd14d0097f2a0bcd83d535a862367c95c3b0f9bf2aabf8d4d517430cc9aec77ee9aad5db5c25e85a6faf81654856db9a95", 0xe8, 0x9610}, {&(0x7f0000000c00)="76325ad6a81dd01c088e98a3da0855e3c3e34b399d63195185f35660261c15ee94297ba3f4704436e9cc44388076b972146ea1099e8d957a294c5aa69b00f7b31600a56cf5628d8587f2b840db916c04b233a4e9b94171f50477d910dd007571d51cfb9c42e951beff7bdf820c53eb39c693d8b777b1387a238322b0f30464d05421c4561abd1cfcb6bda8f7986ff0b48f45389556e7c083cf9c7ccec26b358909c1bc2e4bfb1bf54374450d83f584a764538ff2da86636474316848a97362c3191fda544ba7dc4bb4f6e0fb24b2877e3110ddb7a7b1042aec472e3082ef5f5bf35d23b28596d64fd779ca94b82a9c0c928edce2804876c094ae142d183b8a59b8967dd3469614e74453c0ea06dc55635fc6418d081ec9a85262e5e0f73eac24a9ec791ec9d1573b98b204413943629fd6e2be7120f678c66458b8f617856f86dd7ad14e37c86f88c615abdeeedc0004e3038d02b3f240489fffbf02bb03aa5e92124e3ffdeec45502ae60755d4e2c27f647fe7dd91c495d5efbcb01bef4185f6049b72364b819fd33f969ee5d37f7e254a64c1d5aeae98b472bd97922be97551f036678b4d867ea7aec44c95e45cf81a60a8ae9e3d2366b1525db6650843c9d07348e03f7af450068a09d5f2bdbce2086256397c5f333719577f16a5e2488a255761d6ba45abff76899e91fd85e465cbea99103716aaf883eab43b0b870645b771b86b3079af1c4d0e73017d10650e0bdc17851f062cee2592704c97f4de4a5ba86c4565d119df3b41fe5ba159fa1e2a13eaf291789fc03336d881c85460d106654cb6846fb529daebec768777dcdc6617810f299f7788a99cb82fef0381176373ed9351f840e48d738a2990a11e66d41dd4beba316404949590e8791733dc05171eaf3ee1d53332aa2344b7777662cce025355b0fa32424a8da005ee55ea0de2fa134280e86f707e006cb50b8ec24989c4ec20b926cd6b6254fc22c9d4b7a49ea1a6ccd2359035e7f4a8e7ba3bbe0230dfeb05b5302969838a5190638fac23414b7c7e54e2efea2e3d6e8ada4fd817e88d0b745364de8e93e568ab8b0ee74f1d7ad8ddff8d5ff2fd83b9c6a63c18c8ae070d613a6bfe65f6392fd98a33c969ff9815c3f8cdad82d93923287c06cb16b5983d6b07623b893be25068aa75fb9540c5f135bfeed8d47cfd01404722529f9f43364cb0bdbbe74cc2ece0a301d7855ddf4c5688aedebdde59b588da469c713d79cbe154e82c61abbc189ad8b6368f5abafb15bdfa52d8fc4d9b48caf31213a30fe20ae966e4b88be3994bd1e7fe44a79f508a1e2082f958f56c8ee1ef5ace106ffcc735c0300f703d0227b8b5ec545cd803ea0f7e7bcf1ac2c95a70f6fbadeb9c1e80e91c93ee30b2f666dcd39b1f4be70350bece2e5d62ec79aec85a7101ca8e68d7693e6e361508b7904871a5f81a4e06c04cbb4f597bd8afc6f15a8f8e59a764bcaf35f87518d8ea094be2da1ffc3d0a0510806b670693985bb558544f8e6330dbb72c3e42f9cba4824c05a9218cd304e2c5c65aa423240229c7f0d1b93fd2c9639f6f76167fc0aebab1ab7dcaba25f73ee6a2828ccf7cd9bde6f4e19547d5303cb9579138e5e22334d5bfeb57f701cf29f3f1dce08190772e397999d7ce09e4139eb9fd8646846a208fd80378676f7829063b049276534c10c99ead5fbcb891ea8296ab1bc4dbf35dc7f366910deaa51b4c4308084712d60c399f222e32a8c3a6014fc8c52929495bcdadb74c1ed68f0d9d3d4fbd9164fe6edd420069219e3db44af11179eb03f16804b36754fbded1e8bfd8afec3781bdc21f0bbb2ebc076fc0e61927b1ad78fa799ba8ff2d2f007436f1406adf69c0c0a4450ae40afee843bf363ae9eff25724fbea617c959b0be185bda6166d8068557fd1251c91af98475747a455ed8a8cd08d37af3fef3417afc8f0ff61739a398755f7c9742cd1c88731a9e50778c5fe5663f1af5de12e5c99290a66d96a72080aa03ba1d5a1ef356dd78b2e7b18c3d1f921a3350fda9dbf3fa401778d7a8348c5b143e278a2bc9ebb29e7c22350556333ef12a1240a3e090e1a99615389757a63cea36364a30ad8ccf90478a4b3c55facafc36f2e7ce82ebd80a15328c413c471144ee0c15b5c01e1787382f5dba02ab0cf55db87a70872295bd4cdea6a6e5891d3575e8178c4f7a606a8f0e81f2939a975780b601706c0f17e3e62e9417377d26b6f9656ebca4e805e53852e9a9260269c78e02930f20239018e65974cdc6c05ec565c63462403e24bc42cdd2c7537f99ef0761d37e0b558931397fdd1c63952c1e8c63d999698d35ffde9747a4c8443d337d1e97169dbce97b2154c0e0c5e590bbc45ffec445e37505549a9d336168b57a5e4c36274f318339ee5d39e3cc5fac01275ee4eac6623de13778e0d3b3203775cc0ac32c8b3dca2cb694ff2cd2e2119e4f4366be06f45c7712a99386c98ae398d8fbb5ca5da01bfebe15925443d8ee6295c47fd86cd415c3a9fd96e497de400ed525928cad52be7b478146c2eec3b796e033b445f995cabf27fe8af4562b558c6bef08e636a13f249b1f82f320046e3159a3993c0ca67f2cd0727126abdd2a01927e374c1595b1e9ca242c0ff91ce04df78494bce2fb684f39fde824fced40a9fbdb15e25f5eca223731915ae32f918aaaca5da3e4f763ead3a48aa49c1b2ed6ae7f46c990bcfc59f68c9de3a0c2988dd1cdce759ac9b05d19b043f653059446d38db9af726e4f5f76cb6293c8b955d7cc27672fabc4b60d7f3d35d2a0d533270526422665c2f13de75ea2846c287fa41d1ec7efb4fe58688d3e115f1239212c941d565c87998502e4b950b417639e9db6330aa9113b18dee66f91cf73e5f311b3837e4bdc57142d4c81a5db70e2e27e365f515c786fe12aad7c869cf62dc4d1a930d7a4d6eb4f50c45095e29a93158bc2b62fa673064176aee65be8fdfb00a52431722c17d4b0946f5cb3ad6dcd22180da824076a2d1cfa0917de3eaaf6123e0672051bef78b8a51de094ddae1a12c6821367556cbfb95920c93424f58a872240ac4ac9a30ceb5a0977cbc211c2c2184c0d2beba1a6a224ace035b3e61a9a169074cceea93ae296b69e8e0ab6b1db0a0d07fff9eda71a822d5982c61352a86d399f9562852505ef7d5c49a967dce3bf9adebfbbb39bb2dfd52ef36ad8995bfcc2a42565acae7979bd5e1ee734a2e4f57c82d1ac400caed99d81ecb22cccddece9ec5a49eaa464f72c20536e2f2ff71a70a86e34be0a484ba62d5558fba868be88f98bec8a329ca7bf9ca9598f07cc04251ffeee993362520a57e75f7d8e3bee7788708d468ef4ff8c414aafb1dc6d96799419eef03da86a81f6415b7bbddbf73da034d15a18a8647b4feacd02529cf271bab80eb1aa37d0a3a8d4faf903968ea58b09adf69bd45478b3bc543953bbd0c5d9d847602239bbcc7a9e67af4bd454968359317163806c58d8e02ed0d66891ab2531bfea017a1c949ec37ae8075bc6d522ea4f58a7c951c3bea465f5b4ed432797338a69f90fd993f7f0e5b496b3822ed1985078aff5b95c6312a43d61273dba9129c03f5cfb9339f14461fcd8f9b8832622540a8f6c25a50025b57b8294aa04411bf61e90a1e43461f304335246fc30c2dec3f7af482faa48b1c1817b5c75cd50e940ead29b19d5d0ebbb82b03450217b6c76882e36571b5b1bfec30c2be221822191b86f6deb6f1e10be85a4fe1119e7efe646146ae4ec37d1b23e5e3c02569efcad313b3355d101ecd0fad7344633596f8ee9f10afc31498b7f8e0e9f6934c5317ca44802734ac4acba5f3a08d0124805f02c20b6990880180c34c153d20cba8ab36e9e5d897427178b14e3146f03a041112892b687fd397c71850acdedda4c7846ff1200fa1af7e399f08cd72def7250e687454319415fca12a876bf0f9f4abd49f71ac49299822708ced787b7b2878fc2fb11f3a221b80c0b23c7d306c073200ffb1511897f27c6390823efde39a9b3a11b14802f308e0b6ae11701d1caf07e826fba8f1d5e9db39a6aed681f19e2b695ef644c5867f4b8206e77a5a0d30317bc732707c3d9081d38cba0e905de7bdc1c362d569a0bb27c3fee8cbf7ec9881cade08e6001123180cd5aa71cb50bd28b86efddd2e2e28a5b6be8c6eb5956223808b25c5315541898f8fdb9fd16f1b542880ba9378ec485745e96bcc072743c27062dc48b389f49db93ba00c89182318bd4dc16f2d8d96ef419eda1e58629bbaf02cb50736a20d22465752b997368d3fa7ed2c36679bdd75c2cfdac6dacf7c7b9c108b1011f93efc7695e7cdb4582e88c3ead87771d7b79a0f7df276922ece43769c4753e8840f532f4027f8eb829aac278b7c476d538139dbbede56717657d241d9a2afe14173163cff194a920b36350f7225563db807141f10b821b22b033b2e5e2eaf78649bc66a4f9583038d70557223bdf4cacc40ebd98bb504afd46fa61eabcd8019afc0ec6af823578f031985c144d38be0a59d4031248a71cda15e52366598ae7b8c3de35ee2c2d170cd4c298b026e8b36e7060176bf519ac2e9923470ae7698496acd543f9f394ddea5a54126d1a98b96760610c19e1f6032f207edecd100f6cd3dab63ffee121e818df893a9903c65ca4a3ac41b2740494de38aa509eb6e546b14e5a81bb56f68c7fe50db7d5f1bf5a199fabebfc3ab25ed7f00dabfadcfb00fb448304c5eaf3867cc32df5500c8afd3bb1bd66b7fed05d690491f1c18ab8ce81dd2bbd9e48b5135689c663bb62ed444f63e1541c36a094487b60ad5801f6f80d6da78a00c88349cdaa3006ae07e69d293e55b78a7ccc5ef0bc071552374d58cbd49a37b5bcab3e84970aab8d0f3cf732190779a7c6941743f0b01abbdedc461ca81d6e6dffb0c626cccc7b02caa5d35fad7c0ea465c1cdfa0fec8f0be72eac8c668da8d31cee1f8a9a653f7d284df3905919053286b303976276f202fb7a99cba8f13e56b0febb1f01bbf5ce9af2f25f6e362228b5dc7b4e4b0791ecf556dba0cd4ca53f7c711b86838b225c37fe640b46b2a928682778f0bc1c03e59a7cf7e9636b3fa60cf343d1198be27801dfc3da5a489ce277c079a0287220b0b08fe52e0dd622dbe38843c64cff10d494f1228c592948ab3aa6521b2e33976c7c73fcd83f3b4ab29911e6272107af4adf891473770eaf593831b626b1d1a9cb13366ede1e6149c9fa0b8478ab7e7fcd26ae2290df724625ab13b2a3f1cb2835b7fd511e738cc76b3c7fc4caa741a74d1142a7c69dfa0e69f01ad3766a7fb26dfdc22c2d0c0420f7fc960aa50f670ebaeb23db709b2416643357db66850c4fec5529d8ff9f1fc89767ffa3453fce9b4f3bb984e39fac03770dcdd8c10425225f4982bbb62da4244e45dcd95010d3c7b8d5a8c54c10d4a89a59289fa4a9ca8619b5cc9510d09abcacbd3611d354ce891e7e43e4684a6f8521ac1012745ff85902876ea3ae909a378e145fe94939630b34870d2488da5f98a6e088568c609d8dc7b9dba260d6ead4afa1b7264718e619892bc68d9c742b277564f7e9e634dcf27c45d08468f68bd49a4cbeae8954a731a6561062209b8529489a5764891a9d400a75e53fffcc8d008edabe7a4c6a65868b22fc4cb4ffc7990e1bd0b8403b4499b9341940057e180ad6fd39e88db6611dba548afb6a72b39eadc45b86b6ac14c9460843ffa00ac2e9d30f61ec726120994f295c6be1f708c78f3b7f3393f54a7a6a1b81d62cf0fe1a0327d3f4959d8f27e", 0x1000, 0x3}, {&(0x7f0000001c00)="88a1013c6e93c9fefaee782353bd9c9b7c57878a33a19e947ae57b96cee29e5cd336fc0dd744a56d17499181f8d5978c63620572f142055b6f40589be01d4c2c2fd6a8fae2450cb5ff08b62bdf1c57f9f05180c0eea1792e9c5b62de6f92380134cd71aa7d2531ccba3f623afe0f7b3c12478a8d903721744f44c19baeea1936e4c5ac66ed6fb8567f2263b3e6006be511cc0de1da1782b71d4fba861992915383b353cd9988001c1f30f2fc47be04a7a321001f7e947da9f6942588cc7142d713318a36", 0xc4, 0x10000}, {&(0x7f0000001d00)="9cbcc7d88a958d432252bd1eff43ae4cf2250e884e6c205ee3d8966414c7a7adf6ebe73f3fef049dae5ac979bbcc35864170f680a1e0b4a6f054fed15bf2149ee6d632445102ac8c6404b5adad2b2f2c05ff02deb1d53df284659c59cd820a90c0de28d352303060d42e5a60d3e1e0baf396cffc403f918234942a50076b13febb5f91118ca33dfcf081884259950bed", 0x90, 0x7ff}], 0x100000, &(0x7f0000000680)='memory.events\x00') perf_event_open(&(0x7f0000000700)={0x2, 0x70, 0xfffffffffffffffe, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_pid(r10, &(0x7f0000000000), 0xfffffd5b) 22:49:04 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x43c, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:04 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xca030000]}, 0x2c) 22:49:04 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6ec, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:49:04 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x50}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:49:04 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0xca01000000000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2471.711956] syz-executor.2 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 2471.743379] CPU: 0 PID: 7601 Comm: syz-executor.2 Not tainted 5.0.0-rc8+ #89 [ 2471.750583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2471.759948] Call Trace: [ 2471.762552] dump_stack+0x172/0x1f0 [ 2471.766199] dump_header+0x10f/0xb6c [ 2471.769935] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2471.775054] ? ___ratelimit+0x60/0x595 [ 2471.778962] ? do_raw_spin_unlock+0x57/0x270 [ 2471.783386] oom_kill_process.cold+0x10/0x6f5 [ 2471.787893] ? task_will_free_mem+0x139/0x6e0 [ 2471.792439] out_of_memory+0x79a/0x1280 [ 2471.796440] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2471.801552] ? oom_killer_disable+0x280/0x280 [ 2471.806068] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2471.811190] mem_cgroup_out_of_memory+0x99/0xe0 [ 2471.815877] ? memcg_memory_event+0x40/0x40 [ 2471.820243] ? _raw_spin_unlock+0x2d/0x50 [ 2471.824431] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2471.829562] try_charge+0xfec/0x1570 [ 2471.833292] ? find_held_lock+0x35/0x130 [ 2471.837386] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2471.842238] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2471.847091] ? find_held_lock+0x35/0x130 [ 2471.851165] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2471.856035] memcg_kmem_charge_memcg+0x7c/0x130 [ 2471.860721] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2471.865252] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2471.870112] memcg_kmem_charge+0x13b/0x340 [ 2471.874363] __alloc_pages_nodemask+0x437/0x710 [ 2471.879049] ? debug_smp_processor_id+0x1c/0x20 [ 2471.883730] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2471.888812] ? copy_page_range+0x125a/0x1f90 [ 2471.893257] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2471.898815] alloc_pages_current+0x107/0x210 [ 2471.903236] pte_alloc_one+0x1b/0x1a0 [ 2471.907049] __pte_alloc+0x20/0x310 [ 2471.911120] copy_page_range+0x1529/0x1f90 [ 2471.915360] ? mark_held_locks+0x100/0x100 [ 2471.919630] ? pmd_alloc+0x180/0x180 [ 2471.923352] ? __rb_insert_augmented+0x231/0xdf0 [ 2471.928121] ? validate_mm_rb+0xa3/0xc0 [ 2471.932123] ? __vma_link_rb+0x279/0x370 [ 2471.936210] copy_process.part.0+0x56aa/0x79a0 [ 2471.940844] ? __cleanup_sighand+0x70/0x70 [ 2471.945114] _do_fork+0x257/0xfe0 [ 2471.948578] ? fork_idle+0x1d0/0x1d0 [ 2471.952315] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2471.957079] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2471.961843] ? do_syscall_64+0x26/0x610 [ 2471.965833] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2471.971203] ? do_syscall_64+0x26/0x610 [ 2471.975189] __x64_sys_clone+0xbf/0x150 [ 2471.979175] do_syscall_64+0x103/0x610 [ 2471.983084] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2471.988280] RIP: 0033:0x4563fa [ 2471.991481] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 22:49:05 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0xfc}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:49:05 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0xca03000000000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2472.010385] RSP: 002b:00007fff02590460 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2472.018101] RAX: ffffffffffffffda RBX: 00007fff02590460 RCX: 00000000004563fa [ 2472.025370] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2472.032641] RBP: 00007fff025904a0 R08: 0000000000000001 R09: 0000000001fbd940 [ 2472.039942] R10: 0000000001fbdc10 R11: 0000000000000246 R12: 0000000000000001 [ 2472.047248] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000002 [ 2472.126973] memory: usage 307200kB, limit 307200kB, failcnt 5498 [ 2472.141295] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2472.153848] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 22:49:05 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6ed, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) [ 2472.163051] Memory cgroup stats for /syz2: cache:12KB rss:118224KB rss_huge:20480KB shmem:0KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:118380KB inactive_file:4KB active_file:4KB unevictable:0KB [ 2472.194794] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=25588,uid=0 22:49:05 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x43d, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2472.222103] Memory cgroup out of memory: Kill process 25588 (syz-executor.2) score 124 or sacrifice child [ 2472.236866] Killed process 25588 (syz-executor.2) total-vm:72576kB, anon-rss:2212kB, file-rss:35784kB, shmem-rss:0kB 22:49:05 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0xcc03000000000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:05 executing program 1: r0 = memfd_create(&(0x7f0000000100)='#e\xa7\x82w$\x00', 0x0) r1 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x3, 0x2) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="4e43a2d6a4287091cd15c81b812164bd3c65a9c704207cd4672683782000cccf34aad4682c56d6dbb1e932d6a63f4c28a82bfad823969cfedd08efb0814b5f9509131ed0e78583063776f229924b14b14978326d8fea26bc2115d3df10c7c1091e93dd", @ANYRES16=0x0], 0x65) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r1, 0x40045542, &(0x7f0000000040)=0xb56) sendfile(r0, r1, &(0x7f0000000080)=0x3f, 0x10006) ioctl$LOOP_SET_FD(r1, 0x4c00, 0xffffffffffffffff) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x80000000005, 0x11, r0, 0x0) timerfd_settime(0xffffffffffffffff, 0x1, &(0x7f00000003c0)={{0x0, 0x989680}, {0x77359400}}, 0x0) [ 2472.374792] syz-executor.4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 2472.422130] CPU: 1 PID: 7608 Comm: syz-executor.4 Not tainted 5.0.0-rc8+ #89 [ 2472.429349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2472.438716] Call Trace: [ 2472.441316] dump_stack+0x172/0x1f0 [ 2472.444967] dump_header+0x10f/0xb6c [ 2472.448694] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2472.453813] ? ___ratelimit+0x60/0x595 [ 2472.457706] ? do_raw_spin_unlock+0x57/0x270 [ 2472.462128] oom_kill_process.cold+0x10/0x6f5 [ 2472.466636] ? task_will_free_mem+0x139/0x6e0 [ 2472.471154] out_of_memory+0x79a/0x1280 [ 2472.475154] ? oom_killer_disable+0x280/0x280 [ 2472.479660] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2472.484773] mem_cgroup_out_of_memory+0x99/0xe0 [ 2472.489469] ? memcg_memory_event+0x40/0x40 [ 2472.493821] ? _raw_spin_unlock+0x2d/0x50 [ 2472.498070] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2472.503207] try_charge+0xfec/0x1570 [ 2472.506927] ? find_held_lock+0x35/0x130 [ 2472.511003] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2472.515856] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2472.520706] ? find_held_lock+0x35/0x130 [ 2472.524774] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2472.529646] memcg_kmem_charge_memcg+0x7c/0x130 [ 2472.534433] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2472.538984] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2472.543868] memcg_kmem_charge+0x13b/0x340 [ 2472.548156] __alloc_pages_nodemask+0x437/0x710 [ 2472.552846] ? debug_smp_processor_id+0x1c/0x20 [ 2472.557523] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2472.562572] ? copy_page_range+0x125a/0x1f90 [ 2472.567007] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2472.572645] alloc_pages_current+0x107/0x210 [ 2472.577099] pte_alloc_one+0x1b/0x1a0 [ 2472.580908] __pte_alloc+0x20/0x310 [ 2472.584560] copy_page_range+0x1529/0x1f90 [ 2472.588807] ? mark_held_locks+0x100/0x100 [ 2472.593082] ? pmd_alloc+0x180/0x180 [ 2472.596811] ? __rb_insert_augmented+0x231/0xdf0 [ 2472.601586] ? validate_mm_rb+0xa3/0xc0 [ 2472.605593] ? __vma_link_rb+0x279/0x370 [ 2472.609669] copy_process.part.0+0x56aa/0x79a0 [ 2472.614292] ? __cleanup_sighand+0x70/0x70 [ 2472.618564] _do_fork+0x257/0xfe0 [ 2472.622035] ? fork_idle+0x1d0/0x1d0 [ 2472.625766] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2472.630548] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2472.635328] ? do_syscall_64+0x26/0x610 [ 2472.639308] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2472.644671] ? do_syscall_64+0x26/0x610 [ 2472.648662] __x64_sys_clone+0xbf/0x150 [ 2472.652652] do_syscall_64+0x103/0x610 [ 2472.656562] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2472.661754] RIP: 0033:0x4563fa [ 2472.664955] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2472.683855] RSP: 002b:00007ffdc71530f0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2472.691578] RAX: ffffffffffffffda RBX: 00007ffdc71530f0 RCX: 00000000004563fa [ 2472.698846] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2472.706119] RBP: 00007ffdc7153130 R08: 0000000000000001 R09: 000000000189b940 [ 2472.713385] R10: 000000000189bc10 R11: 0000000000000246 R12: 0000000000000001 22:49:05 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf2030000]}, 0x2c) 22:49:05 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x1f4}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) [ 2472.720651] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000004 [ 2472.733290] memory: usage 307200kB, limit 307200kB, failcnt 4638 [ 2472.741890] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2472.771602] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 22:49:06 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0xce03000000000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:06 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf4030000]}, 0x2c) [ 2472.807320] Memory cgroup stats for /syz4: cache:24KB rss:121704KB rss_huge:32768KB shmem:72KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:121852KB inactive_file:4KB active_file:8KB unevictable:0KB 22:49:06 executing program 1: r0 = socket$inet(0x10, 0x3, 0xc) ioctl$FS_IOC_MEASURE_VERITY(r0, 0xc0046686, &(0x7f00000000c0)=ANY=[@ANYBLOB="5f92515872c5b7216533f3f149c45301004500e8a22c4362bbef48c722659fa5fe06000000e858f4b1ed29d271bb6d682674667d8ac07400000000eb2858e24fa2e19471473ad9866e083b893dbb2f7ba7ac871b32fe4b5ff4fbd4ab1d1d8f1635625a444442aead6214ddecce908a086590323fb0f709ebac4ee07168dd505c32932904a0128b2afd67ba8e088d64dac38eed33ac4c67a4ff60b9f76795250ad65273177d8e0bec947c6798cbc869"]) sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f0000000300)="2400000002031f001cfffd946fa2830020200a000900010001e700000000a3a20404ff7e", 0x24}], 0x1}, 0x0) sendmsg(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f0000000640)="2400000002031f001cfffd946fa2830020200a000900010040e700000000a3a20404ff7e", 0x24}], 0x1}, 0x0) [ 2472.955053] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8721,uid=0 22:49:06 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0xd003000000000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2473.012004] Memory cgroup out of memory: Kill process 8721 (syz-executor.4) score 1113 or sacrifice child [ 2473.035881] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2473.051950] Killed process 8721 (syz-executor.4) total-vm:72444kB, anon-rss:2208kB, file-rss:35792kB, shmem-rss:0kB 22:49:06 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x218}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) [ 2473.067467] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2473.081306] oom_reaper: reaped process 8721 (syz-executor.4), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 2473.103000] syz-executor.3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 22:49:06 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfa030000]}, 0x2c) [ 2473.133794] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2473.159299] CPU: 1 PID: 25942 Comm: syz-executor.3 Not tainted 5.0.0-rc8+ #89 [ 2473.166589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2473.175984] Call Trace: [ 2473.178609] dump_stack+0x172/0x1f0 [ 2473.182255] dump_header+0x10f/0xb6c [ 2473.185978] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2473.191092] ? ___ratelimit+0x60/0x595 [ 2473.194981] ? do_raw_spin_unlock+0x57/0x270 [ 2473.199401] oom_kill_process.cold+0x10/0x6f5 [ 2473.203907] ? task_will_free_mem+0x139/0x6e0 [ 2473.208413] out_of_memory+0x79a/0x1280 [ 2473.212399] ? oom_killer_disable+0x280/0x280 [ 2473.216897] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2473.222015] mem_cgroup_out_of_memory+0x99/0xe0 [ 2473.226698] ? memcg_memory_event+0x40/0x40 [ 2473.231031] ? _raw_spin_unlock+0x2d/0x50 [ 2473.235182] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2473.240286] try_charge+0xfec/0x1570 [ 2473.244006] ? find_held_lock+0x35/0x130 [ 2473.248104] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2473.252947] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2473.257796] ? find_held_lock+0x35/0x130 [ 2473.261860] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2473.266732] memcg_kmem_charge_memcg+0x7c/0x130 [ 2473.271487] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2473.275993] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2473.280841] memcg_kmem_charge+0x13b/0x340 [ 2473.285093] __alloc_pages_nodemask+0x437/0x710 [ 2473.289789] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2473.294823] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2473.299407] ? trace_hardirqs_on+0x67/0x230 [ 2473.303730] ? kasan_check_read+0x11/0x20 [ 2473.307889] copy_process.part.0+0x3e0/0x79a0 [ 2473.312385] ? psi_memstall_leave+0x11c/0x180 [ 2473.316885] ? sched_clock+0x2e/0x50 [ 2473.320601] ? psi_memstall_leave+0x12e/0x180 [ 2473.325096] ? find_held_lock+0x35/0x130 [ 2473.329161] ? __lock_acquire+0x53b/0x4700 [ 2473.333410] ? __cleanup_sighand+0x70/0x70 [ 2473.337653] ? mark_held_locks+0x100/0x100 [ 2473.341896] ? perf_trace_lock_acquire+0xf5/0x580 [ 2473.346737] ? rcu_read_lock_sched_held+0x110/0x130 [ 2473.351756] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2473.357334] _do_fork+0x257/0xfe0 [ 2473.360823] ? fork_idle+0x1d0/0x1d0 [ 2473.364545] ? blkcg_maybe_throttle_current+0x5d4/0xfd0 [ 2473.369911] ? lock_downgrade+0x810/0x810 [ 2473.374069] ? blkcg_exit_queue+0x30/0x30 [ 2473.378230] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2473.383000] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2473.387759] ? do_syscall_64+0x26/0x610 [ 2473.391750] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2473.397135] ? do_syscall_64+0x26/0x610 [ 2473.401145] __x64_sys_clone+0xbf/0x150 [ 2473.405125] do_syscall_64+0x103/0x610 [ 2473.409016] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2473.414198] RIP: 0033:0x45a7f9 [ 2473.417421] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2473.436318] RSP: 002b:00007ffd944df8a8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2473.444029] RAX: ffffffffffffffda RBX: 00007fed655cd700 RCX: 000000000045a7f9 [ 2473.451300] RDX: 00007fed655cd9d0 RSI: 00007fed655ccdb0 RDI: 00000000003d0f00 [ 2473.458574] RBP: 00007ffd944dfab0 R08: 00007fed655cd700 R09: 00007fed655cd700 [ 2473.465839] R10: 00007fed655cd9d0 R11: 0000000000000202 R12: 0000000000000000 [ 2473.473109] R13: 00007ffd944df95f R14: 00007fed655cd9c0 R15: 000000000073bf0c [ 2473.480838] net_ratelimit: 26 callbacks suppressed [ 2473.480845] protocol 88fb is buggy, dev hsr_slave_0 [ 2473.488539] protocol 88fb is buggy, dev hsr_slave_0 [ 2473.491045] protocol 88fb is buggy, dev hsr_slave_1 [ 2473.496152] protocol 88fb is buggy, dev hsr_slave_1 [ 2473.501173] protocol 88fb is buggy, dev hsr_slave_0 [ 2473.506363] protocol 88fb is buggy, dev hsr_slave_0 [ 2473.511231] protocol 88fb is buggy, dev hsr_slave_1 [ 2473.521495] protocol 88fb is buggy, dev hsr_slave_1 [ 2473.526713] protocol 88fb is buggy, dev hsr_slave_0 [ 2473.531890] protocol 88fb is buggy, dev hsr_slave_1 22:49:06 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6ee, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) [ 2473.736479] memory: usage 307200kB, limit 307200kB, failcnt 6325 [ 2473.751563] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2473.765058] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2473.776987] Memory cgroup stats for /syz3: cache:124KB rss:111960KB rss_huge:20480KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:112036KB inactive_file:12KB active_file:0KB unevictable:0KB [ 2473.807321] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=25744,uid=0 [ 2473.857169] Memory cgroup out of memory: Kill process 25744 (syz-executor.3) score 1113 or sacrifice child [ 2473.867455] Killed process 25744 (syz-executor.3) total-vm:72576kB, anon-rss:2208kB, file-rss:35784kB, shmem-rss:0kB [ 2473.882228] oom_reaper: reaped process 25744 (syz-executor.3), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 22:49:07 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x43e, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:07 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0xd403000000000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:07 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000]}, 0x2c) 22:49:07 executing program 1: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='ramfs\x00', 0x50, 0x0) arch_prctl$ARCH_MAP_VDSO_32(0x2002, 0x7fffffff) r1 = creat(&(0x7f0000df1000)='./file0/bus\x00', 0x6857b21ff1155d93) write$eventfd(r1, &(0x7f0000000000), 0x2b9) fcntl$lock(r1, 0x7, &(0x7f0000027000)={0x1}) ftruncate(r1, 0x0) 22:49:07 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x240}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:49:07 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6ef, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:49:07 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0xd803000000000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:07 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6f0, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:49:07 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000]}, 0x2c) 22:49:07 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x43f, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:07 executing program 1: symlink(&(0x7f0000000140)='..', &(0x7f0000000300)='./file0\x00') mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x0, 0x0) r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x109000, 0x0) ioctl$IOC_PR_PREEMPT(r0, 0x401870cb, &(0x7f0000000080)={0x3d39ab96, 0x3, 0x9, 0x20000000007}) umount2(&(0x7f0000000280)='./file0\x00', 0x0) 22:49:07 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x300}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:49:07 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0xe003000000000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:07 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6f1, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:49:07 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x440, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:07 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000a0ffffffff]}, 0x2c) [ 2474.407213] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 2474.491159] CPU: 0 PID: 7595 Comm: syz-executor.0 Not tainted 5.0.0-rc8+ #89 [ 2474.498375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2474.507756] Call Trace: [ 2474.510395] dump_stack+0x172/0x1f0 [ 2474.514050] dump_header+0x10f/0xb6c [ 2474.517773] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2474.522901] ? ___ratelimit+0x60/0x595 [ 2474.526839] ? do_raw_spin_unlock+0x57/0x270 [ 2474.531273] oom_kill_process.cold+0x10/0x6f5 [ 2474.535843] ? task_will_free_mem+0x139/0x6e0 [ 2474.540390] out_of_memory+0x79a/0x1280 [ 2474.544404] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2474.549513] ? oom_killer_disable+0x280/0x280 [ 2474.554035] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2474.559211] mem_cgroup_out_of_memory+0x99/0xe0 [ 2474.563897] ? memcg_memory_event+0x40/0x40 [ 2474.568253] ? _raw_spin_unlock+0x2d/0x50 [ 2474.568270] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2474.568286] try_charge+0xfec/0x1570 [ 2474.568299] ? find_held_lock+0x35/0x130 [ 2474.568320] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2474.590137] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2474.590153] ? find_held_lock+0x35/0x130 [ 2474.590172] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2474.590200] memcg_kmem_charge_memcg+0x7c/0x130 [ 2474.590216] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2474.590237] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2474.590256] memcg_kmem_charge+0x13b/0x340 [ 2474.590276] __alloc_pages_nodemask+0x437/0x710 [ 2474.590292] ? debug_smp_processor_id+0x1c/0x20 [ 2474.590311] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2474.590335] ? copy_page_range+0x125a/0x1f90 [ 2474.608731] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2474.608755] alloc_pages_current+0x107/0x210 [ 2474.608776] pte_alloc_one+0x1b/0x1a0 [ 2474.608805] __pte_alloc+0x20/0x310 [ 2474.608823] copy_page_range+0x1529/0x1f90 [ 2474.608838] ? mark_held_locks+0x100/0x100 [ 2474.608880] ? pmd_alloc+0x180/0x180 [ 2474.608896] ? __rb_insert_augmented+0x231/0xdf0 [ 2474.622438] ? validate_mm_rb+0xa3/0xc0 [ 2474.622460] ? __vma_link_rb+0x279/0x370 [ 2474.622485] copy_process.part.0+0x56aa/0x79a0 [ 2474.622536] ? __cleanup_sighand+0x70/0x70 [ 2474.622575] _do_fork+0x257/0xfe0 [ 2474.622598] ? fork_idle+0x1d0/0x1d0 [ 2474.622624] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2474.704318] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2474.709084] ? do_syscall_64+0x26/0x610 [ 2474.713069] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2474.718439] ? do_syscall_64+0x26/0x610 [ 2474.722429] __x64_sys_clone+0xbf/0x150 [ 2474.726413] do_syscall_64+0x103/0x610 [ 2474.730314] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2474.735505] RIP: 0033:0x4563fa [ 2474.738699] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2474.757603] RSP: 002b:00007ffc56cc4460 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2474.765316] RAX: ffffffffffffffda RBX: 00007ffc56cc4460 RCX: 00000000004563fa [ 2474.772584] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2474.779856] RBP: 00007ffc56cc44a0 R08: 0000000000000001 R09: 0000000002148940 22:49:07 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x441, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:07 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x3e8}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:49:08 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6f2, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) [ 2474.787132] R10: 0000000002148c10 R11: 0000000000000246 R12: 0000000000000001 [ 2474.794406] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2474.816020] memory: usage 307200kB, limit 307200kB, failcnt 6328 [ 2474.825747] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2474.834802] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 22:49:08 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000]}, 0x2c) [ 2474.841492] Memory cgroup stats for /syz0: cache:4832KB rss:114500KB rss_huge:18432KB shmem:160KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:114704KB inactive_file:4KB active_file:4KB unevictable:4780KB 22:49:08 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x40000000bc5f, &(0x7f0000000380)="7d008426bce153851eda60107acb8bdb0f274b80f7940a4c47294e8d3286bba8a3dfd012f61133afb0d975f2b97ea8b466f12bfb2494f3f2391b2da30ad12034a55a3225ad73b3cca2032154fcd92f3141a664af41670ce6acb1b5ce34450cdc0a9d82fd6948485adc48835cb64ceebd4abb3279c43922ac31e29def36eee3bb") ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) pipe2(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4800) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000280)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_PORTS(r3, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, r4, 0x38, 0x70bd27, 0x25dfdbfe}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x80) bind$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$bt_BT_VOICE(r2, 0x112, 0xb, &(0x7f0000000780)=0x60, 0x2) sendmsg$TIPC_CMD_SHOW_PORTS(r2, &(0x7f0000000880)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x2004}, 0xc, &(0x7f0000000840)={&(0x7f0000000800)={0x1c, r4, 0x220, 0x70bd2c, 0x25dfdbfc}, 0x1c}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) r5 = memfd_create(&(0x7f0000001fc1)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) write(r5, &(0x7f0000002000)='/', 0x1) sendfile(r5, r5, &(0x7f0000000040), 0x7f) ioctl$sock_TIOCINQ(r2, 0x541b, &(0x7f0000000640)) sendfile(r5, r5, &(0x7f0000001000), 0xfec) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x4, 0x11, r5, 0x0) mount(&(0x7f0000000080), &(0x7f0000000080)='.', 0x0, 0x5010, 0x0) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f00000001c0)={0x2, 0x4e23, @local}, 0x10) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000440)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f0000000740)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000700)={&(0x7f0000000480)={0x1a4, r6, 0x413, 0x70bd27, 0x25dfdbfe, {}, [@TIPC_NLA_BEARER={0x74, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x9, @rand_addr="c80c832d20a965afb01fb7f5079f31b6", 0x60686bd2}}, {0x14, 0x2, @in={0x2, 0x4e23, @loopback}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @loopback}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x5, @local, 0x5}}}}]}, @TIPC_NLA_MEDIA={0x94, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x54, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7f}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5dd878af}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}]}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3f}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfc}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_MEDIA={0x88, 0x5, [@TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x101}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x81}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}]}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7f}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xb8d1727}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1f}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}]}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1f}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}]}]}]}, 0x1a4}}, 0x48000) sendto$inet(r1, &(0x7f0000000f40)="03", 0x1, 0x80ff, 0x0, 0x0) recvfrom(r1, &(0x7f0000000040)=""/188, 0xbc, 0x1, &(0x7f0000000100)=@l2, 0x80) 22:49:08 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x442, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2474.929878] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=19504,uid=0 22:49:08 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6f3, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:49:08 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x500}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) [ 2475.007229] Memory cgroup out of memory: Kill process 19504 (syz-executor.0) score 120 or sacrifice child [ 2475.056586] Killed process 19504 (syz-executor.0) total-vm:72708kB, anon-rss:2224kB, file-rss:34816kB, shmem-rss:0kB [ 2475.203855] syz-executor.2 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 2475.256218] CPU: 1 PID: 26121 Comm: syz-executor.2 Not tainted 5.0.0-rc8+ #89 [ 2475.263529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2475.272916] Call Trace: [ 2475.275511] dump_stack+0x172/0x1f0 [ 2475.279160] dump_header+0x10f/0xb6c [ 2475.282884] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2475.288010] ? ___ratelimit+0x60/0x595 [ 2475.291905] ? do_raw_spin_unlock+0x57/0x270 [ 2475.296329] oom_kill_process.cold+0x10/0x6f5 [ 2475.300853] ? task_will_free_mem+0x139/0x6e0 [ 2475.305364] out_of_memory+0x79a/0x1280 [ 2475.309371] ? oom_killer_disable+0x280/0x280 [ 2475.313872] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2475.318991] mem_cgroup_out_of_memory+0x99/0xe0 [ 2475.323679] ? memcg_memory_event+0x40/0x40 [ 2475.328023] ? _raw_spin_unlock+0x2d/0x50 [ 2475.332183] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2475.337296] try_charge+0xfec/0x1570 [ 2475.341018] ? find_held_lock+0x35/0x130 [ 2475.345094] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2475.349956] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2475.354809] ? find_held_lock+0x35/0x130 [ 2475.358879] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2475.363734] memcg_kmem_charge_memcg+0x7c/0x130 [ 2475.368407] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2475.372929] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2475.377793] memcg_kmem_charge+0x13b/0x340 [ 2475.382042] __alloc_pages_nodemask+0x437/0x710 [ 2475.386722] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2475.391747] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2475.396359] ? trace_hardirqs_on+0x67/0x230 [ 2475.400686] ? kasan_check_read+0x11/0x20 [ 2475.404848] copy_process.part.0+0x3e0/0x79a0 [ 2475.409356] ? psi_memstall_leave+0x11c/0x180 [ 2475.413900] ? sched_clock+0x2e/0x50 [ 2475.417667] ? psi_memstall_leave+0x12e/0x180 [ 2475.422170] ? find_held_lock+0x35/0x130 [ 2475.426241] ? __lock_acquire+0x53b/0x4700 [ 2475.430495] ? __cleanup_sighand+0x70/0x70 [ 2475.434739] ? mark_held_locks+0x100/0x100 [ 2475.438987] ? perf_trace_lock_acquire+0xf5/0x580 [ 2475.443837] ? rcu_read_lock_sched_held+0x110/0x130 [ 2475.448858] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2475.454414] _do_fork+0x257/0xfe0 [ 2475.457880] ? fork_idle+0x1d0/0x1d0 [ 2475.461606] ? blkcg_maybe_throttle_current+0x5d4/0xfd0 [ 2475.466974] ? lock_downgrade+0x810/0x810 [ 2475.471132] ? blkcg_exit_queue+0x30/0x30 [ 2475.475299] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2475.480060] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2475.484824] ? do_syscall_64+0x26/0x610 [ 2475.489167] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2475.494546] ? do_syscall_64+0x26/0x610 [ 2475.498584] __x64_sys_clone+0xbf/0x150 [ 2475.502572] do_syscall_64+0x103/0x610 [ 2475.506473] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2475.511677] RIP: 0033:0x45a7f9 [ 2475.514874] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2475.533788] RSP: 002b:00007fff025901d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2475.541498] RAX: ffffffffffffffda RBX: 00007fca941ff700 RCX: 000000000045a7f9 [ 2475.548794] RDX: 00007fca941ff9d0 RSI: 00007fca941fedb0 RDI: 00000000003d0f00 [ 2475.556065] RBP: 00007fff025903e0 R08: 00007fca941ff700 R09: 00007fca941ff700 [ 2475.563335] R10: 00007fca941ff9d0 R11: 0000000000000202 R12: 0000000000000000 [ 2475.570610] R13: 00007fff0259028f R14: 00007fca941ff9c0 R15: 000000000073bfac [ 2475.592073] memory: usage 307164kB, limit 307200kB, failcnt 5530 [ 2475.607572] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2475.615435] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2475.632151] Memory cgroup stats for /syz2: cache:12KB rss:116968KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:117004KB inactive_file:8KB active_file:0KB unevictable:0KB 22:49:08 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0xe603000000000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:08 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6f4, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:49:08 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x443, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:08 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x365101, 0x0) ioctl$SCSI_IOCTL_BENCHMARK_COMMAND(r1, 0x3) r2 = shmget$private(0x0, 0x1000, 0x842, &(0x7f0000ffc000/0x1000)=nil) shmat(r2, &(0x7f0000ffc000/0x2000)=nil, 0x1000) fcntl$addseals(r0, 0x409, 0x9) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x1, 0x0) 22:49:08 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x600}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) [ 2475.672154] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=22570,uid=0 [ 2475.707813] Memory cgroup out of memory: Kill process 22570 (syz-executor.2) score 124 or sacrifice child 22:49:08 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x444, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2475.760451] Killed process 22570 (syz-executor.2) total-vm:72444kB, anon-rss:2204kB, file-rss:35784kB, shmem-rss:0kB 22:49:09 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000]}, 0x2c) [ 2475.849856] oom_reaper: reaped process 22570 (syz-executor.2), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB [ 2475.865598] syz-executor.4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 2475.910028] CPU: 1 PID: 7608 Comm: syz-executor.4 Not tainted 5.0.0-rc8+ #89 [ 2475.917227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2475.917233] Call Trace: [ 2475.917255] dump_stack+0x172/0x1f0 [ 2475.917280] dump_header+0x10f/0xb6c [ 2475.917297] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2475.917314] ? ___ratelimit+0x60/0x595 [ 2475.917329] ? do_raw_spin_unlock+0x57/0x270 [ 2475.917349] oom_kill_process.cold+0x10/0x6f5 [ 2475.917368] ? task_will_free_mem+0x139/0x6e0 [ 2475.959032] out_of_memory+0x79a/0x1280 [ 2475.963023] ? oom_killer_disable+0x280/0x280 [ 2475.967527] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2475.972651] mem_cgroup_out_of_memory+0x99/0xe0 [ 2475.977327] ? memcg_memory_event+0x40/0x40 [ 2475.977351] ? _raw_spin_unlock+0x2d/0x50 [ 2475.977380] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2475.977395] try_charge+0xfec/0x1570 [ 2475.977408] ? find_held_lock+0x35/0x130 [ 2475.998720] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2476.003585] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2476.008434] ? find_held_lock+0x35/0x130 [ 2476.012508] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2476.017374] memcg_kmem_charge_memcg+0x7c/0x130 [ 2476.022055] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2476.026574] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2476.031432] memcg_kmem_charge+0x13b/0x340 [ 2476.035677] __alloc_pages_nodemask+0x437/0x710 [ 2476.040352] ? debug_smp_processor_id+0x1c/0x20 [ 2476.045029] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2476.050060] ? copy_page_range+0x125a/0x1f90 [ 2476.054479] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2476.060041] alloc_pages_current+0x107/0x210 [ 2476.064458] pte_alloc_one+0x1b/0x1a0 [ 2476.068293] __pte_alloc+0x20/0x310 [ 2476.071936] copy_page_range+0x1529/0x1f90 [ 2476.076179] ? mark_held_locks+0x100/0x100 [ 2476.080456] ? pmd_alloc+0x180/0x180 [ 2476.084191] ? __rb_insert_augmented+0x231/0xdf0 [ 2476.088970] ? validate_mm_rb+0xa3/0xc0 [ 2476.092984] ? __vma_link_rb+0x279/0x370 [ 2476.097063] copy_process.part.0+0x56aa/0x79a0 [ 2476.101689] ? __cleanup_sighand+0x70/0x70 [ 2476.105957] _do_fork+0x257/0xfe0 [ 2476.109438] ? fork_idle+0x1d0/0x1d0 [ 2476.113171] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2476.117938] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2476.122698] ? do_syscall_64+0x26/0x610 [ 2476.126679] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2476.132048] ? do_syscall_64+0x26/0x610 [ 2476.136035] __x64_sys_clone+0xbf/0x150 [ 2476.140022] do_syscall_64+0x103/0x610 [ 2476.143920] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2476.149116] RIP: 0033:0x4563fa [ 2476.152315] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2476.171220] RSP: 002b:00007ffdc71530f0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2476.178930] RAX: ffffffffffffffda RBX: 00007ffdc71530f0 RCX: 00000000004563fa [ 2476.186220] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2476.193507] RBP: 00007ffdc7153130 R08: 0000000000000001 R09: 000000000189b940 [ 2476.200815] R10: 000000000189bc10 R11: 0000000000000246 R12: 0000000000000001 22:49:09 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0xe803000000000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:09 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x700}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:49:09 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_int(r0, &(0x7f00000002c0)='pids.max\x00', 0x2, 0x0) openat$cgroup_ro(r0, &(0x7f0000000040)='io.stat\x00', 0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x280000, 0x0) [ 2476.208086] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000004 [ 2476.223646] memory: usage 307200kB, limit 307200kB, failcnt 4683 [ 2476.230958] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2476.271867] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2476.295065] Memory cgroup stats for /syz4: cache:24KB rss:120464KB rss_huge:30720KB shmem:72KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:120524KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2476.358127] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8735,uid=0 22:49:09 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000]}, 0x2c) 22:49:09 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0xec00000000000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:09 executing program 1: r0 = syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x18303) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/rtc0\x00', 0x0, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f0000000080)={r3, 0x8, 0xffffffff}, &(0x7f0000000100)=0x8) r4 = fcntl$dupfd(r2, 0x3, 0xffffffffffffffff) add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) request_key(0x0, 0x0, 0x0, 0xfffffffffffffffd) r5 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x0, 0x4082) r6 = memfd_create(&(0x7f00000001c0)='/delo\xff\a\x00\x00\x00\x00', 0x0) pwritev(r6, &(0x7f0000000480)=[{&(0x7f00000004c0)="2bd8", 0x2}], 0x1, 0x81804) ioctl$LOOP_CHANGE_FD(r5, 0x4c00, r6) sendfile(r4, r5, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000280)='TIPCv2\x00') [ 2476.405821] Memory cgroup out of memory: Kill process 8735 (syz-executor.4) score 1113 or sacrifice child [ 2476.437850] Killed process 8735 (syz-executor.4) total-vm:72444kB, anon-rss:2208kB, file-rss:35788kB, shmem-rss:0kB [ 2476.501704] oom_reaper: reaped process 8735 (syz-executor.4), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB [ 2476.533079] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2476.595234] CPU: 1 PID: 26165 Comm: syz-executor.3 Not tainted 5.0.0-rc8+ #89 [ 2476.602525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2476.611879] Call Trace: [ 2476.614482] dump_stack+0x172/0x1f0 [ 2476.618137] dump_header+0x10f/0xb6c [ 2476.621861] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2476.626989] ? ___ratelimit+0x60/0x595 [ 2476.630897] ? do_raw_spin_unlock+0x57/0x270 [ 2476.635322] oom_kill_process.cold+0x10/0x6f5 [ 2476.639831] ? task_will_free_mem+0x139/0x6e0 [ 2476.644342] out_of_memory+0x79a/0x1280 [ 2476.648336] ? oom_killer_disable+0x280/0x280 [ 2476.652838] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2476.657955] mem_cgroup_out_of_memory+0x99/0xe0 [ 2476.662627] ? memcg_memory_event+0x40/0x40 [ 2476.666975] ? _raw_spin_unlock+0x2d/0x50 [ 2476.671132] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2476.676241] try_charge+0xfec/0x1570 [ 2476.679974] ? find_held_lock+0x35/0x130 [ 2476.684046] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2476.688904] ? kasan_check_read+0x11/0x20 [ 2476.693087] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2476.697938] mem_cgroup_try_charge+0x24d/0x5e0 [ 2476.702566] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2476.707533] __handle_mm_fault+0x1e26/0x3f20 [ 2476.711992] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2476.716839] ? find_held_lock+0x35/0x130 [ 2476.720910] ? handle_mm_fault+0x322/0xb30 [ 2476.725170] ? kasan_check_read+0x11/0x20 [ 2476.729331] handle_mm_fault+0x43f/0xb30 [ 2476.733408] __do_page_fault+0x5da/0xd60 [ 2476.737504] do_page_fault+0x71/0x581 [ 2476.741309] ? page_fault+0x8/0x30 [ 2476.744858] page_fault+0x1e/0x30 [ 2476.748309] RIP: 0033:0x40bba4 [ 2476.751499] Code: 33 00 89 48 24 48 89 58 18 31 c0 48 8b 8c 04 10 01 00 00 48 89 8c 02 30 bf 73 00 48 83 c0 08 48 83 f8 48 75 e6 e8 2c 72 ff ff <83> 05 59 44 53 00 01 80 7c 24 0b 00 74 0b f6 44 24 0c 01 0f 84 cd [ 2476.770403] RSP: 002b:00007ffd944df9e0 EFLAGS: 00010217 [ 2476.775765] RAX: 0000000000000000 RBX: ffffffffffffffff RCX: 0000000000457e29 [ 2476.783043] RDX: 0000000000000000 RSI: 0000000000000081 RDI: 000000000073bf08 [ 2476.790315] RBP: 000000000073bf00 R08: 00007fed655cd700 R09: 000000000025c8bd [ 2476.797586] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000064a [ 2476.804857] R13: 0000000000000000 R14: 0000000000000004 R15: 000000000073bf0c 22:49:10 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6f5, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:49:10 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x900}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:49:10 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000]}, 0x2c) 22:49:10 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0xf002000000000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2476.866928] memory: usage 307200kB, limit 307200kB, failcnt 6357 [ 2476.873911] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2476.883327] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2476.891701] Memory cgroup stats for /syz3: cache:124KB rss:110516KB rss_huge:18432KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:110652KB inactive_file:4KB active_file:8KB unevictable:0KB [ 2476.950098] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=7899,uid=0 [ 2476.992333] Memory cgroup out of memory: Kill process 7899 (syz-executor.3) score 1113 or sacrifice child [ 2477.004662] Killed process 7899 (syz-executor.3) total-vm:72576kB, anon-rss:2200kB, file-rss:35788kB, shmem-rss:0kB 22:49:10 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x445, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:10 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000008c80)=[{{&(0x7f0000000000)=@nfc_llcp, 0x80, &(0x7f0000001100)=[{&(0x7f0000000080)=""/4096, 0x1000}, {&(0x7f0000001080)=""/88, 0x58}], 0x2, &(0x7f0000001140)=""/202, 0xca}, 0x3}, {{&(0x7f0000001240)=@rc, 0x80, &(0x7f00000019c0)=[{&(0x7f00000012c0)=""/239, 0xef}, {&(0x7f0000001500)=""/230, 0xe6}, {&(0x7f0000001600)=""/238, 0xee}, {&(0x7f00000013c0)=""/5, 0x5}, {&(0x7f0000001700)=""/205, 0xcd}, {&(0x7f0000001800)=""/210, 0xd2}, {&(0x7f0000001400)=""/81, 0x51}, {&(0x7f0000001900)=""/156, 0x9c}], 0x8, &(0x7f0000001a40)=""/34, 0x22}, 0xffffffffffffff0f}, {{0x0, 0x0, &(0x7f0000001d00)=[{&(0x7f0000001a80)=""/103, 0x67}, {&(0x7f0000001b00)=""/34, 0x22}, {&(0x7f0000001b40)=""/21, 0x15}, {&(0x7f0000001b80)=""/114, 0x72}, {&(0x7f0000001c00)=""/222, 0xde}], 0x5, &(0x7f0000001d80)=""/188, 0xbc}, 0x8}, {{&(0x7f0000001e40)=@ethernet={0x0, @remote}, 0x80, &(0x7f0000002040)=[{&(0x7f0000001ec0)=""/73, 0x49}, {&(0x7f0000001f40)=""/221, 0xdd}], 0x2, &(0x7f0000002080)=""/169, 0xa9}, 0x2}, {{&(0x7f0000002140)=@rc, 0x80, &(0x7f0000004440)=[{&(0x7f00000021c0)=""/193, 0xc1}, {&(0x7f00000022c0)=""/4096, 0x1000}, {&(0x7f00000032c0)=""/116, 0x74}, {&(0x7f0000003340)=""/123, 0x7b}, {&(0x7f00000033c0)}, {&(0x7f0000003400)=""/53, 0x35}, {&(0x7f0000003440)=""/4096, 0x1000}], 0x7, &(0x7f00000044c0)=""/63, 0x3f}, 0xff}, {{0x0, 0x0, &(0x7f0000004640)=[{&(0x7f0000004500)=""/176, 0xb0}, {&(0x7f00000045c0)=""/50, 0x32}, {&(0x7f0000004600)=""/3, 0x3}], 0x3, &(0x7f0000004680)=""/136, 0x88}, 0xfffffffffffffffc}, {{&(0x7f0000004740)=@can, 0x80, &(0x7f0000004880)=[{&(0x7f00000047c0)=""/16, 0x10}, {&(0x7f0000004840)=""/10, 0xa}], 0x2, &(0x7f00000048c0)=""/34, 0x22}, 0x7fffffff}, {{&(0x7f0000004900)=@can, 0x80, &(0x7f0000005a40)=[{&(0x7f0000004980)=""/133, 0x85}, {&(0x7f0000004a40)=""/4096, 0x1000}], 0x2, &(0x7f0000005a80)=""/4096, 0x1000}, 0xb0bc}, {{&(0x7f0000006a80)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}}}, 0x80, &(0x7f0000007c40)=[{&(0x7f0000006b00)=""/96, 0x60}, {&(0x7f0000006b80)=""/117, 0x75}, {&(0x7f0000006c00)=""/4096, 0x1000}, {&(0x7f0000007c00)=""/9, 0x9}], 0x4, &(0x7f0000007c80)=""/4096, 0x1000}, 0x8}], 0x9, 0x1, 0x0) setsockopt$TIPC_MCAST_REPLICAST(r0, 0x10f, 0x86) r1 = socket$rxrpc(0x21, 0x2, 0x2) sendmmsg(r1, &(0x7f0000004800)=[{{&(0x7f0000001480)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @rand_addr="439f2e679613de7737b3186b2e1472c4"}}, 0x80, 0x0}}], 0x1, 0x0) 22:49:10 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500000000000000]}, 0x2c) 22:49:10 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6f6, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:49:10 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0xf203000000000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:10 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0xa00}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:49:10 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600000000000000]}, 0x2c) 22:49:10 executing program 1: r0 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$FUSE_OPEN(r0, &(0x7f0000000000)={0x20, 0x38d76da641cf6188, 0x6, {0x0, 0x5}}, 0x20) setsockopt$inet_sctp_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000500), 0x4) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000001c0)={0x54, 0x0, &(0x7f0000000240)=[@transaction_sg={0x40486311, {{0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}}, @release], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc018620c, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) 22:49:10 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0xf403000000000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:10 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x446, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:10 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6f7, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:49:10 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000]}, 0x2c) 22:49:10 executing program 1: unshare(0x40400) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0xaf01, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32\x00'}, 0x58) r2 = accept$alg(r1, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$9p_fd(0x0, &(0x7f0000000480)='./file0\x00', &(0x7f0000000040)='9p\x00', 0x0, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r2, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can, 0x200056d0, &(0x7f00000000c0)}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x1a9, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) r5 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x100, 0x0) ioctl$sock_netrom_SIOCDELRT(r5, 0x890c, &(0x7f0000000200)={0x1, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={'nr'}, 0x31e7670e, 'syz1\x00', @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x7, 0x8, [@bcast, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @bcast, @bcast, @default]}) ioctl$DRM_IOCTL_AGP_RELEASE(r5, 0x6431) 22:49:10 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0xfa03000000000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:10 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x447, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:10 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000000000]}, 0x2c) 22:49:10 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6f8, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:49:10 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0xe00}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:49:10 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x448, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:10 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0xfc02000000000000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:10 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900000000000000]}, 0x2c) 22:49:10 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6f9, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:49:10 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00000000000000]}, 0x2c) 22:49:11 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x1802}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) [ 2478.028709] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2478.080703] CPU: 0 PID: 26376 Comm: syz-executor.2 Not tainted 5.0.0-rc8+ #89 [ 2478.087997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2478.097351] Call Trace: [ 2478.099957] dump_stack+0x172/0x1f0 [ 2478.103620] dump_header+0x10f/0xb6c [ 2478.107343] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2478.112455] ? ___ratelimit+0x60/0x595 [ 2478.116359] ? do_raw_spin_unlock+0x57/0x270 [ 2478.120835] oom_kill_process.cold+0x10/0x6f5 [ 2478.125347] ? task_will_free_mem+0x139/0x6e0 [ 2478.129862] out_of_memory+0x79a/0x1280 [ 2478.133849] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2478.138962] ? oom_killer_disable+0x280/0x280 [ 2478.143459] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2478.148594] mem_cgroup_out_of_memory+0x99/0xe0 [ 2478.153295] ? memcg_memory_event+0x40/0x40 [ 2478.157627] ? _raw_spin_unlock+0x2d/0x50 [ 2478.157643] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2478.157660] try_charge+0xfec/0x1570 [ 2478.157673] ? find_held_lock+0x35/0x130 [ 2478.157696] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2478.179728] ? kasan_check_read+0x11/0x20 [ 2478.183921] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2478.188813] mem_cgroup_try_charge+0x24d/0x5e0 [ 2478.193436] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2478.193455] wp_page_copy+0x408/0x1740 [ 2478.193484] ? find_held_lock+0x35/0x130 [ 2478.206392] ? pmd_pfn+0x1d0/0x1d0 [ 2478.209973] ? lock_downgrade+0x810/0x810 [ 2478.214130] ? swp_swapcount+0x540/0x540 [ 2478.218203] ? kasan_check_read+0x11/0x20 [ 2478.222367] ? do_raw_spin_unlock+0x57/0x270 [ 2478.226828] do_wp_page+0x2ed/0x1520 [ 2478.230567] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2478.235272] __handle_mm_fault+0x22db/0x3f20 [ 2478.239694] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2478.239710] ? find_held_lock+0x35/0x130 [ 2478.239726] ? handle_mm_fault+0x322/0xb30 [ 2478.239764] ? kasan_check_read+0x11/0x20 [ 2478.239797] handle_mm_fault+0x43f/0xb30 [ 2478.239822] __do_page_fault+0x5da/0xd60 [ 2478.239855] do_page_fault+0x71/0x581 [ 2478.268976] ? page_fault+0x8/0x30 [ 2478.272525] page_fault+0x1e/0x30 [ 2478.275981] RIP: 0033:0x45647b [ 2478.279178] Code: 25 20 06 00 00 b8 f0 2a 41 00 48 89 15 4e 03 60 00 48 85 c0 74 08 4c 89 cf e8 81 c6 fb ff 45 85 f6 0f 85 58 01 00 00 48 85 db <48> c7 05 0a bb 2b 00 00 00 00 00 48 c7 05 ef ba 2b 00 00 00 00 00 [ 2478.298187] RSP: 002b:00007fff02590460 EFLAGS: 00010206 [ 2478.303577] RAX: 0000000000000000 RBX: 00007fff02590460 RCX: 0000000000412b03 [ 2478.310859] RDX: 00000531f503fe3a RSI: 0000000000000018 RDI: 0000000001fbdc20 [ 2478.318134] RBP: 00007fff025904a0 R08: 0000000000000001 R09: 0000000001fbd940 [ 2478.325404] R10: 0000000001fbdc10 R11: 0000000000000202 R12: 0000000000000001 [ 2478.332698] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000002 [ 2478.346488] memory: usage 307200kB, limit 307200kB, failcnt 5577 [ 2478.353238] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2478.360458] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2478.367381] Memory cgroup stats for /syz2: cache:144KB rss:115536KB rss_huge:16384KB shmem:0KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:115688KB inactive_file:16KB active_file:20KB unevictable:0KB [ 2478.389118] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=25516,uid=0 [ 2478.404306] Memory cgroup out of memory: Kill process 25516 (syz-executor.2) score 124 or sacrifice child [ 2478.414486] Killed process 25516 (syz-executor.2) total-vm:72444kB, anon-rss:2204kB, file-rss:35784kB, shmem-rss:0kB [ 2478.453443] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2478.463807] CPU: 0 PID: 7601 Comm: syz-executor.2 Not tainted 5.0.0-rc8+ #89 [ 2478.471003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2478.480358] Call Trace: [ 2478.482955] dump_stack+0x172/0x1f0 [ 2478.486592] dump_header+0x10f/0xb6c [ 2478.490310] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2478.495421] ? ___ratelimit+0x60/0x595 [ 2478.499314] ? do_raw_spin_unlock+0x57/0x270 [ 2478.503759] oom_kill_process.cold+0x10/0x6f5 [ 2478.508268] ? task_will_free_mem+0x139/0x6e0 [ 2478.512778] out_of_memory+0x79a/0x1280 [ 2478.516777] ? oom_killer_disable+0x280/0x280 [ 2478.521291] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2478.526408] mem_cgroup_out_of_memory+0x99/0xe0 [ 2478.531078] ? memcg_memory_event+0x40/0x40 [ 2478.535423] ? _raw_spin_unlock+0x2d/0x50 [ 2478.539571] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2478.544675] try_charge+0xb4a/0x1570 [ 2478.548401] ? find_held_lock+0x35/0x130 [ 2478.552484] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2478.557342] ? kasan_check_read+0x11/0x20 [ 2478.561509] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2478.566356] mem_cgroup_try_charge+0x24d/0x5e0 [ 2478.570943] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2478.575876] wp_page_copy+0x408/0x1740 [ 2478.579760] ? find_held_lock+0x35/0x130 [ 2478.583831] ? pmd_pfn+0x1d0/0x1d0 [ 2478.587371] ? lock_downgrade+0x810/0x810 [ 2478.591540] ? swp_swapcount+0x540/0x540 [ 2478.595650] ? kasan_check_read+0x11/0x20 [ 2478.599806] ? do_raw_spin_unlock+0x57/0x270 [ 2478.604234] do_wp_page+0x2ed/0x1520 [ 2478.607949] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2478.612627] __handle_mm_fault+0x22db/0x3f20 [ 2478.617075] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2478.621922] ? find_held_lock+0x35/0x130 [ 2478.626012] ? handle_mm_fault+0x322/0xb30 [ 2478.630285] ? kasan_check_read+0x11/0x20 [ 2478.634440] handle_mm_fault+0x43f/0xb30 [ 2478.638570] __do_page_fault+0x5da/0xd60 [ 2478.642659] do_page_fault+0x71/0x581 [ 2478.646472] ? page_fault+0x8/0x30 [ 2478.650015] page_fault+0x1e/0x30 [ 2478.653470] RIP: 0033:0x45655a [ 2478.656674] Code: 48 85 db 74 b6 41 bc ca 00 00 00 eb 0c 0f 1f 00 48 8b 5b 08 48 85 db 74 a2 48 8b 3b 48 8b 47 10 48 85 c0 74 05 ff d0 48 8b 3b ff 4f 28 0f 94 c0 84 c0 74 db 8b 47 2c 85 c0 74 d4 45 31 d2 ba [ 2478.675570] RSP: 002b:00007fff02590460 EFLAGS: 00010246 [ 2478.680924] RAX: 0000000000000000 RBX: 00007fff02590460 RCX: 00000000004563fa [ 2478.688185] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000a54fc8 [ 2478.695447] RBP: 00007fff025904a0 R08: 0000000000000001 R09: 0000000001fbd940 22:49:11 executing program 1: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x1802}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:49:11 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0xffffffffa0008000]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:11 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6fa, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:49:11 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x449, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:11 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x2000}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) [ 2478.702724] R10: 0000000001fbdc10 R11: 0000000000000246 R12: 00000000000000ca [ 2478.709991] R13: 0000000000004a43 R14: 0000000000000000 R15: 0000000000000002 22:49:12 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6fb, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:49:12 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x44a, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:12 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x3f00}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:49:12 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6fc, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:49:12 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x44b, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2479.038870] memory: usage 304912kB, limit 307200kB, failcnt 5577 [ 2479.077854] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2479.096952] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2479.105091] Memory cgroup stats for /syz2: cache:144KB rss:113452KB rss_huge:14336KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:113560KB inactive_file:36KB active_file:0KB unevictable:0KB [ 2479.174844] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=8479,uid=0 [ 2479.257035] Memory cgroup out of memory: Kill process 8479 (syz-executor.2) score 124 or sacrifice child [ 2479.268040] Killed process 8479 (syz-executor.2) total-vm:72444kB, anon-rss:2204kB, file-rss:35780kB, shmem-rss:0kB [ 2479.342094] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 2479.354294] CPU: 1 PID: 26396 Comm: syz-executor.0 Not tainted 5.0.0-rc8+ #89 [ 2479.361580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2479.370929] Call Trace: [ 2479.373531] dump_stack+0x172/0x1f0 [ 2479.377178] dump_header+0x10f/0xb6c [ 2479.380899] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2479.386042] ? ___ratelimit+0x60/0x595 [ 2479.389956] ? do_raw_spin_unlock+0x57/0x270 [ 2479.394394] oom_kill_process.cold+0x10/0x6f5 [ 2479.398902] ? task_will_free_mem+0x139/0x6e0 [ 2479.403412] out_of_memory+0x79a/0x1280 [ 2479.407407] ? oom_killer_disable+0x280/0x280 [ 2479.411908] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2479.417033] mem_cgroup_out_of_memory+0x99/0xe0 [ 2479.421711] ? memcg_memory_event+0x40/0x40 [ 2479.426045] ? _raw_spin_unlock+0x2d/0x50 [ 2479.430203] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2479.435314] try_charge+0xfec/0x1570 [ 2479.439036] ? find_held_lock+0x35/0x130 [ 2479.443114] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2479.447979] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2479.452842] ? find_held_lock+0x35/0x130 [ 2479.456941] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2479.461840] memcg_kmem_charge_memcg+0x7c/0x130 [ 2479.466533] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2479.471047] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2479.475899] memcg_kmem_charge+0x13b/0x340 [ 2479.480144] __alloc_pages_nodemask+0x437/0x710 [ 2479.484827] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2479.490051] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2479.494655] ? trace_hardirqs_on+0x67/0x230 [ 2479.498982] ? kasan_check_read+0x11/0x20 [ 2479.503144] copy_process.part.0+0x3e0/0x79a0 [ 2479.507652] ? mark_held_locks+0x100/0x100 [ 2479.511893] ? debug_smp_processor_id+0x1c/0x20 [ 2479.516571] ? perf_trace_lock_acquire+0xf5/0x580 [ 2479.521453] ? __might_fault+0x12b/0x1e0 [ 2479.525551] ? __cleanup_sighand+0x70/0x70 [ 2479.529815] ? lock_downgrade+0x810/0x810 [ 2479.533990] _do_fork+0x257/0xfe0 [ 2479.537455] ? fork_idle+0x1d0/0x1d0 [ 2479.541186] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2479.545959] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2479.550721] ? do_syscall_64+0x26/0x610 [ 2479.554700] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2479.560065] ? do_syscall_64+0x26/0x610 [ 2479.564082] __x64_sys_clone+0xbf/0x150 [ 2479.568064] do_syscall_64+0x103/0x610 [ 2479.571962] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2479.577152] RIP: 0033:0x457e29 [ 2479.580348] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2479.599248] RSP: 002b:00007f028a93ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2479.606958] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 2479.614228] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000100 [ 2479.621962] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 2479.629234] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f028a93b6d4 22:49:12 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb00000000000000]}, 0x2c) 22:49:12 executing program 1: syz_open_dev$video4linux(&(0x7f0000000080)='/dev/v4l-subdev#\x00', 0x0, 0x0) syz_open_dev$sndseq(0x0, 0x0, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) utimensat(r1, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0x100) write(r1, &(0x7f0000000340), 0x10000014c) connect$vsock_stream(0xffffffffffffffff, 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x81}, 0x0, &(0x7f0000000140)={0x4, 0x0, 0x7}, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 22:49:12 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6fd, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) [ 2479.636502] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 2479.664416] memory: usage 307188kB, limit 307200kB, failcnt 6377 [ 2479.678219] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2479.691384] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2479.698796] Memory cgroup stats for /syz0: cache:4832KB rss:113200KB rss_huge:16384KB shmem:160KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:113336KB inactive_file:4KB active_file:0KB unevictable:4780KB [ 2479.732935] net_ratelimit: 26 callbacks suppressed [ 2479.732943] protocol 88fb is buggy, dev hsr_slave_0 [ 2479.733010] protocol 88fb is buggy, dev hsr_slave_1 [ 2479.733107] protocol 88fb is buggy, dev hsr_slave_0 [ 2479.733154] protocol 88fb is buggy, dev hsr_slave_1 [ 2479.738507] protocol 88fb is buggy, dev hsr_slave_0 [ 2479.754359] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15318,uid=0 [ 2479.758664] protocol 88fb is buggy, dev hsr_slave_1 [ 2479.765764] Memory cgroup out of memory: Kill process 15318 (syz-executor.0) score 120 or sacrifice child [ 2479.778590] protocol 88fb is buggy, dev hsr_slave_0 [ 2479.788679] Killed process 15318 (syz-executor.0) total-vm:72564kB, anon-rss:2216kB, file-rss:34816kB, shmem-rss:0kB [ 2479.793445] protocol 88fb is buggy, dev hsr_slave_1 [ 2479.793588] protocol 88fb is buggy, dev hsr_slave_0 [ 2479.808428] protocol 88fb is buggy, dev hsr_slave_0 [ 2479.875803] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 2479.887716] CPU: 1 PID: 26381 Comm: syz-executor.0 Not tainted 5.0.0-rc8+ #89 [ 2479.895003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2479.904363] Call Trace: [ 2479.906991] dump_stack+0x172/0x1f0 [ 2479.910631] dump_header+0x10f/0xb6c [ 2479.914371] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2479.919485] ? ___ratelimit+0x60/0x595 [ 2479.923390] ? do_raw_spin_unlock+0x57/0x270 [ 2479.927816] oom_kill_process.cold+0x10/0x6f5 [ 2479.932323] ? task_will_free_mem+0x139/0x6e0 [ 2479.936840] out_of_memory+0x79a/0x1280 [ 2479.940852] ? oom_killer_disable+0x280/0x280 [ 2479.945350] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2479.950469] mem_cgroup_out_of_memory+0x99/0xe0 [ 2479.955148] ? memcg_memory_event+0x40/0x40 [ 2479.959490] ? _raw_spin_unlock+0x2d/0x50 [ 2479.963640] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2479.968751] try_charge+0xb4a/0x1570 [ 2479.972486] ? find_held_lock+0x35/0x130 [ 2479.976589] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2479.981460] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2479.986312] ? find_held_lock+0x35/0x130 [ 2479.990384] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2479.995250] memcg_kmem_charge_memcg+0x7c/0x130 [ 2479.999929] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2480.004438] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2480.009289] memcg_kmem_charge+0x13b/0x340 [ 2480.013540] __alloc_pages_nodemask+0x437/0x710 [ 2480.018232] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2480.023267] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2480.027855] ? trace_hardirqs_on+0x67/0x230 [ 2480.032185] ? kasan_check_read+0x11/0x20 [ 2480.036352] copy_process.part.0+0x3e0/0x79a0 [ 2480.040859] ? psi_memstall_leave+0x11c/0x180 [ 2480.045362] ? sched_clock+0x2e/0x50 [ 2480.049086] ? psi_memstall_leave+0x12e/0x180 [ 2480.053595] ? find_held_lock+0x35/0x130 [ 2480.057670] ? __lock_acquire+0x53b/0x4700 [ 2480.061928] ? __cleanup_sighand+0x70/0x70 [ 2480.066174] ? mark_held_locks+0x100/0x100 [ 2480.070429] ? perf_trace_lock_acquire+0xf5/0x580 [ 2480.075281] ? rcu_read_lock_sched_held+0x110/0x130 [ 2480.080305] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2480.085861] _do_fork+0x257/0xfe0 [ 2480.089332] ? fork_idle+0x1d0/0x1d0 [ 2480.093074] ? blkcg_maybe_throttle_current+0x5d4/0xfd0 [ 2480.098461] ? lock_downgrade+0x810/0x810 [ 2480.102622] ? blkcg_exit_queue+0x30/0x30 [ 2480.106779] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2480.111558] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2480.116325] ? do_syscall_64+0x26/0x610 [ 2480.120324] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2480.125720] ? do_syscall_64+0x26/0x610 [ 2480.129722] __x64_sys_clone+0xbf/0x150 [ 2480.133712] do_syscall_64+0x103/0x610 [ 2480.137626] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2480.142824] RIP: 0033:0x45a7f9 [ 2480.146018] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2480.164922] RSP: 002b:00007ffc56cc41d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2480.172636] RAX: ffffffffffffffda RBX: 00007f028a91a700 RCX: 000000000045a7f9 [ 2480.179910] RDX: 00007f028a91a9d0 RSI: 00007f028a919db0 RDI: 00000000003d0f00 [ 2480.187175] RBP: 00007ffc56cc43e0 R08: 00007f028a91a700 R09: 00007f028a91a700 [ 2480.194460] R10: 00007f028a91a9d0 R11: 0000000000000202 R12: 0000000000000000 [ 2480.201736] R13: 00007ffc56cc428f R14: 00007f028a91a9c0 R15: 000000000073bfac [ 2480.215351] memory: usage 304868kB, limit 307200kB, failcnt 6377 [ 2480.236237] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2480.251187] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2480.262754] Memory cgroup stats for /syz0: cache:4832KB rss:111096KB rss_huge:14336KB shmem:160KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:111176KB inactive_file:4KB active_file:0KB unevictable:4780KB [ 2480.292401] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15352,uid=0 [ 2480.314853] Memory cgroup out of memory: Kill process 15352 (syz-executor.0) score 120 or sacrifice child [ 2480.326275] Killed process 15352 (syz-executor.0) total-vm:72564kB, anon-rss:2216kB, file-rss:34816kB, shmem-rss:0kB 22:49:13 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x2]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:13 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x44c, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:13 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x4000}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:49:13 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6fe, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:49:13 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc00000000000000]}, 0x2c) [ 2480.580933] syz-executor.3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2480.645314] CPU: 0 PID: 26449 Comm: syz-executor.3 Not tainted 5.0.0-rc8+ #89 [ 2480.652712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2480.662074] Call Trace: [ 2480.664679] dump_stack+0x172/0x1f0 [ 2480.668316] dump_header+0x10f/0xb6c [ 2480.672041] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2480.677166] ? ___ratelimit+0x60/0x595 [ 2480.681071] ? do_raw_spin_unlock+0x57/0x270 [ 2480.685510] oom_kill_process.cold+0x10/0x6f5 [ 2480.690016] ? task_will_free_mem+0x139/0x6e0 [ 2480.694557] out_of_memory+0x79a/0x1280 [ 2480.698545] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2480.703660] ? oom_killer_disable+0x280/0x280 [ 2480.708171] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2480.713304] mem_cgroup_out_of_memory+0x99/0xe0 [ 2480.717981] ? memcg_memory_event+0x40/0x40 [ 2480.722334] ? _raw_spin_unlock+0x2d/0x50 [ 2480.726501] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2480.731650] try_charge+0xfec/0x1570 [ 2480.735417] ? find_held_lock+0x35/0x130 [ 2480.739524] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2480.744376] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2480.749227] ? find_held_lock+0x35/0x130 [ 2480.753295] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2480.758154] memcg_kmem_charge_memcg+0x7c/0x130 [ 2480.762829] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2480.767336] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2480.772235] memcg_kmem_charge+0x13b/0x340 [ 2480.776483] __alloc_pages_nodemask+0x437/0x710 [ 2480.781183] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2480.786209] ? __lock_acquire+0x53b/0x4700 [ 2480.790471] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2480.796016] alloc_pages_current+0x107/0x210 [ 2480.800441] __pmd_alloc+0x41/0x460 [ 2480.804098] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2480.809642] __handle_mm_fault+0x192a/0x3f20 [ 2480.814066] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2480.818917] ? find_held_lock+0x35/0x130 [ 2480.822985] ? handle_mm_fault+0x322/0xb30 [ 2480.827247] ? kasan_check_read+0x11/0x20 [ 2480.831412] handle_mm_fault+0x43f/0xb30 [ 2480.835501] __do_page_fault+0x5da/0xd60 [ 2480.839592] do_page_fault+0x71/0x581 [ 2480.843411] ? page_fault+0x8/0x30 [ 2480.846960] page_fault+0x1e/0x30 [ 2480.850417] RIP: 0033:0x4016a7 [ 2480.853613] Code: 00 00 00 48 83 ec 08 48 8b 15 0d ee 64 00 48 8b 05 fe ed 64 00 48 39 d0 48 8d 8a 00 00 00 01 72 17 48 39 c8 73 12 48 8d 50 04 <89> 38 48 89 15 e0 ed 64 00 48 83 c4 08 c3 48 89 c6 bf d8 74 4c 00 [ 2480.872514] RSP: 002b:00007ffd944df9d0 EFLAGS: 00010287 [ 2480.877880] RAX: 0000001b32b20000 RBX: 0000000000000003 RCX: 0000001b33b20000 [ 2480.885152] RDX: 0000001b32b20004 RSI: 00007ffd944df780 RDI: 0000000000000000 22:49:14 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x4002}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:49:14 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x3]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:14 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x8000, 0x0) ioctl$sock_bt_cmtp_CMTPGETCONNLIST(r1, 0x800443d2, &(0x7f0000000100)={0x2, &(0x7f00000000c0)=[{}, {}]}) r2 = getegid() setfsgid(r2) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) [ 2480.892422] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000004 [ 2480.899707] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000000 [ 2480.906974] R13: 0000000000000001 R14: 0000000000000ff4 R15: 0000000000000003 [ 2480.924903] memory: usage 307200kB, limit 307200kB, failcnt 6386 [ 2480.933094] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2480.940971] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2480.948943] Memory cgroup stats for /syz3: cache:124KB rss:109040KB rss_huge:16384KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:109260KB inactive_file:12KB active_file:0KB unevictable:0KB 22:49:14 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x4]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:14 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0xc}, 0x2c) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x400000000000d, 0x201, 0x4, 0x100000001, 0x2, r0}, 0x1f2) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000180)={r1, &(0x7f00000001c0), 0x0}, 0x18) 22:49:14 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x5000}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) [ 2481.074219] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=19012,uid=0 22:49:14 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x5]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2481.135652] Memory cgroup out of memory: Kill process 19012 (syz-executor.3) score 1113 or sacrifice child [ 2481.163178] Killed process 19012 (syz-executor.3) total-vm:72576kB, anon-rss:2204kB, file-rss:35784kB, shmem-rss:0kB [ 2481.195461] syz-executor.2 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 2481.231040] CPU: 1 PID: 7601 Comm: syz-executor.2 Not tainted 5.0.0-rc8+ #89 [ 2481.238241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2481.247597] Call Trace: [ 2481.250196] dump_stack+0x172/0x1f0 [ 2481.253844] dump_header+0x10f/0xb6c [ 2481.257576] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2481.262696] ? ___ratelimit+0x60/0x595 [ 2481.266605] ? do_raw_spin_unlock+0x57/0x270 [ 2481.271026] oom_kill_process.cold+0x10/0x6f5 [ 2481.275558] ? task_will_free_mem+0x139/0x6e0 [ 2481.280089] out_of_memory+0x79a/0x1280 [ 2481.284098] ? oom_killer_disable+0x280/0x280 [ 2481.288619] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2481.293734] mem_cgroup_out_of_memory+0x99/0xe0 [ 2481.298414] ? memcg_memory_event+0x40/0x40 [ 2481.302751] ? _raw_spin_unlock+0x2d/0x50 [ 2481.306930] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2481.312040] try_charge+0xfec/0x1570 [ 2481.315759] ? find_held_lock+0x35/0x130 [ 2481.319848] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2481.324716] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2481.329571] ? find_held_lock+0x35/0x130 [ 2481.333642] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2481.338505] memcg_kmem_charge_memcg+0x7c/0x130 [ 2481.343190] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2481.347711] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2481.352586] memcg_kmem_charge+0x13b/0x340 [ 2481.356832] __alloc_pages_nodemask+0x437/0x710 [ 2481.361505] ? debug_smp_processor_id+0x1c/0x20 [ 2481.366203] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2481.371236] ? copy_page_range+0x125a/0x1f90 [ 2481.375649] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2481.381219] alloc_pages_current+0x107/0x210 [ 2481.385653] pte_alloc_one+0x1b/0x1a0 [ 2481.389466] __pte_alloc+0x20/0x310 [ 2481.393106] copy_page_range+0x1529/0x1f90 [ 2481.397345] ? mark_held_locks+0x100/0x100 [ 2481.401619] ? pmd_alloc+0x180/0x180 [ 2481.405339] ? __rb_insert_augmented+0x231/0xdf0 [ 2481.410097] ? validate_mm_rb+0xa3/0xc0 [ 2481.414082] ? __vma_link_rb+0x279/0x370 [ 2481.418175] copy_process.part.0+0x56aa/0x79a0 [ 2481.422817] ? __cleanup_sighand+0x70/0x70 [ 2481.427084] _do_fork+0x257/0xfe0 [ 2481.430557] ? fork_idle+0x1d0/0x1d0 [ 2481.434289] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2481.439066] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2481.443828] ? do_syscall_64+0x26/0x610 [ 2481.447820] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2481.453185] ? do_syscall_64+0x26/0x610 [ 2481.457168] __x64_sys_clone+0xbf/0x150 [ 2481.461156] do_syscall_64+0x103/0x610 [ 2481.465057] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2481.470255] RIP: 0033:0x4563fa [ 2481.473454] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 22:49:14 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x80fe}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) [ 2481.492578] RSP: 002b:00007fff02590460 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2481.500288] RAX: ffffffffffffffda RBX: 00007fff02590460 RCX: 00000000004563fa [ 2481.507561] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2481.514834] RBP: 00007fff025904a0 R08: 0000000000000001 R09: 0000000001fbd940 [ 2481.522108] R10: 0000000001fbdc10 R11: 0000000000000246 R12: 0000000000000001 [ 2481.529376] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000002 [ 2481.547225] memory: usage 307188kB, limit 307200kB, failcnt 5616 [ 2481.558037] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2481.566219] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2481.595165] Memory cgroup stats for /syz2: cache:144KB rss:115620KB rss_huge:16384KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:115700KB inactive_file:12KB active_file:0KB unevictable:0KB [ 2481.618928] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=26428,uid=0 [ 2481.673487] Memory cgroup out of memory: Kill process 26428 (syz-executor.2) score 124 or sacrifice child [ 2481.685459] Killed process 26428 (syz-executor.2) total-vm:72576kB, anon-rss:2212kB, file-rss:35784kB, shmem-rss:0kB [ 2481.731408] syz-executor.4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 2481.756033] CPU: 0 PID: 7608 Comm: syz-executor.4 Not tainted 5.0.0-rc8+ #89 [ 2481.763247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2481.772606] Call Trace: [ 2481.775211] dump_stack+0x172/0x1f0 [ 2481.778857] dump_header+0x10f/0xb6c [ 2481.782582] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2481.787701] ? ___ratelimit+0x60/0x595 [ 2481.791599] ? do_raw_spin_unlock+0x57/0x270 [ 2481.796028] oom_kill_process.cold+0x10/0x6f5 [ 2481.800550] ? task_will_free_mem+0x139/0x6e0 [ 2481.805084] out_of_memory+0x79a/0x1280 [ 2481.809093] ? oom_killer_disable+0x280/0x280 [ 