x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000), 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe2(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) sendmsg$NL80211_CMD_DEL_INTERFACE(r4, &(0x7f0000000440)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000003c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="9e94", @ANYRES16=0x0, @ANYBLOB="20002dbd7000fbdbdf25080000001400040076657468305f746f5f7465616d0000000800050002000000140004006c6f00"/62], 0x3}, 0x1, 0x0, 0x0, 0x1}, 0x4050) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:06:11 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xfb000}], 0x1, 0x0) pipe(0x0) 04:06:11 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r1, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) ioctl$PPPIOCGFLAGS(r0, 0x8004745a, &(0x7f0000000040)) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r3, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$IP_VS_SO_SET_FLUSH(r4, 0x0, 0x485, 0x0, 0x0) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f0000000500), 0x37d, 0x0) 04:06:11 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x6e000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:06:11 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000300)='batadv\x00') sendmsg$BATADV_CMD_SET_HARDIF(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)=ANY=[@ANYBLOB="ff000000", @ANYRES16=r2, @ANYBLOB="20002cbd7000fddbdf251000000008002b0006000000"], 0x1c}, 0x1, 0x0, 0x0, 0x20000}, 0x20040002) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f0000000440)={0x3, 0x0, 0x0, 0x0, 0x3, 0x6, 0x7fff}, 0x0, &(0x7f0000000140)={0x9, 0xfffffffffffffffe, 0x0, 0x0, 0x1, 0x7}, 0x0, 0x0) 04:06:11 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xc6000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:06:11 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r2 = syz_usb_connect(0x0, 0x36, &(0x7f0000000540)=ANY=[@ANYBLOB="1201000039542f108c07021047e6000000010902240001000000000904db00010a04c80009210003000000810009050a00000000000003f0afdc0a5c1aa7f091e22771a776868238520ff38068566d29acd233134c457404ff87031d268946bd4d3812510e552cd7281c524591cf13749cef7a636fe8333aa3375bf73d4ee75a0b57df80d54a41c91aac5b35faeac55c28029add48809faaf8606f4036a77ed0dd9c176a4385f895830e01b7a7f7c646eb507fbef7047e1d3fc6fe92a51a2fb09f6643068290caedb6bdfc4083058eb55131379791bdf1b6a88eb1c88b0d368bf8507d4e384a38d7f16eae524a39600300608258e1f5132f1b2c62626161e749a2dacc4a070000001d671b3ffee0224776b16f00000000000000000000000400000000cb930d7f893121e267923d55655e1d4c033452c0ca23928d855c3640e9a0604b3079917a163f5d3f26853cd07e73efb1b5d8927ed5999a6a0b27efb43ac36a868ed8ec74bbf68a321ab8a9992244c7e8e85066cc09dc434fad748c4f0f236e648673cd8d58c3c4fcdae52a0cfd5de91f1883b016d7f1b0d3c04e46b5b3cf030c3b32642e626412f1cf884bdeaf4a54c56f5e2f72736d12822330ac7fcd8212cdaf3e0a757f380ec685c2b5d08bdf674b7e82d015c34720d32ee97cd5a253b5b20548b51eb0a50193a135f76a9dab4e2355073d467f14d20ab629d701cee051157b31147c9dd514e600c747c6ee97ab1fac669f3fb0f0"], 0x0) syz_usb_control_io$uac1(r2, &(0x7f0000000140)={0x14, &(0x7f0000000340)=ANY=[@ANYBLOB="00008300000083010000000000eb570000c48a3dfe41e41f6fd14b0827dd2ef7326c28cccdf881c694df15e78d298444796e81331cf99f5dfce5a3743ef2a8a1"], 0x0}, 0x0) syz_usb_ep_write$ath9k_ep2(r2, 0x2, 0x10, &(0x7f0000000040)=@ready={0x0, 0x0, 0x8, "36d4cb91", {0x1, 0x40, 0xff81, 0xbe, 0x50}}) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r3, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) [ 2096.367829][T17263] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2096.405537][T17263] CPU: 1 PID: 17263 Comm: syz-executor.0 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2096.416423][T17263] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2096.426475][T17263] Call Trace: [ 2096.429770][T17263] dump_stack+0x14a/0x1ce [ 2096.434104][T17263] ? devkmsg_release+0x11c/0x11c [ 2096.439048][T17263] ? show_regs_print_info+0x12/0x12 [ 2096.444240][T17263] ? radix_tree_cpu_dead+0x160/0x160 [ 2096.449516][T17263] ? _raw_spin_lock+0xa1/0x170 [ 2096.454272][T17263] ? _raw_spin_trylock_bh+0x190/0x190 [ 2096.459641][T17263] dump_header+0xdb/0x700 [ 2096.463962][T17263] oom_kill_process+0xd3/0x280 [ 2096.468707][T17263] out_of_memory+0x5b6/0x890 [ 2096.473287][T17263] ? unregister_oom_notifier+0x20/0x20 [ 2096.478726][T17263] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2096.484252][T17263] ? get_page_from_freelist+0x7c0/0x7c0 [ 2096.489776][T17263] ? __zone_watermark_ok+0x91/0x280 [ 2096.494964][T17263] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2096.500320][T17263] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2096.505940][T17263] pte_alloc_one+0x1b/0xb0 [ 2096.510691][T17263] __pte_alloc+0x1d/0x1d0 [ 2096.515004][T17263] handle_mm_fault+0x36fc/0x40a0 [ 2096.520207][T17263] ? schedule_preempt_disabled+0x20/0x20 [ 2096.525827][T17263] ? ttwu_queue+0x2f9/0x480 [ 2096.530305][T17263] ? finish_fault+0x230/0x230 [ 2096.534956][T17263] ? __up_read+0x1b0/0x1b0 [ 2096.539353][T17263] do_user_addr_fault+0x48a/0x9f0 [ 2096.544365][T17263] page_fault+0x2f/0x40 [