2481.813600] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2481.818720] mem_cgroup_out_of_memory+0x99/0xe0 [ 2481.823396] ? memcg_memory_event+0x40/0x40 [ 2481.827732] ? _raw_spin_unlock+0x2d/0x50 [ 2481.831884] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2481.837006] try_charge+0xfec/0x1570 [ 2481.840721] ? find_held_lock+0x35/0x130 [ 2481.844842] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2481.849702] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2481.854549] ? find_held_lock+0x35/0x130 [ 2481.858621] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2481.863483] memcg_kmem_charge_memcg+0x7c/0x130 [ 2481.868159] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2481.872664] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2481.877516] memcg_kmem_charge+0x13b/0x340 [ 2481.881761] __alloc_pages_nodemask+0x437/0x710 [ 2481.886446] ? find_held_lock+0x35/0x130 [ 2481.890518] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2481.895558] ? kasan_check_read+0x11/0x20 [ 2481.899718] ? lock_downgrade+0x810/0x810 [ 2481.903889] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2481.909473] alloc_pages_current+0x107/0x210 [ 2481.913904] pte_alloc_one+0x1b/0x1a0 [ 2481.917714] __pte_alloc+0x20/0x310 [ 2481.921351] copy_page_range+0x1529/0x1f90 [ 2481.925648] ? __lock_is_held+0xb6/0x140 [ 2481.929730] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2481.934769] ? pmd_alloc+0x180/0x180 [ 2481.938518] ? validate_mm_rb+0xa3/0xc0 [ 2481.942507] ? __vma_link_rb+0x279/0x370 [ 2481.946584] copy_process.part.0+0x56aa/0x79a0 [ 2481.951205] ? __cleanup_sighand+0x70/0x70 [ 2481.955468] _do_fork+0x257/0xfe0 [ 2481.958936] ? fork_idle+0x1d0/0x1d0 [ 2481.962674] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2481.967437] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2481.972199] ? do_syscall_64+0x26/0x610 [ 2481.976176] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2481.981540] ? do_syscall_64+0x26/0x610 [ 2481.985524] __x64_sys_clone+0xbf/0x150 [ 2481.989509] do_syscall_64+0x103/0x610 [ 2481.993406] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2481.998605] RIP: 0033:0x4563fa [ 2482.001816] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2482.020718] RSP: 002b:00007ffdc71530f0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2482.020734] RAX: ffffffffffffffda RBX: 00007ffdc71530f0 RCX: 00000000004563fa [ 2482.020743] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2482.020753] RBP: 00007ffdc7153130 R08: 0000000000000001 R09: 000000000189b940 [ 2482.020761] R10: 000000000189bc10 R11: 0000000000000246 R12: 0000000000000001 [ 2482.020770] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000004 [ 2482.038304] memory: usage 307200kB, limit 307200kB, failcnt 4710 [ 2482.057702] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2482.085327] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2482.091663] Memory cgroup stats for /syz4: cache:24KB rss:119032KB rss_huge:28672KB shmem:72KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:119172KB inactive_file:12KB active_file:0KB unevictable:0KB [ 2482.119692] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=5951,uid=0 [ 2482.139205] Memory cgroup out of memory: Kill process 5951 (syz-executor.4) score 1113 or sacrifice child [ 2482.154916] Killed process 5951 (syz-executor.4) total-vm:72444kB, anon-rss:2208kB, file-rss:35788kB, shmem-rss:0kB [ 2482.182676] syz-executor.3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2482.204598] CPU: 0 PID: 26449 Comm: syz-executor.3 Not tainted 5.0.0-rc8+ #89 [ 2482.211920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2482.221271] Call Trace: [ 2482.223878] dump_stack+0x172/0x1f0 [ 2482.227523] dump_header+0x10f/0xb6c [ 2482.231248] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2482.236363] ? ___ratelimit+0x60/0x595 [ 2482.240255] ? do_raw_spin_unlock+0x57/0x270 [ 2482.244683] oom_kill_process.cold+0x10/0x6f5 [ 2482.249194] ? task_will_free_mem+0x139/0x6e0 [ 2482.253706] out_of_memory+0x79a/0x1280 [ 2482.257705] ? oom_killer_disable+0x280/0x280 [ 2482.262212] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2482.267346] mem_cgroup_out_of_memory+0x99/0xe0 [ 2482.272066] ? memcg_memory_event+0x40/0x40 [ 2482.276408] ? _raw_spin_unlock+0x2d/0x50 [ 2482.280561] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2482.285673] try_charge+0xfec/0x1570 [ 2482.289391] ? find_held_lock+0x35/0x130 [ 2482.293484] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2482.298333] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2482.303181] ? find_held_lock+0x35/0x130 [ 2482.307264] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2482.312140] memcg_kmem_charge_memcg+0x7c/0x130 [ 2482.316820] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2482.321326] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2482.326195] memcg_kmem_charge+0x13b/0x340 [ 2482.330448] __alloc_pages_nodemask+0x437/0x710 [ 2482.335158] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2482.340200] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2482.344839] ? trace_hardirqs_on+0x67/0x230 [ 2482.349169] ? kasan_check_read+0x11/0x20 [ 2482.353332] copy_process.part.0+0x3e0/0x79a0 [ 2482.357850] ? psi_memstall_leave+0x11c/0x180 [ 2482.362358] ? sched_clock+0x2e/0x50 [ 2482.366084] ? psi_memstall_leave+0x12e/0x180 [ 2482.370586] ? find_held_lock+0x35/0x130 [ 2482.374662] ? __lock_acquire+0x53b/0x4700 [ 2482.378928] ? __cleanup_sighand+0x70/0x70 [ 2482.383179] ? mark_held_locks+0x100/0x100 [ 2482.387419] ? perf_trace_lock_acquire+0xf5/0x580 [ 2482.392279] ? rcu_read_lock_sched_held+0x110/0x130 [ 2482.397310] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2482.402861] _do_fork+0x257/0xfe0 [ 2482.406334] ? fork_idle+0x1d0/0x1d0 [ 2482.410096] ? blkcg_maybe_throttle_current+0x5d4/0xfd0 [ 2482.415474] ? lock_downgrade+0x810/0x810 [ 2482.419635] ? blkcg_exit_queue+0x30/0x30 [ 2482.423816] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2482.428583] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2482.433359] ? do_syscall_64+0x26/0x610 [ 2482.437347] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2482.442728] ? do_syscall_64+0x26/0x610 [ 2482.446716] __x64_sys_clone+0xbf/0x150 [ 2482.450702] do_syscall_64+0x103/0x610 [ 2482.454599] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2482.459832] RIP: 0033:0x45a7f9 [ 2482.463031] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2482.481938] RSP: 002b:00007ffd944df8a8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2482.489663] RAX: ffffffffffffffda RBX: 00007fed655ac700 RCX: 000000000045a7f9 [ 2482.496932] RDX: 00007fed655ac9d0 RSI: 00007fed655abdb0 RDI: 00000000003d0f00 [ 2482.504199] RBP: 00007ffd944dfab0 R08: 00007fed655ac700 R09: 00007fed655ac700 [ 2482.511472] R10: 00007fed655ac9d0 R11: 0000000000000202 R12: 0000000000000000 [ 2482.518768] R13: 00007ffd944df95f R14: 00007fed655ac9c0 R15: 000000000073bfac [ 2482.555813] memory: usage 307036kB, limit 307200kB, failcnt 6397 [ 2482.564147] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2482.580100] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2482.587947] Memory cgroup stats for /syz3: cache:0KB rss:109204KB rss_huge:16384KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:109224KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2482.616500] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=22987,uid=0 [ 2482.641105] Memory cgroup out of memory: Kill process 22987 (syz-executor.3) score 1113 or sacrifice child [ 2482.658031] Killed process 22987 (syz-executor.3) total-vm:72444kB, anon-rss:2200kB, file-rss:35784kB, shmem-rss:0kB 22:49:15 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x44d, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:15 executing program 1: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x0, 0x1) recvfrom(r0, &(0x7f0000000000)=""/25, 0x19, 0x2000, &(0x7f0000000100)=@ax25={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x6}, [@default, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @bcast, @null]}, 0x80) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x101001, 0x0) ioctl$VIDIOC_G_SELECTION(r1, 0xc040565e, &(0x7f0000000180)={0x8, 0x0, 0x2, {0x7, 0xc3, 0x7fffffff, 0x11d2}}) r2 = socket$kcm(0x10, 0x800000000002, 0x0) sendmsg$kcm(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000200)="2e0000001c00810ee00f80ecdb4cb9f202c804a00800000008000afb120001000e00da1b40d805000600c5000000", 0x2e}], 0x1}, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000240)='trusted.overlay.upper\x00', &(0x7f0000000280)={0x0, 0xfb, 0x9f, 0x6, 0x5, "d80ea5ae39889b065ce0bcf29793b70c", "ecca103ad29c6ebe2c13c892b7a9859de1d9e7ee35c87b18cade85bc2513bf28e3800d5028e1f904bb82afc7a1f3468c40716d0a7f85bd5e120dca8fe0fa10c29e2ae283909b4fd1669574a41cdcded82019b644e80cd01c539350862a9a3b934cec17c6af97c520941441f1be33db6ce778588d508948229bbc462d76cccbd5dfad3695906563ce02eb"}, 0x9f, 0x2) 22:49:15 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x6]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2482.728201] syz-executor.2 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 2482.740804] CPU: 1 PID: 26501 Comm: syz-executor.2 Not tainted 5.0.0-rc8+ #89 [ 2482.748090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2482.748097] Call Trace: [ 2482.748121] dump_stack+0x172/0x1f0 [ 2482.748146] dump_header+0x10f/0xb6c [ 2482.748163] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2482.748179] ? ___ratelimit+0x60/0x595 [ 2482.748196] ? do_raw_spin_unlock+0x57/0x270 [ 2482.748219] oom_kill_process.cold+0x10/0x6f5 [ 2482.748242] ? task_will_free_mem+0x139/0x6e0 [ 2482.748266] out_of_memory+0x79a/0x1280 [ 2482.767513] ? oom_killer_disable+0x280/0x280 [ 2482.767531] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2482.767568] mem_cgroup_out_of_memory+0x99/0xe0 [ 2482.767585] ? memcg_memory_event+0x40/0x40 [ 2482.812522] ? _raw_spin_unlock+0x2d/0x50 [ 2482.816690] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2482.821828] try_charge+0xfec/0x1570 [ 2482.825556] ? find_held_lock+0x35/0x130 [ 2482.829638] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2482.834507] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2482.839392] ? find_held_lock+0x35/0x130 [ 2482.843465] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2482.848331] memcg_kmem_charge_memcg+0x7c/0x130 [ 2482.853012] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2482.857521] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2482.862385] memcg_kmem_charge+0x13b/0x340 [ 2482.866631] __alloc_pages_nodemask+0x437/0x710 [ 2482.871316] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2482.876349] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2482.880942] ? trace_hardirqs_on+0x67/0x230 [ 2482.885269] ? kasan_check_read+0x11/0x20 [ 2482.889430] copy_process.part.0+0x3e0/0x79a0 [ 2482.893941] ? mark_held_locks+0x100/0x100 [ 2482.898187] ? debug_smp_processor_id+0x1c/0x20 [ 2482.902862] ? perf_trace_lock_acquire+0xf5/0x580 [ 2482.907719] ? __might_fault+0x12b/0x1e0 [ 2482.911809] ? __cleanup_sighand+0x70/0x70 [ 2482.916070] ? lock_downgrade+0x810/0x810 [ 2482.920266] _do_fork+0x257/0xfe0 [ 2482.923735] ? fork_idle+0x1d0/0x1d0 [ 2482.927467] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2482.932237] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2482.936991] ? do_syscall_64+0x26/0x610 [ 2482.940967] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2482.946332] ? do_syscall_64+0x26/0x610 [ 2482.950322] __x64_sys_clone+0xbf/0x150 [ 2482.954313] do_syscall_64+0x103/0x610 [ 2482.958208] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2482.963395] RIP: 0033:0x457e29 [ 2482.966606] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2482.985510] RSP: 002b:00007fca941fec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2482.993251] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 2483.000524] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000100 [ 2483.007825] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 2483.015102] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fca941ff6d4 [ 2483.022398] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 2483.032361] memory: usage 307100kB, limit 307200kB, failcnt 5626 [ 2483.039234] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2483.059793] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2483.078494] Memory cgroup stats for /syz2: cache:144KB rss:115572KB rss_huge:16384KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:115688KB inactive_file:4KB active_file:4KB unevictable:0KB [ 2483.123464] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=26500,uid=0 [ 2483.139935] Memory cgroup out of memory: Kill process 26500 (syz-executor.2) score 124 or sacrifice child [ 2483.151202] Killed process 26500 (syz-executor.2) total-vm:72576kB, anon-rss:2212kB, file-rss:35788kB, shmem-rss:0kB 22:49:16 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc03000000000000]}, 0x2c) 22:49:16 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0xc0fe}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:49:16 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x6ff, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:49:16 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x7]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:16 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000100)='\x00\x00\x00\x00\x00\x00\xea\xf3|\x00\x00') ioctl$FICLONE(r0, 0x40049409, r0) r1 = openat$dlm_plock(0xffffffffffffff9c, 0x0, 0x101040, 0x0) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000740)='/dev/fuse\x00', 0x2, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)=0x9) geteuid() sendmsg$nl_generic(r1, 0x0, 0x8010) r3 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000240)={0x0, 0x70, 0x2, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0xfffffffffffffcd1, 0x800, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x6, 0x6, 0x0, 0x0, 0x5, 0x0, 0x4, 0xee, 0x0, 0xffffffffffffffff, 0xe, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7}, 0x1, 0x5, 0xfffffffffffffffb, 0x6, 0x4, 0x9, 0x7f}, 0x0, 0x7, r3, 0x8) mkdir(&(0x7f00000009c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) ioctl$INOTIFY_IOC_SETNEXTWD(r1, 0x40044900, 0x0) bpf$BPF_PROG_DETACH(0x9, 0x0, 0x0) ioctl$RTC_VL_READ(r0, 0x80047013, &(0x7f0000000000)) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="5d55a0a5f4928fc55c3c3440c1975d14ca39c86b4c3b82ab4dac5b083a71b37ad5ec1fab03de8bdbd51ffc93dc9dd4", @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000030000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c6d9d8a7c02e9ad899b61785f726561643d30783030303030263030352c0000000000000000"]) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r1, 0x40a85323, &(0x7f0000000340)={{0x4, 0x6}, 'port0\x00', 0x1, 0x80008, 0x200, 0x9, 0x1, 0x9, 0xae8d, 0x0, 0x7, 0x1}) umount2(&(0x7f00000004c0)='./file0\x00', 0x3) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) lsetxattr$security_capability(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)='security.capability\x00', 0x0, 0x0, 0x0) preadv(r0, 0x0, 0x0, 0x0) 22:49:16 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x44e, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2483.175358] oom_reaper: reaped process 26500 (syz-executor.2), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB 22:49:16 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x8]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:16 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x44f, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:16 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd00000000000000]}, 0x2c) 22:49:16 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x9]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:16 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x700, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:49:16 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x450, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:16 executing program 1: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) statfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=""/198) 22:49:16 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0xe803}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:49:16 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe00000000000000]}, 0x2c) 22:49:16 executing program 1: r0 = semget$private(0x0, 0x20000000105, 0x0) semop(r0, &(0x7f0000000080)=[{0x0, 0xffffffff}], 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000900)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000480)='/proc/self/net/pfkey\x00', 0x8000, 0x0) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000500)='IPVS\x00') sendmsg$IPVS_CMD_NEW_DAEMON(r2, &(0x7f0000000680)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000640)={&(0x7f0000000540)={0xe0, r3, 0x1, 0x70bd27, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_DAEMON={0x40, 0x3, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0xd0}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x81}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0xef}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x2}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'erspan0\x00'}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x80}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x9}, @IPVS_CMD_ATTR_DAEMON={0x28, 0x3, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x5}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @multicast2}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth1_to_bridge\x00'}]}, @IPVS_CMD_ATTR_DEST={0x28, 0x2, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@remote}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x4}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8}]}, @IPVS_CMD_ATTR_DEST={0x1c, 0x2, [@IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x6}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x2e2}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xffff}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}]}, 0xe0}, 0x1, 0x0, 0x0, 0x8801}, 0x800) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r4 = getuid() getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0, 0x0}, &(0x7f00000000c0)=0xc) r6 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x1, 0x0) recvmsg$kcm(0xffffffffffffff9c, &(0x7f0000000400)={&(0x7f0000000140)=@hci={0x1f, 0x0}, 0x80, &(0x7f0000000340)=[{&(0x7f00000001c0)=""/135, 0x87}, {&(0x7f0000000280)=""/130, 0x82}], 0x2, &(0x7f0000000380)=""/106, 0x6a}, 0x20) ioctl$sock_inet6_SIOCSIFDSTADDR(r6, 0x8918, &(0x7f0000000440)={@dev={0xfe, 0x80, [], 0x21}, 0x2b, r7}) fchown(r1, r4, r5) semop(r0, &(0x7f0000000100)=[{0x0, 0x7}], 0x1) semget(0x1, 0x3, 0x488) [ 2483.745247] syz-executor.4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 22:49:16 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0xa]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:16 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf00000000000000]}, 0x2c) 22:49:17 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x451, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:17 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0xf401}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) [ 2483.878623] CPU: 1 PID: 26566 Comm: syz-executor.4 Not tainted 5.0.0-rc8+ #89 [ 2483.885964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2483.895328] Call Trace: [ 2483.897923] dump_stack+0x172/0x1f0 [ 2483.901567] dump_header+0x10f/0xb6c [ 2483.905290] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2483.910416] ? ___ratelimit+0x60/0x595 [ 2483.914308] ? do_raw_spin_unlock+0x57/0x270 [ 2483.918730] oom_kill_process.cold+0x10/0x6f5 [ 2483.923242] ? task_will_free_mem+0x139/0x6e0 [ 2483.927765] out_of_memory+0x79a/0x1280 [ 2483.931759] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2483.936885] ? oom_killer_disable+0x280/0x280 [ 2483.941385] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2483.946511] mem_cgroup_out_of_memory+0x99/0xe0 [ 2483.951197] ? memcg_memory_event+0x40/0x40 [ 2483.955534] ? _raw_spin_unlock+0x2d/0x50 [ 2483.959705] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2483.964826] try_charge+0xfec/0x1570 [ 2483.968552] ? find_held_lock+0x35/0x130 [ 2483.972628] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2483.977525] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2483.982421] ? find_held_lock+0x35/0x130 [ 2483.986490] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2483.991361] memcg_kmem_charge_memcg+0x7c/0x130 [ 2483.996077] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2484.000620] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2484.005478] memcg_kmem_charge+0x13b/0x340 [ 2484.009719] __alloc_pages_nodemask+0x437/0x710 [ 2484.014398] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2484.019434] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2484.024035] ? trace_hardirqs_on+0x67/0x230 [ 2484.028387] copy_process.part.0+0x3e0/0x79a0 [ 2484.032890] ? psi_memstall_leave+0x11c/0x180 [ 2484.037398] ? sched_clock+0x2e/0x50 [ 2484.041118] ? psi_memstall_leave+0x12e/0x180 [ 2484.045618] ? find_held_lock+0x35/0x130 [ 2484.049694] ? __lock_acquire+0x53b/0x4700 [ 2484.053947] ? __cleanup_sighand+0x70/0x70 [ 2484.058196] ? mark_held_locks+0x100/0x100 [ 2484.062440] ? perf_trace_lock_acquire+0xf5/0x580 [ 2484.067286] ? rcu_read_lock_sched_held+0x110/0x130 [ 2484.072358] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2484.077913] _do_fork+0x257/0xfe0 [ 2484.081415] ? fork_idle+0x1d0/0x1d0 [ 2484.085137] ? blkcg_maybe_throttle_current+0x5d4/0xfd0 [ 2484.090506] ? lock_downgrade+0x810/0x810 [ 2484.094661] ? blkcg_exit_queue+0x30/0x30 [ 2484.098822] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2484.103586] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2484.108345] ? do_syscall_64+0x26/0x610 [ 2484.112327] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2484.117693] ? do_syscall_64+0x26/0x610 [ 2484.121683] __x64_sys_clone+0xbf/0x150 [ 2484.125667] do_syscall_64+0x103/0x610 [ 2484.129600] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2484.134796] RIP: 0033:0x45a7f9 [ 2484.137991] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2484.156890] RSP: 002b:00007ffdc7152e68 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2484.164611] RAX: ffffffffffffffda RBX: 00007f753d5f6700 RCX: 000000000045a7f9 [ 2484.171879] RDX: 00007f753d5f69d0 RSI: 00007f753d5f5db0 RDI: 00000000003d0f00 22:49:17 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000]}, 0x2c) [ 2484.179164] RBP: 00007ffdc7153070 R08: 00007f753d5f6700 R09: 00007f753d5f6700 [ 2484.186438] R10: 00007f753d5f69d0 R11: 0000000000000202 R12: 0000000000000000 [ 2484.193708] R13: 00007ffdc7152f1f R14: 00007f753d5f69c0 R15: 000000000073bfac 22:49:17 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0xb]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2484.349101] memory: usage 307172kB, limit 307200kB, failcnt 4733 [ 2484.355424] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2484.398650] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2484.416733] Memory cgroup stats for /syz4: cache:24KB rss:119148KB rss_huge:28672KB shmem:72KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:119168KB inactive_file:0KB active_file:4KB unevictable:0KB [ 2484.466379] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=7960,uid=0 [ 2484.486328] Memory cgroup out of memory: Kill process 7960 (syz-executor.4) score 1113 or sacrifice child [ 2484.497764] Killed process 7960 (syz-executor.4) total-vm:72444kB, anon-rss:2208kB, file-rss:35788kB, shmem-rss:0kB [ 2484.545819] syz-executor.4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2484.558795] CPU: 1 PID: 26572 Comm: syz-executor.4 Not tainted 5.0.0-rc8+ #89 [ 2484.566077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2484.575458] Call Trace: [ 2484.578055] dump_stack+0x172/0x1f0 [ 2484.581699] dump_header+0x10f/0xb6c [ 2484.585634] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2484.590744] ? ___ratelimit+0x60/0x595 [ 2484.594649] ? do_raw_spin_unlock+0x57/0x270 [ 2484.599100] oom_kill_process.cold+0x10/0x6f5 [ 2484.603620] ? task_will_free_mem+0x139/0x6e0 [ 2484.608143] out_of_memory+0x79a/0x1280 [ 2484.612134] ? oom_killer_disable+0x280/0x280 [ 2484.616634] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2484.622221] mem_cgroup_out_of_memory+0x99/0xe0 [ 2484.626901] ? memcg_memory_event+0x40/0x40 [ 2484.631238] ? _raw_spin_unlock+0x2d/0x50 [ 2484.635390] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2484.640501] try_charge+0xb4a/0x1570 [ 2484.644239] ? find_held_lock+0x35/0x130 [ 2484.648330] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2484.653179] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2484.658028] ? find_held_lock+0x35/0x130 [ 2484.662128] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2484.666994] memcg_kmem_charge_memcg+0x7c/0x130 [ 2484.671667] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2484.676188] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2484.681069] memcg_kmem_charge+0x13b/0x340 [ 2484.685403] __alloc_pages_nodemask+0x437/0x710 [ 2484.690086] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2484.695113] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2484.699701] ? trace_hardirqs_on+0x67/0x230 [ 2484.704046] copy_process.part.0+0x3e0/0x79a0 [ 2484.708570] ? mark_held_locks+0x100/0x100 [ 2484.712816] ? debug_smp_processor_id+0x1c/0x20 [ 2484.717513] ? perf_trace_lock_acquire+0xf5/0x580 [ 2484.722368] ? __might_fault+0x12b/0x1e0 [ 2484.726443] ? __cleanup_sighand+0x70/0x70 [ 2484.730684] ? lock_downgrade+0x810/0x810 [ 2484.734855] _do_fork+0x257/0xfe0 [ 2484.738323] ? fork_idle+0x1d0/0x1d0 [ 2484.742058] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2484.746819] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2484.751593] ? do_syscall_64+0x26/0x610 [ 2484.755570] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2484.760934] ? do_syscall_64+0x26/0x610 [ 2484.764915] __x64_sys_clone+0xbf/0x150 [ 2484.768901] do_syscall_64+0x103/0x610 [ 2484.772816] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2484.778024] RIP: 0033:0x457e29 [ 2484.781237] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2484.800151] RSP: 002b:00007f753d616c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2484.807859] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 2484.815130] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000100 [ 2484.822399] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 2484.829669] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f753d6176d4 [ 2484.836939] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff 22:49:18 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x701, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:49:18 executing program 1: r0 = socket$kcm(0x10, 0x800000000002, 0x0) recvmsg$kcm(r0, &(0x7f0000003e40)={0x0, 0x0, &(0x7f0000001880)=[{&(0x7f0000001700)=""/135, 0x87}, {&(0x7f00000017c0)=""/148, 0x94}, {&(0x7f0000002b40)=""/4096, 0x1000}, {&(0x7f0000003b40)=""/165, 0xa5}, {&(0x7f0000003c00)=""/135, 0x87}, {&(0x7f0000003cc0)=""/152, 0x98}], 0x6}, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000000c0)="2e000000120081aee4050cecff0e00fa048b5bdb4cb904e473730e55cff26d1b0e001d80fffffff05e510befccd7", 0x2e}], 0x1}, 0x0) lremovexattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=ANY=[@ANYBLOB="75f3b9bade181cff275bab1b3a7365722e76626f784365743026245c0000000003"]) 22:49:18 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x452, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:18 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1100000000000000]}, 0x2c) 22:49:18 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0xfc00}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) [ 2484.849015] memory: usage 304936kB, limit 307200kB, failcnt 4733 [ 2484.855655] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2484.863512] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2484.870389] Memory cgroup stats for /syz4: cache:24KB rss:117028KB rss_huge:26624KB shmem:72KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:117024KB inactive_file:0KB active_file:4KB unevictable:0KB 22:49:18 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1200000000000000]}, 0x2c) [ 2484.925012] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8133,uid=0 [ 2484.952000] Memory cgroup out of memory: Kill process 8133 (syz-executor.4) score 1113 or sacrifice child [ 2485.010348] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 2485.018236] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 2485.039855] Killed process 8133 (syz-executor.4) total-vm:72444kB, anon-rss:2208kB, file-rss:35788kB, shmem-rss:0kB 22:49:18 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x453, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2485.069455] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 2485.096266] netlink: 'syz-executor.1': attribute type 29 has an invalid length. 22:49:18 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1300000000000000]}, 0x2c) 22:49:18 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0xfe80}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) [ 2485.170407] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 2485.189573] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2485.240247] CPU: 1 PID: 26630 Comm: syz-executor.0 Not tainted 5.0.0-rc8+ #89 [ 2485.247540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2485.256899] Call Trace: [ 2485.259494] dump_stack+0x172/0x1f0 [ 2485.263153] dump_header+0x10f/0xb6c [ 2485.266880] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2485.272107] ? ___ratelimit+0x60/0x595 [ 2485.276000] ? do_raw_spin_unlock+0x57/0x270 [ 2485.280425] oom_kill_process.cold+0x10/0x6f5 [ 2485.284946] ? task_will_free_mem+0x139/0x6e0 [ 2485.289462] out_of_memory+0x79a/0x1280 [ 2485.293467] ? oom_killer_disable+0x280/0x280 [ 2485.297987] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2485.303109] mem_cgroup_out_of_memory+0x99/0xe0 [ 2485.307779] ? memcg_memory_event+0x40/0x40 [ 2485.312123] ? _raw_spin_unlock+0x2d/0x50 [ 2485.316278] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2485.321387] try_charge+0xfec/0x1570 [ 2485.325105] ? find_held_lock+0x35/0x130 [ 2485.329180] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2485.334037] ? kasan_check_read+0x11/0x20 [ 2485.338196] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2485.343048] mem_cgroup_try_charge+0x24d/0x5e0 [ 2485.347765] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2485.352715] wp_page_copy+0x408/0x1740 [ 2485.356663] ? find_held_lock+0x35/0x130 [ 2485.360733] ? pmd_pfn+0x1d0/0x1d0 [ 2485.364364] ? lock_downgrade+0x810/0x810 [ 2485.368519] ? swp_swapcount+0x540/0x540 [ 2485.372594] ? kasan_check_read+0x11/0x20 [ 2485.376750] ? do_raw_spin_unlock+0x57/0x270 [ 2485.381175] do_wp_page+0x2ed/0x1520 [ 2485.384899] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2485.389603] __handle_mm_fault+0x22db/0x3f20 [ 2485.394115] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2485.398957] ? find_held_lock+0x35/0x130 [ 2485.403026] ? handle_mm_fault+0x322/0xb30 [ 2485.407281] ? kasan_check_read+0x11/0x20 [ 2485.411442] handle_mm_fault+0x43f/0xb30 [ 2485.415529] __do_page_fault+0x5da/0xd60 [ 2485.419609] do_page_fault+0x71/0x581 [ 2485.423413] ? page_fault+0x8/0x30 [ 2485.426986] page_fault+0x1e/0x30 [ 2485.430457] RIP: 0033:0x40e1d6 [ 2485.433664] Code: 23 64 00 49 8b 89 c8 02 00 00 49 8b 91 c0 02 00 00 48 89 4a 08 49 8b 89 c8 02 00 00 48 89 11 48 c7 05 da 22 64 00 00 00 00 00 <48> c7 05 b7 2c 30 00 90 0e 71 00 31 d2 48 c7 05 a2 2c 30 00 90 0e [ 2485.452564] RSP: 002b:00007ffc56cc4458 EFLAGS: 00010246 [ 2485.457929] RAX: 0000000002148c00 RBX: 00007ffc56cc4460 RCX: 0000000000a504a0 [ 2485.465201] RDX: 0000000000a504a0 RSI: 0000000000710e90 RDI: 0000000002148c20 [ 2485.472503] RBP: 00007ffc56cc44a0 R08: 0000000000000001 R09: 0000000002148940 [ 2485.480382] R10: 0000000002148c10 R11: 0000000000000202 R12: 0000000000000001 22:49:18 executing program 1: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0xfc00}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) [ 2485.487875] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 22:49:18 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1400000000000000]}, 0x2c) [ 2485.548874] memory: usage 307200kB, limit 307200kB, failcnt 6427 [ 2485.613106] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2485.655737] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2485.663756] Memory cgroup stats for /syz0: cache:4832KB rss:111656KB rss_huge:14336KB shmem:160KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:111900KB inactive_file:8KB active_file:0KB unevictable:4780KB [ 2485.744561] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=26463,uid=0 [ 2485.767859] Memory cgroup out of memory: Kill process 26463 (syz-executor.0) score 124 or sacrifice child [ 2485.778307] Killed process 26463 (syz-executor.0) total-vm:72576kB, anon-rss:2216kB, file-rss:35784kB, shmem-rss:0kB [ 2485.860386] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2485.878113] CPU: 0 PID: 7595 Comm: syz-executor.0 Not tainted 5.0.0-rc8+ #89 [ 2485.885311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2485.894662] Call Trace: [ 2485.897271] dump_stack+0x172/0x1f0 [ 2485.900931] dump_header+0x10f/0xb6c [ 2485.904650] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2485.909759] ? ___ratelimit+0x60/0x595 [ 2485.913662] ? do_raw_spin_unlock+0x57/0x270 [ 2485.918083] oom_kill_process.cold+0x10/0x6f5 [ 2485.922590] ? task_will_free_mem+0x139/0x6e0 [ 2485.927100] out_of_memory+0x79a/0x1280 [ 2485.931098] ? oom_killer_disable+0x280/0x280 [ 2485.935604] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2485.940732] mem_cgroup_out_of_memory+0x99/0xe0 [ 2485.945415] ? memcg_memory_event+0x40/0x40 [ 2485.949754] ? _raw_spin_unlock+0x2d/0x50 [ 2485.953915] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2485.959025] try_charge+0xb4a/0x1570 [ 2485.962746] ? find_held_lock+0x35/0x130 [ 2485.966830] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2485.971683] ? kasan_check_read+0x11/0x20 [ 2485.975875] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2485.980734] mem_cgroup_try_charge+0x24d/0x5e0 [ 2485.985340] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2485.990286] wp_page_copy+0x408/0x1740 [ 2485.994195] ? find_held_lock+0x35/0x130 [ 2485.998318] ? pmd_pfn+0x1d0/0x1d0 [ 2486.001880] ? lock_downgrade+0x810/0x810 [ 2486.006037] ? swp_swapcount+0x540/0x540 [ 2486.010115] ? kasan_check_read+0x11/0x20 [ 2486.014271] ? do_raw_spin_unlock+0x57/0x270 [ 2486.018690] do_wp_page+0x2ed/0x1520 [ 2486.022418] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2486.027107] __handle_mm_fault+0x22db/0x3f20 [ 2486.031527] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2486.036370] ? find_held_lock+0x35/0x130 [ 2486.040459] ? handle_mm_fault+0x322/0xb30 [ 2486.044754] ? kasan_check_read+0x11/0x20 [ 2486.048918] handle_mm_fault+0x43f/0xb30 [ 2486.052997] __do_page_fault+0x5da/0xd60 [ 2486.057081] do_page_fault+0x71/0x581 [ 2486.060887] ? page_fault+0x8/0x30 [ 2486.064434] page_fault+0x1e/0x30 [ 2486.067891] RIP: 0033:0x45655a [ 2486.071092] Code: 48 85 db 74 b6 41 bc ca 00 00 00 eb 0c 0f 1f 00 48 8b 5b 08 48 85 db 74 a2 48 8b 3b 48 8b 47 10 48 85 c0 74 05 ff d0 48 8b 3b ff 4f 28 0f 94 c0 84 c0 74 db 8b 47 2c 85 c0 74 d4 45 31 d2 ba [ 2486.089994] RSP: 002b:00007ffc56cc4460 EFLAGS: 00010246 [ 2486.095352] RAX: 0000000000000000 RBX: 00007ffc56cc4460 RCX: 00000000004563fa [ 2486.102632] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000a54fc8 [ 2486.109901] RBP: 00007ffc56cc44a0 R08: 0000000000000001 R09: 0000000002148940 [ 2486.117169] R10: 0000000002148c10 R11: 0000000000000246 R12: 00000000000000ca [ 2486.124442] R13: 00000000000046fb R14: 0000000000000000 R15: 0000000000000000 [ 2486.145701] memory: usage 305008kB, limit 307200kB, failcnt 6427 [ 2486.154169] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2486.170881] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2486.177902] Memory cgroup stats for /syz0: cache:4832KB rss:109624KB rss_huge:12288KB shmem:160KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:109800KB inactive_file:8KB active_file:0KB unevictable:4780KB [ 2486.207272] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=19572,uid=0 [ 2486.208457] net_ratelimit: 26 callbacks suppressed [ 2486.208465] protocol 88fb is buggy, dev hsr_slave_0 [ 2486.231462] Memory cgroup out of memory: Kill process 19572 (syz-executor.0) score 120 or sacrifice child [ 2486.231965] protocol 88fb is buggy, dev hsr_slave_1 [ 2486.246746] protocol 88fb is buggy, dev hsr_slave_0 [ 2486.248871] Killed process 19572 (syz-executor.0) total-vm:72576kB, anon-rss:2216kB, file-rss:34816kB, shmem-rss:0kB [ 2486.251896] protocol 88fb is buggy, dev hsr_slave_1 [ 2486.267660] protocol 88fb is buggy, dev hsr_slave_0 [ 2486.272773] protocol 88fb is buggy, dev hsr_slave_1 [ 2486.281687] oom_reaper: reaped process 19572 (syz-executor.0), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB [ 2486.285827] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2486.292275] protocol 88fb is buggy, dev hsr_slave_0 [ 2486.292335] protocol 88fb is buggy, dev hsr_slave_1 [ 2486.292488] protocol 88fb is buggy, dev hsr_slave_0 [ 2486.292526] protocol 88fb is buggy, dev hsr_slave_1 [ 2486.333168] CPU: 0 PID: 26685 Comm: syz-executor.2 Not tainted 5.0.0-rc8+ #89 [ 2486.340456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2486.349818] Call Trace: [ 2486.352415] dump_stack+0x172/0x1f0 [ 2486.356059] dump_header+0x10f/0xb6c [ 2486.359821] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2486.364964] ? ___ratelimit+0x60/0x595 [ 2486.368865] ? do_raw_spin_unlock+0x57/0x270 [ 2486.373282] oom_kill_process.cold+0x10/0x6f5 [ 2486.377802] ? task_will_free_mem+0x139/0x6e0 [ 2486.382320] out_of_memory+0x79a/0x1280 [ 2486.386315] ? oom_killer_disable+0x280/0x280 [ 2486.390853] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2486.395976] mem_cgroup_out_of_memory+0x99/0xe0 [ 2486.400654] ? memcg_memory_event+0x40/0x40 [ 2486.404995] ? _raw_spin_unlock+0x2d/0x50 [ 2486.409150] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2486.414257] try_charge+0xfec/0x1570 [ 2486.417981] ? find_held_lock+0x35/0x130 [ 2486.422063] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2486.426919] ? kasan_check_read+0x11/0x20 [ 2486.431096] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2486.435992] mem_cgroup_try_charge+0x24d/0x5e0 [ 2486.440613] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2486.445544] wp_page_copy+0x408/0x1740 [ 2486.449427] ? find_held_lock+0x35/0x130 [ 2486.453509] ? pmd_pfn+0x1d0/0x1d0 [ 2486.457059] ? lock_downgrade+0x810/0x810 [ 2486.461205] ? __pte_alloc_kernel+0x220/0x220 [ 2486.465701] ? kasan_check_read+0x11/0x20 [ 2486.469867] ? do_raw_spin_unlock+0x57/0x270 [ 2486.474286] do_wp_page+0x2ed/0x1520 [ 2486.478007] ? rwlock_bug.part.0+0x90/0x90 [ 2486.482244] ? lock_acquire+0x16f/0x3f0 [ 2486.486470] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2486.491141] ? add_mm_counter_fast.part.0+0x40/0x40 [ 2486.496174] __handle_mm_fault+0x22db/0x3f20 [ 2486.500596] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2486.505440] ? find_held_lock+0x35/0x130 [ 2486.509507] ? handle_mm_fault+0x322/0xb30 [ 2486.513763] ? kasan_check_read+0x11/0x20 [ 2486.517930] handle_mm_fault+0x43f/0xb30 [ 2486.522058] __do_page_fault+0x5da/0xd60 [ 2486.526200] do_page_fault+0x71/0x581 [ 2486.530034] ? page_fault+0x8/0x30 [ 2486.533586] page_fault+0x1e/0x30 [ 2486.537040] RIP: 0033:0x40d1e8 [ 2486.540247] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf bf d4 4b 00 31 c0 e8 43 47 ff ff 31 ff e8 8c 43 ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d 7e 32 64 00 [ 2486.559145] RSP: 002b:00007fff02590240 EFLAGS: 00010246 [ 2486.564504] RAX: 0000000041887ee3 RBX: 000000006365b930 RCX: 0000001b2fb20000 [ 2486.571771] RDX: 0000000000000000 RSI: 0000000000001ee3 RDI: ffffffff41887ee3 [ 2486.579058] RBP: 0000000000000001 R08: 0000000041887ee3 R09: 0000000041887ee7 [ 2486.586340] R10: 00007fff025903d0 R11: 0000000000000246 R12: 000000000073bf88 [ 2486.593609] R13: 0000000080000000 R14: 00007fca96221008 R15: 0000000000000001 [ 2486.625217] memory: usage 307200kB, limit 307200kB, failcnt 5663 [ 2486.640319] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2486.647736] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 22:49:19 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0xc]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:19 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x702, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:49:19 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x454, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:19 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0xfec0}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:49:19 executing program 1: sendto$inet6(0xffffffffffffffff, &(0x7f0000e33fe0)='X', 0x1, 0x0, 0x0, 0x0) mremap(&(0x7f0000e6b000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) madvise(&(0x7f00000d9000/0x600000)=nil, 0x600000, 0x8) openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video0\x00', 0x2, 0x0) [ 2486.662329] Memory cgroup stats for /syz2: cache:12KB rss:114308KB rss_huge:14336KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:114388KB inactive_file:0KB active_file:8KB unevictable:0KB [ 2486.691508] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=26441,uid=0 [ 2486.726023] Memory cgroup out of memory: Kill process 26441 (syz-executor.2) score 124 or sacrifice child [ 2486.751530] Killed process 26441 (syz-executor.2) total-vm:72576kB, anon-rss:2212kB, file-rss:35784kB, shmem-rss:0kB 22:49:20 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x703, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:49:20 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0xd]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:20 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1500000000000000]}, 0x2c) 22:49:20 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0xff00}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:49:20 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x455, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:20 executing program 1: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0xfec0}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:49:20 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0xe]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:20 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x704, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:49:20 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1800000000000000]}, 0x2c) 22:49:20 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0xff0f}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:49:20 executing program 1: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x10, 0x4, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x44}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x3, 0x40000}, 0x48) fcntl$getownex(r0, 0x10, &(0x7f0000000180)={0x0, 0x0}) perf_event_open(&(0x7f0000000100)={0x0, 0xffffffffffffff35, 0x9, 0x2, 0x4, 0xfffb, 0x0, 0x80000, 0x2000, 0x6, 0x54a64809, 0x9, 0x9, 0x4, 0x4, 0x5, 0x8, 0x0, 0x7cb, 0x10001, 0x1f, 0x68d7, 0x5a, 0x200, 0x8c49, 0x4, 0x40000, 0x3, 0x2, 0x4, 0xa1, 0xcb, 0x0, 0x101, 0x4, 0x0, 0xff, 0x10001, 0x0, 0x7f, 0x0, @perf_bp={&(0x7f00000000c0), 0x1}, 0x402, 0xffffffff00000001, 0xa00a, 0x3, 0x4, 0xffffffff, 0x9}, r1, 0x0, 0xffffffffffffffff, 0xb) openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x301003, 0x0) 22:49:20 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x705, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) [ 2487.203516] syz-executor.3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2487.251372] CPU: 0 PID: 26752 Comm: syz-executor.3 Not tainted 5.0.0-rc8+ #89 [ 2487.258667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2487.268021] Call Trace: [ 2487.270626] dump_stack+0x172/0x1f0 [ 2487.274277] dump_header+0x10f/0xb6c [ 2487.278003] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2487.283113] ? ___ratelimit+0x60/0x595 [ 2487.287010] ? do_raw_spin_unlock+0x57/0x270 [ 2487.291460] oom_kill_process.cold+0x10/0x6f5 [ 2487.295967] ? task_will_free_mem+0x139/0x6e0 [ 2487.300480] out_of_memory+0x79a/0x1280 [ 2487.304475] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2487.309596] ? oom_killer_disable+0x280/0x280 [ 2487.314100] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2487.319229] mem_cgroup_out_of_memory+0x99/0xe0 [ 2487.323902] ? memcg_memory_event+0x40/0x40 [ 2487.328239] ? _raw_spin_unlock+0x2d/0x50 [ 2487.332392] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2487.337532] try_charge+0xfec/0x1570 [ 2487.341246] ? find_held_lock+0x35/0x130 [ 2487.345319] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2487.350167] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2487.355021] ? find_held_lock+0x35/0x130 [ 2487.359100] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2487.363960] memcg_kmem_charge_memcg+0x7c/0x130 [ 2487.368637] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2487.373145] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2487.377998] memcg_kmem_charge+0x13b/0x340 [ 2487.382242] __alloc_pages_nodemask+0x437/0x710 [ 2487.386919] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2487.391960] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2487.396547] ? trace_hardirqs_on+0x67/0x230 [ 2487.400874] ? kasan_check_read+0x11/0x20 [ 2487.405063] copy_process.part.0+0x3e0/0x79a0 [ 2487.409572] ? psi_memstall_leave+0x11c/0x180 [ 2487.414082] ? sched_clock+0x2e/0x50 [ 2487.417818] ? psi_memstall_leave+0x12e/0x180 [ 2487.422318] ? find_held_lock+0x35/0x130 [ 2487.426387] ? __lock_acquire+0x53b/0x4700 [ 2487.430641] ? __cleanup_sighand+0x70/0x70 [ 2487.434886] ? mark_held_locks+0x100/0x100 [ 2487.439129] ? perf_trace_lock_acquire+0xf5/0x580 [ 2487.443982] ? rcu_read_lock_sched_held+0x110/0x130 [ 2487.449022] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2487.454581] _do_fork+0x257/0xfe0 [ 2487.458058] ? fork_idle+0x1d0/0x1d0 [ 2487.461781] ? blkcg_maybe_throttle_current+0x5d4/0xfd0 [ 2487.467167] ? lock_downgrade+0x810/0x810 [ 2487.471330] ? blkcg_exit_queue+0x30/0x30 [ 2487.475483] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2487.480248] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2487.485014] ? do_syscall_64+0x26/0x610 [ 2487.485030] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2487.485052] ? do_syscall_64+0x26/0x610 [ 2487.485075] __x64_sys_clone+0xbf/0x150 [ 2487.502735] do_syscall_64+0x103/0x610 [ 2487.506638] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2487.511835] RIP: 0033:0x45a7f9 [ 2487.515055] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2487.515064] RSP: 002b:00007ffd944df8a8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2487.515096] RAX: ffffffffffffffda RBX: 00007fed655ac700 RCX: 000000000045a7f9 22:49:20 executing program 1: getpid() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/igmp\x00') openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x8000, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000ac0)=ANY=[]}, 0x0) preadv(r0, &(0x7f00000017c0), 0x1fe, 0x400000000000) 22:49:20 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x50000}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:49:20 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0xf]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2487.515120] RDX: 00007fed655ac9d0 RSI: 00007fed655abdb0 RDI: 00000000003d0f00 [ 2487.515129] RBP: 00007ffd944dfab0 R08: 00007fed655ac700 R09: 00007fed655ac700 [ 2487.515152] R10: 00007fed655ac9d0 R11: 0000000000000202 R12: 0000000000000000 [ 2487.515180] R13: 00007ffd944df95f R14: 00007fed655ac9c0 R15: 000000000073bfac 22:49:20 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x706, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) [ 2487.840030] memory: usage 307168kB, limit 307200kB, failcnt 6440 [ 2487.846320] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2487.855819] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2487.864519] Memory cgroup stats for /syz3: cache:0KB rss:107852KB rss_huge:14336KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:107940KB inactive_file:8KB active_file:8KB unevictable:0KB [ 2487.888633] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=26488,uid=0 [ 2487.906321] Memory cgroup out of memory: Kill process 26488 (syz-executor.3) score 1113 or sacrifice child [ 2487.917247] Killed process 26488 (syz-executor.3) total-vm:72576kB, anon-rss:2208kB, file-rss:35784kB, shmem-rss:0kB [ 2487.982709] syz-executor.2 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 2487.995258] CPU: 1 PID: 26781 Comm: syz-executor.2 Not tainted 5.0.0-rc8+ #89 [ 2488.002542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2488.011898] Call Trace: [ 2488.014495] dump_stack+0x172/0x1f0 [ 2488.018139] dump_header+0x10f/0xb6c [ 2488.021862] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2488.026972] ? ___ratelimit+0x60/0x595 [ 2488.030867] ? do_raw_spin_unlock+0x57/0x270 [ 2488.035290] oom_kill_process.cold+0x10/0x6f5 [ 2488.039806] ? task_will_free_mem+0x139/0x6e0 [ 2488.044316] out_of_memory+0x79a/0x1280 [ 2488.048307] ? oom_killer_disable+0x280/0x280 [ 2488.052816] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2488.057936] mem_cgroup_out_of_memory+0x99/0xe0 [ 2488.062610] ? memcg_memory_event+0x40/0x40 [ 2488.066948] ? _raw_spin_unlock+0x2d/0x50 [ 2488.071099] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2488.076205] try_charge+0xfec/0x1570 [ 2488.079921] ? find_held_lock+0x35/0x130 [ 2488.083995] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2488.088863] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2488.093842] ? find_held_lock+0x35/0x130 [ 2488.097912] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2488.102771] memcg_kmem_charge_memcg+0x7c/0x130 [ 2488.107456] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2488.111964] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2488.116843] memcg_kmem_charge+0x13b/0x340 [ 2488.121101] __alloc_pages_nodemask+0x437/0x710 [ 2488.125780] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2488.130829] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2488.135420] ? trace_hardirqs_on+0x67/0x230 [ 2488.139747] ? kasan_check_read+0x11/0x20 [ 2488.143911] copy_process.part.0+0x3e0/0x79a0 [ 2488.148412] ? psi_memstall_leave+0x11c/0x180 [ 2488.152913] ? sched_clock+0x2e/0x50 [ 2488.156637] ? psi_memstall_leave+0x12e/0x180 [ 2488.161137] ? find_held_lock+0x35/0x130 [ 2488.165211] ? __lock_acquire+0x53b/0x4700 [ 2488.169460] ? __cleanup_sighand+0x70/0x70 [ 2488.174394] ? mark_held_locks+0x100/0x100 [ 2488.178635] ? perf_trace_lock_acquire+0xf5/0x580 [ 2488.183481] ? rcu_read_lock_sched_held+0x110/0x130 [ 2488.188499] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2488.194052] _do_fork+0x257/0xfe0 [ 2488.197518] ? fork_idle+0x1d0/0x1d0 [ 2488.201270] ? blkcg_maybe_throttle_current+0x5d4/0xfd0 [ 2488.206640] ? lock_downgrade+0x810/0x810 [ 2488.210812] ? blkcg_exit_queue+0x30/0x30 [ 2488.214968] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2488.219727] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2488.224488] ? do_syscall_64+0x26/0x610 [ 2488.228473] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2488.233838] ? do_syscall_64+0x26/0x610 [ 2488.237828] __x64_sys_clone+0xbf/0x150 [ 2488.241818] do_syscall_64+0x103/0x610 [ 2488.245740] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2488.250927] RIP: 0033:0x45a7f9 [ 2488.254129] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2488.273029] RSP: 002b:00007fff025901d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2488.280779] RAX: ffffffffffffffda RBX: 00007fca94220700 RCX: 000000000045a7f9 [ 2488.288064] RDX: 00007fca942209d0 RSI: 00007fca9421fdb0 RDI: 00000000003d0f00 [ 2488.295333] RBP: 00007fff025903e0 R08: 00007fca94220700 R09: 00007fca94220700 [ 2488.302599] R10: 00007fca942209d0 R11: 0000000000000202 R12: 0000000000000000 [ 2488.309870] R13: 00007fff0259028f R14: 00007fca942209c0 R15: 000000000073bf0c [ 2488.322486] memory: usage 307200kB, limit 307200kB, failcnt 5724 22:49:21 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x456, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:21 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x8000a0}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:49:21 executing program 1: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ubi_ctrl\x00', 0x200000, 0x0) ioctl$sock_bt_hci(r0, 0x800448d2, &(0x7f0000000140)="9a02c6ea5b35375f0693167de895f05fed07a65416caf47f333389938e707e0abfd030e6b5d2ccfb888a8054036baee6b6c9fd3a8d50d4b6b2b9b2a1c3c21cce128617b5dfd7cfe5d600a093e963ef0497da50e393397d6338690f6423512957a22999586d721cd5f632e4c23891146bae3c136881d1b0c9e26fab537255f697894ed2bd7c059eee48cef2000a5e52fbbd0f21f6736836b3070d69674217b223aad0d965eb6faf6d67b88a33c3eec8c75fbf7265b252a41bf8254c01676e23b7118e709a890ca50caa92e1e436da8e4777198b3db51ff17907cfe5cacafce6c414ed084f92") r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x101280, 0x0) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r2, 0x84, 0x21, &(0x7f0000000100)=0x5, 0x4) getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000500)={0x0, 0x82, 0x6, 0x0, 0x2, 0xa50, 0x2, 0xffffffff, {0x0, @in={{0x2, 0x4e23, @loopback}}, 0x3c, 0x5, 0x1, 0x81, 0x10000}}, &(0x7f0000000640)=0xb0) getsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000780)={r3}, &(0x7f00000007c0)=0x8) ioctl$FIONREAD(r2, 0x541b, &(0x7f0000000080)) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000380)={{{@in=@local, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@broadcast}, 0x0, @in=@broadcast}}, &(0x7f0000000cc0)=0x6f) getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f0000000e80)={{{@in6=@loopback, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@loopback}, 0x0, @in6=@remote}}, &(0x7f00000005c0)=0xe8) setsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000b80)={{{@in6=@mcast1, @in=@rand_addr=0x81, 0x4e21, 0x0, 0x4e23, 0x10001, 0xa, 0x20, 0x80, 0x7f, r4, r5}, {0x1, 0xff, 0x80000001, 0x800, 0x20, 0xc2, 0x9366, 0xffff}, {0x20, 0x80000000, 0x9, 0x6}, 0x100000001, 0x6e6bb1, 0x2, 0x1, 0x1, 0x1}, {{@in=@remote, 0x4d2, 0xff}, 0xa, @in6=@dev={0xfe, 0x80, [], 0x1c}, 0x3507, 0x2, 0x3, 0x6, 0x3ff, 0x3, 0x3f}}, 0xe8) getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f0000000240)={{{@in6=@empty, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}, 0x0, @in=@broadcast}}, &(0x7f0000000340)=0xe8) fcntl$getownex(r2, 0x10, &(0x7f00000006c0)={0x0, 0x0}) fsetxattr$security_ima(r1, &(0x7f00000004c0)='security.ima\x00', &(0x7f0000000d80)=ANY=[@ANYBLOB="7f0000009c353c082cce626af5174225f2228fc05cee926143d353910f3de7eb8089db80731e9d9a8dbfa500b1b0a9d327e6f3d3a8e76ec43f996e1d4784d135483b78d15933ddfe3956232787950559e23c2e3d528d544f583d3a1839e5548d54cc435c31203670d0d1dc517745b2c6177ff1ec4ae21b766677beb5388ec4e3918f80c4"], 0x10, 0x1) socket$inet6_dccp(0xa, 0x6, 0x0) r8 = geteuid() write$USERIO_CMD_REGISTER(r2, &(0x7f0000000480), 0x2) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000700)={0x0, 0x0, 0x0}, &(0x7f0000000740)=0xc) sendmsg$netlink(r2, &(0x7f0000000800)={&(0x7f00000000c0)=@kern={0x10, 0x0, 0x0, 0x202010}, 0xc, &(0x7f0000000680)=[{&(0x7f0000000840)=ANY=[@ANYBLOB="000300001a0020002abd7000fedbdf2514000400fe88000000000000000000000000010114001f00fe880000000000000000000000000001654fa81b5de631d3385d1c4483b23a984dd7c5d744df872bc75ecda811050a81f53464a93405d410bd2469596fa908e2659d0c7c56f5dd4c9b1e44b932473a3d1c1d3ba48075114b42124573b2e9697a6c1637f0895dc128f25a08cfd581caab79238e44bc8cb454ab7e21d47dc40cc2f10e93bb130923a799ea37167607a9f291dac04d861a60e8ccf445c62e4c559170bbafa4e3ae8e74d77441cb53c734bb7fe21d257faec4fbbbe196944eb11a5bc682889be1ab1d6e08f1275b3955b1cfdd69e9ce659dd30bce8eb69f9e3241f8db940b1db2331ec057569554c7921a9c587bb330c387bb0548e7c20b7700000008009200d4192eedd1e7796684d090", @ANYRES32=r6, @ANYBLOB="60ac1b2e6d957b4a8ec00484e3c825c44c85dc4291534ddb448f9e0f65b36f690535bac68ff064e2f92a5de5d04cf23320f218daecf2fa6cecfadc01df390ab7078cc62a19e12a4ab289fc64cf063c8864ada4bb2bd86c083f902ecfca4de6e6e5260c00b2e079462a5f73fa8222ff69501d8b296b9a01f9e5b3fc65e6d058d7d5ec1e64d293330efd3e559cce0daa61f3d084e740abf4d360309cfe979541cf4f8829e72b9104fc063c4e1fb54a50faa11e83205a5fa2b3374c8ca0e0f40d6d94da33c2493013262eb6225394cbbf5c7676480e5b9778e46655627744b1900b9720c60d0aec2cf8aeae8defc129da83989c657206f8698dd7d4a2dbd2c322e415fb48579221525832650f38b32a1a337b7b87e7ffd9f2362e3fb5507537e066ac2b00e359b07200dfdc4176190fe109f6c699ff196f237547fdf2909888fd31b43d11dd5f2ca9fa97f1e8dac524465edcd4d24ed7d429a74a1b0f8f740288d3e97212c08563347482ebbaf6e330690c4f234f0dc41006ff79f5479db9a96d24cd493323d019a18b51cde9202f30aa46451d7778aa6cd4bf9708231bc2dff01081769e0ca9c08cdb52cd83e2c8ed8c7b8a7fadc92e5cb3705e591e49b86d58700b4bfd52338df79a13bb40dcda62d900"], 0x300}], 0x1, &(0x7f0000000d00)=ANY=[@ANYBLOB="28000000000000000100000001000000", @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r2, @ANYRES32=r1, @ANYRES32=r2, @ANYBLOB="000000002000000500000000000000000000", @ANYRES32=r7, @ANYRES32=r8, @ANYRES32=r9, @ANYBLOB="0000000018000000000000000100000001000000", @ANYRES32=r1, @ANYRES32=r1], 0x60, 0x4000000}, 0x20044011) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000600)={'vlan0\x00', 0x200}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$FS_IOC_GETFSMAP(r2, 0xc0c0583b, &(0x7f0000000f80)={0x0, 0x0, 0x8, 0x0, [], [{0x1, 0x5, 0x3, 0x3, 0x7fffffff, 0x54c03076}, {0x2, 0x100000001, 0x81, 0x3, 0xa1, 0x68}], [[], [], [], [], [], [], [], []]}) pread64(0xffffffffffffffff, 0x0, 0x284, 0xfffffffffffffffd) 22:49:21 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x10]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2488.329698] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2488.364415] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2488.375288] Memory cgroup stats for /syz2: cache:12KB rss:114140KB rss_huge:14336KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:114380KB inactive_file:8KB active_file:4KB unevictable:0KB [ 2488.399645] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=26759,uid=0 [ 2488.448699] Memory cgroup out of memory: Kill process 26759 (syz-executor.2) score 124 or sacrifice child [ 2488.489932] Killed process 26759 (syz-executor.2) total-vm:72576kB, anon-rss:2212kB, file-rss:35784kB, shmem-rss:0kB 22:49:21 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2003000000000000]}, 0x2c) 22:49:21 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x707, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:49:21 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000040)) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000240)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r0, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x84000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x68, r2, 0x800, 0x70bd27, 0x25dfdbfc, {{}, 0x0, 0x4108, 0x0, {0x4c, 0x18, {0x0, @link='broadcast-link\x00'}}}, [""]}, 0x68}, 0x1, 0x0, 0x0, 0x4}, 0x4004) write(r1, &(0x7f0000000080)="1f0000000106ff20fd4354c020b114f910009c4a96008e64ef725cb554872a", 0x1f) ioctl$KDGETKEYCODE(r0, 0x4b4c, &(0x7f0000000100)={0x8, 0x2}) 22:49:21 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x457, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:21 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x1000000}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:49:21 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x11]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2488.549651] oom_reaper: reaped process 26759 (syz-executor.2), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB [ 2488.680348] netlink: 11 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2488.739894] netlink: 11 bytes leftover after parsing attributes in process `syz-executor.1'. 22:49:22 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x708, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:49:22 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00000000000000]}, 0x2c) 22:49:22 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x458, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:22 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x12]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:22 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000]}, 0x2c) 22:49:22 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x4) ioctl$TIOCGSID(0xffffffffffffff9c, 0x5429, &(0x7f0000000240)=0x0) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000280)={'\x00', 0x8000}) ptrace(0x10, r2) setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000040)=0x923, 0x4) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x40000, 0x0) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffff9c, 0xc00c642d, &(0x7f00000000c0)={0x0, 0x80000, 0xffffffffffffff9c}) r5 = syz_open_dev$vcsn(&(0x7f0000000100)='/dev/vcs#\x00', 0xc34, 0x200040) setxattr$security_smack_entry(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='security.SMACK64EXEC\x00', &(0x7f0000000200)='vmnet0\x00', 0x7, 0x1) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r3, 0xc00c642e, &(0x7f0000000140)={r4, 0x0, r5}) sendto$inet6(r1, 0x0, 0x0, 0x20000005, &(0x7f000031e000)={0xa, 0x4e22}, 0x163) 22:49:22 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x459, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:22 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x709, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:49:22 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x2000000}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:49:22 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5600000000000000]}, 0x2c) 22:49:22 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x70a, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:49:22 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x13]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:22 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x45a, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:22 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f00000002c0)={0x2, 0x70, 0x1b, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="96"], 0x1) write$cgroup_pid(r2, &(0x7f0000000000), 0xfffffea6) 22:49:22 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xca03000000000000]}, 0x2c) 22:49:22 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x14]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:22 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x45b, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:22 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x3000000}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:49:22 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x70b, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:49:22 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x15]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:22 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x70c, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:49:22 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf203000000000000]}, 0x2c) 22:49:23 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x45c, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:23 executing program 1: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x2000000}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:49:23 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x18]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:23 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf403000000000000]}, 0x2c) 22:49:23 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x4000000}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:49:23 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x70d, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:49:23 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x45d, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:23 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x52]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:23 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfa03000000000000]}, 0x2c) 22:49:23 executing program 1: r0 = socket(0x7, 0x809, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0xf52d, 0x40000) getsockopt(r0, 0x114, 0x2720, 0x0, &(0x7f0000000100)) [ 2490.219168] syz-executor.3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 2490.244721] CPU: 1 PID: 8688 Comm: syz-executor.3 Not tainted 5.0.0-rc8+ #89 [ 2490.251922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2490.261280] Call Trace: [ 2490.263876] dump_stack+0x172/0x1f0 [ 2490.267526] dump_header+0x10f/0xb6c [ 2490.271253] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2490.276368] ? ___ratelimit+0x60/0x595 [ 2490.280270] ? do_raw_spin_unlock+0x57/0x270 [ 2490.284697] oom_kill_process.cold+0x10/0x6f5 [ 2490.289211] ? task_will_free_mem+0x139/0x6e0 [ 2490.293726] out_of_memory+0x79a/0x1280 [ 2490.297718] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2490.302830] ? oom_killer_disable+0x280/0x280 [ 2490.307343] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2490.312469] mem_cgroup_out_of_memory+0x99/0xe0 [ 2490.317148] ? memcg_memory_event+0x40/0x40 [ 2490.321483] ? _raw_spin_unlock+0x2d/0x50 [ 2490.325633] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2490.330773] try_charge+0xfec/0x1570 [ 2490.334501] ? find_held_lock+0x35/0x130 [ 2490.338585] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2490.343436] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2490.348286] ? find_held_lock+0x35/0x130 [ 2490.352356] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2490.357220] memcg_kmem_charge_memcg+0x7c/0x130 [ 2490.361899] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2490.366408] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2490.371265] memcg_kmem_charge+0x13b/0x340 [ 2490.375530] __alloc_pages_nodemask+0x437/0x710 [ 2490.380217] ? debug_smp_processor_id+0x1c/0x20 [ 2490.384890] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2490.389930] ? copy_page_range+0x125a/0x1f90 [ 2490.394349] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2490.399899] alloc_pages_current+0x107/0x210 [ 2490.404319] pte_alloc_one+0x1b/0x1a0 [ 2490.408133] __pte_alloc+0x20/0x310 [ 2490.411775] copy_page_range+0x1529/0x1f90 [ 2490.416027] ? mark_held_locks+0x100/0x100 [ 2490.420296] ? pmd_alloc+0x180/0x180 [ 2490.424021] ? vma_compute_subtree_gap+0x158/0x230 [ 2490.428962] ? validate_mm_rb+0xa3/0xc0 [ 2490.432947] ? __vma_link_rb+0x279/0x370 [ 2490.437023] copy_process.part.0+0x56aa/0x79a0 [ 2490.441648] ? __cleanup_sighand+0x70/0x70 [ 2490.445917] _do_fork+0x257/0xfe0 [ 2490.449382] ? fork_idle+0x1d0/0x1d0 [ 2490.453118] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2490.457882] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2490.462644] ? do_syscall_64+0x26/0x610 [ 2490.466626] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2490.471994] ? do_syscall_64+0x26/0x610 [ 2490.475984] __x64_sys_clone+0xbf/0x150 [ 2490.479973] do_syscall_64+0x103/0x610 [ 2490.483869] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2490.489061] RIP: 0033:0x4563fa [ 2490.492259] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2490.511160] RSP: 002b:00007ffd944dfb30 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 22:49:23 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x70e, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) [ 2490.519046] RAX: ffffffffffffffda RBX: 00007ffd944dfb30 RCX: 00000000004563fa [ 2490.526315] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2490.534297] RBP: 00007ffd944dfb70 R08: 0000000000000001 R09: 0000000002439940 [ 2490.541573] R10: 0000000002439c10 R11: 0000000000000246 R12: 0000000000000001 [ 2490.548849] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000003 [ 2490.559181] memory: usage 307200kB, limit 307200kB, failcnt 6493 22:49:23 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x5000000}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) [ 2490.567341] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2490.585756] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 22:49:23 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x56]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:23 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffa0008000]}, 0x2c) [ 2490.620451] Memory cgroup stats for /syz3: cache:0KB rss:106464KB rss_huge:12288KB shmem:84KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:106580KB inactive_file:12KB active_file:0KB unevictable:0KB 22:49:23 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x70f, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) [ 2490.712124] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=25796,uid=0 22:49:23 executing program 1: r0 = socket$inet6(0xa, 0x1000000000005, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x80c03, 0x0) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000080)={0x0, 0x1d}, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffff9c, 0x84, 0x11, &(0x7f0000000300)={0x0, 0x5}, &(0x7f0000000340)=0x8) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000010c0)=""/4096, &(0x7f0000000000)=0x1000) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f00000003c0)=@assoc_value={r2, 0x6}, &(0x7f0000000400)=0x8) syz_emit_ethernet(0x0, 0x0, 0x0) ioctl$SG_NEXT_CMD_LEN(r1, 0x2283, &(0x7f0000000600)=0xc9) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r1, 0x84, 0x65, &(0x7f0000000540)=[@in={0x2, 0x4e24, @remote}, @in6={0xa, 0x4e22, 0x100, @rand_addr="7581892e58a29c67e57e718b0d410f57", 0x5}, @in={0x2, 0x4e24, @multicast1}, @in6={0xa, 0x4e23, 0x1, @rand_addr="1612c285e5d8c8d9004b44ddd0a5cd70", 0xb6}, @in6={0xa, 0x4e20, 0x20, @empty, 0x3faf}], 0x74) sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000e40)=ANY=[@ANYBLOB="000829bd7000fbdbdf250c0000000800040023bc800d5400010014000300e000000200000000000000000000000014000300fe8000000000000000000000000000260c0007002700000014000000080005000400000014000300ac14140c00000000000000000000000028000200140001007f0000010000000000000000000000000800040003000000080002004e230000080005007a1500003c000300080004000800000014000600fe8000000000000000000000000000aa14000600ff010000000000000000000000000001080007004e2100113c0003000800050000000000080008003c000000080007004e24000008000400ffff000008000500ac1e0001080008000100000008000400e40000000800050007000000089d717aebea6c19725dcea2677de94500060001040000400003001400020074756e6c30000000000000000000000008000300000000000800080004000000080007004e2200000800010001000000080001000000000040000200080008000500000008000900000000140002995c15b7be37f12f000000000000000000080005000100000008000400ff0300008c0756e78942864d7cc63f03c6f5a6dcd7c52f7b874c305be8370d2c856137cabfee0c6bb93a7a6c1ff279db1812b7222ef1b80a586cddecf1c8cf5758b2c254fa519fea863cad2d0f7df82a0fa714538492e0c743ea779b0d5386926b58ffffffffffff07f43ff18219c4dd711495a05a2fe05f58318d85cee2f041bc421271750916660ae27cd6001ad3afbe673014e4a03e76b9a7ae000000000000000000"], 0x1}, 0x1, 0x0, 0x0, 0x890}, 0x0) getpeername$packet(0xffffffffffffff9c, 0x0, &(0x7f0000000100)) getsockopt$IPT_SO_GET_INFO(r1, 0x0, 0x40, &(0x7f0000000240)={'raw\x00'}, &(0x7f00000005c0)=0x54) getsockname$packet(0xffffffffffffffff, &(0x7f0000002700)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x0) add_key$user(&(0x7f0000000140)='user\x00', &(0x7f0000000180)={'syz', 0x0}, &(0x7f00000001c0)="1649d97e328a9ecb3cda02c3d16f28aa47e500afa9ac181bbabe10a65a1b562eaf4dca404a1a5abd811b5b7ba687cb9354488e74d4adb154a3eb1f25428fa5749707489a207673efcefeb6261ab507957d556ba386f795757f0273", 0x5b, 0xffffffffffffffff) write$P9_RREADDIR(r1, &(0x7f0000000480)={0x87, 0x29, 0x2, {0x7, [{{0x4, 0x4, 0x1}, 0x3, 0x2, 0x7, './file0'}, {{0xb5, 0x3, 0x8}, 0x401, 0x42c3, 0x7, './file0'}, {{0x0, 0x0, 0x1}, 0x8, 0x6, 0x7, './file0'}, {{0x0, 0x2, 0x1}, 0x81, 0x1, 0x7, './file0'}]}}, 0x87) ioctl$SIOCRSGL2CALL(r1, 0x89e5, &(0x7f0000000380)=@netrom) add_key$keyring(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000440)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffa) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000c80)={0x1f, 0xffff, 0x6, 'queue0\x00', 0x2f6}) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000c00)={r2, 0x2c, &(0x7f0000000bc0)=[@in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1e}}, @in6={0xa, 0x4e24, 0x5, @empty, 0x77}]}, &(0x7f0000000c40)=0x10) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(0xffffffffffffffff, 0xc4c85513, &(0x7f00000006c0)={{0x8, 0x7, 0x0, 0x8, 'syz1\x00', 0xb28}, 0x1, [0xfffffffffffffffb, 0x4, 0x8000, 0x1, 0x6, 0x0, 0x8, 0xfffffffffffffffa, 0x8, 0x3, 0x180000, 0x77, 0x1000, 0x3, 0x200, 0x480000000000, 0x8000, 0x7f, 0x100000000, 0x0, 0xfa1b, 0x0, 0xff, 0x7fff, 0x10001, 0x0, 0xffffffff, 0x100, 0x8001, 0x9, 0x0, 0x2, 0x0, 0x0, 0x2, 0x0, 0x0, 0x3, 0x0, 0x9, 0x3, 0x0, 0x9, 0x80, 0x8, 0x0, 0x0, 0x7fffffff, 0x6e7, 0x2, 0x0, 0xffffffffffff7fff, 0x29, 0x0, 0x6, 0xffffffff, 0x30, 0x7, 0x1f, 0x9, 0x9, 0x3, 0x0, 0x0, 0x5b4f, 0x1f1, 0x0, 0x8, 0x6, 0x3, 0x0, 0x80000001, 0x0, 0x0, 0x2, 0x6, 0x7ff, 0x0, 0x9, 0x0, 0x7fffffff, 0x9, 0x6, 0x52be, 0x0, 0x80, 0x6, 0x8, 0x8, 0x0, 0x9, 0x8, 0x4c, 0x8, 0x9, 0xcf, 0x2c4eabb6, 0x9, 0x0, 0x4, 0x5, 0x91, 0x9, 0x54f7, 0x4, 0xfffffffffffffff7, 0xffffffff, 0x3, 0x0, 0x7fffffff, 0x10001, 0x5, 0x269d, 0x8, 0xee2b, 0x3f, 0x0, 0x7, 0x6, 0x5, 0x0, 0x3, 0x3, 0x7, 0x7, 0x1, 0x440, 0x5], {0x77359400}}) r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x2, 0x0) write$sndseq(r3, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}], 0xff33) 22:49:23 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x2c) [ 2490.758838] Memory cgroup out of memory: Kill process 25796 (syz-executor.3) score 1113 or sacrifice child [ 2490.788264] Killed process 25796 (syz-executor.3) total-vm:72444kB, anon-rss:2200kB, file-rss:35784kB, shmem-rss:0kB 22:49:24 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x6000000}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) [ 2490.913401] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 2490.965430] CPU: 1 PID: 7595 Comm: syz-executor.0 Not tainted 5.0.0-rc8+ #89 [ 2490.972633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2490.972639] Call Trace: [ 2490.972662] dump_stack+0x172/0x1f0 [ 2490.972687] dump_header+0x10f/0xb6c [ 2490.972705] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2490.972721] ? ___ratelimit+0x60/0x595 [ 2490.972736] ? do_raw_spin_unlock+0x57/0x270 [ 2490.972756] oom_kill_process.cold+0x10/0x6f5 [ 2490.992006] ? task_will_free_mem+0x139/0x6e0 [ 2490.992032] out_of_memory+0x79a/0x1280 [ 2490.992056] ? oom_killer_disable+0x280/0x280 [ 2491.022832] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2491.027954] mem_cgroup_out_of_memory+0x99/0xe0 [ 2491.032628] ? memcg_memory_event+0x40/0x40 [ 2491.037019] ? _raw_spin_unlock+0x2d/0x50 [ 2491.041174] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2491.046281] try_charge+0xfec/0x1570 [ 2491.050003] ? find_held_lock+0x35/0x130 [ 2491.054080] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2491.058932] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2491.063806] ? find_held_lock+0x35/0x130 [ 2491.067907] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2491.072807] memcg_kmem_charge_memcg+0x7c/0x130 [ 2491.077485] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2491.081991] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2491.086844] memcg_kmem_charge+0x13b/0x340 [ 2491.091091] __alloc_pages_nodemask+0x437/0x710 [ 2491.095765] ? debug_smp_processor_id+0x1c/0x20 [ 2491.100456] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2491.105490] ? copy_page_range+0x125a/0x1f90 [ 2491.109910] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2491.115465] alloc_pages_current+0x107/0x210 [ 2491.119891] pte_alloc_one+0x1b/0x1a0 [ 2491.123707] __pte_alloc+0x20/0x310 [ 2491.127343] copy_page_range+0x1529/0x1f90 [ 2491.131601] ? mark_held_locks+0x100/0x100 [ 2491.135882] ? pmd_alloc+0x180/0x180 [ 2491.139603] ? __rb_insert_augmented+0x231/0xdf0 [ 2491.144369] ? validate_mm_rb+0xa3/0xc0 [ 2491.148352] ? __vma_link_rb+0x279/0x370 [ 2491.152428] copy_process.part.0+0x56aa/0x79a0 [ 2491.157052] ? __cleanup_sighand+0x70/0x70 [ 2491.161323] _do_fork+0x257/0xfe0 [ 2491.164799] ? fork_idle+0x1d0/0x1d0 [ 2491.168532] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2491.173329] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2491.178090] ? do_syscall_64+0x26/0x610 [ 2491.182067] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2491.187447] ? do_syscall_64+0x26/0x610 [ 2491.191468] __x64_sys_clone+0xbf/0x150 [ 2491.195465] do_syscall_64+0x103/0x610 [ 2491.199365] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2491.204591] RIP: 0033:0x4563fa [ 2491.207797] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2491.226698] RSP: 002b:00007ffc56cc4460 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2491.234407] RAX: ffffffffffffffda RBX: 00007ffc56cc4460 RCX: 00000000004563fa [ 2491.241676] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2491.248946] RBP: 00007ffc56cc44a0 R08: 0000000000000001 R09: 0000000002148940 [ 2491.256218] R10: 0000000002148c10 R11: 0000000000000246 R12: 0000000000000001 [ 2491.263488] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 22:49:24 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x45e, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:24 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x710, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:49:24 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000ccb000)={0x2, 0x4e20}, 0x10) r1 = socket$kcm(0x29, 0x1000080000002, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='projid_map\x00') r3 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(r2, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200040}, 0xc, &(0x7f0000000300)={&(0x7f0000000140)={0x1c, r3, 0x10, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20048885}, 0x800) ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f0000000100)) recvmmsg(r1, &(0x7f0000002300)=[{{0x0, 0xfffffe19, 0x0, 0x0, 0x0, 0x7e}}], 0x2fd, 0x400002fd, 0x0) r4 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x10081, 0x0) ioctl$KVM_GET_IRQCHIP(r4, 0xc208ae62, &(0x7f0000000200)) [ 2491.297180] memory: usage 307200kB, limit 307200kB, failcnt 6477 [ 2491.305532] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2491.324361] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2491.339089] Memory cgroup stats for /syz0: cache:4832KB rss:110436KB rss_huge:14336KB shmem:160KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:110544KB inactive_file:4KB active_file:4KB unevictable:4780KB [ 2491.366977] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=26717,uid=0 [ 2491.384029] Memory cgroup out of memory: Kill process 26717 (syz-executor.0) score 124 or sacrifice child [ 2491.397098] Killed process 26717 (syz-executor.0) total-vm:72576kB, anon-rss:2216kB, file-rss:35784kB, shmem-rss:0kB [ 2491.466729] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2491.514900] CPU: 1 PID: 27086 Comm: syz-executor.2 Not tainted 5.0.0-rc8+ #89 [ 2491.522189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2491.531538] Call Trace: [ 2491.534175] dump_stack+0x172/0x1f0 [ 2491.537840] dump_header+0x10f/0xb6c [ 2491.541619] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2491.546756] ? ___ratelimit+0x60/0x595 [ 2491.550660] ? do_raw_spin_unlock+0x57/0x270 [ 2491.555080] oom_kill_process.cold+0x10/0x6f5 [ 2491.559611] ? task_will_free_mem+0x139/0x6e0 [ 2491.564124] out_of_memory+0x79a/0x1280 [ 2491.568114] ? oom_killer_disable+0x280/0x280 [ 2491.572613] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2491.577751] mem_cgroup_out_of_memory+0x99/0xe0 [ 2491.582452] ? memcg_memory_event+0x40/0x40 [ 2491.586828] ? _raw_spin_unlock+0x2d/0x50 [ 2491.590985] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2491.596096] try_charge+0xfec/0x1570 [ 2491.599848] ? find_held_lock+0x35/0x130 [ 2491.603929] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2491.608813] ? kasan_check_read+0x11/0x20 [ 2491.612981] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2491.618331] mem_cgroup_try_charge+0x24d/0x5e0 [ 2491.622950] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2491.627906] wp_page_copy+0x408/0x1740 [ 2491.631805] ? find_held_lock+0x35/0x130 [ 2491.635880] ? pmd_pfn+0x1d0/0x1d0 [ 2491.639430] ? lock_downgrade+0x810/0x810 [ 2491.643595] ? swp_swapcount+0x540/0x540 [ 2491.647663] ? kasan_check_read+0x11/0x20 [ 2491.651826] ? do_raw_spin_unlock+0x57/0x270 [ 2491.656257] do_wp_page+0x2ed/0x1520 [ 2491.659985] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2491.664673] __handle_mm_fault+0x22db/0x3f20 [ 2491.669098] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2491.673977] ? find_held_lock+0x35/0x130 [ 2491.678038] ? handle_mm_fault+0x322/0xb30 [ 2491.682295] ? kasan_check_read+0x11/0x20 [ 2491.686459] handle_mm_fault+0x43f/0xb30 [ 2491.690555] __do_page_fault+0x5da/0xd60 [ 2491.694638] do_page_fault+0x71/0x581 [ 2491.698446] ? page_fault+0x8/0x30 [ 2491.701993] page_fault+0x1e/0x30 [ 2491.705447] RIP: 0033:0x40aee8 [ 2491.708637] Code: 00 00 49 8d be 88 00 00 00 48 89 ea 48 89 de 0f 85 dd 00 00 00 e8 48 27 00 00 8b 05 22 d1 32 00 48 8b 15 b3 55 64 00 83 c0 01 <89> 05 12 d1 32 00 89 02 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f [ 2491.727534] RSP: 002b:00007fff025902a0 EFLAGS: 00010202 [ 2491.732918] RAX: 0000000000000001 RBX: 0000001b2eb20014 RCX: 0000001b2fb20000 [ 2491.740186] RDX: 0000001b2eb20000 RSI: 00000000000011fe RDI: ffffffffecafd1fe [ 2491.747457] RBP: 0000001b2eb20018 R08: 00000000ecafd1fe R09: 00000000ecafd202 [ 2491.754727] R10: 00007fff025903d0 R11: 0000000000000246 R12: 0000001b2eb2001c 22:49:24 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x7000000}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:49:24 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x45f, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:24 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x201, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, @perf_config_ext, 0x0, 0x0, 0x0, 0xb, 0xfffffffffffffffd}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x2, 0x70, 0x4, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0x297ef) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_open_dev$evdev(&(0x7f0000000200)='/dev/input/event#\x00', 0x7fff, 0x10000) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000300)='memory.high\x00', 0x2, 0x0) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, 0x0, 0x0) shmget(0x0, 0x2000, 0x80, &(0x7f0000ffd000/0x2000)=nil) ioctl$int_in(0xffffffffffffffff, 0x5452, 0x0) userfaultfd(0x800) [ 2491.762001] R13: 0000000000260236 R14: 000000000073bf00 R15: 000000000073bf0c [ 2491.785860] memory: usage 307200kB, limit 307200kB, failcnt 5767 [ 2491.793576] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2491.828799] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2491.842759] Memory cgroup stats for /syz2: cache:12KB rss:113052KB rss_huge:12288KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:113068KB inactive_file:4KB active_file:8KB unevictable:0KB [ 2491.929641] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=13597,uid=0 [ 2491.951137] Memory cgroup out of memory: Kill process 13597 (syz-executor.2) score 124 or sacrifice child [ 2491.963932] Killed process 13597 (syz-executor.2) total-vm:72444kB, anon-rss:2204kB, file-rss:35780kB, shmem-rss:0kB [ 2491.990504] oom_reaper: reaped process 13597 (syz-executor.2), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 2492.006320] syz-executor.4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 2492.051029] CPU: 1 PID: 7608 Comm: syz-executor.4 Not tainted 5.0.0-rc8+ #89 [ 2492.058229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2492.067612] Call Trace: [ 2492.070205] dump_stack+0x172/0x1f0 [ 2492.073849] dump_header+0x10f/0xb6c [ 2492.077602] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2492.082770] ? ___ratelimit+0x60/0x595 [ 2492.086671] ? do_raw_spin_unlock+0x57/0x270 [ 2492.091119] oom_kill_process.cold+0x10/0x6f5 [ 2492.095618] ? task_will_free_mem+0x139/0x6e0 [ 2492.100139] out_of_memory+0x79a/0x1280 [ 2492.104133] ? oom_killer_disable+0x280/0x280 [ 2492.108631] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2492.113757] mem_cgroup_out_of_memory+0x99/0xe0 [ 2492.118444] ? memcg_memory_event+0x40/0x40 [ 2492.122780] ? _raw_spin_unlock+0x2d/0x50 [ 2492.126947] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2492.132055] try_charge+0xfec/0x1570 [ 2492.135767] ? find_held_lock+0x35/0x130 [ 2492.139849] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2492.144695] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2492.149576] ? find_held_lock+0x35/0x130 [ 2492.153642] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2492.158503] memcg_kmem_charge_memcg+0x7c/0x130 [ 2492.163176] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2492.167694] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2492.172546] memcg_kmem_charge+0x13b/0x340 [ 2492.176805] __alloc_pages_nodemask+0x437/0x710 [ 2492.181479] ? debug_smp_processor_id+0x1c/0x20 [ 2492.186161] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2492.191205] ? copy_page_range+0x125a/0x1f90 [ 2492.195631] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2492.201179] alloc_pages_current+0x107/0x210 [ 2492.205601] pte_alloc_one+0x1b/0x1a0 [ 2492.209425] __pte_alloc+0x20/0x310 [ 2492.213074] copy_page_range+0x1529/0x1f90 [ 2492.217356] ? mark_held_locks+0x100/0x100 [ 2492.221619] ? pmd_alloc+0x180/0x180 [ 2492.225365] ? vma_compute_subtree_gap+0x158/0x230 [ 2492.230302] ? validate_mm_rb+0xa3/0xc0 [ 2492.234287] ? __vma_link_rb+0x279/0x370 [ 2492.238363] copy_process.part.0+0x56aa/0x79a0 [ 2492.242993] ? __cleanup_sighand+0x70/0x70 [ 2492.247258] _do_fork+0x257/0xfe0 [ 2492.250756] ? fork_idle+0x1d0/0x1d0 [ 2492.254494] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2492.259272] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2492.264032] ? do_syscall_64+0x26/0x610 [ 2492.268010] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2492.273374] ? do_syscall_64+0x26/0x610 [ 2492.277363] __x64_sys_clone+0xbf/0x150 [ 2492.281348] do_syscall_64+0x103/0x610 [ 2492.285244] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2492.290444] RIP: 0033:0x4563fa [ 2492.293639] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2492.312559] RSP: 002b:00007ffdc71530f0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2492.320280] RAX: ffffffffffffffda RBX: 00007ffdc71530f0 RCX: 00000000004563fa [ 2492.327567] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2492.334869] RBP: 00007ffdc7153130 R08: 0000000000000001 R09: 000000000189b940 [ 2492.342431] R10: 000000000189bc10 R11: 0000000000000246 R12: 0000000000000001 [ 2492.349700] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000004 [ 2492.363727] memory: usage 307200kB, limit 307200kB, failcnt 4776 [ 2492.373170] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2492.381274] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2492.388470] Memory cgroup stats for /syz4: cache:24KB rss:117656KB rss_huge:26624KB shmem:72KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:117856KB inactive_file:4KB active_file:8KB unevictable:0KB [ 2492.411672] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=26665,uid=0 [ 2492.427202] Memory cgroup out of memory: Kill process 26665 (syz-executor.4) score 1113 or sacrifice child [ 2492.437935] Killed process 26665 (syz-executor.4) total-vm:72576kB, anon-rss:2216kB, file-rss:35784kB, shmem-rss:0kB [ 2492.455947] oom_reaper: reaped process 26665 (syz-executor.4), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB [ 2492.473977] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 2492.492457] CPU: 1 PID: 27111 Comm: syz-executor.0 Not tainted 5.0.0-rc8+ #89 [ 2492.499756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2492.509117] Call Trace: [ 2492.511715] dump_stack+0x172/0x1f0 [ 2492.515360] dump_header+0x10f/0xb6c [ 2492.519082] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2492.524194] ? ___ratelimit+0x60/0x595 [ 2492.528090] ? do_raw_spin_unlock+0x57/0x270 [ 2492.532529] oom_kill_process.cold+0x10/0x6f5 [ 2492.537056] ? task_will_free_mem+0x139/0x6e0 [ 2492.541576] out_of_memory+0x79a/0x1280 [ 2492.545574] ? oom_killer_disable+0x280/0x280 [ 2492.550075] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2492.555196] mem_cgroup_out_of_memory+0x99/0xe0 [ 2492.559872] ? memcg_memory_event+0x40/0x40 [ 2492.564208] ? _raw_spin_unlock+0x2d/0x50 [ 2492.568360] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2492.573472] try_charge+0xfec/0x1570 [ 2492.577207] ? find_held_lock+0x35/0x130 [ 2492.581287] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2492.586137] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2492.590989] ? find_held_lock+0x35/0x130 [ 2492.595061] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2492.599926] memcg_kmem_charge_memcg+0x7c/0x130 [ 2492.604643] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2492.609203] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2492.614056] memcg_kmem_charge+0x13b/0x340 [ 2492.618308] __alloc_pages_nodemask+0x437/0x710 [ 2492.622995] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2492.628029] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2492.632616] ? trace_hardirqs_on+0x67/0x230 [ 2492.636958] copy_process.part.0+0x3e0/0x79a0 [ 2492.641471] ? mark_held_locks+0x100/0x100 [ 2492.645713] ? debug_smp_processor_id+0x1c/0x20 [ 2492.650390] ? perf_trace_lock_acquire+0xf5/0x580 [ 2492.655242] ? __might_fault+0x12b/0x1e0 [ 2492.659325] ? __cleanup_sighand+0x70/0x70 [ 2492.663575] ? lock_downgrade+0x810/0x810 [ 2492.667747] _do_fork+0x257/0xfe0 [ 2492.671212] ? fork_idle+0x1d0/0x1d0 [ 2492.674943] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2492.679708] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2492.684470] ? do_syscall_64+0x26/0x610 [ 2492.688450] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2492.693825] ? do_syscall_64+0x26/0x610 [ 2492.697832] __x64_sys_clone+0xbf/0x150 [ 2492.701886] do_syscall_64+0x103/0x610 [ 2492.705809] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2492.711000] RIP: 0033:0x457e29 [ 2492.714197] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2492.733101] RSP: 002b:00007f028a93ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2492.740815] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 2492.748088] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000100 [ 2492.755359] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 2492.762630] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f028a93b6d4 [ 2492.769903] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 2492.777492] net_ratelimit: 26 callbacks suppressed [ 2492.777503] protocol 88fb is buggy, dev hsr_slave_0 [ 2492.778572] protocol 88fb is buggy, dev hsr_slave_0 [ 2492.782605] protocol 88fb is buggy, dev hsr_slave_1 [ 2492.787734] protocol 88fb is buggy, dev hsr_slave_1 [ 2492.792713] protocol 88fb is buggy, dev hsr_slave_0 [ 2492.797881] protocol 88fb is buggy, dev hsr_slave_0 [ 2492.802762] protocol 88fb is buggy, dev hsr_slave_1 [ 2492.802859] protocol 88fb is buggy, dev hsr_slave_0 [ 2492.807907] protocol 88fb is buggy, dev hsr_slave_1 [ 2492.812885] protocol 88fb is buggy, dev hsr_slave_1 [ 2492.816129] memory: usage 307200kB, limit 307200kB, failcnt 6499 [ 2492.843361] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2492.853950] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2492.861051] Memory cgroup stats for /syz0: cache:4832KB rss:110476KB rss_huge:14336KB shmem:160KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:110532KB inactive_file:4KB active_file:4KB unevictable:4780KB [ 2492.883899] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=825,uid=0 [ 2492.903141] Memory cgroup out of memory: Kill process 825 (syz-executor.0) score 120 or sacrifice child [ 2492.914443] Killed process 825 (syz-executor.0) total-vm:72576kB, anon-rss:2216kB, file-rss:34816kB, shmem-rss:0kB [ 2492.967888] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2492.979861] CPU: 1 PID: 27108 Comm: syz-executor.0 Not tainted 5.0.0-rc8+ #89 [ 2492.987143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2492.996493] Call Trace: [ 2492.999095] dump_stack+0x172/0x1f0 [ 2493.002738] dump_header+0x10f/0xb6c [ 2493.006459] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2493.011575] ? ___ratelimit+0x60/0x595 [ 2493.015471] ? do_raw_spin_unlock+0x57/0x270 [ 2493.019894] oom_kill_process.cold+0x10/0x6f5 [ 2493.024422] ? task_will_free_mem+0x139/0x6e0 [ 2493.028966] out_of_memory+0x79a/0x1280 [ 2493.032966] ? oom_killer_disable+0x280/0x280 [ 2493.037466] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2493.042593] mem_cgroup_out_of_memory+0x99/0xe0 [ 2493.047264] ? memcg_memory_event+0x40/0x40 [ 2493.051599] ? _raw_spin_unlock+0x2d/0x50 [ 2493.055751] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2493.060862] try_charge+0xb4a/0x1570 [ 2493.064610] ? find_held_lock+0x35/0x130 [ 2493.068723] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2493.073617] ? kasan_check_read+0x11/0x20 [ 2493.077772] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2493.082629] mem_cgroup_try_charge+0x24d/0x5e0 [ 2493.087227] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2493.092164] __handle_mm_fault+0x1e26/0x3f20 [ 2493.096588] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2493.101430] ? find_held_lock+0x35/0x130 [ 2493.105496] ? handle_mm_fault+0x322/0xb30 [ 2493.109783] ? kasan_check_read+0x11/0x20 [ 2493.113970] handle_mm_fault+0x43f/0xb30 [ 2493.118042] __do_page_fault+0x5da/0xd60 [ 2493.122138] do_page_fault+0x71/0x581 [ 2493.125944] ? page_fault+0x8/0x30 [ 2493.129496] page_fault+0x1e/0x30 [ 2493.132950] RIP: 0033:0x40f98f [ 2493.136162] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 2493.155061] RSP: 002b:00007ffc56cc4220 EFLAGS: 00010206 [ 2493.160425] RAX: 00007f028a8d9000 RBX: 0000000000020000 RCX: 0000000000457e7a [ 2493.167695] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 2493.174961] RBP: 00007ffc56cc4300 R08: ffffffffffffffff R09: 0000000000000000 [ 2493.182226] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc56cc43e0 [ 2493.189508] R13: 00007f028a8f9700 R14: 0000000000000003 R15: 000000000073c04c [ 2493.199053] memory: usage 304884kB, limit 307200kB, failcnt 6499 [ 2493.205682] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2493.212986] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2493.220017] Memory cgroup stats for /syz0: cache:4832KB rss:108356KB rss_huge:12288KB shmem:160KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:108372KB inactive_file:4KB active_file:4KB unevictable:4780KB [ 2493.242089] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=19568,uid=0 [ 2493.257584] Memory cgroup out of memory: Kill process 19568 (syz-executor.0) score 120 or sacrifice child [ 2493.267916] Killed process 19568 (syz-executor.0) total-vm:72444kB, anon-rss:2208kB, file-rss:34816kB, shmem-rss:0kB 22:49:26 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0xec]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:26 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x460, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:26 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x8000000}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:49:26 executing program 1: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x7000000}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:49:26 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x2c) 22:49:26 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x711, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:49:26 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x712, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:49:26 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x461, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:26 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x2c) 22:49:26 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x198]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:26 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000480)={0x79, 0x0, [0x4]}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000200)=ANY=[@ANYBLOB="0100000000d8410002"]) ioctl$KVM_RUN(r2, 0xae80, 0x0) 22:49:26 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x713, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:49:26 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x9000000}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:49:26 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x714, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:49:26 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5]}, 0x2c) 22:49:27 executing program 1: mkdir(&(0x7f0000508ff6)='./control\x00', 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x101200, 0x0) ioctl$KVM_SET_ONE_REG(r0, 0x4010aeac, &(0x7f00000000c0)={0x3f, 0xfffffffffffffffa}) r1 = inotify_init1(0x0) inotify_add_watch(r1, &(0x7f0000000040)='./control\x00', 0x2) shmget$private(0x0, 0x4000, 0x400, &(0x7f0000ffa000/0x4000)=nil) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/sctp\x00') fstat(r3, 0x0) mount(0x0, &(0x7f0000000380)='./control\x00', &(0x7f00000003c0)='sysfs\x007vjV\x85\xad/&\xfb%\x1d\x15l\xb9R\b\x9f\xd2!\xe0\xceR\x9e\xaf-B\x8f\xed\xc8\x01\xbc\xdeP\x0f\x8a\v\x11\x95z,=\xab\x87\x8c\x02\xde\x9f6X\x0e\xf0\xbd\xb2\xc4\x87\x19\xda\x99\xad\xf6\xe4\xfdbg\xef\xc5\x9awu\xd5|\x9d\xa0\xfaj[\xf6Q\x9c5ul\xb8\xaf\xe3\xb9\xd0\xa9\xca\x80\xacU\r\x91\x8eW\xff\xf3N\x96\x0f', 0x0, 0x0) inotify_add_watch(r1, &(0x7f0000000100)='./control\x00', 0x200000000001ff) r4 = syz_open_procfs(0x0, &(0x7f0000000180)='fdinfo/3\x00') ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000001680)=0x0) stat(&(0x7f00000016c0)='./control\x00', &(0x7f0000001700)={0x0, 0x0, 0x0, 0x0, 0x0}) fstat(r4, &(0x7f0000001780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r8 = getpgrp(0x0) fstat(r2, &(0x7f0000003d40)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000003dc0)={0x0, 0x0, 0x0}, &(0x7f0000003e00)=0xc) r11 = getpgid(0x0) stat(&(0x7f0000003e40)='./control\x00', &(0x7f0000003e80)={0x0, 0x0, 0x0, 0x0, 0x0}) r13 = getgid() ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000006340)=0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000006380)={0x0, 0x0}, &(0x7f00000063c0)=0xc) r16 = getegid() r17 = fcntl$getown(r3, 0x9) stat(&(0x7f0000006400)='\x00', &(0x7f0000006440)={0x0, 0x0, 0x0, 0x0, 0x0}) getresgid(&(0x7f00000064c0), &(0x7f0000006500)=0x0, &(0x7f0000006540)) r20 = fcntl$getown(r3, 0x9) r21 = geteuid() getresgid(&(0x7f0000006580)=0x0, &(0x7f00000065c0), &(0x7f0000006600)) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000006640)={0x0}, &(0x7f0000006680)=0xc) getsockopt$inet_IP_IPSEC_POLICY(r3, 0x0, 0x10, &(0x7f00000066c0)={{{@in6=@dev, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@empty}, 0x0, @in=@loopback}}, &(0x7f00000067c0)=0xe8) getgroups(0x2, &(0x7f0000006800)=[0xee01, 0xffffffffffffffff]) sendmmsg$unix(r3, &(0x7f0000006940)=[{&(0x7f00000002c0)=@file={0x0, './control\x00'}, 0x6e, &(0x7f0000001600)=[{&(0x7f0000000140)="af21be044a458e8fd4148ea546a67980506666cf1cc3764bf772725d281325347bb376c466e44831e124b2beb89ffc2d960e", 0x32}, {&(0x7f0000000440)="2bd7dfb5c1eec48d1c76677d9da158810f4405effc554a1863e03fbfb0f2f11ece07e3193123a24778a35c0dd4628c6568581da7f6920f71e42edbcccf2c89c98d3ecff582bfe99ac477455d25640b25a8f7cfda86d86d17db845d399c017ec82e594d9f53d409b2d74976dec8e437a2d435d1f2de68734e20542ef8e16aa2af9e55f35cec475f823c654202198fde0b5b685f5c5a47619e59a9f71c4e9c9b75abfafaf59d6ce56c50894bd8cf3f6d120325eb672a7b239cc00366e1dda198a6855de9f598ba449e7cc191e0b96b5826d054f7440e1f5c03193b9f9b2fd78d209b3bbf8574f75868abfd5df1b049781aa344e0021a42f085dfb4c35a6711e68bae43e5d1a5d16e8cfca259adf63dd9c2b348dea0ca6d55460753e4fedada3198f5b0fb1d14b9cc6bf717e0c0115a2a5a28b62226b5ca9b7e1916f4dd71722125566b3b30dbfceab35a8debf792b0fafedb2deefb332903962841c9a2d8d6cf82b944c4ca661c77228c1d9ab62269c0b4f89728a4d6879fb4112e27eac0ed609b546cabf0253f310a40b4f47b666b66d809fc43c11c8a6f4b6d3588c19b5046e6362c1df129c189a08cf36c546c4b36634c3ddd1a845d750cc5d4daec5bb6410fa1b0dfc3a8a0e0c0e0a8565f877d50cbf2814981e2277e13cc83ba152ee0965b06df527d999f20bc8752c8b95675133583cd274429c2b9fcb691694e6f48a6745bc2a0cb29a2b6a59c1b51a63389208d49f4854b1f1cdc1cf8dd2a4f42326285cf5f2d43ab2453e2883a0306bcde247727858410abb90073e478674726e176eed174ad959913f2afa34d91a75435d8056e884c5fe399b48aaf8824f9b016fa25d5bbe2b0e9f8b71f0c90be67443057dec7be34c11fb135da03cbdd4ba814888ebcdcb059c778cf18586e3cfc4c4d52c9f37113a28335b116391c81c3a7f034f416d9f1c581062533c3b393ae26a775eedd0606a3c997d86524e92c0855ea1365bd99dc30ef8d104c563bb2a3d19358154473a3bd2b1cee01150ea037c92a2def20e6dd35c942aaba780e86d3a50cecf2c3663cadc4fa3e7a667f6f1656f2ebbe2f7ec3c5b00e2f0a850169398ddd5baa9a472acb474d3e77a902fc2f47cc2fa5eb33e91d0563bb59de89bee3ba9b5932d9c7a43b6308286d1e27d532dd4affc0b2e60af8080422ab70416918909efc1a33b276c7d88998d26467a8f9b83bc186495359f2305226b02c09361b3789d9ad6eb45bad1e3e3ebe73f18e994176c84d8fc3dc487beb1c2cf1e38ceea5d36fb144df03662363f6e82e4c4cad6e6d72a9342ea2ef9f6de80ca424141373a1ef102104d425ef849c4d758c556b84f52a2f33a2d06cc040ba6583bfa04f71169f0cfce53db2b88f42227a7e257290322ead82f064c8fd5d262fb5098907a3300237eb64a8fac0388d17f001d02124ebf3221ee157656e4e9acb6ed2d4db628c5637fb0d994722251bf5de60eec5efcfecfd5a790ad36b270d1f20ff6284ad9898222634b4cc45837687dc989fedc451f660112c443edb83c4b0bfe6e12ca7f07f838eda2a33bbc200d93dda8fd861371258ddd47ea0698f2f34edb50ddc82d9c80a7ace9f780f0d6f1e8e5659794e9a0ea80d9bf707d27121c6f976f74b7866edefd213d388027b5f00a4592ab2d01cc24025f2759c7916129a36c0f3a0e24673e031818e868954f89894c81ec4296ec7c4cb04b5bd1da6a4a9de33f39a9bdcd4f1ee6864ef1df51bbd31600a4864f9a45be8ad3f052b87a79b91b67a72bfe2fc221f9693e7feae73604c36cd31f7d8251810dc2a2900e56c50ca83aff6c89adad128248420fc47b3bfb59bda2ac675f113d0d83e89d5337172309103c05848e43070fd3635ef5928232dc0372caeda88b909046a7d0ef03eef95626c45fab043bac64ed909381afe2a2f2efd371f93afaf01519fdb42ebcc86dba7131db5bce1ac9f089fc5eda807d937eae555a8b27eb33d64eca4dbca664da84d3a1414a8cce870b2d65a0ffade40eecea9d4957727a0d6dd0cdc8c2527d0420d72bb50cc37f5f39bb94d2611e87602debaacdba4cdbc348a74bfd8b00424a2cbe4564d021c357827b2d3fc5c65179a6dcd3510642963b4cab0dfdb39220da0bd4eb01cd3aae93beb1362682270d5e7dd64e8e0328c3151c1863254e6ba1784604a41d2e6e8471de5021aad9d33e1dd20ee34ecf3c90e74f8914561b6ad377e55ea4c406581eef90e8bf7181856ecf1560494f387f66720d4c633931689de2cb7c7db5db011731eb1fe2ab69b072ef166849130eed2619b1db34857d3e56cfd030a5fc375caabbd9a99c2005de0abe7ca6c03eca1b93c26a9db0aedfbc727d99a6e92ed41d4a5e7f2303128525242e6483afe650a09de14b5f0b2ded4ab9e27cffb51c515fab57a0010c89e8dfe64aad2e6d4f2632415c9713b23dd5546d62c0fba3d85a4af488ad30283cc47ce937bfc4432f05bab29d0702e84441e235e8e92b8459bfd54fc778852b35a3a3ac666cb701fccdf14d0dbb0878c797bbda796db7d462f5313bdb2df4810864d7f4fe0a32473af99abb34bd2a31fc152461115d1ba8a10c0e4b776d9e8ae3a7c74de97899e4e46e5c1699b3814b77ebfb3e7a36bc9c477f0a915feb4bbc4e20676d514f9e8bfb382c9225048dbfe1022ecd2b1a15c4d2b0abffb86203eb0900b939b07d72dd0d5b5899b84fb236ef672cf113dea8ac54cd1d2293a5ddfcb64161ef5e710c61d6d76fadeaa52703e216642e7a5538d34aea8c4cf2ceebe29ccdcfedacd25071ae475c5fb061adb52b36b14da0cbef09c90d410c31d683628cbe42f7ec1116563ef0457edac7678de4e329477e0b51059dbbd431cdba7ca3e7f235f122d37674dbdc39e2ad98364dfd8820b7dd4d986c1eb04d5076b95fdae9e62f1bf86508859ebfd0f4747279f20c08b72211bc4f97176cbce24dafda6a07c2769e17ee206cbee3a24998226b8c3e85d89159ce639bb22f1cefd55ae9b7cd9ef959bc50754a9f60321fad785e610ab9c1dfb355e3abba59bc9e7085363899b4304caf3a0d54840f41834f31765a0673d4211f0f2246e3656a383a90ff23b864c5fc068417e7e4c4239f3fd009072e2edf44aacafeb23cd7eea198fa87d26da2994334e29e4bd22810a5fede03716fcb149fcded785ca90ae2182969fdcdcb09417fba478c1dc3d4a10376df9732423920b081830a453a5c4aa3fdfdda8a030a0757bbf1ab47663e49c58d1cc59a9122ac187e229892c63b878182bea4b036dd6e7b54fbbad792410199f79a7b9db03e5391ecf418d0dfd9a469a1b49aa6b678f1fed1d60f7eacd22f59f940982ebbf9f86f7733728a2c942379b21d5d913fe2324f0e00c05069a36c1aaaddd3b15f896962b76434e84fd0ac0d4da1f956d5d2becfd9f59d2ea55514f15baab7225dbe255199bae2ae60925ac8e0ddbc5a01cdb1cda9b8f416a53f8c03ebcbdc771fb3a34032c3206f56ef55738a7b9c5737859c30944956e9fa696a13a626ba68d49c7fb46d5aa7610c8e27c90802c91c7228f4c50d40ca75a7f1949a67eb90ed34f7fa554e62f3d0eae10744a944cc5d73a4188f319df4d11c99fa254924f1bc90672881ace4c4f631e28b3c84790f5258611058face9446ea228b37f33063dff6e81b0f3733f573e4d35d43708b0cf84bf3364fb2f34a57c125587f3119327f89dfc06ffa32eb9d2a7113fd0465f47020e1eb1b42fda85e565676d111f86b5b29509a0f8c967cdf10a6f3d2d40ab8bda77e9561d7cfe9c39820d5107fb793f56f8cf4c07c298cb49b524752a13604cef4c44c3d4fca17919202dbe2fb5c69faefda6f0b8c0d44a635c22f516ec583aa06191d5f90b81dbfdf98ff02ebd8dc9710f9655f8687f51143a6f7ea98dc5f442d14e91efe7aaf3b604e01770a7e5ccf80565a13d42f87addb1229cf3b671f59520ae400e9665ad8a50e703724b24bfa7c42e8c35a205031b90b3b932fc0f76f5f39ba6d644b30a72e42988a1a97ea6f2d7cf0de36631b4d41cc4ab4a1f10e3ed93857d556b351c95885d6c42307bd4f317ca3b7d2bd4874a41bc9566d0b93358981377c61a57a41db6436a109da0095a2dd0a593ddb907e89ddd8098fb6b8922897dbef0b477e0f201230fb6d4f9868fbfb108255e090c9ad4c8a86d51a5e4a7e517bd6a67b982996caac30a33964b0b8ed23c370c2544425b57c9e0048fd99dd12196d1c5c5dbe5991ecca2f3276d3237f8bd4b3c5905d907b964ca4d53fa269cfc94f4523a69a6668a85385500ead02427682c9d1290fcdbb16f254c6c86e9d4223f3dcd8463ced6726159b17de3f1d054b26d409c5b1c7fa820aa2b119838008738d0ca11a4a9b231ee1b9da39cc0bceee27b80bac3d25461b908cd3a46c9822420e1f00d8c34ee666a29042de3326d39d96384a943cba5fca8008ff6520e359fbe555c79e550eae31127b6eb833acb202d46136abac3456a0cb1a192c68f6c325f527c2227aa11515cb39e386af8a43a70322f0bb52d27d65a1767a37e45c224ac385a03861ff05bbcb900799e82a4ec176098208b2aaaab7b0a6a7b985a2940876c11910aaaa9c869e866b9426fa6721a603892b7e555d74b0d4d7f02e51c8e15394ad99388e659c05f448da9f3f6e903568d1e841fcadbb49898a1f03714e8fc64ce172bb12a9ae025ebeb1b838fc4dbff1218e7c0f0cb884db1eb1d4482a54ebdee1c9954ab70d6dd37f482a8ce5580a04f1c25df1930db7ce092e66e0e4edec9267471c8b36cd160ee9a334c2e246263da6beb3e578b5a209bfac303e1ad4770c9313394b2a86ef3254e9d173dc2d5605a60947504a3150e362de176d672f672f91ddc9feccd0bb52f48849e5f7916c68431f6446ebc9c7bc38226fe7d218fdc674ca13e8b94188b923b979510fea1d80ce24ec7dc86c28c7234d136951cb331b83d3d416d15bc18ab73d5c62bcfd36425197aa88729616553f0dccbec6462ced81885b909648e1f06d40ec19624b47442577468508ec6120529358f0ab3546b0f10b7f0c98ee6e72ee4ac7e0a511f088a13598709f37ae5b5c588eca52696a0c5edfd81debd6d7c751e1e553c3ff18b17f4f5a10d103a2430321b1fa4634ad3dab9c28b699e68307dcb620a95777a7bdbb6704d7923911ecd7483076e6d612fe73e39c2b0b8e40b9d7eeb9358931b880c244db33cd3529a05be879e9f75929f71ff0946a7f2beb3b1d3ee9e65b8ed772cbdef3101a5d6d9f0761106c27f5b07d41065e5aad8e6a0a9a6b4933757851386ab17473a3395a781e44acd35ce53fe51f13238abedad7978f66e9d57c363c69b730083ab79c65dab710241f88b2250864cc38bfae4ddff9ebee880055c9792da8d45ac8f637bf5c3851ad1e6435c0e78c97664c30d47c68ba3abd97c2113ed8b9a3a629b45995062c73ed6bf91bd319a94bd035072dce19ff7342f5fbf87ce337cd2535929cabbfb77033ae352783c65aa7cdbface6f7fb2da251209a7b9d7f15fd88d671d3700d16d0277f391dc499206689be75a487d09e8f713cc4a6c7347cffe298d390595f6bbc26e38a75009a4a678f92312b08a8f876655f42016e2bc97de2376826e9f459741fcec438113eb9e85a39dd206c47323c23f2b25e23672c04fbc7004f8829a6daa95417fc74e45b93fcaefa927bbf61ffc878f0a2fae5ee56636dbc1fbe4a6596c440f4e355ce47812ed51b72ff6a52f0f61bb0f51a6817d9031489660a082c4bd66a19439fede7ccbd141a8ef0e", 0x1000}, {&(0x7f0000000340)="2ad0871b68f0c69152ea8599bafa5dda41f62f53cb2ac9dba778", 0x1a}, {0xffffffffffffffff}, {&(0x7f0000001440)="8d6aa692f6e34b143d452db1d730d27bc22093c18e5fe7b835dbb7e848d18f0a399a5f97c6bb93d913cd6ac0e075a8e76930c55d12c8e7a9", 0x38}, {&(0x7f0000001480)="4e0566e57eeb0dc8139a665cec8e718f6240fe4292d59c3962ea3261", 0x1c}, {&(0x7f00000014c0)="e7fbb57bb41510ffae2a3367fe994785095e37e1bdaba70ab83ef3f09c7e2348c1dfb3eb6aa7a2d77367be5dca5cecffc62ff1d338f72b30ac8c54c974ab82ff7455109600860103295c07d472936d7b9d42442c797dbe9bfd22aaa1ad682c0e299974adb894f7d2fdfdc56219d4a913932791206cb636d2e1171625b7e7633b0a2f370a473657f5bd27a8bfaaf6c30604d74f71f27b284ff924866c5a23fe3c4098ff11b069fa310559f6ef3f2b4d87213eb509b5c67986f5c8e37d2f0fa0382a0ab175efbafcc77d2b5369ed2d65c53f33de0b56a9dc1fddbca63e", 0xdc}, {&(0x7f00000015c0)="d6dab2876b1853c1e652d94a9e62210cebe7b59e672d2454ab9e864534fb1aefdee36b44dff576c1355cc1311eaf3398aa05b1b6b1f3b74ff45126669812", 0x3e}], 0x8, &(0x7f0000001800)=[@cred={0x20, 0x1, 0x2, r5, r6, r7}], 0x20, 0x8010}, {&(0x7f0000001840)=@file={0x1, './control\x00'}, 0x6e, &(0x7f0000003c80)=[{&(0x7f00000018c0)="cdd3b4dfd3b2bb130566398c8ba2909738b945f991e3157f11b1019f7746e699ec04432ef662f7c34d88e506a3d34003b1d278f2cc99748575ed78e9c1b3b02c934590ef03b75a29d2e552c15adafd3c7da56b1dae0a803bb6da6751189e3e50345a38c5283596476f65fac040e9ce8bab3339ac209d5cb62932e5b8fea76d2f410f6671d4aca7f8259605165d295c746c82c9f295b716a5a575683ec9844345f962a0bb8efb3e94699049385f1d8fbb9c165bb89755f6ea2018d7e40f50934e8346bc2c52af8c17e2f9722548df0334ee85d12513820ec53afd8ea01628d96b5fc503447ae7a903b60d3df2a487369a0dee8d92cd445a654c61e1ea4fbc0aeef69e1c61c2a264dee26445c37197efc62f8b7e5cea8cf1af04a1e55cd44d814382a360e8d0054bd4dcdb0ded9e3e75d76d24fc6f5fa3ee4c8dc234680618295099b25879f5f6f57c5ae880e6655ef5f4590cc34e8b01d904cb804d7ecf837471e9353a62efac07459dd0ae1065abc6cf70a0116f97094cac6c274d5dfb4b190595f36a91a1dec50475d429a8bf037ebda0348a8ec1ced02e657fb904529dc25b851decc4249a100c94e4a0b6c5eac3f94eaf28194184c32111989fe970892840308bd0577f14804a530d453caa4e83715adaf0984c306b32566704b1fc23918aa007d9920b655b58639d1f9b8bfddd77d38de958ef196def37b1282dd088f27a7902644fc729058c84fb957a94546ec1a0e9566b5613c9ca77f4dfba05c410cdafea6e3b0c9cfe07945515f1e83a4661c8db117f7e3955fc25400e05c1f84d21d32a550767d9bcefe8263409773f921457ea754db3a0705c28d6d40d76f4acc3c70dec96014714df6b040cd9205f1aad2b2e2fcb46052b18f79f6f26574c44b2d4b4cf07d18fcd9935522ef0313b4ecbd80de5362a15643bf2eebeea5b6f2f120331238e461bf8a313b74013de50d93f01f03b9acea5d6c6e7fb36b854043bf7538775514ed7cb33870c58e0d33f14d4746a37f1f5dccbaa7d39c643e3177dc480c14bc445f32990c85b7d61da5897fe0d69fa6f49220b01cdccdbe920cf42d7da734877532daed67f81e9874b60438e90d4bbfca5be1426a45be0a4ca28a3f1075c15a91be22bacc4ea1a289909f9ff53801081be1a61380523f52c1ac1a5a627cb1f8b66283c0b0a6333b38cf8925a1060bc224bc23f0951ca1183c6822e88b2734c38f0177f52c06d9945a566badb4e466ad622f2f619805061e126a2a39d518c1600d191d907f4048c0d64cc24b2d7d0242eaac0db5a5c6abb34085a8ce77d3087db2c2092bf2472d423495163891ec67faf8f2020c32361350f9753c2c3753b532a46d5ea7396960c9b631bd3ac9864f60c5a9b84385ad46a542bec45aac7defbd8d0bae0417ea7e1854762d51ef90b500c9315218e0f825fd0ff9cb41d1cf92d1f0a5a2fa0e56e82a0d3e3c89187028c89fc164fc06f1f6a5a1173a0731a612c3b1125086834ea978af34d99fdcbf7f562d986148113c89b164b2b9399062d131ce71a73c5d524be8029f839793310240fa5d31774bc3291033b7f730c5d74b0844b514ec304e644a6d83443ce7109dfa24bbae1f6479f279f0ab5336ac6bc82767320fa8b6e9642491b6d046c79620b953a268dff48030a4d06b1eef7dc2cd88b0867afc381907332749b6ee3d2f37e3a7c9d7cba95f8804b17f5152b970b5c81f6a4ff8cc72f3a566fb200edf1a507993072ede11206bc63e8a8cda861686bc89b2835b98b88c59b907ab81db8ad1426ee35f6d22f3c913df47774d84f1c9996288cb8354650963e20d9dcb60d5794fbc4e021169c1b26d7a50fdb1c18fc53db61c74ad7cdc8ff3e99264714de51532117dcd086a1fa2e7ba271121abe17bc3a560217dddd912a756fe329a102019c5d3ef31b4191b10ede506ccf13ec7b88773c54aa96f5a6badc647e0e04e1187155426078f21fe58b0ece7c254a2b87b2fa857766a5e061c7c1a803b586ebd73e4091d458ffae63c25c0bc1142b3898ee71bd763297627cb69646980cfe58994e234d4870018d92143ab4a22421571e2b6e51fbef3d272f3d25b1d1d1637201e27e73edbd80dc291061f91350517908a5d92b097ae2e69f1420300c5aa479859615887783912346bdcef61c62354e3f88414781f51a450360da8f5800939ecfcc28b7494fdc967b602d91e39c52f16182dbd1ae54b8aca8b78af378bc74800e09ae76e5ffa4ab371c2b2bdfd10ff3da2a24dcf81d4f2d838075de77900b260f2450507791275f3d6229122400469a3020a7b76d9300af1452e1c219fd57167905848d8b1419b66000cb5004f228650d54827b4bc8acddb7707f5b6779f14220e98c8199f97a6d7b7813ec3c9cbbb3fef3265a05992e246de4eb54443a473c5ca79344d4ebeec9f480f216b9a46a73081d9a759b0c75e7d238ed6ef870962b37c1772932f236dd4ece47dbe53c9820f477559f6d782c161f722ccffd7fc9b4859ddfffb908c3e5f1ed1ad21f0337d151119f7c383a04229778326965003429cc7905dec43b8a12c64f77d0a484979ffb50c2cdb6d5170cd0d2cfdf92d08ef7f9fbb24dbf9067be690b9f33c0201ddcecd7a5d6ac9f8a2d71d3aca6e3fc89bc08001959d2cb4d8cbfc075ec5350df28bfa54cdc09add777f57c8303efda0e9d2f2be487d9842f1bd6ecf7f19d3515536a54664bd763e1e2b59f9af29819d079b92e6b5e4bd269a70b3212f06e813809fe5b3f8e9976d60c98f1e8f616dd9fbc505b321975472bdf324c3558245826c2c5d3e4e7ef6be19483d0e47124bd8583e45e60fbed8e2b5a73e0066a93429b1dde3146ee8fd8d298a40f764a906c276f5f340929f86d2690d87c7dede329b762a2f65b5632506b3f9c8833b2df1e5bd020745ee7ed39c89737d12dd48d875852543bca00ce0162ba4fec0149a208f6988279c4af8a36b2401d32cbe230e44a979dd226bcc7a17706d28a3cab8d6599a272025f1c593dc3d0eb3fc9c908184ac94549489a4eec1151ec9950cdece7eeaef4e85d962be54352d8220d66a041cc6f200afd93dc9131d8d360df6fad11b6245d19cb4b4b7c0e19fee1ca79c3a70caba4dd0b637c9bffed2781118a8079a7482d4fabb71fc0d5146ec2040df65c78cfddf7139fac75f64031140e4e567b6f9fc7496170fc082142954f21e9634c2393d766d9abc3996be2caf23c6ee48585bc076ab3e0e70a464e10b8fcb3e74c1f2562858f0fc326919375c4d0c2282a66130a363b3042201a5fbf8e9eec57499164edbae9faf362219bd02440254524b28f14cb64fdf204deb18897c8e6853a29ea10d7193227b74dd1b34901c961f998d0357dd2dfc48b8668f4ec5c5bafc436ebb3127f98575e5f5b491da92fc93c4117424a280cd5d9fed8a0646af5528386e9feb7b5136b43f11424a702a0372e39c66ad358bc24434f9ae37293a090caeda2fb02ef77ead6aa7fecab87ad764c6315acbd36dd2fc927beae9d6d65da60a267ed7a2bb564f638cb90f1c5f3e705faa7fac17fec24dc91cc2d2905ab846ccfd9f42e9539d3deead7e13041b90234c6dcc242c5257d2d417715dde3aaf01c8e831747f94c56be16de40f9ae129086097081959f0456ee06c3e0aa1df51b4fed2be6ee1e2a9b23b59e30a3ffc2aaddcc76c24db5d6891ebc947bd78fd468e14191c05abaf3d5c59c83c1ffe15952ada9881f1a01119f4e47264d3037e4f3185b3bc690d4053030ca22f0279f3c790b95565f12f96cd120f6962c77f237b6218f96520d4bf60e38934ec4a1ad0cfd481c0963c266404a1d830e46f08a328581c6d799918f205e9b4a22251f1e21062a6d60a55b1f49b5aea795bfb67590c6c115a95ef45885c9401a1358fe6b5a4cc90e97504a10579aa84910ee9e576535b4741ab2f8545b7d55b4642d0d98b3bd3a902df2c079e1b5e2f7e9b9abaa04600fe06bb9cda641c07d1a69f8266864249765bcd3c3ff180d2cd384a04406a56e0955e66794354c7a4c2f38d8eef873708aefb575475f1a33bd664bee528c630fcd70a4dd9cf97970f4008786b7457359ed9d49fb743aa2fe1b13ad3bbdb2c9a572d20c0eae29c53830e2bdea1ef35f0e592c657102c016254b908ab18e14f7850b6f8211490ceccef3bbc6bb6d9c375b69b0a361b60b3efbece91ce58d88334627332ce17cf48ef898ee365847b9ec2c1d51fb546c7154abe4043e0f817bcde63d15217224f377a81409f0b368e53fcc08d858f387012d5fc818ba77c2f3bdded3b20d4e065e7b9a8cbc6eb8f13e8e946f7adfee0ab4789fcdf098d7c0ad297eaadd8c30e23864b76062e39541592051c4248c29f0aad50ae73cc806668b42c4c6ff5236fe78640f45f863766538eeaa69b050a7e78159280c195c61dd997ddf4063e3e30b8032f81d95477b300b8f98d6a932e7a2c277a7b16c156469623590e871b591f4c0916014f953a7eacf434fafe254a1adb37fb43ef4c26708130eaefc8512548f2c5c3adbeac12db051bed5528132d0c720950a8b87369e4a4105199dfb71fe1caae0039770ab1bc7e6dae0f0af5246e28d94dd3fbe3c67902cac058859188c2871a1847507f565afbef4d97b9475346b90c5979eab3668a69f9c605c9e2b663f7d0f66f316dd5c25cef105fadc16d0b546a9991e9b025e4224c4105a4713707d2b1214e9f015b8f5e2b454ec0b82e74f2bed135ef6219a0ad11fe1676e83808176731624fb94c771c0d80bd35e4f9d4656130c5856e601cecb6ea21f846348fc42ffafdd71466afa9157b7706d56a45dec3615f0074ef325346c9f784163008de483f4c21a653ccdce86cdf5a44479900dcdbe33999a98ae8f3e4ca4954ae9d6f92dcce377ccb0607b84999eb1fa5ab3a95f1aa027d813ba13618b45f65fcec941908a0b130eeee4bd9af2b6e6f7e538bea9fc1745ab68ce908b4cb3fdbe0070a8c5c4bffca95a5aef3b0631edca1a4d3f97ed14ffb9847aa643ff48fea5bf40585fb9536566a305defa0611ff00e2717d78fc500ffc6ae45914183827bd92c5443e428754f34a182e50e262569c7fe1d1d6f71927ff9733c3c8f16a0d7ea6dbc6d4011c4fa98980499e27bac0610a81aed53c2edf7356ba2e9eabbee0ac55fcc2f19fc8c60ed7405d60dd1cfe726efc75e1cc9f75480718240f0194fc9d38dcc2a49677d49c904c468631c4046a53aa63ef6a308a20cbc80f924dcd48da43f1f51c12b6971000d09c3aa7fdf43d316a302239e540d8aa4add5bc5fc819405dae6a27dafe7a2081f4aac373578dd029041e842f7217778501a4d83636c78eca6c91ebdf66aed963811df3b2f089f6bb3ef5c04b98264b16e699e378b43425947a97972d7d62d69d6387c96817ace6ddfd663ea408a03b1e40af7970183fd1c8c5280106cfb2bc450be3a05c88b6ea02059217e00c4bc8476c534d83b7be2c5f083564cff0e8daf55289d4485df41ea36a15e72ac52b750291caafac6e526a1889115c9530c3c9824ab349988d4b0629ca65b0f3bcb2551fb046eba24306ff0990f8acbbdb52e3ee9cc78fb0d16e4ed64cad5038c986ea7616b28ed9f4784ebca1e791466c552928ca11b65ab1de52199050175699c99decb3e3e592c613c3a7469dfffab2caad33ba194cb325326f2f211fc9385fedbc83d8be9247998786be61335aa5c5c5e4446d7e74227a8e508f97387525790029b25775e84d079f17565e1bb3f7b8533c42df2023ce8869df603a7c31999b0e9e87d37c4c28ce0", 0x1000}, {&(0x7f00000028c0)="70616efd4f79e76e7ffcae7ef96936da364e97561863f954dc0bee02868cde48e51ee17baa1f1774b1cb65c605962f0487706b4cb89208569927e5422b9e8242955ab2d713f5bd2e2423bcfac6c7971e018d65d84f7620f239c46dc0466676a6dbe8e3642f153d7f4ce6d011c1af51c26f06a3f3bd4c6102b2bde2098bbdc0b438cbf1523622eff00093e2ad0152069aa05aa8f3d91b0cc02a4dda465772e2e38aa5ca3c7774da3b2b1b5b589ecf", 0xae}, {&(0x7f0000002980)="367f75f333c2f74ba329c8d08c02b496a77367228e270fc3bdae28e4ec23ced57e66357d282754d924b58a02ebd7fd16863eea6790d337601f5c790eab5ca6881ba18054307ea288b7ffbe7d8b78dda62573013cb9", 0x55}, {&(0x7f0000002a00)}, {&(0x7f0000002a40)="6ae3dad997b2589075c7c901bc02601af6e50f00f9f3440243ae9c0b34173bf6a1f240cda4ead763e05b8d8012e857a8085fddd97efa48417922", 0x3a}, {&(0x7f0000002a80)="2fa96010997e59a5809b3cdac4dac725bb253ff8e354ea9e11f9600414c6df2c3e8cf82ee686cfc85ae9a720b38b02b324224cf486a0d418bc06b2806ca2899ff643c24b75f36113ab78440a864c0b9bfa59c7d3a2db98af69adb42f7240b8f5c4d5aef6b90f893f9ae09561c86fdea9e6408bc78e68493a20f334a3321d8e7047b040adbef1cd8999340cd6c9ef9337b15df6adcfb64148eae52b8710b4c8703ecfd2702385dcff8befda83465c1176b94bbdb6491fc58687c6cd2a276c1f3754ea53e4707e89d939aa71dc05f6941c4ee8", 0xd2}, {&(0x7f0000002b80)="c9ee0f420fb5eeba0ea0e9fe2a0900ffdf83884c4bd505dfd3136ab9e7b5e817582189e4655d96a5897f834fd1dd46ff62849d9894f82a629fa00594bb8aa9a948eeba147eeab6c23359c4d33a1ea82fbe8a38366811c4fd69a2eb1a4013840c2f6ceda9d593c637273dce19eb27e2238a28458408be4588c23bb185396f61cdb789bcc5828c3ac7b4702f57f5208f6bc1dc251541fd2a50647a7c62841b156d60eb7122fe0faa9f48bbc57af8013b1850d84fde13b0810535d04c53503cfd6d722a987bec6a2fc5baf026195f5f48b46a569cf1ddbe4794d1df154a85274553071081c9c7674e5d81872dd211ea8ceff975fc05fdba01ed1fb7c3601dbbdfe72415304ca0cd000414ba51ca77cc7ed7a49f6c75778ddd150fe7c59e892cf4d7fdf509c637b265d8173433c632f66044bde03d2a65ba8d14471237830e4f69bfdc08aa1199d1b13394c90fffcf266d8482dfa113a4f3b27fc3ef5c25ed3103b82fb87e7d39acc060099db92610e205c5dad456c40db5ee54b83a2625c2f386c0fd08238dc582e0adc9946a5be54a08df265d0a57025d50148fd92c5597ee03e35660ee1f754611f12f90b8085bb3029c3c28455aca1ec336a2fce0e8c6ec88dbed69945690941d238fd4c790159bb1f1cf85d511bff7f07bd156ea80e13202234c1abf49a60d30874cc6a3ebf87ce154dc46aa625e292fbe3c2b6e6e5ed978f5383396f039a1ed1f7c8ffe74a1ca79d1b4aeaf65597797ef974b6cafc0259c3518ed8952a1ff9d92de7f269470fa507ab3fd81f9a1baf9c1e98eed7e83e83f7f0a436803f890e2f9347f6722d6f3bfe748b541558276d6a8c7b118f89183fc37729122b1c993aec020adee862eed31e33bb804c9523e8b94747357a1dbf8f95de663b9bc21a45b78d43c8af70208f3e9459ba0b785f0e4804ecf2826e58ff351cee1718841b81f836e53ac6673401dc16e8e96563139447a941aabf91be0c0320929d11bed9056ea747015cb0fa910120432ed9d15d51ddf5e415a00ff7668697b8b4b589df9bfa4ec00ade0a0709ec3ff722f0147d15e9402c92928070ee9413f4d68a97109c8777a02a5667099f1c9cd8811aaa1baa622f0c8e24eb09e37ebfb4d299bcf883c52dfbe65cb0e09d9078cb4df6710e9936e71f3c9abbcb54d578b35c64860f0187a491660ff690fd838f5064865bef97d01b1f8df84ddb6dbe3fd7902e222827beb63197b8fc5105aa1d7df07993fa6a9bda7e54b77b223c52ed8457f3b7cb716a2c8a83989983b3db63d238e1e77afb9a28a0bbf99466bc7cff1efac3a893724794a5ecff74c5213753170f5167cf438e372ca789a9877f84d79ec0bd002f19a4d184d40bbdb21a59a065feedfd1dce50e249a96d7bf96690d1b27bfb31ff683e773c89c404b08568fc685e34db5ee0e4e7e185544cea354f423ed91a54758c28d25bad285db09aa256984a832c835406a745bea6c52f875de3362dfa23ebedd36f7b758f8ea618f0771d15fe893bf040da8ca3e46fe102c26214cfe85754170e03515dec2279d0a2a9e3697257190ae54a6b784bed8e204116c8bf68206ab19f991af6c814e57879091acde5c59b9721237d0c93bb46245738e6031a999dc39873dcd7abc72039e782b593f20f675790030b527bd72d7bb47faa52786ae59a8ed21f22e958c0653108533442fb15fe0ec2a6256607a498986075322beaa2bb458906151a788c95a34057eb65d0e8e850fc16fef1cb4d47e8cfebf1c10832c55b94aaf9298e0b27faea8bcdf45a40476d1b79bef81cf3e592571380e2406d4727ca22b7ec985eb65c283ba44c3df8cd356a8d0b4ee659c3cb34f3b9f96c31e1fb5da8927fa15620b791121fff4775c9d3c7751b8586f52cb0a92bc29fde25264f00e55abdeb79dd42c98514d4556d3d572a95e3de5d010df497807df092f3a0829574c1ef558c9acd29a7e35983dadce09c274fe1c1f864283debb48ade5960b52d09c9bd7458e69d2276ec841922c4baa7a06783671bf5b29aef2a2a0100ef0c21691b490cc4a10b04d430be5802b5a59e601760c4c68ea5089871666b12c4b4306a5f21c71d4ea60650fec616553e85c3edbd903ca4df7337984ba321524304db7fbf98758f28bbcaf8dde93c03ccee0c50a48d804a882719d54f7687cc87dc12f86933bd3e3b48a96664f8b183eb8e5471bc517417d39dfae8f8a47b479d9eba4e98c900f0b3742133d1a7072a82d444f7061e6907e7026a1d0d51feafa44110413910360c5e29190750adfecf0a1e308649a79820b92f71a2af6959e1961fb2d7be319ef7b3549ce203aa83e70a47c8441b970edcda8df34792074561be3c5c11b6ce87eaf8db4543ea4db6de9a4b31d0ee39ae871b58b1e26f33e82030c80c059c9a0d47ce9f95f45171430bf63977a9b4f8d72d15c7d3c44c512919a25ec095282c463d3f97bfc68e3701f243f8214cfe1a77eb74879c196b9863d9eda2629b9974b0768c6238cb9a5b1a88e256103dfb86b5f13398662d7148cec692af0d2f39fd5df58b807a4e183a8c85cb4a72486e70e845d6abbddb824f9b6cd97484698c24de09cb13e5e64ed99d53a899b5b940541658e9736022f4e9d9dc76278f3e10941990f2d19e38015792361ccfbadf4946142baeb54ca9f9a11b45e6d430e872e1f65e8cd15b25fedd521717009cbe26949b52b2e84846eb6fec65e257f06ab3bced3f847b901346e97d1f4575a177a73db3b49b920707e3b862ed2dab309c8ed9a37bc9e4edd6b6c4a125876b6defd3f99b0b4c662013f4f474e39e8bae39890a8571ea3f6fb71dd03bf5fa3e760076fa24ba656d7374515c8062b770f1fafa62736e8896fe78ad84bb28949542da2f0090b629274162f59b5c099513bf3b86f85b570c486c96dbc95b847c310f248ffeb3dc9a8428fba4835d513a0ba4d16a258e36fbdcfcbca19894c9f29d6231f9c8d9bd7cf2bc3199702bd06874196541b5d33f14a47c3e0c30eda6ba727823bba0eea1c80ca6ddae99242a022fc82402f6845f64482ba1a2ab34f6c43b45fd49e6f9d9ec77ba43da6a24ffb5d15f357737855ed6e41c29fdf29a6f4a274f06892cb4d431fe98ad653589215055c6ea87ed4a11ddb4a967b5d2776cfb5e318a44270a6c9b4b978d3010a647453a431c2172f14e5fd94823be78db7f2b56cfb9c097e75fffed8701be6331ea3246502ccefee51d95aab15db2083b2aade941e03498f98eb74a796dbc95b4fbf0909adf642c586f55bf1ba2e438a742330ccd74345e25712ed01cb8f7f4e2fdd33cc63750d63bf3645a5aa722a685a1496b48a2fbd21102be87f668450572826c5538fbb6aa3f561fb5ce568ca3f91e2688b204fbf7b716c77ac1ed76db077045c7a1a22109966a22325acf183b1eff7484682694fb4c6afb1223adf13e080e7b4894c21227e0c4fdd26e091d67cdcd996b8a9f899d807ed237071113d7cf1086d9656faaa2cdb7b5c026aa04f76b95f11b250030ac08e8c71a6e9318c1186e413c46b46c4a85873df661866a9237cd47d1f869a0bcd5b436a82033939aeecdc72bc18376bdc76bdb9ff0cdeb3b72875fd3bdf76a72b380bf9cb2951614e568c5ee85d0b9e814b373951130225dbb3c575e807ed90f3794c575c31097591c35dde136468eb9c00fb09e872a8923fadd3c593d4d3175809160e7ceac03b3193d124b6643156f309999bcf093fcf03e0717bf2f580c5750587d5118b3e1d8ad8e31e5b4390d575eb36f3401adb6c25f73a144fc21a0e4e620fe4b2dff42759c590b2965d24c13224847f7dec5468607faabed8a9e9aebd56db7ba03f77949482641a2d0cc455ccc95134e751351f17e89930efd2110894485c45cadd53329217dc5b93f3806b50b6d30e2cc013e5dc7dc99872980ab6614720ef84a3be08f91fd9ea7077f91360bac9852d22e262e0a38e516224aa03b92096a644d5603745cd2dd26ce45d4a4849145590468679d81e0b70768ca07b444afff0b125150d8a4f0769a7aa1e1ca5d876e1d99819972c8479cadab06ee7619cfed3790459dcb0e2d238c760c4c1683163c123570b43eddc726642b9aec0efdf7d4031aad39a1ec2ea7b29e838454b6b6179903fcfc992ae09aff69e89722c87d837bfd09a299c032b0778c4d07dce84a7b58f250a5d826e5c453cc61b45d15d0c03e5013dab918744fd4e93138ca41e523760080ab62577ebef3b7dcb3fc73941fe53bebee5971c44134b12e3aa6f366c82f2bc610522895f22ddfc423531ff68f6490bd4f466c43153e593ba89c2b12446cf15793be4d2b691936910d21a4ede3af63e5f5f54e91024a85dced7df347c9910e425d7f0a4dee0226fef1ed9d5baba3fc1d297ffbc31d0dbbd5148d4b729660818cf38895fcd26f042b6ec77e843f8e413d1c88309f735e2111c4b5d1e56fee058b7100426e00d183d07effa742b2eea75b95a9a7a3a5ac44e582f0c2718ce5434d0ae4ee438d28216792bbe97c2beab9ab5618cef8c1d145f8925722790c1aa6762d9d76fc9bfdb4bdb2987e49223a04f613bf0539212aa6d1d0f4f6bf9dc0d24d1408c020237f3ce5989922cf464c39e26958f08954633cb52402bfd2c82192f2be3ddd13194d66521310d7e1b1f62e7e4bbcab23bf67f02be7459b57ee5e39d743473108209fcce4278e09e2cc58546aa0dbe49ede39e58bfdd9c6c82c58b2c5d7747ed1900f7b96562203c7a47776316b7eeccff72d3a2db3fd4ace4e77b53a7af15c955a368e673b38ff4a6ad09c720c85863493e9eea5517a6416e701ac775b16b125b5a598d15d56bf4c49ad3418ffcdd32f84cf2768850380ec9bc7571ee9178a5ebb0e764ca9c7a0b17caf469425bfe564edf7ca1321e0435789b56c431e2e505b967cd8246eac271fa0ac5034413bba9a8901f9f0d445beba6b67bab934f1763bad5cc582e0ceeccac2a87e0bff003767d2c1f2c14a5f4f3a684a49268b94399b88ce5bc3e7ec80434ec52b359c7e709d8a958a6e3efb6b534aa456c44662927f777bc9b4890d265b964e7204905bcb80dd19d105be79732d68cce90fdd084a939296069988616dd6bd6834911f4938c016412da64d5998cbe6c03d86939404eefdd6e15d70c3f3da32ef24f470d73471c3a37236f3664b43a76c38302059b0ef5dca7aebd7065847b64ae7a26ca9b7b3703b72864f409e88dd57ef81880a1bc121bbbe2946126f3c9097e4809ed4daa75c76d39ac9e54a47220e2c3a2cbbacb7d3f21328daa07482e5daf288db5ebdd3a9c78e9cda409186fdb627c1449399cb7c0ce278e08b88619902b34062dc951be7e2324883a34079b005f578f0dd43c4800429957d23db7b2511e59f3f4a9d0b6cceb6fe2b1a558c5df54b58c3037b0c8b4f534d06ad349d9d4faa6a834babb39a1e5d9aa97fbcb41c789b861d608beef009ff79aed148b96992bf5258dd91af06cf4b2aac384435f8506af2defc6c420d7ca330b7154b5ac2053e89333eb7c456fdf2d8a31c2be2386cb6784bb1df65019097a9c4fd49179c0bc6e91c04e88f19335678b59dde84a06910cf16eb7b47c2ebd1d8a8430832f043995b0074da12ee6be9721690e0bda445c25f71eb7a24ddeade1ec3c93fb527ce8038bfa2f030a1b2a774a34eb75b9482425daf8c8473794298dbf3998cdb2431cf179f27c32e8a9365777c61682438f021ac57ed3b502a6e2eec002454bd18f6aa1b38d64231cc5a175b75c07b5530916503bd9fa6238844e325aa422a0628be2", 0x1000}, {&(0x7f0000003b80)="dadf41e75303792b55790054808ef5c097749006fa13e69864a7f6c8a748a8654d86ea0f2cb49c8fe1ba103a2c93ae692691a7d529323173c7b82fb1385f7714f89f6e797ead23c2", 0x48}, {&(0x7f0000003c00)="f18d974ebc5be3f4010a27bd5d967c220aa7156c40742bc7ee2a65613382ab1d4850ba3e166a87b152fdcdeda23649becd50a20185fbb9198e0821f22411eef033dda2cef1553d7e9dfc96a360a6b139cd94a4326a65d4dd85021c1751f1cd", 0x5f}], 0x9, &(0x7f0000003f00)=[@rights={0x20, 0x1, 0x1, [r2, r0, r3, r3]}, @cred={0x20, 0x1, 0x2, r8, r9, r10}, @cred={0x20, 0x1, 0x2, r11, r12, r13}, @rights={0x28, 0x1, 0x1, [r3, r1, r4, r3, r4, r3]}], 0x88}, {&(0x7f0000003fc0)=@file={0x0, './control\x00'}, 0x6e, &(0x7f0000005180)=[{&(0x7f0000004040)="93450ce4d6cb8d988366c490aec4c05363ad4e18f60bff5c5a9735cc09789484d9dbb5beb828d843acc208eb74ff642b67e5c55275bf1844493d764717315af4a605a89171e595cec57d7d91c74a1c91e3c2149246d9bd0f431c70d6ba", 0x5d}, {&(0x7f00000040c0)="5dca87c7661fc937053419605060b6eee7ff9e6bece26b8e2e8491ab57affab816195541c597036d6b74b5baa72af02d080c4712b24c512adcc7ec3cbfbcdd750b3bad34c7a99425e9e6ce2abfb676272951cbcc2010f83454b7de079c7163fc8db542630b355e7e38270b9cce6eeec9283e2d566f3170d598b682e95e35cd3bd66786a922b5f5ff0d464f058f7414fbd5a2eb849366719012f7d3c3baa0bd5b28a260e18e8f9a9d2380cff9", 0xac}, {&(0x7f0000004180)="60acc59fb006772e187b1c2f0d6a8d06a8a766277a6e700b54dce88cf6637d089b7eedc24d23601fa0eaf56b6d38fbea74581b81553430cf5371ddebdf6da8d8301ed9361b582a14470625f4928a66b8950f91e6d6b9ce39ae9cda6a2d319d629cb78488e45de342d3df1aa15ad47b28a4184c61d1ed9700b3dfe8c2a715df614cb5e307f7770e56d1be0e753ab560437f3629fe6b24a13c85077e96dd91fc3a7a72a1df0eda78e261b98d1939909394fb2945691cbdee820e343ec00510c15215c5759ef21c720fc64283168110cdb9dd86b6c0f67795d4a111ce299d97ed8371c7a12025630241b6d6194e622ed8f084db642f002b4bd325e31f65411c9c03fb5458c22087c4a29ccec686f7b0b7b923cfc99c026e99f3f32172fe32f1fc2d16b78971592cde7b37dd63a44b08b970bdc5013added230875c1214be80ece81171ddda15a9cc83dfee7906543194a066b752abd0de7e6c298aecbb6a2574aba1b435ea9dde1b92b9345d2a773a5c6223b786c43400d3626ee96e706155939a78f8ade9ed69006dc49f05530d9d86fd408525e7478dc0ddc1c4e3ba03c84d1f126424abc4444e1b080a17854504b2ca99845f968462da4b0e796d3ee699a47817bfbc8b155ff287cb092c5ea17b50a79682e1ab663891fe07b3af73dbdab01fbc2e9cec97342c9c0b069fe0ae85974628ead75d5e7cef7272a9da5440d19a5001ad5a6305011237f27ddc22601b2809890b196bccd55e542dac4da6254669e81e161fc1f0b33de6f8caaa35b5c67be37037d3e32940e21dd887d2c6833c01cb5455fb185ce435fb31b6d95e50689cc2aaaba7dbf30e93765607eb78ae8fd8babb23114dbc48415ff3db4ddd821305df361826ad8184ded0d077cd2c80af1ae61a1293aba66a12cd611e301553f1144adffaa0b34d307605a4d27dc359e82b19ff2e18879cda3f154e34143cd2aa33d6601b7282075137e904d5b0ca685edadc9601ccdddc6296f788f02372dc2e4c2ec9ac75c999fedffdc5c98556dfff717572f4b35122d72e0f09e89b032f31eee8031ebe739ed147f4ec82effdc9ce594efd5308c83b060b159e1b8b6ded5a1ada12a603fc3ee3e9332b4669ec836c304955e064f88d83f64ac855eda5b7322207b089822f297a00780805ad341f249ea30ffa59d63959750d8b3a2cc8f970bb0a190aa8fb2b01a1685973ad2d602a38cc87e037d9d46f48cd3332705af3a9fb7af7a7ccd16495d780920afb20fca1d5d73abebf4c405f6c924ea6b201dd0c4616b27a26417a88aa9a198322fe9630e935ccadd4c66d09b445e42de8d1f4ee8881d151d9f9560b3668a02aef7e625755e59aa606105022e3e12d61f02804c4c0fe941cd600eeafc4f5e0e77084d87fb8b51767866332aa6c949ccb2c82e466ecb1fa98dc0aeef3b4ffc3fda2aecb7c40f15c37ca82c7ecec4ffef40834f28c98e2c35ce99d3b1541199f0b4a620791c22289cf21294c317bb43c57950b67d413d6cc479bcb312f81fe0e77c9c9806741ee264d66195356060b7e97f65bc9a67ac79dd747b85328dbe7b7559e6daa83c0ccb7737dbdfc4d49a3e625961d489823b1d7a15bf4af32c3767970e895a15d8219811769bd84a28cc05b4c40a0e76885561f1e91d88d226d351a217d454dded7aa7cbd827325b073ec40e2e18367230383d16479c7c500701a5ddfa68751dda943b4e29f8641a76b2a33ee08718168269c0db14397953ef3b468ea8e80d71faadb0137c87c7b017d360410fcc485ecba98bfc82ad393a8a001670a9e766b0f70ebe0131078e51e090323e82a85590f42b11cceb9c1d40fd5e115bfce7093dd592ef4903ac60fc21cda19b27e269053b08bceff88bb281c2f317dc1ae650ad94986cb8fa8bea25f3e9be6a97af90b6f5f550ce4c104ea9b4af28e6e95b01a12f5781a96af82be5e3e7a0332c38bb7b56dd362bb6fbc91e57074ea4002198978d189923c99e978a57d8bcc57269fd7d355329303369337951a84d5f8805fd5861b954068e4db31f23ff87f46fa66b5f8e8e0a515b8bd84c728cd5ffe1041ad9fff9b74093e5e370dcdb34cce3a9a215d4890fb71c4042c19280d353f1ef513674f514abd0d93e6f1c1426b1aec6b9d2d366d4527793305159b96c9370f93056f127736948e87dd57fe943f5fec8354f391424dba1c76841b76b93e13568cdcaef4dd6712ef19f4c7f0f34315d7c33554cbfd4bcaa12975d4c7fdb18a4746965908d7f35562bb6584b0cc0c9a5482cbe79b442fa79a97a2575ef299894846654c60ab8cc76788e1c6eb49e696a3983ca2f5c8d50433da980f77cd755d94cb1d79e7e79283e4abee0d99bccc7f5b79fd9d4fadc13e07db090aa38c039620a70729b17b8ff91c99e93da0992ccc544a06504da97c982147f41de9e74e0da494fa76c5a05422c3b4fade6b0ef2e60b58d9d141d73ccffded80fa8437343553dbe7b366d9a8653f58a6a8e9735975eff66da8cd5e6fdc958ab64436eb73d8602a4a74c7a32ad7aa9ef378f1ec79aaba66c618e2f3ebb05c43885d624c73d5d73e610e474634dd405e1dff45ba973694e7f4f33af29eaaaa7448e88c59ddd1a6bed2d02fdd2504471c2ae30adc1ebe5ecd3340e1c8901e28f654059627c69b10cf924cd37b6740107fa5bb6a72dab40e9155a80d7d7a46993b98c7b800f9a507376595d1fa590fca33acb4d9818fe374352ede05a6e72b4f0cc81d3f177e6ae4564347241b3d79ecaa3a37a68a257e8f2c16567ece6040fe073524203f07b28c6e6cfbc868301c1adf963297fd1a11895c5a585a286bb3ef659a6b43555f04ff84c1bb5ae413d6a976930e86409e5ac53baf3cf5f9eceef866edc13dcf7bd9c5c58c793e0dc754a7c78cf63cb6226e4f162333557cb8d3853f661c4651ea89ec57f6c5a4570d2a1e83515610bf0aae60088ba9af32b7f8e17c7745fc8af9a63ba85f345485af9c3e81761a3ae774ca3d43dc194d7504ae474c31c679d4031e51542c45c8185d1ea6065e5299c577a32e75b3238f113573b6949b2c6498963140db404a85648059608e0389bb0b26d1783c9c31931db4fa39400874b29b1bc73a1a8e27a6090c49d6a48188d93bb1d2fdb04dde8b43b2c8019f01893a30136db4e47877020b85c7d9efce107e16c5ab5ac91162b49d6c73f6b2ef1df01d5abeeca6d6323ffcac406fcd6334280fc4ba7efd2211592c121ba1a281368a89d6cf01dc5560b875e30978d1a49e6a5a9bc023cc15ca12baa5e8acabe576dd8ac3d703399ce8d3b99f8c88701dd12b3937e5e2c63948acd126fb079f8de58d44e46e8a47cbe2735797f741981560b95600e9aca9511c92c4523516f4d5bcf5aecfd4f477b893bc684cbf3d3ac533a2f37ecd85176d1f39a3c8b9623e63b09f0dab4ee18f740a79c3fe85d1d493e0e70bcf2b2935de8b3d141f2acda9768fd388dcdd804b1cbc1ec8220c1654331340c1596a946d5b6ff0462735403aaa27a0afd6c2929ffd2159f293c347b75a6bfc04f4120f0a9c85e47c522ef362a7862177cbdce2b06ee35d1dad36b7a367c89f8000dee40b74ebe92717fb4d37eaa24ba67ab900c234462c96960ec5dbea27c0bff855eb1822d42f18c6e100ae05c4cd621d283e80c7de2252c6b0c842de7d63f7ac5d235d81f7113f7d7ee222eb51267a4e377ab471843cb0a7c071aaae04262bafb99a3984b1ec5036805e3f595320352fc6af29129f2a5a290a0ca3fb1263281d1efb27ab1e00754bd1fea3570b859d8d6b258bed017636cdd74cc384846fa9ac0b577d39233d31cceff2492a806be0b20ad3786a2300eca05dbc43b3a17758530a115c545a3113666948482abce743efaacec0b323785d64dd4b9e8d43fd1852f53855c38c429f665a67d2d3bef4924634fd5f4511ea74c5b2ad06ec5281484934197ef1f2010207d676c0181a63bb473ae962332af4e570ee9fcec0b3ee0d7968694e90bf99ef5e979dd7551457d42dbd4a638f24efb4e090c0dece73eb931d67e14fe38c7b9ec6cd63b750de8aceb698f4098fc1e3bd7fed4c55570360fb24cd249cc5daa04edc5972f2d1388e0ceaa185ff9a4d37df59bf61f2ddb3adcbf54392b4f33549c042c5a5f21ad89d26ff104888108ec7aff1d4420c847244cd7370315ed489e2ad31d576caa911c954083653136fbc7ac5291e7817a9e3e66cca6ea42494fcf76311c75281f0b940473d4771c9f010c27dd2a3941d7bcdb0661164c23bdffcc74106c70bbf5f2c4198673484bc503d403115382efbc3cacac3bd6f6adbda822609af836c1386bfeb5e15d98f263b00ba231e1e3ab9d358ebbd25eba844d233611c2ac12949f66153c4c01bf8567ffaa22da2965ee83351294bf62cb7d6e973a141d3d3f37854ffeba77000284023309a28c58e60db7fe05e8b9daa9478f568f90ba8cd2526f7a2b9dba4358f58e2f261465da2255d2a91e88662d5c9b8d3c965feb06a6d67c79b25cae423d46a93259800811b08847f8ec04984227dda7f21be451ed3f73d5daafc9304fe24b2d3014a8a6db37024cedf4d790da26fe7d54c1cb155874dc16ada1906337987c6b3bf57106d2e6b4d9463d16d56287f2cd7f0860e4fc146fb29015b3dd136f0af4d56239528439a9033cec5fd93cea1bddf8d6f0d110781598c3fab7cce80e7d4feeb6ed6675bd72fb4fe183e583725e3806c24209c56665566caaccb57e4ac5b684a80c5f9766fa68de389a6ba0861bbd2b29a18781a7932a737e36f80e38c0cf8d3e866f470eadfcad63834eb897f2a423442a20f4c4e88f5d3aba5c6770cd793fa5e69fa488be5dae5a023340d8420188cd1cfedeb798a7182760633bd3948edb37e469f71393bebb33e4332c573b7e71eb46eddf4c25952fa4d86d2782c0d9c62ef3e226b295e40be962150299afa8d835016e3e0b6515d5cec381a83920a251d1b7670b78a1b8518961e59d63e8afbfd8fa9d613108616319ac08d9eb08fabaf9087e291ddcb6d7dcedeae0285c5392ff3657a9f0e43a20d12ce23f6d2016a5a52981b991f3b3d62ac75db72b57cd1e64e809dc9ddc7d905354585da0125f452ea06c43073d2231730be302a108c482f9b879cf525bec2cf7bf0db3ec4c1f912e3af50a7163cfd720ba0deebbf568f2eed87fa6094619fb6345e0e6abfba2b0c5750c039f611d1d180c1816ecbdf0af506893b138282573eaa703f3c63f41acaaa84663cd3bcdbaade6c32fb8422bc8ef5522a82e98e2bd76aae436b15a6f8813779ed3ec03249b185eb2176e12166856e97fb478220f0fa8a4a56df827decfec9adb9094dd0f335e34f0dd43c75c39b1bcbd0de2f51b6bad37a422e30c1a0940e00b4dea78014e67b1ef2fb692fa169e4bf5be9df2b765a00c3ccd2b568c673ba6128eac3dd22ef76107083deb74d770ba81f695a8a054678dfef6339693c2906bbaf0907723bba628b7df506e9168a5139c81b2b9cd38e5501e520c96dd27bc4b3db2785698d98bd1fbf8cec945f682004b6d1f0a27ca8eeda31b6c0be41fdf544d3c180596fa7f48c95344e40265f2ce3b7269f6cec8e9ce8a63dca24298bcb0fff9aba0065d0d56488a0f836a6b4e322aeef6f8ae4cf1a5f5fbef88cf6a4e5f9d30562b464640c4637b28567db3b2336c62bc7c615e5575c623e4e851bc4ff68d0872d6d16a12dce57eaffaafacecea7993283bf53694c16fc472d1a2941d1ab4d0a1a0b04e4fe164fb5e627e064f2ec057737fa8a626d5d871ef9059290a8171", 0x1000}], 0x3, 0x0, 0x0, 0x4}, {&(0x7f00000051c0)=@file={0x1, './control\x00'}, 0x6e, &(0x7f0000006300)=[{&(0x7f0000005240)="13a0f179094128e03c468fd7c6fa984ef92ab64c2b61dfe3566cbd2dcdecf9f2db3c68ae02a2e74a288b70243db95e6890aa26d03047af6028dd5e13f52e97b37669066e116918e56eea1f04b9dd60d3e15192eca4ce73392a4807e830eb199595e94fd8a66965a42930055f1242b08c2842d3ccd02c6ba0253b51357f525598cdfd1c1b0934d62e1599a5433d9b51c6cfcf07fe94b1f1577abd42cd05a6766f27a98c21ab0e77cb064329be370cc4d9997a6a6e8cb2e1d497a225e3a7c6309749bc1215cfabbdf1a75a54324e46cef6f6a21d57f028069e9992e940c2e369835d26f933181656cdea917ded02ac5b971bc104d8ec478406f9b0128935eacb6391a7456d2308fd5ba41a5c443a78fa03f571d4e2574c08851aed034ce5a8efb4b9a7615a6f0f6ef9ec974dc87bb764fa4142ed57deb934e261c7d766e2dbac15ce31b6639d5c9d3cc7648370a2a16b69e26eca0d764e558dbddfa5a1fb4f85012748de90e3d76506fcbab4c2d9c1633c513c1206b7f6d7f70ccf44a2e0c4fc7ec40d92f21fddc249c8e1878ee8f8a8ed7158cf1813d8fe1b24989af1b05da678915ebcaa1a00bcd576591290091eac0c6aa7f25574f0f27930f9126530a10293a18249f5d16854236d545224dc536637f557125aa0de2e285cf58d7f20453f7d43e7481253dfb0d608e7f28670190fafc99eeb5caf406cd3819dc5ea50be29bdf67037cbfbd02fd5c349a6a092a8c09dcea3832aecd303ad079005d5d862b4f03a893244a7c91eab193808b81d8649a0020988c656cd71ecff3cc50d20ee370da16818c6c9ce4a8e0c6b48480f365dabb696e7c6391a30cbfe300e688d96627e09d4e7d44e9f2f91d34cb76b9b939e7f2bde950af2c2bbbc72b9e881aed2b43e78b9eb15a89f4100837cf3825c3e2c8d28ebdec339ce3deb2726f57cbc7fab1f5777c7e0822cbe6c06439c54cf113087c9234b60798d3ae71e7e42427c23b341f6ba7f98beda941ba9365924a7e12d2ad5754f1a223d097a5fbe89d27732ec333412721b8f760c44c20239cb1a720b0f4c4ae5dcc344372b944bb5f82de789375856bf966b260c7317ab5bfdf61597c23761dfc37ddca5c778e82c4d66c3400959e0b953d6aac4aa075cc3541ca659aa9358e1236dae68b73d0378cb9b860aa6c7fc3ca0dcac9b5c7e7d2ac8ba7c8552cea640040e4dd5443e1ef57d32da99ee52fc040bce3675d4e65a7548e0889a58efdeb63e2157244a7fd7999d138b4758268d38041960bca853c081633813cdf5816610c9cfdd82a2c75ae3d55d0854fabfdf4e7b1fd60a054faa96971e28e98d8d22853e2fd7b97b4cabe597a3551258d0a8b32e38de9436a2d2401b04df5f047e09c1368f95d2a1eaeed83ae8a45ff23867686ef7e586d15ce64d71ca20205d8c042b86f48d9231dc5cf4ea28c0eb9c6e08f4ffdd801aae84a6dbbe16d9f4f3de4aab34875d9f3c6d29108c9ef9a839458157b12cd200121bca0d09a1cdfa36606b3b593204d321a095dbe4995c249c91db6a35031d84719f3089e9e4ab35d445b258ebe148801cf943687a86e3397bc306713cd53d23988de4bf8826f3786891d527f0ded1e37d65ec2f4dab9478d5e222235e083f023e82878fb6245c2b4a61ae538fd28b4cbce419cda2516f206e5e992cd997196b8e0e0fa3f20bbab30a91a6a587964fa208355e13242e81a7f36174f6d4dd5f698dc80317812b41d43e3665b3a6f1f39a07ef8a53efeeb81dd8be691e6ad6d095551dde703478153287dd162aa13d35d0adf851630af1764077d553e4adb2b2fa997578b0c4fb5948b5c0b9696d8d1767392cc7e858e1ca1bebae5de3690f1b794973c64db86dcb237daf959b79ee354c60d1a59d843c8d002f48d387cad03e489524d960f656a46b70e676b82e793a4818bc5428b6d16de28e2a0449c312edbb97c755405e8f1ea571dca2c9ee197a059b80ba31254b67fcd1484b29fd9aa37bebd928404cf4043e0b2dc346900c71f74041fb522b3c2e03f2469e4f2f3c6de7cb390ee1871ed6c1ef149e9d3b266c5da9ad038dd5cda5a8050795b173bd0b248862aaa6f3acc8d996d218b3172b02a9e86461a12b0c729afbcb6f6acc06ad9ceec771ed8c02bbae9e3ece32ed4758735daf00b3cd3dcd10f1662b924978473a20588fe88132db03cd995b9113846c2e46455a10541a0eb2185e73e8a14c214d0a0c6ce2ed3741cf99f46f9472ffe1bc64374b00365cccbd5be51703935e7507a8471f1767a55ceb8d3373597c57627025f218c389b74241d979db7695ae94e9cdbe98133e90c561c1d9d539d021b12a28c0d8e1de573858ebf23353f5c01a8d21668ec3d3f2469d5d3c83a45b026dc41b80b50cd9a818a0cfe697f849ae90e29670cbe436d6720349a59f8a3177bc8ae10ea189676b575284f585db73794a05eb8e6c8bb4c8450d3adb2e858f44a189897492f85188259ebbb9f576bc572e402b70f418c58838bdfbaa1eff3c575369800794133efb23290c376ba7ca07b3e7816c52f3bf87f0d8a1970bb228991a50707e6bb31702d9ce6542902f6f72edf9f74a5cdc3b96ef4de87e111ad995e6283d94605bd1a554198d0213d96a439536da42a87f794b8f549a7210b840c92f2200f9aa2909dde5d4c1e118200c2f52fce59ea3dcbee2fff70193e24903ad16ce1594a7f0f408abb00f1ebd3f48eb9bfa9def0e904faa7bb607808dad412b0d7a5fc704130060f375e530c44e749a4b03e8f5e0ab637e138987469ec67284f7a99fea9982b5a4b9012e4dee629c1f335352364f00198610c82f27bf74f5ee7ee685a5c091d71bc5165685052c2032c08c63b1b4deec56c630cb7fff86822d4e6e8126c21f54f48c2b0399f94e3baa3f1ea38fe91c3115bd133eabd5a6ce37655d9485fa28c06430f6df36497f7034bda3b31b255f60dfdb70a07ef6a85a711cd65e59ec88e9ae30ea1858e8de208731d5efae81ec5e8c54f3585b350121c3b6f2e6dbf675bd465b80bbc6045a318803507b8fe22c5ce4e1b36d1c732ca5785d994140aef8f6cd941856757c849525fa20da8277952836d745a57fb32f3e29a80032e9ef45ec1c68d79b1e83200cb633b6c27ede6bb85c4c81a9598940a6d70a70f500b86963a5c0ed0362bd3474076dc56838fdd7127b057bda0487bf844d4a5c142a182e5852defbba637ab535107ba04c146993841db82253da2a602e8ef7dc0c18bd8e8605f69617637848341310e5df4d0bf9f6c7f7d5d0a2232bc6f734202d4519518789674209c387481f183c50eb0010aef105726bd20ebcd9c411bd4717451376e7857e972995f5b2ff88b247465271b110216b2c943757243574f0b2dd84c2bfe881b5602bc4030008d5aa375f39ceb5fdad1efd18c6782cf44bd874cfe743f92e35b247f5fd4be29f927255e49e1ce98ee51a7d96678f55197c4d38b53ade483a7c506447b9581e72d3608343da6968917c700349acd7c4e93cd934af6ca7e8499e300d62c179956ff8d3f00e99dd774c629dc181e6acc1e18bd583591029f2e0bd2b159a9843cfab2047e84b23ba68d8d308e57c4810bce1428bdb67512769f378929d5217289efa7991dfd1edc4200c9a8f7eddb629ebcd2cbcafcf78cfc09eafc82623bf05c04af94b87577c4532d797519669c8377d369effc2f6ab92e8c9b71bc8f1d73adc0c849d20f8cc2400ccaeb64917291c77df4ef7346e0972c6a59d4d6ec68d8593cf75939441c6a0f3d4a595f30b006bd1376e323fbc59628e1a2ea4fe336246e860b1ee8b8ff447a3d90aa652c6eba5a654bb68d1aed0260598bfd033d57e46b0dd4b513de636263cd58e70a8c07dba7ae229c5475e395026afecfc2bc94d06084ded8c55c3929803cc2b519e29d6ee1e0dcd921430bc91d444e17af337fd6a41e6dcacb005d1a55128b702d1944dc781f953207ad13b68a78440aba40400681d7314f84d5946bcdfc63ff93cf6dc58cf7505e987e08a5727c6cc8892e19aeb9ef23af124e7cd50e13ba42ba32aaa7e890d955660b16faa9e85b5930cfae47d6c8db23f4cd65f3e170582d96ea21b37696a0361aa39b65bab06c345ceac8f72508bef33d7817903688d9d721e11eab94b8b0396c0d95b18277c3ce89eb793488bea74be1e40cd0854938c99760cef3b0afa1ef806d1a36b2e2957a2d0e8bb9da52f0603af231f81372703eb646a2da37c25cefd2fc1a8f60ebe8bef9b6dc37ec34f8d6025802cef4dd4cdea14f2427afa5425625c3c078cc7397f72469b75b88db1802276b34da620ba5f5e115bc75383be341461eae41adfce781c4a8aed6b3a555ad663543aa4f923f543f450dbc452594c48a8b9012e067ef64d5cfe7071c8c849f5f820be01a38a638e09788d5bcc2ac8be4b3411c0309f67b9c53b6d7a2aaa557da2836cd783718d9b10540ba05faf188da79dfdc9328f98202c86cab932e2fce33398fdd7684595412285d67b3f7d479f034f503aa11856c395dd16aa0445d68aed3d1f8eefbfced35167ef107f2ae936b4c9d2b6d20baf558a4e47cc478e973ef1d3f5a338dddfa1b9f904337df3273a72b895e627d47572b1f2efc072f1b8623ff5619ccbb4537ffb9bd995b63182cc1d7fe3bb0a7b78cb1d76382adaac43b0f15184aa65d2e0d13832411c0d491a51d146d9533fdf8a92348fa17730cf1072fb971020ef6e3e21ddc844684e631ba1359da46153e620210d4257e41240e6a20c3b5205fa31cf947632ec8f7f965a5d26b5b29346850557c607e3cf42a8d678c41cd962e9e8a2384e1203ef737dcacf4eddeb145cc41c319f10bd281473a865e7ed59dd8f7289d51609df992f37cc83c4bdef249d34cd2823bd70746e7a6e6c87d19f31754543f9ed405ca0b7999b363c5ce8bd13a553dacd36e45c9d3269360d1408eabb54e51ef7a686b0374bf04277a82ea1a9fb22ae4e496c55be6d27febcebbcfe73c54793839bab3b4b7687793b9a0d8919079cf1368ee464802af0a00ceb87374f9715efd80db24325f8a54a8194bcb3d4bd74b1baf4d0e74c144cc975f1c8117b42caeffc61331d9cfecc3f33a38e1fdf7a5ed98fa04708b7dbc44022628cf23521d035134fbc523937a242df13c71a3e7aa41630eceb7a4000b9d011735bd24ea5e316b28d5a678d77bd3862a837b9306104edc33b7e3e45cd542e248982e538510811827bd50f8161bc501fe81c5f5c86bfe5d3877ba861782cc4a482be93ae01c3d7a1b0193d9e3638b9a19891d0d1ddff08345bba864a0d163dbaa9346b2fa041632fd8d7440bb6bf11d30bdd3b7a547412a5c260b892332f23da757f96e63f3d453324c4abd2060c2a4e0c255e16c988dd719a45af80220174b65a28fd48e7dbee58259e648f6a61a569dfa15a42feeca03d1fd9fad2bc37971d7738f590b35f2eaabf274eda734ebe820bd7efe6f0b47be1ec22a50f55610b35954059d432f959756836fd3939a7e2bf051d976eadedeeab4c7a97ff7ce8939463be2dec1f4bdd497208f9c35b518a17ebc79ab2d93817a554058b369ee9b8d073c827286e83e1b608a3cca1606f89cbc8ead5cb58721553da60e74f6803c98b72ed17912b1a3618bf16fa3ebcd6527957160418b35889de84805ce675affcd67bfa7ab873154d1a384b2e0415dc641ba5bd902f4cd2e173ec01ebb7b31ba6fe2ce96dad03298b1b845c8fef5fb7f3e0c9991dcbb4676102a4993225417294fbed3e9ba359c3761dcd3afd491b593dd19e183ba39bc2a8243d", 0x1000}, {&(0x7f0000006240)="f9a06eb972c95daf281ce346c3cf1145c2feaf3f4c18e2f0b362ad771715e5bb01710aaa3e094bb42e8337178d286d1c96ce9ca6431e5960702430e859cdb7272ad9b4cd473c6c2e839dc6fb5e909f8fa5c66928511692eb60d006d11959540d1024c77cdffc42dd7cc83579d872a28a02dd1c5c5e93a8a286481282fd105ba766a191ec57ba1ff79c8d8664102c991ef2abe2dd538c", 0x96}], 0x2, &(0x7f0000006840)=[@rights={0x18, 0x1, 0x1, [r3, r0]}, @rights={0x20, 0x1, 0x1, [r0, r4, r3]}, @cred={0x20, 0x1, 0x2, r14, r15, r16}, @cred={0x20, 0x1, 0x2, r17, r18, r19}, @cred={0x20, 0x1, 0x2, r20, r21, r22}, @cred={0x20, 0x1, 0x2, r23, r24, r25}, @rights={0x20, 0x1, 0x1, [r4, r3, r2]}, @rights={0x28, 0x1, 0x1, [r4, r2, r2, r4, r2]}], 0x100, 0x4}], 0x4, 0x20000000) preadv(r4, &(0x7f0000000000)=[{&(0x7f00000001c0)=""/246, 0xf6}], 0x1, 0x0) 22:49:27 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x462, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:27 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x1b8]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:27 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6]}, 0x2c) 22:49:27 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x715, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:49:27 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, 0x2c) 22:49:27 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0xa000000}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:49:27 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x463, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:27 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x1ca]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:27 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x80, 0x0) ioctl$TIOCMGET(r1, 0x5415, &(0x7f0000000040)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r2 = socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$inet6_int(r2, 0x29, 0x18, &(0x7f0000000080), &(0x7f00007d0000)=0xffffffffffffff3b) 22:49:27 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}, 0x2c) 22:49:27 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x716, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:49:27 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x464, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:27 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000001500)={0x0, 0x0, &(0x7f00000014c0)={&(0x7f0000000180)=@newsa={0xf0, 0x10, 0xffffff1f, 0x0, 0x0, {{@in=@multicast1, @in=@local}, {@in=@multicast1=0xe0000008, 0x2, 0x3c}, @in, {}, {}, {}, 0x0, 0x0, 0xa}}, 0xf0}}, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x10000, 0x80000) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000040)=@req3={0x18cc, 0x7, 0x7, 0x9, 0x0, 0x0, 0xfd}, 0x1c) 22:49:27 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x24e]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:27 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9]}, 0x2c) 22:49:27 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x717, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:49:27 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0xe000000}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) [ 2494.449782] syz-executor.3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 2494.468551] CPU: 0 PID: 8688 Comm: syz-executor.3 Not tainted 5.0.0-rc8+ #89 [ 2494.475754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2494.485145] Call Trace: [ 2494.487952] dump_stack+0x172/0x1f0 [ 2494.491602] dump_header+0x10f/0xb6c [ 2494.495327] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2494.500439] ? ___ratelimit+0x60/0x595 [ 2494.504330] ? do_raw_spin_unlock+0x57/0x270 [ 2494.508754] oom_kill_process.cold+0x10/0x6f5 [ 2494.513268] ? task_will_free_mem+0x139/0x6e0 [ 2494.517782] out_of_memory+0x79a/0x1280 [ 2494.521774] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2494.526938] ? oom_killer_disable+0x280/0x280 [ 2494.531445] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2494.536571] mem_cgroup_out_of_memory+0x99/0xe0 [ 2494.541255] ? memcg_memory_event+0x40/0x40 [ 2494.545598] ? _raw_spin_unlock+0x2d/0x50 22:49:27 executing program 1: socketpair(0x5, 0x0, 0x10000, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$F_GET_FILE_RW_HINT(r0, 0x40d, &(0x7f0000000040)) recvfrom$rxrpc(r1, &(0x7f0000000080)=""/175, 0xaf, 0x40002120, &(0x7f0000000140)=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x4e20, @local}}, 0x24) setsockopt$l2tp_PPPOL2TP_SO_REORDERTO(r0, 0x111, 0x5, 0x9, 0x4) r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x40, 0x8) getsockopt$inet_udp_int(r0, 0x11, 0x6f, 0x0, &(0x7f00000001c0)) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000000200)={0x0, 0x3}, &(0x7f0000000240)=0x8) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r2, 0x84, 0x76, &(0x7f0000000280)={r3, 0x7fff}, &(0x7f00000002c0)=0x8) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000340)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_ADD(r1, &(0x7f0000000540)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x8000041}, 0xc, &(0x7f0000000500)={&(0x7f0000000380)={0x16c, r4, 0x200, 0x70bd2d, 0x25dfdbfd, {}, [@TIPC_NLA_NET={0x54, 0x7, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x3}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x7}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x2}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x7f}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x7}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x80000000}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x9}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x3}]}, @TIPC_NLA_BEARER={0x1c, 0x1, [@TIPC_NLA_BEARER_NAME={0x18, 0x1, @l2={'eth', 0x3a, 'veth0_to_bridge\x00'}}]}, @TIPC_NLA_BEARER={0xbc, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x9}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x100000001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}]}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xc1}]}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x2, @local, 0x5}}, {0x14, 0x2, @in={0x2, 0x4e24, @broadcast}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x3f, @ipv4={[], [], @broadcast}}}, {0x14, 0x2, @in={0x2, 0x4e20, @broadcast}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x7}]}, @TIPC_NLA_BEARER={0x2c, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'ib', 0x3a, 'bcsh0\x00'}}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'eth', 0x3a, 'bcsh0\x00'}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0xff}]}]}, 0x16c}}, 0x20000000) setsockopt$XDP_UMEM_FILL_RING(r2, 0x11b, 0x5, &(0x7f0000000580)=0x40, 0x4) prctl$PR_SET_TIMERSLACK(0x1d, 0x73) r5 = syz_open_dev$dri(&(0x7f00000005c0)='/dev/dri/card#\x00', 0x2, 0x82000) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000006c0)={r2, 0x10, &(0x7f0000000680)={&(0x7f0000000600)=""/115, 0x73, 0xffffffffffffffff}}, 0x10) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000700)=r6, 0x4) ioctl$sock_SIOCBRADDBR(r2, 0x89a0, &(0x7f0000000740)='ip6gretap0\x00') ioctl$sock_ax25_SIOCDELRT(r0, 0x890c, &(0x7f0000000780)={@bcast, @bcast, 0x8, [@bcast, @default, @default, @null, @bcast, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null]}) rseq(&(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={0x0, 0x1, 0x101, 0x3f, 0x100}, 0x7}, 0x20, 0x1, 0x0) r7 = socket$inet6(0xa, 0x807, 0x7) ftruncate(r7, 0x1) sendmsg$unix(r0, &(0x7f0000002d80)={&(0x7f0000000880)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000002d00)=[{&(0x7f0000000900)="b16e1421ed43d2fb49a87bbe9e6f95ecb18b849be7cdc0a332e0eb25f184edd6f707574c18066c3296ed7ede3a1df7850a6a0a76037255ab1f3390e252f0a2f402b2bce2e973d55600a309702d4ba992b4e67968eb959073d1e96777a8c3a669d7d325bee95a25398fa54586da267bd0d75917c2adedf54f7735b13dec294a89a7d4b6c3748b75466ea9c7f9b88214006e8f8f7b383a39bc38fb112af956a2cd68f5529bfb683539e447428eea347589f24c530e5e1dad702a85bb318181cd5664c1f0d5c4bba961e58330626d7bc3e7f15b4bac5af0408cb8", 0xd9}, {&(0x7f0000000a00)="b28d60de9c674f725930fb04ab120e9f594bc67266d5e6cf8d11864ae32f720d020cede42d6a9532123249117fb608b9bfd4e17fb5cb84eb05d0b5f4103c31883d306c64533583ee8fc1a972648e373a6288b709b932b01ca0cb6033388d6e0a4140e42df9e75a58e8caf5845098d2db4dae1ca2d3c7059f15cedb4f6ca6500d220b335ba4f980f3dbdc99b42eabf09b25ee0d328d057b1d871a34e8250265840ec17e5936d76012ffee7f976792da89840f9dd43e13399ba84e5bfb48853b2bded67e56e39de67645392ea03c7562c7d4598d13edcb97d110deb1d949005f6ca1f46810c50646b774b25c77b27f49851fe37b4ba0e7bda496e16745ce5977c91a91c6436c87928201936d63db8dd9e0dbf63ff764e6ba30aa29768d609ad8e79e670d18823ed95c84f6a83027f17aba73df8bd3367f1d9a1263e18239460bbef5f1706cd5494d755fc970a2d01e794fe50523003ca8e2493e0dd55802cd16a590265e30c11de6a5be060a78263b82a3e427eb7ef1dea1878a6d00d9cfba331ee31588cd10e8e8f2e3e8c925f7e765ee7db7f8e4e7289467c09b7fcc9419d0e11f13c4053ae5519424f44dcad5a3e09fa1064689c3404e6385559a9ecaf7752c7a26049f86fbf6230e7da45c9e51f669778769333d5d05d10cd6ac008aa4ec0a8a7bc265e6128a802c3517407e8f873a931cc53f69dcc9f3a56a01d3ad64bc35af696d232057ab312f0b27d5ee96522f4c2e9135d3fc03cbbc3a4fa55fedb8d3377ec3a8edb682b699df625bd4a228c21c13f00065d54c38793267d2b6e223fb3c4036f0952654e255bcc5c7066aa87939b9d962c820f6a8659f5628d71d4f2cdc45e3bf688b1b3b7a3a12806a116d6ff05699c505a7ec74b64451eda7984885afd20b18e98710b3bad37f7f90d874f3f3c4953d9994d4eec398dcda61286fa31ee91b4b196a1723296a0de45acc54336ad61c7e37eb01f1608428865844ae22e086333f701d99362e7adaea379dd2c2da96c9d8678b9b0cf1eacd1103ef5e1874aae30d2cbe50e1aea68adbac7a3f12f998ad506a6230129a601d3d43e31395fc1175fc17c9efc9e22401696687ee41444c3eac375af2537f8b066f5b2ac23106ca8575d2b9734805ebdb8c1bc1b48c2dc491b074848892944ab8ac5b340fcab78424b607ab8dc1ead5a91952ff6842deb88cd7d752cbebc4bc0294207d34c30afffd46ea5aa3f73bd30231b6b0fd2b221c3d47a623bcc564f1c7731b42f80bd6fd6f1b03df03716b5f7579de2153bc643aa54298072123179c56b9c69b9669e564306a87e60a33b8343badf8db7855a842ea58f3fbb45631ffc210b17071e45ac806dd9b1e90c0f86afd4ec1dae7934acb05251e12a523a32f54aaa56bbbb6d76364d9c0507e7ef4bb0fc4f868dddbd06d8fcb36c025117c2e721ff47c5c5f25be9de836bcf65406e82af3e12482b59b429a393c652d741e7cc3cb60dbb3696749ecc5a72d7d01d124e7a5c1519339b96ffdc3d3d78b7f1fb1ec653008cc3f08f02a78c3fe04b4c8ac8b363ce26ea3e67dc48d92d09f322beca9567e0e3417ab4cdbac2e8383faf6eb92f02a73ad80f29c34d042ed265f318b79611f6e8435a9e5c42afe28d955a4c74d9c154405151fc7fed4f150187da3d2322b5c021d90fc9a2a3b69ece976e0dc645c246f15d023bec6f88b7d8f70d30e5c12ca4807559a8c0153e40e372f91437f2d211fe0623bf38d0c85879247044a58a4e70a5f976556e4eeac2fc560f623aee482195eae7a6ca1fd6e953e4216d19571ed680cfcc5ecb8a8364ee44f7c8912cceb49b0c635413cd5d338ad56d92e6e82379047633bcf820b57d69b5ceff967fb68339e8eff3121535142396eeb9e35ea94206a08e49c7d298123b83926a98c98df701ac5d7b54094daf4109f14e6eace1a4f786ab55c79db57819981562d5610de6d4f7963eaf8130621d70386fd5bee1beca4b34a78110689b5362b4b0d189423d3fbb1fa3b9638ae86bb6ea05d73a9d0250ebc9a437d05807e1103534dec842bc444fc488971028e34d7ad33e27085da58321fcf2005b0532e74cb43d54013c3c8742a71d8d3a876a0d39b2059b79b701a2bb660ab0f90ec89f9fda679c337c63bc6c4d10b987cf5cd52dcfd4ddc758019834312abd728e479c8f776517e8d4d66bdb43eb045aca4eaa4154e3e99c43d5d2e0a8e3c1fd8f364f8a5c1d77d305d1f23912f41f4a01dfcf93f8b43a30c6624ea76f1630be2a3cfc02e29fb632d5372fc3a757368b3e9a735356798c981153ccf4084759e7751d04817883fd9cbf39d0514ad5095b64185f6b8fe1af9b7eb91d6b7c350af9f408323a8276ea31d40ae265d22483be5de153555dd3772499def1303a124b35a37b33a831b2c93af8b3ec8f5395ed110d51fb13df0fda46a9360dcf0482436a086122fce99c6d39bf888d925bb04f0479d798ea656bd375f8247fd1e103602d1d050f678636df5cce0752f4a7e5e8000e104079ccfd9a51f39e3cbc35ffc470269df4433b961a900e495e9a602d9a462a673e99c06d26449d654bb5840400429badc193659ce6bbae31dbf6afe1c48a46085abfdf0197b643abdb688e8132fa1d0e35df0623a282626c5d364e392617a77e211d7ffbf6c51965f6fc2272d1c9e02cef6b1bf7a65b5cbc5020482c04a71affe272246f6c2105b3a0041e4305bec8cdce1e5b1661562ea8a20d5e9e4a300e17af20f465c58383daab70afaa071bd09974e5bff6acf52b9b7b5ebb9e2b98d4e48534f6a05fbaeff04a97d51b33a28926fa0076b460d82d7e3d940da40383dc15d15b5ccf5b5ee889c3b249dcd0b7afdd3a4d9b36f525b337ef9f759a76fb1578cbe96d5d616c5f2ef32c98efb63007ef3075beabb5dd0e47de0144dd1ffd536418c78152ae6845917b5b9c70789f8901a3e2c7146e627114a7f2c3014e97aca8e773a8f1069dbd50ed41f160dad342d59835276b35041a0018188948190246e22bf5a3d3fafa83fa909e610babb45f340d987297e4db9b75314ae736cd9c189a7e344f0583ea312fad09141a1983ed5a8a4e8f9c3261f307fcb2f82d8d179e9861c6c2855737c86d5001139f4c747d0a2a81c0aa98aacaa3ae52c7d62535b653eccb6f4c8ebe48e88f7396057590a5e975fdc8e43d0ee4c051957cde7697bad88279f2264fdf914ad9b9c9089e078c1e4053c236f12f59daefa5e6cd9b2ea8f3229821126b8ef4b47819a1b0c01a6659210dac36986a204bae46b28600c391f2f31f7588f26f130c06d2839837185e76510263fe8c5df0c333d70beb74f27711ec195eaa9a6696f0e688f6333e6b9cbc106daa784dd4a510459537e960d8e3935f6522b1bd389256bc5e184db83fa04b35578bbe740943e29500bbfb51c61b9dcdcdf5a8dc7230e72ac54ef7796949da2dd3c135c1322c1d264cead8946f8c481a59401752860dde608b443b179a15c46777ea6507b99415a3ae3a49b6e3e29e179a8db77fa200c1afc0c5a9a0056295bf08b315a7eb7aa918d7afaabc9090885baa5d251542c284c46fd8729d4f5578f6dd90537c7e883348384813489c2f3b3f34c997ca7509f54b8f4fede97bb81de8e29ece07871a601323b7cd49a4feeb9e17adfbe1886a7ae38361e62899ea9c0379c3e6611fed40a00476971c033e2fc1bdc1bf4d74d7b4857da3dc9324cfb16f875043c04d9e76806c136d2e53d468a58dcb1be4acf3983cee84ee2968c814190e00e89ecb707058012b284b0b93b902c6ba2a26c99abf3e3171348adad7cf7094e2641b5d96d8d9fdd69d8f2612314dd6c4d7c37e83195f27adc5abe745147d31c4852b7c8625e6e9c35d4d6e8c41ca1b5be56f9bb434a404a9e60e0617f0369a2262831b27420c86f79345b8afd0da0e0e470fd90b17a23ce1b93ea9eb1ad6eb468f87184abf47cc9d659a3be7b74fb952e78b34dbd8446bd79487b59649bcffef62429528a858136565239fcfa4e9582f1d8c507fa9e3a9392d6def8e74e9570bdb0ac648bc005061d88dd3726d05f5a013b6026ac6fa690d149ea8117e8393f4c2eea74fc76a6c4b4f0b4c27f2499099bbc2b5020680322ce37784bd056641b4538604f8a1deff6485b1bb6bcb238e86f347a1c78752eb9962309981f4cb76c53688178cde863a1cf63701fcb3d8cf3f8ccaa25e8d61d02104f92bd2229ef84f12ac789ed8ae87011e9e9f8a9489aff371bdcdd34273ff377b8ceda9c1a955d9cfeea37e49456ff00bac1993e5ce3c430ee4b3f242075b7e610c9f82cda4ab33cf892be631549d058618caf205741702991594e6ab4a8c07b50fa0005f3f2a2e6a912f5a7f767eb58e787a53bde44ab75f144356c8692dcd157a86358eadac6dd6f8f6f998819353f5be0e77ea1f368c212ddd5b1d2be8d2ff27d35c693aa6591c824e35a2ff328c55a0bdd350b35d2bcf47f8ac9b56aa5a24cab36a00d4d85e9142ed25153a380f669876705b2d043d95dbe07fdc3540e58d1f9c476f44f774f81334e2678bc972b5656ec943a28d2602bb6fdc024c3a16b01b06b36c3b3912ffca6918eee9853d4f68dd8477a06a1423cfa000cbb733752a8766b393928a98924d3e3e2b439f27728710a6bc98537ff0997952ac8ab6948ad673e9147aa0906e6c7b9cdc4fdde90d871ec0d0947973074e1c4545590252b17d6def6f4738ac2e059bcacd950dd955239bf1ca6a8b0f8df65553fe842054b394907a9a5816bd3a6a3b95535f60c102ce1a570f9cabf36da0040eabc5734c829fa9194ec555c61339689ca2d9b95e6d3b0f9a9c129d8dd4516e268a1ed6c7140b46f79050a2bf6e546090f4aebc1f7dc49a58436903f5daf1b29718be63657d5616fb59a238ef386c24ac802c9729635082095d64e51b2afa7dfbecd098ee015d86ed4cd7a75014b9fb27367e978921fc32f8fcfcd4e4d5b4cc6fa9110678b4d415d2eab964cd9a38b851efcb1bc936e5e321e712298dd03404c58116dcf1581c090572235d9a08181647e8e697bcdb8cd337c1e3ba2d5b00bb090eac60e2d22959415fd8e39c2f7fdcf4f3dc6a10e150f7f2691f3aba59fbd8de3eccdc895642cd5d9b10345afe2174aea95e742c00dd287638c6ab1591fe6c8dacaeddc1cd9250e80baac07b7c9996356338db09654d91ae9d65c7fedbb81013d72ee16e6e1d3b5ec9c631082f03abed9cf8c4554f9e6ef4dbdb07f1c3b1ab390a226bd18a03fa18f5ffc6eafec1fb4b18ac1259137bddf10a903e5a0d15c731d878ff964146bcfb4403bdf19d793020fb2f5cee9ebf30e7a09a0366980d56867de0c8bc43d56643ddd54b7627c2d9e199e1207d013b54610ffef6faa98aa8948720a098e8c33d5266de8711a105266c415a898266c6d55cb7ff59504567f42894230d57c7d2304f72faf6a9f7b42999e283e9b04bafadd0e1c9ed176bdf80a8ac2751849858048b84f3a7dcf7982a0411ddf45f1076f989e5ee9034e4678411295ff30f0284b63cf0d95709821d9b48cd8a97db58dc53218c752dd7c998deeb9e758b9c86c32cf0e5c601f5f47772edb8d5083681fa0ef5c944d5bf0e7467aa61cd5d77e9e008f95cf288326c0f570e986ae36e9fa45af9a5a1e3348af2d097009bf894f8cc951cc66056418375a26a0b91d76cc150d1590de18192530b9fba3fc1f670f9d5b6c138434961bb08ae4b3539f04670de3db9ace1cb2667ea59e2900d469dd32826ae1338ee3f66ce3738c12e4a13f96adc9ac74be9b20c2f01033cea488", 0x1000}, {&(0x7f0000001a00)="412245f4f6e0a308f3aa73bac2f540adb3d3c47dfdc6ec423d2baf90cae946182988a4687874024216063c7e0886a8b79ebadbe718800fc5dbb1afedf4c6b298c6bbd4388985d0abf6d07b10cde8be5cc7810ab06b21a3d1699f53e7d69f4a21db2fa70114d57968dc2c7f8867ced7ec5961020706be1dd55a1ba956e6e895f579a160d9fc3e0731300f8e5f96e55126631bff8182a30d88cf3bd663ca100e09c66a4762d6fce213843dfeb955de28a6b22729e5f31f9a3997998fd003579fcbfab1f4ee9b0a5fee93ca2f427360f68da92ac30451d236641a86d910b8a4a7af733a973ccb9e86325729eb2666a09a129313e4182eb453df00fb1b0c49b5ab666109e754d872b4c5ffc2299d8d74a10d544bc37c5e77b60c6fd1b7fe7f004ba4eb90287be079f38a5cdb3db760dd9e8d2829771412111e8b8b8811460c95ba7dde0ca34c0229d3768af15948136034076445b06a3ce00512353801518d4b0cc253f731754fe6633d7092ddefec919a2730f7ce7877d2cd84f39fa297d2ec4f20a4a89c7fd77f41be1778faef47ed572e94d88b632843b64943c60fbe50bf30b5f571b16f19a47cc215a8e4531858d641228ebc25de708ad1cd6b96b781c211f8b50f8848453a96c81525e9133823f78f278ffe50de8350d994afa007c1126085227853472a11c7a74da13510f9b3ea564ace59ca857bcb90a360e87576f269ecdefa194831660e7980b91891d85ec3c0f63f22017a082caf68fce291ad2acf0e20d9805a980e019abfc271bb668de3263fbaacdae25e1f92b45cafa6959260096e5bb75a0b7ef492179e6db285a342832953ca3f6dc519e4aa5895e2f6133b752aaa3aa74be0e8f9bda8f3c446cdf9bf9618742e3b3c29a1692022a8d832a9c4b0d56047ec7914e38b2f1dab1e7aa4eddb8090b400e6451c6fc665eeb5f9851de9681015e9f8efac19bfd6dca70e1bf83700211c90bd76e561698fbaf3637ab170c98fd1fa58d866fe4cf4fd8559ae6a5ab8168e066210f1e3be7bcffbce1970318769fb8fe5b580e9230f37ed1238c4a121f9d5ea389a97e22404ff2108bcb0c1913030c7688f4fcda11a3d539f981c1307df0d68cba0a5120f891ce87829bd72eb2dbd0bdaf6bf7a983e56f1a3b77939e4ddd22cce721c2199d329600e3c5761d6f67879689176bb9f8316472fa4f41d5274e60e5e5ef58d33aab6673109a48c11a8a3b2218a19a7d4f62256982090c1ed26991f01ec58cb74a772c49272e450bf9454a82fc6857ca6d8828577bfd1ed28ea73580b05a06c9c752a41d9f882f97fcc92ded45dcf0ec90f794fea01ea639ad34df5ef0a25e51b116428b4d16fef68757103f4fae6773f587b4c8d8baaa93f4107a3c7dccb06a0e4c6ead47a5312f638ee0e47212769ddadc3bd53fdae49bceb913e452ef846f9e15ff61ec82e355290127966fab03fc6781d58f749de3f7db60ea051395cbb64589b0065984e2b9c4f2548fe94b5cafc23c240e007504d703c0c405cb48b6f1aa0ff685228d9f18c2b08e3f476c0be56a9ccdd4a648625baa17cf445f834d7a414f908b11b83ef369ba64d1dd8deaea6c582142bf100e3af1322abded0f2158965a34d26a741694147bea7219bac1b3c2f0effa8b8b29efd9976b3c7c17be22c4d6d15e6802d2da482f5f24c9e1c3eda4ffbce845c22d5c4bf3a58f7b80728a3ac068c8b602b949e421e2ddee8c8ced8df5732217468886496b1ad2c96630799e731adf5523b800a862e80b8ab68fb234b03408ec255d3a2aa39d5536491eecfcc63bd4370e61759d1d5892df248b81dd6896e1116ff2e566e21cfef4b5c19cf816b80d2a9baa8ce4fb06779b838a8af61def5aecff206422a568858f0777346cc1f91595139d8b66bcbf1f5dc9dae7e528d12a017c9faeb6115417e8c58e4c356cbd599fb261855eb68e48495c6d6f1e16898a1cd2f8ace430372edc2ebee38c2aefb3de863ec116c1ffca29e4a8b53df5746049fe0254713748d1a3dbd45ee66901c3bff1988957613df443d7d1b6542949cbadb9d80a28b915450422b4fe990b72cd728e9337e67715ce2105fdb1fc6039ead1b2118ba37611f1a36b33c754ba3eaa505c4271cb93ee074b1120adf1c6da86dc73f646a7ddf3a86581805704e8ddc3911bcd5a035880d3223725bfd481b4dbe2dd481eaa6c7c49452d763c981fe3e40810667a4c77116cad6c39b724acdf90b7d52f9ead5f2784345bed88d754cb36f02e2e83f30389ea97f5a54210a89728e089af5c347aa1120ee239790de48abdace4c1c8bfedb7c3b2ecc1e5ce0aec21e783aa4ce648cba1ee0502a2f8de2ce30eff8cbdaf48b0206a28de712fb028e028e36d4291dad7bb02d0d652c5347aa6edd916c5050f76903dafc14efbb43db81c225d429116a58d7781521305e4a45b83dcad31c48d8ae2c2ff1d1156ca5e21ed80b9847a013502dd526e840c2132946ee85636079df83bbc751f06c844a4ca257a4c2c1936c06a2ef933e574c3154299bf5e4e7606f2cd8a297f2546b1c11395be78094db8d80c5394c160703d5a6adeac172c408d4a5ac5c20b04221b41fb2a8096bfe55759dac2edd5c83a4f8c34b47fd5c801856aa23ac40e22490b6db76c5d5859378058c023a6d292085c7cce3751ff4c799d0d70368a7406d1a4d5ac2d9fca38aadcdcbc897489b9fc760806bd92009f37fcb06725689ff8c0d82909d23f63af6307ce3f27d16d3b3318d5cdf3c67ec40f40ea3574edc8bb8b966e7c138d87cce669176f55bbebf6bba90ddd6a8da7bc092f6efed9d4f060398f7eb12e8c799171fbbc571171d2994c367e3cb82c51c05669db5ee786079c7980818c92713cc77d406f9c1790d4056fca1864cbcdf3a38d472b0431f0bf881ebe9eb2fc61b976f78b4bf6e04f280820b97f439228e65e80637709124156bdc0aa282c2cf027baa2528eedc5f9996fbe60b592577d026243c35e94fbf38bc79f04d658b8bab67d96053dc033bb1b131b16cefec329a76ba1c8538b075956a723cd286f9b7f70a9b8f5d642adbcc71c26c588ddbc941a06bfcc398a28b33bbe56dc16cfebdd20bdfe5f80f4c312f1675d8c1f193800c356b2ecf26634dd238de3ca41b6479312b33ea052f927ae66d6a006540b60e54647aaae2cca5c17a1b9f197daf56114ca9e04c4c15cf3dc87e93e56627db0bb4a28da321c168fefe302597516a710157ee39b2e14ee3fcdd8ccd0e4277f55a93641c6e3d0ad4bd8dfcfb9ad723487291094ca32c4a2959413b57cb31a128fa9a37e04827e0ef5fd607ed28eeb6cd44bbd605fc576445b70c562ef034e870473263f489a9e3b62d50051b4633aeb0ca3991b99142d7d9e3fe9008aa447601806f92c7498c2b7f9b2e051c4ec2a54ad3b32f51489d4a72fc8b9d6e47e38070ba2abb126f3409c14a8c0f93768b0a36e5343ff6e09a70c67fe8b65fde300cb4fb1a532436901cbb8d1453a72bb437b76905a0ad71bbd160d176f3bda6098891846df9c404c209983abb5487b75b281ab3b1df114875ab64ed5d19e2009ae888771b3f29ab52bf6c593d548c1576044bd246aad30a87143f7ed2b261b2f330a6d8ed97e34856399dbf88964633f604b0ced762caaee53266937cf8b78c77aecb23ed519b43921ae8785f44d44eb7448af093b1579b0e99f70c896aca540bb9389261c03ca3b146dda631d4ee3708fe0f8414a937fb836a5cc36ea602bccc7f6b8f0472652c4186f7e4dc7f7bf296743c1d18df0b7c09fa2f721cb011b442fbc8d9389b3589b82f6e876868a810c9a54f7336d5e13a5e10695ae187f69fcfb182060b597c2bcae92fff3c61a7ac44bb985f63f4b3771394586d3e4505141ba06952dfc0bd32a96b47f63ce82f902c023f888e08882169ece564ab7dc0df4537f25c531cdbd5e0183698a84387a46c98a65b82fa2521bb9ef09b70b22c4d0709855707b1d9a230ea6111b7b0ef06ce57aad8032182e978e9b4832cf296ac74ac120532510cad7a8af4e0ae1c12343bcdc017cccd9ee7586258b0f7f22a3b7693503e922155795d7697f63cae011cbe7cbb8f809b731ef19442bb32ffe231affe58a3e8311874055727e9c06941dae015f1fd99501592766bdf3820334aad93bf6ed654f828335cf859057a09d8ff6a104083b03e978ceefde67bde9659ddf839ed81d62b5e8a1e143eb960fcce294e807bbc97c5eabf03a4cd2d8f450ceb22453b08f22b3d3fa2922f86725a94c8ba66741c8131085a7d1b68d294aa2f12109dbd6a43a178bd2b2a3771743ff44cea7b1c279b49fd7545a7981f4e0821b7b12094c1aea631b53e772c05ef17dde085bf738bf7b523947490bcd8047456f88e60db18d1c82644f210236fd7b4aaf1d58f5fc3e4439a8258df7752fa911cad1dc344dc57f579f0a6c4bb95048308a140c16596e8662bdc8d9cf56aa89e61f54d6455a92763e4c9578e54ca517933d9355fcc3005b3dffda76ceba4e278f5b989ab38df4e3493a8ad5ee43f7df48102f11daf0288ac9436cc5305e370455de4b9a3a2a243ece149d2cba3184fcccd61db08bd022b0e26e2f47ad7ad6063b99aa9b90f7f2efdf12c45fa88a9ac0a37a2605f6253e8fda7473ad1044b37840fd7c38240adb8b7bbc189eca3d03b3cbaf8b76011f33f24dcd6ce958518f96adec4fd6c8228801775c75f75a6d481f5b465724980f8b5621d444996e46a4bf52bf981ef11524bb4e8cc00bb87f8c0340483fbcee86a2159e98f31d775ceed9893ef29c7ebb3e0c0187a9a8f77209581358946c31fc7d77c17358f97602b4731d110abc5196d48c1085bc7efaeac1a98a52f4cf83c59caaa4c5cb20b1281bde726a8864865ff8112605a879c4c99c0f5ad31874ac204adec1bec0a050fdb32a82ff896415b4223dd25f1ac634a419171611b617433233db60ad3de1586d61832fe7c6034aca63343822c3a1b649816a23e99af9bb6a8d0449067982533a8dcf7b8cb62cf36b74c1031033f94d77e5410837ae70406f0eb5044aabf706781679419b332a5e2e81f9eaffaeb0d4fe515c7942c4479281aed6bd7796b2ca2351a8de1d7aaae517223f3a2bfd6791c57c5dfbde65ff50c9384540f66e8688d1ca3f0461521b8392c0b991714ba6849e90ee2e47e6b45ef87fdde365e2132aec628b738e6a9da84ce6d083255acbb9c4f43251256d01e5011236b567cec83c7b2217190339028100e21f1ef3f6cd57bea3567d9fb38e60c49431c94b93affee462adca2caf5cc261afa26ddc2b0c69b135e3b4a6fb9fbd844a94ebab38ea2cdf3e0f366af80b61d5b872180626233e0d7504b0c34dc2d64b25913402a9825c047100c5bc745e87a05dd64ec3ec67c65b19d5efaaae911d1bf63e146fd57447747c3b2f43d1d8aa649dccd9a17756289b74e35f6f5bcf0a70df64581a375c3bab048cf613de654f95718de971c73f4d54f40523042370d023970ca3add91dbc454dbd4b680689fa2c54a3f1599528b38c9585ee9fe7533ac7851e770e5aa3f814254eca6e2eaed6d6f9f73a595d3c7072fbbdd1dab302ad23a308a4c7cec9126e7456f1f9445e1719bc60b385638747c88e625f58c01789232680b802017e1a46982c95702c3239aec0a5b962f49b21f84c85f65e88e1493fd96125c6d5911f2e3452f4cf535d3692006b1aa81a23c4ee88b8523b3a7bd10e805d47e326d75b49dbf76f3927c412ce6c4ba6dc8c7e5be803cbd3ee21208ed27f2f850f743d6579759cc5690ec4554f49c", 0x1000}, {&(0x7f0000002a00)="61a28609b925cd55b151aee400e7a0782cfc39a1ea4cb257296896da517972bbbfd95bd152876811d89dfdc99ba8463042a79db247f81d92116dc44f4aa1ce7971695a19645f4e9e856e908e158ee9d409ba0da05e72121ba3571ccb1700e25cf2f9259709e819eb5b13075bdb76ec11c276fd21bd9db5c759819df62dd34a23f509e9ebc702557e8a5274f5f0d57121bec69020782d3b16443aa59ecc7f203a8960cbb24b6747c248b2ab98cb40bab862f778483b00460fc313e30006c8680829f561360858861c1485e48c8c5c2e96056aef6f5a1bb9b3dcb8cb32d9f514ea08e95fea0599722c79888b6f025973a8c7b52c", 0xf3}, {&(0x7f0000002b00)="8733ae3822e74ed0ba01bddee9b6d2a33c108cc489fd43573c60952f9567fd20d44e0ccfac3606804903ac0cd48aedf6808e848d1af0ee91a40be17f206bddad4eadf953a2da2e88e60daca7593a1141a306a4e32c2730909f26bee9b11ecb589c6c282cb86d5bb0a55f3793715bd55567ce0c4a65121198a4571fada96e666b25ff3f556a1f397293600698c53d73eedfecd55bbb0dc168b0dcffb95dc4c07e83be1e2d17be35066ec4acf78fe97e612bb14af1b3f7863d64ca7a0ba31f9ff24932b0b6224a0b70d68d806927342658ac7639964d148b5345549a4fdda6", 0xde}, {&(0x7f0000002c00)="ccfd8521aa98c5b3660a82f2d5954fa7bb2c6fea333e5a162bccad52e1b35c9c3550137596cb9888bc5ae73af448c2c715484136b8faaa3e1412b0c12fe61e9971e3f6e58fafedd9df9de41720ec20d47b0c1db7b20a84b3b77860aa9401e189fdd0b173dfaa5c5a6bf09fff5d281c9060b5e67a95d37e7f2ae3043fb30767d28f4cf8d8c9b1038400c844f36a4499ae4ebed710b854fc29d25c71345ca887ac9137a325b68c845364317a7efbf5ce7dfe9d3c1e06c880a3d608a34a0d359180f05a99aa05af90e222455ad3c1240f1c082caebb2d4d1fda787eba97ed5b907dcf0866bdcaf8689957c4a0a2", 0xec}], 0x6, 0x0, 0x0, 0x24040010}, 0x20040090) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000002dc0)="1e727b11800ae6722d9aa26a03d166ec", 0x10) getsockopt$inet_sctp_SCTP_MAXSEG(r2, 0x84, 0xd, &(0x7f0000002e00)=@assoc_id=r3, &(0x7f0000002e40)=0x4) ioctl$KVM_GET_EMULATED_CPUID(r2, 0xc008ae09, &(0x7f0000002e80)=""/61) ioctl$DRM_IOCTL_ADD_CTX(r5, 0xc0086420, &(0x7f0000002ec0)={0x0}) ioctl$DRM_IOCTL_GET_SAREA_CTX(r2, 0xc010641d, &(0x7f0000002f80)={r8, &(0x7f0000002f00)=""/111}) getsockopt(r0, 0x9, 0x1, &(0x7f0000002fc0)=""/92, &(0x7f0000003040)=0x5c) accept4(r2, &(0x7f0000003080)=@nfc, &(0x7f0000003100)=0x80, 0x80800) bind$inet6(r7, &(0x7f0000003140)={0xa, 0x4e21, 0x3, @loopback, 0x7}, 0x1c) ioctl$VIDIOC_G_SELECTION(r2, 0xc040565e, &(0x7f0000003180)={0xf, 0x0, 0x3, {0x9, 0x7fffffff, 0x4803, 0x8}}) 22:49:27 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x2f0]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2494.549751] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2494.554861] try_charge+0xfec/0x1570 [ 2494.558579] ? find_held_lock+0x35/0x130 [ 2494.562657] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2494.567535] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2494.572384] ? find_held_lock+0x35/0x130 [ 2494.576454] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2494.581331] memcg_kmem_charge_memcg+0x7c/0x130 [ 2494.586008] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2494.590520] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2494.595381] memcg_kmem_charge+0x13b/0x340 [ 2494.599635] __alloc_pages_nodemask+0x437/0x710 [ 2494.604316] ? debug_smp_processor_id+0x1c/0x20 [ 2494.608993] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2494.614039] ? copy_page_range+0x125a/0x1f90 [ 2494.618474] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2494.618497] alloc_pages_current+0x107/0x210 [ 2494.618519] pte_alloc_one+0x1b/0x1a0 [ 2494.618535] __pte_alloc+0x20/0x310 [ 2494.618554] copy_page_range+0x1529/0x1f90 [ 2494.618568] ? mark_held_locks+0x100/0x100 [ 2494.618606] ? pmd_alloc+0x180/0x180 [ 2494.644376] ? __rb_insert_augmented+0x231/0xdf0 [ 2494.644394] ? validate_mm_rb+0xa3/0xc0 [ 2494.644414] ? __vma_link_rb+0x279/0x370 [ 2494.644439] copy_process.part.0+0x56aa/0x79a0 [ 2494.665533] ? __cleanup_sighand+0x70/0x70 [ 2494.669851] _do_fork+0x257/0xfe0 [ 2494.673349] ? fork_idle+0x1d0/0x1d0 [ 2494.677087] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2494.681853] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2494.686619] ? do_syscall_64+0x26/0x610 [ 2494.690601] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2494.695968] ? do_syscall_64+0x26/0x610 [ 2494.699977] __x64_sys_clone+0xbf/0x150 [ 2494.703961] do_syscall_64+0x103/0x610 [ 2494.707860] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2494.713055] RIP: 0033:0x4563fa [ 2494.716253] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2494.735191] RSP: 002b:00007ffd944dfb30 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2494.742910] RAX: ffffffffffffffda RBX: 00007ffd944dfb30 RCX: 00000000004563fa 22:49:27 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x718, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:49:27 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x2fc]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2494.750187] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2494.757466] RBP: 00007ffd944dfb70 R08: 0000000000000001 R09: 0000000002439940 [ 2494.764756] R10: 0000000002439c10 R11: 0000000000000246 R12: 0000000000000001 [ 2494.772061] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000003 [ 2494.835782] memory: usage 307200kB, limit 307200kB, failcnt 6511 [ 2494.842380] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2494.874115] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2494.907082] Memory cgroup stats for /syz3: cache:0KB rss:105080KB rss_huge:10240KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:105204KB inactive_file:4KB active_file:8KB unevictable:0KB 22:49:28 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x14cb1818}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) [ 2494.958118] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=32227,uid=0 [ 2494.973719] Memory cgroup out of memory: Kill process 32227 (syz-executor.3) score 1113 or sacrifice child [ 2494.984109] Killed process 32227 (syz-executor.3) total-vm:72444kB, anon-rss:2200kB, file-rss:35784kB, shmem-rss:0kB 22:49:28 executing program 1: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0xe000000}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) [ 2495.031624] syz-executor.2 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 2495.107089] CPU: 0 PID: 27295 Comm: syz-executor.2 Not tainted 5.0.0-rc8+ #89 [ 2495.114383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2495.123731] Call Trace: [ 2495.126326] dump_stack+0x172/0x1f0 [ 2495.129969] dump_header+0x10f/0xb6c [ 2495.133695] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2495.138830] ? ___ratelimit+0x60/0x595 [ 2495.142722] ? do_raw_spin_unlock+0x57/0x270 [ 2495.147138] oom_kill_process.cold+0x10/0x6f5 [ 2495.151646] ? task_will_free_mem+0x139/0x6e0 [ 2495.156155] out_of_memory+0x79a/0x1280 [ 2495.160180] ? oom_killer_disable+0x280/0x280 [ 2495.164682] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2495.169844] mem_cgroup_out_of_memory+0x99/0xe0 [ 2495.174519] ? memcg_memory_event+0x40/0x40 [ 2495.178868] ? _raw_spin_unlock+0x2d/0x50 [ 2495.183035] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2495.188149] try_charge+0xfec/0x1570 [ 2495.191864] ? find_held_lock+0x35/0x130 [ 2495.195940] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2495.200826] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2495.205674] ? find_held_lock+0x35/0x130 [ 2495.209746] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2495.214610] memcg_kmem_charge_memcg+0x7c/0x130 [ 2495.219286] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2495.223809] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2495.228668] memcg_kmem_charge+0x13b/0x340 [ 2495.232929] __alloc_pages_nodemask+0x437/0x710 [ 2495.237610] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2495.242669] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2495.247259] ? trace_hardirqs_on+0x67/0x230 [ 2495.251604] copy_process.part.0+0x3e0/0x79a0 [ 2495.256106] ? __handle_mm_fault+0x21a9/0x3f20 [ 2495.260698] ? perf_pending_event+0x110/0x110 [ 2495.265202] ? __handle_mm_fault+0x21a9/0x3f20 [ 2495.269808] ? lock_downgrade+0x810/0x810 [ 2495.273965] ? migration_entry_to_page+0x320/0x320 [ 2495.278898] ? lru_cache_add+0x21c/0x590 [ 2495.282974] ? __cleanup_sighand+0x70/0x70 [ 2495.287216] ? __handle_mm_fault+0x7cd/0x3f20 [ 2495.291734] ? __do_page_fault+0x610/0xd60 [ 2495.295974] ? find_held_lock+0x35/0x130 [ 2495.300048] _do_fork+0x257/0xfe0 [ 2495.303524] ? fork_idle+0x1d0/0x1d0 [ 2495.307275] ? debug_smp_processor_id+0x1c/0x20 [ 2495.311960] ? perf_swevent_put_recursion_context+0x1f/0xa0 [ 2495.317677] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2495.323238] ? __perf_sw_event+0x7a/0xa0 [ 2495.327305] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2495.332072] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2495.336832] ? do_syscall_64+0x26/0x610 [ 2495.340818] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2495.346189] ? do_syscall_64+0x26/0x610 [ 2495.350172] __x64_sys_clone+0xbf/0x150 [ 2495.354153] do_syscall_64+0x103/0x610 [ 2495.358048] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2495.363263] RIP: 0033:0x45a7f9 [ 2495.366459] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2495.385358] RSP: 002b:00007fff025901d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2495.393085] RAX: ffffffffffffffda RBX: 00007fca941ff700 RCX: 000000000045a7f9 [ 2495.400352] RDX: 00007fca941ff9d0 RSI: 00007fca941fedb0 RDI: 00000000003d0f00 [ 2495.407637] RBP: 00007fff025903e0 R08: 00007fca941ff700 R09: 00007fca941ff700 [ 2495.414906] R10: 00007fca941ff9d0 R11: 0000000000000202 R12: 0000000000000000 [ 2495.422181] R13: 00007fff0259028f R14: 00007fca941ff9c0 R15: 000000000073bfac [ 2495.550698] memory: usage 307040kB, limit 307200kB, failcnt 5783 [ 2495.561009] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2495.581923] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2495.588075] Memory cgroup stats for /syz2: cache:12KB rss:111548KB rss_huge:10240KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:111732KB inactive_file:8KB active_file:12KB unevictable:0KB [ 2495.588156] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=15258,uid=0 [ 2495.634654] Memory cgroup out of memory: Kill process 15258 (syz-executor.2) score 124 or sacrifice child 22:49:28 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x465, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:28 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x300]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:28 executing program 1: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x2) ioctl$EVIOCREVOKE(r0, 0x40044591, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) write$selinux_attr(r1, 0x0, 0x0) recvfrom$rose(r1, &(0x7f0000000040), 0x0, 0x40000020, &(0x7f0000000080)=@short={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, 0x1, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}}, 0x1c) [ 2495.646583] Killed process 15258 (syz-executor.2) total-vm:72444kB, anon-rss:2204kB, file-rss:35780kB, shmem-rss:0kB 22:49:28 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa]}, 0x2c) 22:49:28 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x18020000}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) [ 2495.764558] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2495.801318] CPU: 1 PID: 27320 Comm: syz-executor.4 Not tainted 5.0.0-rc8+ #89 [ 2495.808617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2495.817996] Call Trace: [ 2495.820611] dump_stack+0x172/0x1f0 [ 2495.824260] dump_header+0x10f/0xb6c [ 2495.827981] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2495.833107] ? ___ratelimit+0x60/0x595 [ 2495.837021] ? do_raw_spin_unlock+0x57/0x270 [ 2495.841473] oom_kill_process.cold+0x10/0x6f5 [ 2495.845985] ? task_will_free_mem+0x139/0x6e0 [ 2495.850503] out_of_memory+0x79a/0x1280 [ 2495.854497] ? oom_killer_disable+0x280/0x280 [ 2495.859002] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2495.864124] mem_cgroup_out_of_memory+0x99/0xe0 [ 2495.868830] ? memcg_memory_event+0x40/0x40 [ 2495.873167] ? _raw_spin_unlock+0x2d/0x50 [ 2495.877367] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2495.882494] try_charge+0xfec/0x1570 [ 2495.886228] ? find_held_lock+0x35/0x130 [ 2495.890301] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2495.895162] ? kasan_check_read+0x11/0x20 [ 2495.899331] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2495.904188] mem_cgroup_try_charge+0x24d/0x5e0 [ 2495.908819] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2495.913766] wp_page_copy+0x408/0x1740 [ 2495.917679] ? find_held_lock+0x35/0x130 [ 2495.921754] ? pmd_pfn+0x1d0/0x1d0 [ 2495.925312] ? lock_downgrade+0x810/0x810 [ 2495.929480] ? __pte_alloc_kernel+0x220/0x220 [ 2495.934032] ? kasan_check_read+0x11/0x20 [ 2495.938188] ? do_raw_spin_unlock+0x57/0x270 [ 2495.942613] do_wp_page+0x2ed/0x1520 [ 2495.946352] ? rwlock_bug.part.0+0x90/0x90 [ 2495.950592] ? lock_acquire+0x16f/0x3f0 [ 2495.954575] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2495.959248] ? add_mm_counter_fast.part.0+0x40/0x40 [ 2495.964279] __handle_mm_fault+0x22db/0x3f20 [ 2495.968700] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2495.973567] ? find_held_lock+0x35/0x130 [ 2495.977631] ? handle_mm_fault+0x322/0xb30 [ 2495.981901] ? kasan_check_read+0x11/0x20 [ 2495.986056] handle_mm_fault+0x43f/0xb30 [ 2495.990150] __do_page_fault+0x5da/0xd60 [ 2495.994225] do_page_fault+0x71/0x581 [ 2495.998045] ? page_fault+0x8/0x30 [ 2496.001605] page_fault+0x1e/0x30 [ 2496.005062] RIP: 0033:0x40d1e8 [ 2496.008259] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf bf d4 4b 00 31 c0 e8 43 47 ff ff 31 ff e8 8c 43 ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d 7e 32 64 00 [ 2496.027160] RSP: 002b:00007ffdc7152ed0 EFLAGS: 00010246 [ 2496.032522] RAX: 00000000817545d9 RBX: 00000000c0fd3b11 RCX: 0000001b30120000 [ 2496.039812] RDX: 0000000000000000 RSI: 00000000000005d9 RDI: ffffffff817545d9 [ 2496.047082] RBP: 0000000000000000 R08: 00000000817545d9 R09: 00000000817545dd [ 2496.054355] R10: 00007ffdc7153060 R11: 0000000000000246 R12: 000000000073bf88 22:49:29 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x1818cb14}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:49:29 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x466, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:29 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x30c]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2496.061628] R13: 0000000080000000 R14: 00007f753f618008 R15: 0000000000000000 [ 2496.068924] ? trace_hardirqs_off_caller+0x19/0x220 [ 2496.078778] memory: usage 307200kB, limit 307200kB, failcnt 4807 [ 2496.100271] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2496.142138] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2496.161355] Memory cgroup stats for /syz4: cache:24KB rss:116264KB rss_huge:24576KB shmem:72KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:116444KB inactive_file:12KB active_file:8KB unevictable:0KB [ 2496.348818] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=26704,uid=0 [ 2496.375710] Memory cgroup out of memory: Kill process 26704 (syz-executor.4) score 1113 or sacrifice child [ 2496.397849] Killed process 26704 (syz-executor.4) total-vm:72576kB, anon-rss:2216kB, file-rss:35784kB, shmem-rss:0kB 22:49:29 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x719, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:49:29 executing program 1: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x14cb1818}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:49:29 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb]}, 0x2c) 22:49:29 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x310]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:29 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x467, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:29 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x20000000}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) [ 2496.604021] syz-executor.2 invoked oom-killer: gfp_mask=0x6040c0(GFP_KERNEL|__GFP_COMP), order=0, oom_score_adj=0 [ 2496.623464] CPU: 0 PID: 7601 Comm: syz-executor.2 Not tainted 5.0.0-rc8+ #89 [ 2496.630663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2496.640020] Call Trace: [ 2496.642640] dump_stack+0x172/0x1f0 [ 2496.646283] dump_header+0x10f/0xb6c [ 2496.650010] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2496.655121] ? ___ratelimit+0x60/0x595 [ 2496.659043] ? do_raw_spin_unlock+0x57/0x270 [ 2496.663471] oom_kill_process.cold+0x10/0x6f5 [ 2496.667986] ? task_will_free_mem+0x139/0x6e0 [ 2496.672497] out_of_memory+0x79a/0x1280 [ 2496.676480] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2496.681607] ? oom_killer_disable+0x280/0x280 [ 2496.686160] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2496.691293] mem_cgroup_out_of_memory+0x99/0xe0 [ 2496.695973] ? memcg_memory_event+0x40/0x40 [ 2496.700340] ? _raw_spin_unlock+0x2d/0x50 22:49:29 executing program 1: r0 = memfd_create(0x0, 0x4) syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) r1 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = syz_open_dev$usbmon(&(0x7f00000001c0)='/dev/usbmon#\x00', 0x6, 0x0) syz_open_dev$loop(0x0, 0x7968e71e, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) getsockopt$bt_sco_SCO_OPTIONS(r1, 0x11, 0x1, &(0x7f0000000240)=""/115, &(0x7f0000000080)=0x73) r3 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r3, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}, 0xffffffffffffffff}) syz_open_pts(0xffffffffffffffff, 0x1fb) ioctl$sock_inet6_SIOCADDRT(r3, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @rand_addr="58c4c4a733d993a894f49491cb15d13e", @loopback, 0x0, 0x0, 0x0, 0x500}) ioctl$TIOCLINUX4(0xffffffffffffffff, 0x541c, &(0x7f0000000380)) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x82403, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000300)={'team0\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(0xffffffffffffffff, 0x8936, &(0x7f0000000340)={@remote, 0x7e, r4}) [ 2496.704513] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2496.709626] try_charge+0xfec/0x1570 [ 2496.713345] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2496.718897] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2496.723773] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 2496.729251] ? rcu_read_lock_sched_held+0x110/0x130 [ 2496.734313] ? __alloc_pages_nodemask+0x5e9/0x710 [ 2496.739181] ? perf_trace_lock_acquire+0xf5/0x580 [ 2496.744040] memcg_kmem_charge_memcg+0x7c/0x130 [ 2496.748727] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2496.753260] ? cache_grow_begin+0x5a2/0x8c0 [ 2496.757602] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2496.762208] ? trace_hardirqs_on+0x67/0x230 [ 2496.766545] cache_grow_begin+0x25f/0x8c0 [ 2496.770704] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2496.776252] ? __cpuset_node_allowed+0x136/0x540 [ 2496.781022] fallback_alloc+0x1fd/0x2d0 [ 2496.785018] ____cache_alloc_node+0x1be/0x1e0 [ 2496.789550] kmem_cache_alloc+0x1e8/0x6f0 [ 2496.793738] ? anon_vma_clone+0x320/0x480 [ 2496.797909] anon_vma_fork+0x1ea/0x4a0 [ 2496.801836] ? dup_userfaultfd+0x15e/0x6d0 [ 2496.806103] copy_process.part.0+0x350f/0x79a0 [ 2496.810729] ? __cleanup_sighand+0x70/0x70 [ 2496.814995] _do_fork+0x257/0xfe0 [ 2496.818476] ? fork_idle+0x1d0/0x1d0 [ 2496.822215] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2496.826983] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2496.831771] ? do_syscall_64+0x26/0x610 [ 2496.831787] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2496.831842] ? do_syscall_64+0x26/0x610 [ 2496.831863] __x64_sys_clone+0xbf/0x150 [ 2496.831883] do_syscall_64+0x103/0x610 [ 2496.831903] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2496.831915] RIP: 0033:0x4563fa [ 2496.831932] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2496.880299] RSP: 002b:00007fff02590460 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2496.888009] RAX: ffffffffffffffda RBX: 00007fff02590460 RCX: 00000000004563fa [ 2496.888019] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 22:49:30 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x468, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:30 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x32e]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:30 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x71a, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) [ 2496.888028] RBP: 00007fff025904a0 R08: 0000000000000001 R09: 0000000001fbd940 [ 2496.888037] R10: 0000000001fbdc10 R11: 0000000000000246 R12: 0000000000000001 [ 2496.888046] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000002 [ 2496.905489] memory: usage 307200kB, limit 307200kB, failcnt 5837 [ 2496.937515] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2496.948603] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2496.955615] Memory cgroup stats for /syz2: cache:12KB rss:111584KB rss_huge:10240KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:111756KB inactive_file:0KB active_file:0KB unevictable:0KB 22:49:30 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x3f000000}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) [ 2496.998336] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=27367,uid=0 22:49:30 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x37a]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:30 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x469, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2497.090950] Memory cgroup out of memory: Kill process 27367 (syz-executor.2) score 124 or sacrifice child 22:49:30 executing program 1: r0 = memfd_create(&(0x7f0000000f00)='i\xb4b\xca\x17\x05\xb4\x93\x7fH\xbe\xbc\x95\x87h\r?\xc7x\xbd\xe2R\x02\x7fX\xd6.\xd3\xbf]\xe1\x86\xadqPD+\xc9\x89\x0e\x15\xe9\x031\x1e\x03\nE\xccA\xac\xd8\xd2\x95\xb5^J]\xb3\x82\x9a\x10\xc1\x18\n\xf2\x9cRp\x8fww\xe7\xcb^QdO\xce\t(\xe3FHM!\xb1\xd7Q~\xf6L\x12\x13\x16}\x17\b\x88\xe5\xd8\xd6\xa5\xa2\x00\x00\x00\x00\x00\x00\x00\x05\xcb\xeba/\xba\xdb\xca^\xfe\b\x88l\x97\xd2\xf7Y\x92\xd4\x93\xbe\xeeY\xd8\\R\ae\b\x14u[\x13\xbd\xcaf-\x1a)\xf6\xd0\xa0\xdb\x87\xf25\x1c,\xed\xcb\x89\xd8\"\xa3r,\x04\x90\xc2@\xcc7eq\xcb|q3\xe2\x84\xed\x91\xa0\xae\x8b\x85\xde\x18\x11\xf8\xde\x1d\xe3N\x95q\xf5\xf4\xdd8\xb1\\.\xb9E\x87\xb9fh\x93U\xa8+\xbb\x18*\xf8b\x97', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x1) ioctl$int_in(r0, 0x5473, &(0x7f0000000140)=0x5) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\x00'}) accept4$packet(r2, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f00000001c0)=0x14, 0x800) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000200)={'team0\x00', r3}) write$sndseq(r0, &(0x7f0000000000)=[{0x5, 0x21, 0x0, 0x0, @tick, {}, {}, @connect}], 0xffffff76) ioctl$FS_IOC_SETFSLABEL(r1, 0x41009432, &(0x7f0000000040)="cc2f82b0dea9c994f417290fab2fb6fe91922ccf9a0a46b7b1ad13d254dc0656cea1040b217740cd90c6b74eb7e7198cf27439383218721b379f458f613b62e9c1e36100201e0b8eebbd4b3b69f4b9fe0ccaa95d16fbf2ec0fc1db5e085b10d11e03c69880d090c873a4a292edcafca030f0b55b553965a509facd01fd467e98105f94f3d7d51d179bec5677358ac5fc03db26e6e192313e6fa29c7fd4e3af0e783aa5325dccd5eacc0eda7053bd14e6c32168e41dac5072de1a4e7fe4ff61bd37c80f3a1c459e701406c6dc84404cbef4ee55972d3f240553b600f033836903d7962b555a19b7a0cb132a602c7cd6f09054a1238f0cb994dec6bbf7d0c77c6d") [ 2497.144836] Killed process 27367 (syz-executor.2) total-vm:72576kB, anon-rss:2212kB, file-rss:35788kB, shmem-rss:0kB 22:49:30 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc]}, 0x2c) 22:49:30 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x71b, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) [ 2497.301016] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2497.322040] [ 2497.323683] ====================================================== [ 2497.329995] WARNING: possible circular locking dependency detected [ 2497.336303] 5.0.0-rc8+ #89 Not tainted [ 2497.340192] ------------------------------------------------------ [ 2497.346502] syz-executor.1/27462 is trying to acquire lock: [ 2497.352201] 000000003caee7db (&mm->mmap_sem){++++}, at: __do_page_fault+0x9c2/0xd60 [ 2497.360011] [ 2497.360011] but task is already holding lock: [ 2497.365966] 00000000bf945bb0 (&sb->s_type->i_mutex_key#12){+.+.}, at: generic_file_write_iter+0xdf/0x610 [ 2497.375594] [ 2497.375594] which lock already depends on the new lock. [ 2497.375594] [ 2497.383893] [ 2497.383893] the existing dependency chain (in reverse order) is: [ 2497.391499] [ 2497.391499] -> #2 (&sb->s_type->i_mutex_key#12){+.+.}: [ 2497.398270] down_write+0x38/0x90 [ 2497.402251] shmem_fallocate+0x15a/0xc60 [ 2497.406920] ashmem_shrink_scan+0x1d7/0x4f0 [ 2497.411762] ashmem_ioctl+0x2f0/0x11a0 [ 2497.416183] do_vfs_ioctl+0xd6e/0x1390 [ 2497.420580] ksys_ioctl+0xab/0xd0 [ 2497.424549] __x64_sys_ioctl+0x73/0xb0 [ 2497.428998] do_syscall_64+0x103/0x610 [ 2497.433399] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2497.439092] [ 2497.439092] -> #1 (ashmem_mutex){+.+.}: [ 2497.444538] __mutex_lock+0xf7/0x1310 [ 2497.448873] mutex_lock_nested+0x16/0x20 [ 2497.453451] ashmem_mmap+0x55/0x520 [ 2497.457609] mmap_region+0xc37/0x1760 [ 2497.461941] do_mmap+0x8e2/0x1080 [ 2497.465911] vm_mmap_pgoff+0x1c5/0x230 [ 2497.470311] ksys_mmap_pgoff+0x4aa/0x630 [ 2497.474884] __x64_sys_mmap+0xe9/0x1b0 [ 2497.479303] do_syscall_64+0x103/0x610 [ 2497.483700] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2497.489617] [ 2497.489617] -> #0 (&mm->mmap_sem){++++}: [ 2497.495157] lock_acquire+0x16f/0x3f0 [ 2497.499487] down_read+0x3b/0x90 [ 2497.503382] __do_page_fault+0x9c2/0xd60 [ 2497.507959] do_page_fault+0x71/0x581 [ 2497.512273] page_fault+0x1e/0x30 [ 2497.516241] iov_iter_fault_in_readable+0x1ba/0x450 [ 2497.521771] generic_perform_write+0x195/0x530 [ 2497.526879] __generic_file_write_iter+0x25e/0x630 [ 2497.532321] generic_file_write_iter+0x360/0x610 [ 2497.537592] __vfs_write+0x613/0x8e0 [ 2497.541822] vfs_write+0x20c/0x580 [ 2497.545874] ksys_write+0xea/0x1f0 [ 2497.549925] __x64_sys_write+0x73/0xb0 [ 2497.554343] do_syscall_64+0x103/0x610 [ 2497.558743] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2497.564435] [ 2497.564435] other info that might help us debug this: [ 2497.564435] [ 2497.572579] Chain exists of: [ 2497.572579] &mm->mmap_sem --> ashmem_mutex --> &sb->s_type->i_mutex_key#12 [ 2497.572579] [ 2497.584105] Possible unsafe locking scenario: [ 2497.584105] [ 2497.590148] CPU0 CPU1 [ 2497.594804] ---- ---- [ 2497.599457] lock(&sb->s_type->i_mutex_key#12); [ 2497.604221] lock(ashmem_mutex); [ 2497.610178] lock(&sb->s_type->i_mutex_key#12); [ 2497.617955] lock(&mm->mmap_sem); [ 2497.621504] [ 2497.621504] *** DEADLOCK *** [ 2497.621504] [ 2497.627555] 2 locks held by syz-executor.1/27462: [ 2497.632569] #0: 00000000932f15cb (sb_writers#5){.+.+}, at: vfs_write+0x429/0x580 [ 2497.640194] #1: 00000000bf945bb0 (&sb->s_type->i_mutex_key#12){+.+.}, at: generic_file_write_iter+0xdf/0x610 [ 2497.650252] [ 2497.650252] stack backtrace: [ 2497.654734] CPU: 1 PID: 27462 Comm: syz-executor.1 Not tainted 5.0.0-rc8+ #89 [ 2497.661992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2497.671330] Call Trace: [ 2497.673914] dump_stack+0x172/0x1f0 [ 2497.677538] print_circular_bug.isra.0.cold+0x1cc/0x28f [ 2497.682899] __lock_acquire+0x2f00/0x4700 [ 2497.687073] ? mark_held_locks+0x100/0x100 [ 2497.691312] ? __lock_is_held+0xb6/0x140 [ 2497.695374] lock_acquire+0x16f/0x3f0 [ 2497.699189] ? __do_page_fault+0x9c2/0xd60 [ 2497.703438] down_read+0x3b/0x90 [ 2497.706809] ? __do_page_fault+0x9c2/0xd60 [ 2497.711043] __do_page_fault+0x9c2/0xd60 [ 2497.715123] do_page_fault+0x71/0x581 [ 2497.718924] page_fault+0x1e/0x30 [ 2497.722375] RIP: 0010:iov_iter_fault_in_readable+0x1ba/0x450 [ 2497.728170] Code: 4c 39 f3 76 17 eb 3b e8 d4 2e 47 fe 48 81 c3 00 10 00 00 48 39 9d 68 ff ff ff 72 2d e8 bf 2e 47 fe 0f 1f 00 0f ae e8 45 31 f6 <8a> 13 0f 1f 00 31 ff 44 89 f6 41 88 57 d0 e8 23 30 47 fe 45 85 f6 [ 2497.747064] RSP: 0018:ffff8881f0ae79b8 EFLAGS: 00010246 [ 2497.752415] RAX: 0000000000040000 RBX: 000000002009f000 RCX: ffffc90008008000 [ 2497.759674] RDX: 000000000002c45a RSI: ffffffff8328b061 RDI: 0000000000000005 [ 2497.766934] RBP: ffff8881f0ae7a58 R08: ffff8880528004c0 R09: fffff94000420947 [ 2497.774195] R10: fffff94000420946 R11: ffffea0002104a37 R12: 0000000000001000 [ 2497.781467] R13: 0000000000001000 R14: 0000000000000000 R15: ffff8881f0ae7a30 [ 2497.788771] ? iov_iter_fault_in_readable+0x1b1/0x450 [ 2497.793965] ? iov_iter_fault_in_readable+0x1b1/0x450 [ 2497.799151] ? copy_page_from_iter+0x750/0x750 [ 2497.803737] generic_perform_write+0x195/0x530 [ 2497.808316] ? page_endio+0x780/0x780 [ 2497.812116] ? current_time+0x140/0x140 [ 2497.816085] ? lock_acquire+0x16f/0x3f0 [ 2497.820059] __generic_file_write_iter+0x25e/0x630 [ 2497.824984] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2497.829997] generic_file_write_iter+0x360/0x610 [ 2497.834764] ? __generic_file_write_iter+0x630/0x630 [ 2497.839870] ? debug_smp_processor_id+0x1c/0x20 [ 2497.844535] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2497.850073] ? iov_iter_init+0xea/0x220 [ 2497.854043] __vfs_write+0x613/0x8e0 [ 2497.857756] ? kernel_read+0x120/0x120 [ 2497.861647] ? rcu_read_lock_sched_held+0x110/0x130 [ 2497.866657] ? rcu_sync_lockdep_assert+0x73/0xb0 [ 2497.871411] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2497.876966] ? __sb_start_write+0x1ac/0x360 [ 2497.881286] vfs_write+0x20c/0x580 [ 2497.884830] ksys_write+0xea/0x1f0 [ 2497.888364] ? __ia32_sys_read+0xb0/0xb0 [ 2497.892424] ? do_syscall_64+0x26/0x610 [ 2497.896392] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2497.901777] ? do_syscall_64+0x26/0x610 [ 2497.905756] __x64_sys_write+0x73/0xb0 [ 2497.909642] do_syscall_64+0x103/0x610 [ 2497.913521] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2497.918700] RIP: 0033:0x457e29 [ 2497.921885] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2497.940779] RSP: 002b:00007fec6600dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 22:49:31 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x40000000}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) [ 2497.948486] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457e29 [ 2497.955746] RDX: 00000000ffffff76 RSI: 0000000020000000 RDI: 0000000000000003 [ 2497.963008] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2497.970272] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fec6600e6d4 [ 2497.977536] R13: 00000000004c73d7 R14: 00000000004dcfe0 R15: 00000000ffffffff [ 2497.998122] CPU: 0 PID: 27453 Comm: syz-executor.0 Not tainted 5.0.0-rc8+ #89 [ 2498.005414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2498.014767] Call Trace: [ 2498.017374] dump_stack+0x172/0x1f0 [ 2498.021021] dump_header+0x10f/0xb6c [ 2498.024744] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2498.029851] ? ___ratelimit+0x60/0x595 [ 2498.033769] ? do_raw_spin_unlock+0x57/0x270 [ 2498.038195] oom_kill_process.cold+0x10/0x6f5 [ 2498.042707] ? task_will_free_mem+0x139/0x6e0 [ 2498.047219] out_of_memory+0x79a/0x1280 [ 2498.051206] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2498.056317] ? oom_killer_disable+0x280/0x280 [ 2498.060834] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2498.065953] mem_cgroup_out_of_memory+0x99/0xe0 [ 2498.070641] ? memcg_memory_event+0x40/0x40 [ 2498.074891] kobject: 'loop5' (0000000014db84d1): kobject_uevent_env [ 2498.074965] ? _raw_spin_unlock+0x2d/0x50 [ 2498.085517] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2498.087922] kobject: 'loop5' (0000000014db84d1): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 2498.090651] try_charge+0xfec/0x1570 [ 2498.090664] ? find_held_lock+0x35/0x130 [ 2498.090683] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2498.090701] ? kasan_check_read+0x11/0x20 [ 2498.090720] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2498.090734] mem_cgroup_try_charge+0x24d/0x5e0 [ 2498.126291] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2498.131227] wp_page_copy+0x408/0x1740 [ 2498.135125] ? find_held_lock+0x35/0x130 [ 2498.139196] ? pmd_pfn+0x1d0/0x1d0 [ 2498.142743] ? lock_downgrade+0x810/0x810 [ 2498.146899] ? swp_swapcount+0x540/0x540 [ 2498.150972] ? kasan_check_read+0x11/0x20 [ 2498.155124] ? do_raw_spin_unlock+0x57/0x270 [ 2498.159538] do_wp_page+0x2ed/0x1520 [ 2498.163256] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2498.167940] __handle_mm_fault+0x22db/0x3f20 [ 2498.172357] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2498.177201] ? find_held_lock+0x35/0x130 [ 2498.181269] ? handle_mm_fault+0x322/0xb30 [ 2498.185521] ? kasan_check_read+0x11/0x20 [ 2498.189682] handle_mm_fault+0x43f/0xb30 [ 2498.193759] __do_page_fault+0x5da/0xd60 [ 2498.197848] do_page_fault+0x71/0x581 [ 2498.201657] ? page_fault+0x8/0x30 [ 2498.205204] page_fault+0x1e/0x30 [ 2498.208662] RIP: 0033:0x42efb6 [ 2498.211867] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 16 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 ac 5f 62 00 85 c0 0f 84 [ 2498.230765] RSP: 002b:00007ffc56cc4100 EFLAGS: 00010206 [ 2498.236140] RAX: 00000000000205b1 RBX: 0000000000711640 RCX: 0000000000000121 [ 2498.243438] RDX: 0000000002149930 RSI: 0000000002149a50 RDI: 0000000000000000 22:49:31 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x46a, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2498.250723] RBP: 0000000000000121 R08: ffffffffffffffff R09: 0000000000000000 [ 2498.257998] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000711698 [ 2498.265272] R13: 0000000000711698 R14: 0000000000000003 R15: 0000000000002710 22:49:31 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, 0x2c) [ 2498.312339] kobject: 'loop3' (00000000303ebc27): kobject_uevent_env [ 2498.343363] kobject: 'loop3' (00000000303ebc27): fill_kobj_path: path = '/devices/virtual/block/loop3' 22:49:31 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x46b, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:31 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x40020000}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:49:31 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x71c, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:49:31 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe]}, 0x2c) [ 2498.453735] kobject: 'loop3' (00000000303ebc27): kobject_uevent_env [ 2498.488146] kobject: 'loop3' (00000000303ebc27): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 2498.544274] kobject: 'loop5' (0000000014db84d1): kobject_uevent_env [ 2498.573015] kobject: 'loop5' (0000000014db84d1): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 2498.588770] memory: usage 307200kB, limit 307200kB, failcnt 6534 [ 2498.612826] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2498.615526] kobject: 'loop4' (000000002602c32e): kobject_uevent_env [ 2498.635725] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2498.647586] Memory cgroup stats for /syz0: cache:4832KB rss:108860KB rss_huge:12288KB shmem:160KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:109108KB inactive_file:4KB active_file:4KB unevictable:4780KB [ 2498.664396] kobject: 'loop4' (000000002602c32e): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 2498.674414] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=27168,uid=0 [ 2498.737206] Memory cgroup out of memory: Kill process 27168 (syz-executor.0) score 124 or sacrifice child [ 2498.754347] Killed process 27168 (syz-executor.0) total-vm:72576kB, anon-rss:2216kB, file-rss:35784kB, shmem-rss:0kB [ 2498.776649] kobject: 'loop5' (0000000014db84d1): kobject_uevent_env [ 2498.799907] kobject: 'loop5' (0000000014db84d1): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 2498.822968] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2498.841537] CPU: 1 PID: 27498 Comm: syz-executor.3 Not tainted 5.0.0-rc8+ #89 [ 2498.848835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2498.858182] Call Trace: [ 2498.860782] dump_stack+0x172/0x1f0 [ 2498.864428] dump_header+0x10f/0xb6c [ 2498.868153] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2498.873261] ? ___ratelimit+0x60/0x595 [ 2498.877159] ? do_raw_spin_unlock+0x57/0x270 [ 2498.881581] oom_kill_process.cold+0x10/0x6f5 [ 2498.886088] ? task_will_free_mem+0x139/0x6e0 [ 2498.890611] out_of_memory+0x79a/0x1280 [ 2498.894605] ? oom_killer_disable+0x280/0x280 [ 2498.899110] mem_cgroup_out_of_memory+0x99/0xe0 [ 2498.903844] ? memcg_memory_event+0x40/0x40 [ 2498.908213] ? _raw_spin_unlock+0x2d/0x50 [ 2498.912377] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2498.917485] try_charge+0xfec/0x1570 [ 2498.921235] ? get_mctgt_type+0x900/0x900 [ 2498.925406] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2498.930261] ? percpu_ref_tryget_live+0x111/0x290 [ 2498.935118] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2498.939966] mem_cgroup_try_charge+0x24d/0x5e0 [ 2498.944567] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2498.949517] wp_page_copy+0x408/0x1740 [ 2498.953427] ? pmd_pfn+0x1d0/0x1d0 [ 2498.956972] ? lock_downgrade+0x810/0x810 [ 2498.961123] ? swp_swapcount+0x540/0x540 [ 2498.965189] ? kasan_check_read+0x11/0x20 [ 2498.969343] ? do_raw_spin_unlock+0x57/0x270 [ 2498.973773] do_wp_page+0x2ed/0x1520 [ 2498.977497] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2498.982203] __handle_mm_fault+0x22db/0x3f20 [ 2498.986633] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2498.991473] ? perf_trace_lock+0x510/0x510 [ 2498.995702] ? perf_trace_lock+0x510/0x510 [ 2498.999942] ? handle_mm_fault+0xb8/0xb30 [ 2499.004092] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2499.009633] ? trace_hardirqs_on+0x67/0x230 [ 2499.013959] handle_mm_fault+0x43f/0xb30 [ 2499.018033] __do_page_fault+0x5da/0xd60 [ 2499.022109] do_page_fault+0x71/0x581 [ 2499.025925] ? page_fault+0x8/0x30 [ 2499.029473] page_fault+0x1e/0x30 [ 2499.032926] RIP: 0033:0x45647b [ 2499.036119] Code: 25 20 06 00 00 b8 f0 2a 41 00 48 89 15 4e 03 60 00 48 85 c0 74 08 4c 89 cf e8 81 c6 fb ff 45 85 f6 0f 85 58 01 00 00 48 85 db <48> c7 05 0a bb 2b 00 00 00 00 00 48 c7 05 ef ba 2b 00 00 00 00 00 [ 2499.055027] RSP: 002b:00007ffd944dfb30 EFLAGS: 00010206 [ 2499.060390] RAX: 0000000000000000 RBX: 00007ffd944dfb30 RCX: 0000000000412b03 [ 2499.067664] RDX: 0000053cee98a9da RSI: 0000000000000018 RDI: 0000000002439c20 [ 2499.074924] RBP: 00007ffd944dfb70 R08: 0000000000000001 R09: 0000000002439940 [ 2499.082190] R10: 0000000002439c10 R11: 0000000000000202 R12: 0000000000000001 [ 2499.089455] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000003 [ 2499.096965] net_ratelimit: 26 callbacks suppressed [ 2499.096972] protocol 88fb is buggy, dev hsr_slave_0 [ 2499.098485] protocol 88fb is buggy, dev hsr_slave_0 [ 2499.101968] protocol 88fb is buggy, dev hsr_slave_1 [ 2499.107036] protocol 88fb is buggy, dev hsr_slave_1 [ 2499.112042] protocol 88fb is buggy, dev hsr_slave_0 [ 2499.117136] protocol 88fb is buggy, dev hsr_slave_0 [ 2499.122074] protocol 88fb is buggy, dev hsr_slave_1 [ 2499.122142] protocol 88fb is buggy, dev hsr_slave_0 [ 2499.127159] protocol 88fb is buggy, dev hsr_slave_1 [ 2499.132145] protocol 88fb is buggy, dev hsr_slave_1 [ 2499.258421] memory: usage 307200kB, limit 307200kB, failcnt 6538 [ 2499.285951] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2499.307317] kobject: 'loop4' (000000002602c32e): kobject_uevent_env [ 2499.319366] kobject: 'loop4' (000000002602c32e): fill_kobj_path: path = '/devices/virtual/block/loop4' 22:49:32 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x3ba]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:32 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x48744b8c}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) [ 2499.350068] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2499.356287] Memory cgroup stats for /syz3: cache:0KB rss:103668KB rss_huge:8192KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:103756KB inactive_file:8KB active_file:12KB unevictable:0KB 22:49:32 executing program 1: r0 = memfd_create(&(0x7f0000000f00)='i\xb4b\xca\x17\x05\xb4\x93\x7fH\xbe\xbc\x95\x87h\r?\xc7x\xbd\xe2R\x02\x7fX\xd6.\xd3\xbf]\xe1\x86\xadqPD+\xc9\x89\x0e\x15\xe9\x031\x1e\x03\nE\xccA\xac\xd8\xd2\x95\xb5^J]\xb3\x82\x9a\x10\xc1\x18\n\xf2\x9cRp\x8fww\xe7\xcb^QdO\xce\t(\xe3FHM!\xb1\xd7Q~\xf6L\x12\x13\x16}\x17\b\x88\xe5\xd8\xd6\xa5\xa2\x00\x00\x00\x00\x00\x00\x00\x05\xcb\xeba/\xba\xdb\xca^\xfe\b\x88l\x97\xd2\xf7Y\x92\xd4\x93\xbe\xeeY\xd8\\R\ae\b\x14u[\x13\xbd\xcaf-\x1a)\xf6\xd0\xa0\xdb\x87\xf25\x1c,\xed\xcb\x89\xd8\"\xa3r,\x04\x90\xc2@\xcc7eq\xcb|q3\xe2\x84\xed\x91\xa0\xae\x8b\x85\xde\x18\x11\xf8\xde\x1d\xe3N\x95q\xf5\xf4\xdd8\xb1\\.\xb9E\x87\xb9fh\x93U\xa8+\xbb\x18*\xf8b\x97', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x1) ioctl$int_in(r0, 0x5473, &(0x7f0000000140)=0x5) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\x00'}) accept4$packet(r2, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f00000001c0)=0x14, 0x800) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000200)={'team0\x00', r3}) write$sndseq(r0, &(0x7f0000000000)=[{0x5, 0x21, 0x0, 0x0, @tick, {}, {}, @connect}], 0xffffff76) ioctl$FS_IOC_SETFSLABEL(r1, 0x41009432, &(0x7f0000000040)="cc2f82b0dea9c994f417290fab2fb6fe91922ccf9a0a46b7b1ad13d254dc0656cea1040b217740cd90c6b74eb7e7198cf27439383218721b379f458f613b62e9c1e36100201e0b8eebbd4b3b69f4b9fe0ccaa95d16fbf2ec0fc1db5e085b10d11e03c69880d090c873a4a292edcafca030f0b55b553965a509facd01fd467e98105f94f3d7d51d179bec5677358ac5fc03db26e6e192313e6fa29c7fd4e3af0e783aa5325dccd5eacc0eda7053bd14e6c32168e41dac5072de1a4e7fe4ff61bd37c80f3a1c459e701406c6dc84404cbef4ee55972d3f240553b600f033836903d7962b555a19b7a0cb132a602c7cd6f09054a1238f0cb994dec6bbf7d0c77c6d") 22:49:32 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x71d, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:49:32 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf]}, 0x2c) [ 2499.563275] kobject: 'loop5' (0000000014db84d1): kobject_uevent_env [ 2499.572316] kobject: 'loop5' (0000000014db84d1): fill_kobj_path: path = '/devices/virtual/block/loop5' 22:49:32 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x50000000}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:49:32 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10]}, 0x2c) 22:49:32 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x3bc]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2499.733275] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=20366,uid=0 [ 2499.771296] kobject: 'loop4' (000000002602c32e): kobject_uevent_env [ 2499.778341] Memory cgroup out of memory: Kill process 20366 (syz-executor.3) score 1113 or sacrifice child [ 2499.789725] kobject: 'loop4' (000000002602c32e): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 2499.815066] kobject: 'loop5' (0000000014db84d1): kobject_uevent_env [ 2499.825467] Killed process 20366 (syz-executor.3) total-vm:72708kB, anon-rss:2216kB, file-rss:35736kB, shmem-rss:0kB [ 2499.836542] kobject: 'loop5' (0000000014db84d1): fill_kobj_path: path = '/devices/virtual/block/loop5' 22:49:33 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x46c, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:33 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x71e, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:49:33 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11]}, 0x2c) 22:49:33 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x8c4b7448}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:49:33 executing program 1: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x50000000}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:49:33 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x3ca]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2499.928075] kobject: 'loop3' (00000000303ebc27): kobject_uevent_env [ 2499.938149] kobject: 'loop3' (00000000303ebc27): fill_kobj_path: path = '/devices/virtual/block/loop3' 22:49:33 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12]}, 0x2c) 22:49:33 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x8dffffff}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:49:33 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x71f, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) [ 2499.986091] syz-executor.3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2500.058387] CPU: 0 PID: 27593 Comm: syz-executor.3 Not tainted 5.0.0-rc8+ #89 [ 2500.065708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2500.075063] Call Trace: [ 2500.077658] dump_stack+0x172/0x1f0 [ 2500.081289] dump_header+0x10f/0xb6c [ 2500.085005] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2500.090105] ? ___ratelimit+0x60/0x595 [ 2500.093990] ? do_raw_spin_unlock+0x57/0x270 [ 2500.098400] oom_kill_process.cold+0x10/0x6f5 [ 2500.102905] ? task_will_free_mem+0x139/0x6e0 [ 2500.107412] out_of_memory+0x79a/0x1280 [ 2500.111385] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2500.117024] ? css_next_child+0xf5/0x2c0 [ 2500.121106] ? oom_killer_disable+0x280/0x280 [ 2500.125621] mem_cgroup_out_of_memory+0x99/0xe0 [ 2500.130292] ? memcg_memory_event+0x40/0x40 [ 2500.134656] ? _raw_spin_unlock+0x2d/0x50 [ 2500.138831] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2500.143975] try_charge+0xfec/0x1570 [ 2500.147715] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2500.152557] ? get_mctgt_type+0x900/0x900 [ 2500.156709] ? percpu_ref_tryget_live+0x111/0x290 [ 2500.161557] memcg_kmem_charge_memcg+0x7c/0x130 [ 2500.166220] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2500.170715] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2500.175589] memcg_kmem_charge+0x13b/0x340 [ 2500.179832] __alloc_pages_nodemask+0x437/0x710 [ 2500.184499] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2500.189512] ? percpu_ref_put_many+0xb6/0x190 [ 2500.194010] ? trace_hardirqs_on+0x67/0x230 [ 2500.198324] ? kasan_check_read+0x11/0x20 [ 2500.202476] copy_process.part.0+0x3e0/0x79a0 [ 2500.207011] ? kvm_clock_read+0x18/0x30 [ 2500.210984] ? sched_clock+0x2e/0x50 [ 2500.214710] ? sched_clock_cpu+0x1b/0x1b0 [ 2500.218858] ? lock_downgrade+0x810/0x810 [ 2500.223006] ? record_times+0x1e/0x580 [ 2500.226897] ? __cleanup_sighand+0x70/0x70 [ 2500.231124] ? trace_hardirqs_on+0x67/0x230 [ 2500.235441] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2500.240978] ? mark_held_locks+0x100/0x100 [ 2500.245209] ? perf_trace_lock_acquire+0xf5/0x580 [ 2500.250057] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2500.255612] _do_fork+0x257/0xfe0 [ 2500.259097] ? fork_idle+0x1d0/0x1d0 [ 2500.262816] ? blkcg_maybe_throttle_current+0x5d4/0xfd0 [ 2500.268180] ? lock_downgrade+0x810/0x810 [ 2500.272324] ? get_mctgt_type_thp.isra.0+0x3c0/0x3c0 [ 2500.277422] ? blkcg_exit_queue+0x30/0x30 [ 2500.281581] ? prepare_exit_to_usermode+0x279/0x2e0 [ 2500.286595] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2500.291963] __x64_sys_clone+0xbf/0x150 [ 2500.295937] do_syscall_64+0x103/0x610 [ 2500.299827] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2500.305007] RIP: 0033:0x45a7f9 [ 2500.308195] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2500.327089] RSP: 002b:00007ffd944df8a8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2500.334799] RAX: ffffffffffffffda RBX: 00007fed655cd700 RCX: 000000000045a7f9 [ 2500.342071] RDX: 00007fed655cd9d0 RSI: 00007fed655ccdb0 RDI: 00000000003d0f00 [ 2500.349333] RBP: 00007ffd944dfab0 R08: 00007fed655cd700 R09: 00007fed655cd700 [ 2500.356596] R10: 00007fed655cd9d0 R11: 0000000000000202 R12: 0000000000000000 [ 2500.363861] R13: 00007ffd944df95f R14: 00007fed655cd9c0 R15: 000000000073bf0c [ 2500.389721] kobject: 'loop4' (000000002602c32e): kobject_uevent_env [ 2500.410343] kobject: 'loop4' (000000002602c32e): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 2500.432585] kobject: 'loop5' (0000000014db84d1): kobject_uevent_env [ 2500.441298] kobject: 'loop5' (0000000014db84d1): fill_kobj_path: path = '/devices/virtual/block/loop5' 22:49:33 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x3cc]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:33 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x720, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:49:33 executing program 1: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x50000000}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) [ 2500.596678] kobject: 'loop4' (000000002602c32e): kobject_uevent_env [ 2500.616333] kobject: 'loop4' (000000002602c32e): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 2500.727416] memory: usage 307176kB, limit 307200kB, failcnt 6582 [ 2500.738547] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2500.746493] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2500.757960] Memory cgroup stats for /syz3: cache:0KB rss:103644KB rss_huge:8192KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:103756KB inactive_file:0KB active_file:4KB unevictable:0KB [ 2500.784566] kobject: 'loop5' (0000000014db84d1): kobject_uevent_env [ 2500.787930] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=27578,uid=0 [ 2500.794380] kobject: 'loop5' (0000000014db84d1): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 2500.809907] Memory cgroup out of memory: Kill process 27578 (syz-executor.3) score 1113 or sacrifice child [ 2500.830168] Killed process 27578 (syz-executor.3) total-vm:72576kB, anon-rss:2208kB, file-rss:35784kB, shmem-rss:0kB [ 2500.907835] kobject: 'loop4' (000000002602c32e): kobject_uevent_env [ 2500.914313] kobject: 'loop4' (000000002602c32e): fill_kobj_path: path = '/devices/virtual/block/loop4' 22:49:34 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x46d, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:34 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x13]}, 0x2c) 22:49:34 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x3ce]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:34 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x91ffffff}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:49:34 executing program 1: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x50000000}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:49:34 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x721, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:49:34 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x14]}, 0x2c) 22:49:34 executing program 1: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x50000000}, 0x1c) 22:49:34 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x722, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:49:34 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x3d0]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:34 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0xa0008000}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) [ 2501.149849] kobject: 'loop4' (000000002602c32e): kobject_uevent_env [ 2501.158147] kobject: 'loop4' (000000002602c32e): fill_kobj_path: path = '/devices/virtual/block/loop4' 22:49:34 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x723, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) [ 2501.223459] syz-executor.2 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 2501.236397] kobject: 'loop5' (0000000014db84d1): kobject_uevent_env [ 2501.254899] CPU: 1 PID: 27682 Comm: syz-executor.2 Not tainted 5.0.0-rc8+ #89 [ 2501.261685] kobject: 'loop5' (0000000014db84d1): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 2501.262182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2501.262187] Call Trace: [ 2501.262209] dump_stack+0x172/0x1f0 [ 2501.262229] dump_header+0x10f/0xb6c [ 2501.290894] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2501.296000] ? ___ratelimit+0x60/0x595 [ 2501.299889] ? do_raw_spin_unlock+0x57/0x270 [ 2501.304304] oom_kill_process.cold+0x10/0x6f5 [ 2501.308815] ? task_will_free_mem+0x139/0x6e0 [ 2501.313320] out_of_memory+0x79a/0x1280 [ 2501.317299] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2501.322837] ? css_next_child+0xf5/0x2c0 [ 2501.326907] ? oom_killer_disable+0x280/0x280 [ 2501.331414] mem_cgroup_out_of_memory+0x99/0xe0 [ 2501.336086] ? memcg_memory_event+0x40/0x40 [ 2501.340415] ? _raw_spin_unlock+0x2d/0x50 [ 2501.344585] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2501.349704] try_charge+0xfec/0x1570 [ 2501.353471] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2501.358321] ? get_mctgt_type+0x900/0x900 [ 2501.362481] ? percpu_ref_tryget_live+0x111/0x290 [ 2501.367330] memcg_kmem_charge_memcg+0x7c/0x130 [ 2501.372001] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2501.376520] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2501.381373] memcg_kmem_charge+0x13b/0x340 [ 2501.385611] __alloc_pages_nodemask+0x437/0x710 [ 2501.390286] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2501.395308] ? percpu_ref_put_many+0xb6/0x190 [ 2501.399821] ? trace_hardirqs_on+0x67/0x230 [ 2501.404150] ? kasan_check_read+0x11/0x20 [ 2501.408312] copy_process.part.0+0x3e0/0x79a0 [ 2501.412821] ? kvm_clock_read+0x18/0x30 [ 2501.416807] ? sched_clock+0x2e/0x50 [ 2501.420522] ? sched_clock_cpu+0x1b/0x1b0 [ 2501.424681] ? lock_downgrade+0x810/0x810 [ 2501.428840] ? record_times+0x1e/0x580 [ 2501.432744] ? __cleanup_sighand+0x70/0x70 [ 2501.436982] ? trace_hardirqs_on+0x67/0x230 [ 2501.441305] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2501.446845] ? mark_held_locks+0x100/0x100 [ 2501.451089] ? perf_trace_lock_acquire+0xf5/0x580 [ 2501.455940] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2501.461488] _do_fork+0x257/0xfe0 [ 2501.464949] ? fork_idle+0x1d0/0x1d0 [ 2501.468668] ? blkcg_maybe_throttle_current+0x5d4/0xfd0 [ 2501.474040] ? lock_downgrade+0x810/0x810 [ 2501.478193] ? get_mctgt_type_thp.isra.0+0x3c0/0x3c0 [ 2501.483304] ? blkcg_exit_queue+0x30/0x30 [ 2501.487678] ? prepare_exit_to_usermode+0x279/0x2e0 [ 2501.492704] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2501.498076] __x64_sys_clone+0xbf/0x150 [ 2501.502076] do_syscall_64+0x103/0x610 [ 2501.505972] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2501.511161] RIP: 0033:0x45a7f9 [ 2501.514356] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2501.533255] RSP: 002b:00007fff025901d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2501.540977] RAX: ffffffffffffffda RBX: 00007fca94220700 RCX: 000000000045a7f9 [ 2501.548240] RDX: 00007fca942209d0 RSI: 00007fca9421fdb0 RDI: 00000000003d0f00 [ 2501.555512] RBP: 00007fff025903e0 R08: 00007fca94220700 R09: 00007fca94220700 [ 2501.562808] R10: 00007fca942209d0 R11: 0000000000000202 R12: 0000000000000000 [ 2501.570082] R13: 00007fff0259028f R14: 00007fca942209c0 R15: 000000000073bf0c [ 2501.599171] kobject: 'loop4' (000000002602c32e): kobject_uevent_env [ 2501.637953] kobject: 'loop4' (000000002602c32e): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 2501.644615] memory: usage 307200kB, limit 307200kB, failcnt 5865 [ 2501.660620] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2501.675087] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2501.679221] kobject: 'loop3' (00000000303ebc27): kobject_uevent_env [ 2501.684539] Memory cgroup stats for /syz2: cache:12KB rss:110348KB rss_huge:8192KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:110460KB inactive_file:4KB active_file:0KB unevictable:0KB [ 2501.687812] kobject: 'loop3' (00000000303ebc27): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 2501.719812] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17972,uid=0 [ 2501.735553] Memory cgroup out of memory: Kill process 17972 (syz-executor.2) score 124 or sacrifice child [ 2501.745945] Killed process 17972 (syz-executor.2) total-vm:72444kB, anon-rss:2204kB, file-rss:35780kB, shmem-rss:0kB [ 2501.757365] kobject: 'loop5' (0000000014db84d1): kobject_uevent_env [ 2501.762037] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2501.765199] oom_reaper: reaped process 17972 (syz-executor.2), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 2501.780597] CPU: 0 PID: 27697 Comm: syz-executor.4 Not tainted 5.0.0-rc8+ #89 [ 2501.788024] kobject: 'loop5' (0000000014db84d1): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 2501.791151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2501.791157] Call Trace: [ 2501.791180] dump_stack+0x172/0x1f0 [ 2501.791200] dump_header+0x10f/0xb6c [ 2501.791216] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2501.791230] ? ___ratelimit+0x60/0x595 [ 2501.791245] ? do_raw_spin_unlock+0x57/0x270 [ 2501.791264] oom_kill_process.cold+0x10/0x6f5 [ 2501.791282] ? task_will_free_mem+0x139/0x6e0 [ 2501.791302] out_of_memory+0x79a/0x1280 [ 2501.846314] ? oom_killer_disable+0x280/0x280 [ 2501.850833] mem_cgroup_out_of_memory+0x99/0xe0 [ 2501.855505] ? memcg_memory_event+0x40/0x40 [ 2501.859835] ? _raw_spin_unlock+0x2d/0x50 [ 2501.863983] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2501.869128] try_charge+0xfec/0x1570 [ 2501.872849] ? get_mctgt_type+0x900/0x900 [ 2501.877008] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2501.881856] ? percpu_ref_tryget_live+0x111/0x290 [ 2501.886728] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2501.891581] mem_cgroup_try_charge+0x24d/0x5e0 [ 2501.896173] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2501.901107] wp_page_copy+0x408/0x1740 [ 2501.905000] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2501.910546] ? pmd_pfn+0x1d0/0x1d0 [ 2501.914093] ? lock_downgrade+0x810/0x810 [ 2501.918245] ? __pte_alloc_kernel+0x220/0x220 [ 2501.922747] ? kasan_check_read+0x11/0x20 [ 2501.926910] ? do_raw_spin_unlock+0x57/0x270 [ 2501.931362] do_wp_page+0x2ed/0x1520 [ 2501.935112] ? rwlock_bug.part.0+0x90/0x90 [ 2501.939345] ? lock_acquire+0x16f/0x3f0 [ 2501.943321] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2501.947992] ? add_mm_counter_fast.part.0+0x40/0x40 [ 2501.953020] __handle_mm_fault+0x22db/0x3f20 [ 2501.957442] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2501.962287] ? perf_trace_lock+0x510/0x510 [ 2501.966525] ? perf_trace_lock+0x510/0x510 [ 2501.970762] ? handle_mm_fault+0xb8/0xb30 [ 2501.974918] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2501.980509] ? trace_hardirqs_on+0x67/0x230 [ 2501.984848] handle_mm_fault+0x43f/0xb30 [ 2501.988931] __do_page_fault+0x5da/0xd60 [ 2501.993000] do_page_fault+0x71/0x581 [ 2501.996814] ? page_fault+0x8/0x30 [ 2502.000364] page_fault+0x1e/0x30 [ 2502.003821] RIP: 0033:0x40d1e8 [ 2502.007015] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf bf d4 4b 00 31 c0 e8 43 47 ff ff 31 ff e8 8c 43 ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d 7e 32 64 00 [ 2502.025930] RSP: 002b:00007ffdc7152ed0 EFLAGS: 00010246 [ 2502.031291] RAX: 000000005511976d RBX: 00000000727102e3 RCX: 0000001b30120000 [ 2502.038584] RDX: 0000000000000000 RSI: 000000000000176d RDI: ffffffff5511976d [ 2502.045889] RBP: 000000000000000d R08: 000000005511976d R09: 0000000055119771 [ 2502.053165] R10: 00007ffdc7153060 R11: 0000000000000246 R12: 000000000073bf88 [ 2502.060446] R13: 0000000080000000 R14: 00007f753f618008 R15: 000000000000000d [ 2502.071253] memory: usage 307200kB, limit 307200kB, failcnt 4845 [ 2502.077984] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2502.085300] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2502.092004] Memory cgroup stats for /syz4: cache:24KB rss:115152KB rss_huge:22528KB shmem:72KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:115120KB inactive_file:4KB active_file:0KB unevictable:0KB [ 2502.113582] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=12808,uid=0 [ 2502.132150] Memory cgroup out of memory: Kill process 12808 (syz-executor.4) score 1113 or sacrifice child [ 2502.143296] Killed process 12808 (syz-executor.4) total-vm:72444kB, anon-rss:2208kB, file-rss:35788kB, shmem-rss:0kB [ 2502.191938] syz-executor.3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2502.207831] CPU: 0 PID: 27699 Comm: syz-executor.3 Not tainted 5.0.0-rc8+ #89 [ 2502.215113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2502.224458] Call Trace: [ 2502.227081] dump_stack+0x172/0x1f0 [ 2502.230714] dump_header+0x10f/0xb6c [ 2502.234430] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2502.239532] ? ___ratelimit+0x60/0x595 [ 2502.243434] ? do_raw_spin_unlock+0x57/0x270 [ 2502.247848] oom_kill_process.cold+0x10/0x6f5 [ 2502.252355] ? task_will_free_mem+0x139/0x6e0 [ 2502.256862] out_of_memory+0x79a/0x1280 [ 2502.260853] ? oom_killer_disable+0x280/0x280 [ 2502.265375] mem_cgroup_out_of_memory+0x99/0xe0 [ 2502.270049] ? memcg_memory_event+0x40/0x40 [ 2502.274386] ? _raw_spin_unlock+0x2d/0x50 [ 2502.278539] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2502.283658] try_charge+0xfec/0x1570 [ 2502.287382] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2502.292230] ? get_mctgt_type+0x900/0x900 [ 2502.296386] ? percpu_ref_tryget_live+0x111/0x290 [ 2502.301232] memcg_kmem_charge_memcg+0x7c/0x130 [ 2502.305941] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2502.310486] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2502.315349] memcg_kmem_charge+0x13b/0x340 [ 2502.319602] __alloc_pages_nodemask+0x437/0x710 [ 2502.324279] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2502.329301] ? percpu_ref_put_many+0xb6/0x190 [ 2502.333818] ? trace_hardirqs_on+0x67/0x230 [ 2502.338149] ? kasan_check_read+0x11/0x20 [ 2502.342317] copy_process.part.0+0x3e0/0x79a0 [ 2502.346837] ? kvm_clock_read+0x18/0x30 [ 2502.350820] ? sched_clock+0x2e/0x50 [ 2502.354534] ? sched_clock_cpu+0x1b/0x1b0 [ 2502.358715] ? lock_downgrade+0x810/0x810 [ 2502.362884] ? record_times+0x1e/0x580 [ 2502.366786] ? __cleanup_sighand+0x70/0x70 [ 2502.371038] ? trace_hardirqs_on+0x67/0x230 [ 2502.375368] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2502.380910] ? mark_held_locks+0x100/0x100 [ 2502.385149] ? perf_trace_lock_acquire+0xf5/0x580 [ 2502.389998] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2502.395548] _do_fork+0x257/0xfe0 [ 2502.399009] ? fork_idle+0x1d0/0x1d0 [ 2502.402735] ? blkcg_maybe_throttle_current+0x5d4/0xfd0 [ 2502.408142] ? lock_downgrade+0x810/0x810 [ 2502.412320] ? get_mctgt_type_thp.isra.0+0x3c0/0x3c0 [ 2502.417442] ? blkcg_exit_queue+0x30/0x30 [ 2502.421609] ? prepare_exit_to_usermode+0x279/0x2e0 [ 2502.426633] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2502.432007] __x64_sys_clone+0xbf/0x150 [ 2502.435992] do_syscall_64+0x103/0x610 [ 2502.439892] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2502.445083] RIP: 0033:0x45a7f9 [ 2502.448277] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2502.467175] RSP: 002b:00007ffd944df8a8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2502.474889] RAX: ffffffffffffffda RBX: 00007fed655cd700 RCX: 000000000045a7f9 [ 2502.482154] RDX: 00007fed655cd9d0 RSI: 00007fed655ccdb0 RDI: 00000000003d0f00 [ 2502.489518] RBP: 00007ffd944dfab0 R08: 00007fed655cd700 R09: 00007fed655cd700 [ 2502.496785] R10: 00007fed655cd9d0 R11: 0000000000000202 R12: 0000000000000000 [ 2502.504068] R13: 00007ffd944df95f R14: 00007fed655cd9c0 R15: 000000000073bf0c [ 2502.521179] memory: usage 307188kB, limit 307200kB, failcnt 6641 [ 2502.527674] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2502.536471] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2502.544814] Memory cgroup stats for /syz3: cache:0KB rss:103600KB rss_huge:8192KB shmem:84KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:103756KB inactive_file:4KB active_file:4KB unevictable:0KB [ 2502.570449] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=27648,uid=0 [ 2502.587483] Memory cgroup out of memory: Kill process 27648 (syz-executor.3) score 1113 or sacrifice child [ 2502.601904] Killed process 27648 (syz-executor.3) total-vm:72576kB, anon-rss:2208kB, file-rss:35784kB, shmem-rss:0kB 22:49:35 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x46e, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:35 executing program 1: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x50000000}, 0x1c) 22:49:35 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x3d4]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:35 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0xe8030000}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:49:35 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x15]}, 0x2c) 22:49:35 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x724, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) [ 2502.668957] kobject: 'loop4' (000000002602c32e): kobject_uevent_env [ 2502.675431] kobject: 'loop4' (000000002602c32e): fill_kobj_path: path = '/devices/virtual/block/loop4' 22:49:35 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x3d8]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:35 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18]}, 0x2c) [ 2502.743534] kobject: 'loop3' (00000000303ebc27): kobject_uevent_env [ 2502.754933] kobject: 'loop3' (00000000303ebc27): fill_kobj_path: path = '/devices/virtual/block/loop3' 22:49:36 executing program 1: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x50000000}, 0x1c) 22:49:36 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x46f, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:36 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x725, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:49:36 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0xf4010000}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) 22:49:36 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x56]}, 0x2c) [ 2502.934863] kobject: 'loop3' (00000000303ebc27): kobject_uevent_env [ 2502.943538] kobject: 'loop3' (00000000303ebc27): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 2502.962570] kobject: 'loop5' (0000000014db84d1): kobject_uevent_env 22:49:36 executing program 1: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x50000000}, 0x1c) 22:49:36 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x470, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:36 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x3e0]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2503.000714] kobject: 'loop5' (0000000014db84d1): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 2503.015877] kobject: 'loop4' (000000002602c32e): kobject_uevent_env [ 2503.024429] kobject: 'loop4' (000000002602c32e): fill_kobj_path: path = '/devices/virtual/block/loop4' 22:49:36 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300]}, 0x2c) 22:49:36 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x726, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:49:36 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0xf5ffffff}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) [ 2503.102024] kobject: 'loop3' (00000000303ebc27): kobject_uevent_env [ 2503.108617] kobject: 'loop3' (00000000303ebc27): fill_kobj_path: path = '/devices/virtual/block/loop3' 22:49:36 executing program 1: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x50000000}, 0x1c) [ 2503.161300] kobject: 'loop5' (0000000014db84d1): kobject_uevent_env [ 2503.168757] kobject: 'loop5' (0000000014db84d1): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 2503.179524] kobject: 'loop4' (000000002602c32e): kobject_uevent_env [ 2503.187563] kobject: 'loop4' (000000002602c32e): fill_kobj_path: path = '/devices/virtual/block/loop4' 22:49:36 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30c]}, 0x2c) 22:49:36 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x727, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:49:36 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x471, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:36 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x3e6]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2503.335719] kobject: 'loop4' (000000002602c32e): kobject_uevent_env [ 2503.347017] kobject: 'loop4' (000000002602c32e): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 2503.359817] kobject: 'loop3' (00000000303ebc27): kobject_uevent_env [ 2503.366463] kobject: 'loop3' (00000000303ebc27): fill_kobj_path: path = '/devices/virtual/block/loop3' 22:49:36 executing program 1: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x50000000}, 0x1c) [ 2503.382837] syz-executor.4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 2503.408541] CPU: 0 PID: 7608 Comm: syz-executor.4 Not tainted 5.0.0-rc8+ #89 [ 2503.415734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2503.425814] Call Trace: [ 2503.428433] dump_stack+0x172/0x1f0 [ 2503.432079] dump_header+0x10f/0xb6c [ 2503.435810] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2503.440951] ? ___ratelimit+0x60/0x595 [ 2503.444838] ? do_raw_spin_unlock+0x57/0x270 [ 2503.449262] oom_kill_process.cold+0x10/0x6f5 [ 2503.453787] ? task_will_free_mem+0x139/0x6e0 [ 2503.458307] out_of_memory+0x79a/0x1280 [ 2503.462289] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2503.467845] ? css_next_child+0xf5/0x2c0 [ 2503.471913] ? oom_killer_disable+0x280/0x280 [ 2503.476420] mem_cgroup_out_of_memory+0x99/0xe0 [ 2503.481089] ? memcg_memory_event+0x40/0x40 [ 2503.485473] ? _raw_spin_unlock+0x2d/0x50 [ 2503.489842] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2503.494962] try_charge+0xfec/0x1570 [ 2503.498697] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2503.503548] ? get_mctgt_type+0x900/0x900 [ 2503.507704] ? percpu_ref_tryget_live+0x111/0x290 [ 2503.512553] memcg_kmem_charge_memcg+0x7c/0x130 [ 2503.517224] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2503.521722] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2503.526564] memcg_kmem_charge+0x13b/0x340 [ 2503.530824] __alloc_pages_nodemask+0x437/0x710 [ 2503.535500] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2503.540519] ? save_stack+0xa9/0xd0 [ 2503.544154] ? kmem_cache_alloc+0x11a/0x6f0 [ 2503.548480] ? anon_vma_fork+0x1ea/0x4a0 [ 2503.552551] ? copy_process.part.0+0x350f/0x79a0 [ 2503.557306] ? _do_fork+0x257/0xfe0 [ 2503.560932] ? __x64_sys_clone+0xbf/0x150 [ 2503.565092] ? do_syscall_64+0x103/0x610 [ 2503.569161] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2503.574519] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2503.580069] alloc_pages_current+0x107/0x210 [ 2503.584481] get_zeroed_page+0x14/0x50 [ 2503.588363] __pud_alloc+0x3b/0x250 [ 2503.592008] pud_alloc+0xde/0x150 [ 2503.595466] copy_page_range+0x375/0x1f90 [ 2503.599641] ? perf_trace_lock+0x510/0x510 [ 2503.603882] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2503.608901] ? vma_compute_subtree_gap+0x158/0x230 [ 2503.613849] ? vma_gap_callbacks_rotate+0x62/0x80 [ 2503.618861] ? pmd_alloc+0x180/0x180 [ 2503.622579] ? validate_mm_rb+0xa3/0xc0 [ 2503.626574] ? __vma_link_rb+0x279/0x370 [ 2503.630642] copy_process.part.0+0x56aa/0x79a0 22:49:36 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0xfc000000}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) [ 2503.635263] ? __cleanup_sighand+0x70/0x70 [ 2503.639499] ? __might_fault+0xfb/0x1e0 [ 2503.643483] _do_fork+0x257/0xfe0 [ 2503.646944] ? fork_idle+0x1d0/0x1d0 [ 2503.650661] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2503.656197] ? __x64_sys_clock_gettime+0x172/0x250 [ 2503.661125] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2503.666489] __x64_sys_clone+0xbf/0x150 [ 2503.670468] do_syscall_64+0x103/0x610 [ 2503.674386] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2503.679575] RIP: 0033:0x4563fa [ 2503.682778] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2503.701688] RSP: 002b:00007ffdc71530f0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2503.707725] kobject: 'loop5' (0000000014db84d1): kobject_uevent_env [ 2503.709398] RAX: ffffffffffffffda RBX: 00007ffdc71530f0 RCX: 00000000004563fa [ 2503.709407] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 22:49:36 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x320]}, 0x2c) 22:49:36 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x472, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2503.709415] RBP: 00007ffdc7153130 R08: 0000000000000001 R09: 000000000189b940 [ 2503.709424] R10: 000000000189bc10 R11: 0000000000000246 R12: 0000000000000001 [ 2503.709432] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000004 [ 2503.719444] memory: usage 307200kB, limit 307200kB, failcnt 4890 [ 2503.742064] kobject: 'loop5' (0000000014db84d1): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 2503.747376] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2503.777293] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2503.794507] Memory cgroup stats for /syz4: cache:24KB rss:114956KB rss_huge:22528KB shmem:72KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:115056KB inactive_file:0KB active_file:8KB unevictable:0KB [ 2503.817267] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=27805,uid=0 22:49:37 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x3e8]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:37 executing program 1: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x50000000}, 0x1c) 22:49:37 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ca]}, 0x2c) [ 2503.872857] kobject: 'loop3' (00000000303ebc27): kobject_uevent_env [ 2503.876319] Memory cgroup out of memory: Kill process 27805 (syz-executor.4) score 1113 or sacrifice child [ 2503.894029] Killed process 27805 (syz-executor.4) total-vm:72576kB, anon-rss:2216kB, file-rss:35784kB, shmem-rss:0kB [ 2503.928831] kobject: 'loop3' (00000000303ebc27): fill_kobj_path: path = '/devices/virtual/block/loop3' 22:49:37 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f2]}, 0x2c) 22:49:37 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0xfe800000}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) [ 2504.010520] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2504.060120] kobject: 'loop5' (0000000014db84d1): kobject_uevent_env [ 2504.066994] kobject: 'loop5' (0000000014db84d1): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 2504.078075] CPU: 0 PID: 27859 Comm: syz-executor.0 Not tainted 5.0.0-rc8+ #89 [ 2504.085358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2504.094723] Call Trace: [ 2504.095185] kobject: 'loop3' (00000000303ebc27): kobject_uevent_env [ 2504.097333] dump_stack+0x172/0x1f0 [ 2504.097354] dump_header+0x10f/0xb6c [ 2504.097369] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2504.105713] kobject: 'loop3' (00000000303ebc27): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 2504.107374] ? ___ratelimit+0x60/0x595 [ 2504.107389] ? do_raw_spin_unlock+0x57/0x270 [ 2504.107410] oom_kill_process.cold+0x10/0x6f5 [ 2504.138467] ? task_will_free_mem+0x139/0x6e0 [ 2504.142975] out_of_memory+0x79a/0x1280 [ 2504.146952] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2504.152485] ? css_next_child+0xf5/0x2c0 [ 2504.156573] ? oom_killer_disable+0x280/0x280 [ 2504.161085] mem_cgroup_out_of_memory+0x99/0xe0 [ 2504.165755] ? memcg_memory_event+0x40/0x40 [ 2504.170090] ? _raw_spin_unlock+0x2d/0x50 [ 2504.174235] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2504.179353] try_charge+0xfec/0x1570 [ 2504.183078] ? get_mctgt_type+0x900/0x900 [ 2504.187239] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2504.192091] ? percpu_ref_tryget_live+0x111/0x290 [ 2504.196947] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2504.201822] mem_cgroup_try_charge+0x24d/0x5e0 [ 2504.206422] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2504.211358] wp_page_copy+0x408/0x1740 [ 2504.215246] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2504.220810] ? pmd_pfn+0x1d0/0x1d0 [ 2504.224368] ? lock_downgrade+0x810/0x810 [ 2504.228518] ? __pte_alloc_kernel+0x220/0x220 [ 2504.233031] ? kasan_check_read+0x11/0x20 [ 2504.237206] ? do_raw_spin_unlock+0x57/0x270 [ 2504.241622] do_wp_page+0x2ed/0x1520 [ 2504.245341] ? rwlock_bug.part.0+0x90/0x90 [ 2504.249618] ? lock_acquire+0x16f/0x3f0 [ 2504.253592] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2504.258263] ? add_mm_counter_fast.part.0+0x40/0x40 [ 2504.263307] __handle_mm_fault+0x22db/0x3f20 [ 2504.267731] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2504.272579] ? perf_trace_lock+0x510/0x510 [ 2504.276840] ? perf_trace_lock+0x510/0x510 [ 2504.281100] ? handle_mm_fault+0xb8/0xb30 [ 2504.285257] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2504.290833] ? trace_hardirqs_on+0x67/0x230 [ 2504.295175] handle_mm_fault+0x43f/0xb30 [ 2504.299253] __do_page_fault+0x5da/0xd60 [ 2504.303355] do_page_fault+0x71/0x581 [ 2504.307162] ? page_fault+0x8/0x30 [ 2504.310719] page_fault+0x1e/0x30 [ 2504.314170] RIP: 0033:0x40d1e8 [ 2504.317383] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf bf d4 4b 00 31 c0 e8 43 47 ff ff 31 ff e8 8c 43 ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d 7e 32 64 00 [ 2504.336280] RSP: 002b:00007ffc56cc4240 EFLAGS: 00010246 [ 2504.341645] RAX: 00000000f0870189 RBX: 0000000031530f3b RCX: 0000001b2f620000 [ 2504.348917] RDX: 0000000000000000 RSI: 0000000000000189 RDI: fffffffff0870189 22:49:37 executing program 4: getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x728, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x10000) 22:49:37 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x473, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) 22:49:37 executing program 1: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x50000000}, 0x1c) [ 2504.356206] RBP: 0000000000000009 R08: 00000000f0870189 R09: 00000000f087018d [ 2504.363477] R10: 00007ffc56cc43d0 R11: 0000000000000246 R12: 000000000073bf88 [ 2504.370745] R13: 0000000080000000 R14: 00007f028c93c008 R15: 0000000000000009 22:49:37 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0xfec00000}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) [ 2504.417276] kobject: 'loop4' (000000002602c32e): kobject_uevent_env [ 2504.428470] memory: usage 307192kB, limit 307200kB, failcnt 6573 [ 2504.438075] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2504.445901] kobject: 'loop4' (000000002602c32e): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 2504.461309] kobject: 'loop5' (0000000014db84d1): kobject_uevent_env 22:49:37 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x474, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0) [ 2504.468315] kobject: 'loop5' (0000000014db84d1): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 2504.475190] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 22:49:37 executing program 1: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) getpgrp(0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0x50000000}, 0x1c) [ 2504.521365] kobject: 'loop3' (00000000303ebc27): kobject_uevent_env [ 2504.527868] Memory cgroup stats for /syz0: cache:4832KB rss:107576KB rss_huge:10240KB shmem:160KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:107688KB inactive_file:0KB active_file:0KB unevictable:4780KB [ 2504.534855] kobject: 'loop3' (00000000303ebc27): fill_kobj_path: path = '/devices/virtual/block/loop3' 22:49:37 executing program 5: add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) geteuid() mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) getpeername$inet6(r1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) madvise(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) timer_create(0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) timer_getoverrun(r3) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioprio_set$uid(0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) r4 = getpgrp(0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) geteuid() setuid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000200)=r4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2, 0xff000000}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) [ 2504.632126] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=27246,uid=0 [ 2504.653733] Memory cgroup out of memory: Kill process 27246 (syz-executor.0) score 124 or sacrifice child [ 2504.664591] Killed process 27246 (syz-executor.0) total-vm:72576kB, anon-rss:2216kB, file-rss:35784kB, shmem-rss:0kB [ 2504.720865] syz-executor.2 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 2504.728192] kobject: 'loop5' (0000000014db84d1): kobject_uevent_env [ 2504.738262] CPU: 1 PID: 27880 Comm: syz-executor.2 Not tainted 5.0.0-rc8+ #89 [ 2504.739204] kobject: 'loop5' (0000000014db84d1): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 2504.745707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2504.745713] Call Trace: [ 2504.745735] dump_stack+0x172/0x1f0 [ 2504.745757] dump_header+0x10f/0xb6c [ 2504.745773] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2504.745787] ? ___ratelimit+0x60/0x595 [ 2504.745814] ? do_raw_spin_unlock+0x57/0x270 [ 2504.787813] oom_kill_process.cold+0x10/0x6f5 [ 2504.792324] ? task_will_free_mem+0x139/0x6e0 [ 2504.796837] out_of_memory+0x79a/0x1280 [ 2504.800828] ? oom_killer_disable+0x280/0x280 [ 2504.805336] mem_cgroup_out_of_memory+0x99/0xe0 [ 2504.810006] ? memcg_memory_event+0x40/0x40 [ 2504.814334] ? _raw_spin_unlock+0x2d/0x50 [ 2504.818485] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2504.823587] try_charge+0xfec/0x1570 [ 2504.827311] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2504.832155] ? get_mctgt_type+0x900/0x900 [ 2504.836313] ? percpu_ref_tryget_live+0x111/0x290 [ 2504.841158] memcg_kmem_charge_memcg+0x7c/0x130 [ 2504.845833] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2504.850333] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2504.855182] memcg_kmem_charge+0x13b/0x340 [ 2504.859422] __alloc_pages_nodemask+0x437/0x710 [ 2504.864096] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2504.869115] ? percpu_ref_put_many+0xb6/0x190 [ 2504.873616] ? trace_hardirqs_on+0x67/0x230 [ 2504.877938] ? kasan_check_read+0x11/0x20 [ 2504.882110] copy_process.part.0+0x3e0/0x79a0 [ 2504.886613] ? kvm_clock_read+0x18/0x30 [ 2504.890621] ? sched_clock+0x2e/0x50 [ 2504.894336] ? sched_clock_cpu+0x1b/0x1b0 [ 2504.898486] ? lock_downgrade+0x810/0x810 [ 2504.902652] ? record_times+0x1e/0x580 [ 2504.906572] ? __cleanup_sighand+0x70/0x70 [ 2504.910824] ? trace_hardirqs_on+0x67/0x230 [ 2504.915156] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2504.920698] ? mark_held_locks+0x100/0x100 [ 2504.924938] ? perf_trace_lock_acquire+0xf5/0x580 [ 2504.929781] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2504.935335] _do_fork+0x257/0xfe0 [ 2504.938807] ? fork_idle+0x1d0/0x1d0 [ 2504.942543] ? blkcg_maybe_throttle_current+0x5d4/0xfd0 [ 2504.947908] ? lock_downgrade+0x810/0x810 [ 2504.952056] ? get_mctgt_type_thp.isra.0+0x3c0/0x3c0 [ 2504.957159] ? blkcg_exit_queue+0x30/0x30 [ 2504.961309] ? prepare_exit_to_usermode+0x279/0x2e0 [ 2504.966325] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2504.971693] __x64_sys_clone+0xbf/0x150 [ 2504.975671] do_syscall_64+0x103/0x610 [ 2504.979565] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2504.984765] RIP: 0033:0x45a7f9 [ 2504.987976] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2505.006874] RSP: 002b:00007fff025901d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2505.014587] RAX: ffffffffffffffda RBX: 00007fca941de700 RCX: 000000000045a7f9 [ 2505.021856] RDX: 00007fca941de9d0 RSI: 00007fca941dddb0 RDI: 00000000003d0f00 [ 2505.029125] RBP: 00007fff025903e0 R08: 00007fca941de700 R09: 00007fca941de700 [ 2505.036395] R10: 00007fca941de9d0 R11: 0000000000000202 R12: 0000000000000000 [ 2505.043666] R13: 00007fff0259028f R14: 00007fca941de9c0 R15: 000000000073c04c [ 2505.155625] memory: usage 307152kB, limit 307200kB, failcnt 5888 [ 2505.165552] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2505.176318] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2505.186343] Memory cgroup stats for /syz2: cache:12KB rss:108988KB rss_huge:6144KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:109148KB inactive_file:4KB active_file:0KB unevictable:0KB [ 2505.213411] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=22490,uid=0 [ 2505.234599] Memory cgroup out of memory: Kill process 22490 (syz-executor.2) score 124 or sacrifice child [ 2505.245643] kobject: 'loop5' (0000000014db84d1): kobject_uevent_env [ 2505.252230] kobject: 'loop5' (0000000014db84d1): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 2505.253385] Killed process 22490 (syz-executor.2) total-vm:72444kB, anon-rss:2204kB, file-rss:35780kB, shmem-rss:0kB [ 2505.320970] syz-executor.4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 2505.332220] net_ratelimit: 26 callbacks suppressed [ 2505.332227] protocol 88fb is buggy, dev hsr_slave_0 [ 2505.332281] protocol 88fb is buggy, dev hsr_slave_1 [ 2505.332360] protocol 88fb is buggy, dev hsr_slave_0 [ 2505.332396] protocol 88fb is buggy, dev hsr_slave_1 [ 2505.332467] protocol 88fb is buggy, dev hsr_slave_0 [ 2505.332503] protocol 88fb is buggy, dev hsr_slave_1 [ 2505.338401] protocol 88fb is buggy, dev hsr_slave_0 [ 2505.354615] CPU: 1 PID: 7608 Comm: syz-executor.4 Not tainted 5.0.0-rc8+ #89 [ 2505.357858] protocol 88fb is buggy, dev hsr_slave_1 [ 2505.362777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2505.362782] Call Trace: [ 2505.362814] dump_stack+0x172/0x1f0 [ 2505.362836] dump_header+0x10f/0xb6c [ 2505.362851] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2505.362866] ? ___ratelimit+0x60/0x595 [ 2505.362883] ? do_raw_spin_unlock+0x57/0x270 [ 2505.367989] protocol 88fb is buggy, dev hsr_slave_0 [ 2505.372894] oom_kill_process.cold+0x10/0x6f5 [ 2505.372914] ? task_will_free_mem+0x139/0x6e0 [ 2505.372935] out_of_memory+0x79a/0x1280 [ 2505.372955] ? oom_killer_disable+0x280/0x280 [ 2505.380217] protocol 88fb is buggy, dev hsr_slave_1 [ 2505.385135] mem_cgroup_out_of_memory+0x99/0xe0 [ 2505.385150] ? memcg_memory_event+0x40/0x40 [ 2505.385173] ? _raw_spin_unlock+0x2d/0x50 [ 2505.458201] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2505.463303] try_charge+0xfec/0x1570 [ 2505.467025] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2505.471873] ? get_mctgt_type+0x900/0x900 [ 2505.476028] ? percpu_ref_tryget_live+0x111/0x290 [ 2505.480875] memcg_kmem_charge_memcg+0x7c/0x130 [ 2505.485542] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2505.490249] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2505.495100] memcg_kmem_charge+0x13b/0x340 [ 2505.499338] __alloc_pages_nodemask+0x437/0x710 [ 2505.504004] ? perf_trace_lock+0x510/0x510 [ 2505.508237] ? lock_downgrade+0x810/0x810 [ 2505.512385] ? __alloc_pages_slowpath+0x2900/0x2900 [ 2505.517402] ? kasan_check_read+0x11/0x20 [ 2505.521559] ? lock_downgrade+0x810/0x810 [ 2505.525721] ? __pmd_alloc+0x168/0x460 [ 2505.529608] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2505.535155] alloc_pages_current+0x107/0x210 [ 2505.539576] pte_alloc_one+0x1b/0x1a0 [ 2505.543382] __pte_alloc+0x20/0x310 [ 2505.547011] copy_page_range+0x1529/0x1f90 [ 2505.551264] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2505.556286] ? pmd_alloc+0x180/0x180 [ 2505.560002] ? validate_mm_rb+0xa3/0xc0 [ 2505.563991] ? __vma_link_rb+0x279/0x370 [ 2505.568062] copy_process.part.0+0x56aa/0x79a0 [ 2505.572670] ? __cleanup_sighand+0x70/0x70 [ 2505.576910] ? __might_fault+0xfb/0x1e0 [ 2505.580899] _do_fork+0x257/0xfe0 [ 2505.584361] ? fork_idle+0x1d0/0x1d0 [ 2505.588083] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2505.593635] ? __x64_sys_clock_gettime+0x172/0x250 [ 2505.598572] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2505.603940] __x64_sys_clone+0xbf/0x150 [ 2505.607917] do_syscall_64+0x103/0x610 [ 2505.611820] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2505.617009] RIP: 0033:0x4563fa [ 2505.620533] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2505.639438] RSP: 002b:00007ffdc71530f0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2505.647144] RAX: ffffffffffffffda RBX: 00007ffdc71530f0 RCX: 00000000004563fa [ 2505.654413] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2505.661680] RBP: 00007ffdc7153130 R08: 0000000000000001 R09: 000000000189b940 [ 2505.668945] R10: 000000000189bc10 R11: 0000000000000246 R12: 0000000000000001 [ 2505.676209] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000004 [ 2505.689264] memory: usage 307200kB, limit 307200kB, failcnt 4906 [ 2505.695487] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 22:49:38 executing program 0: write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0x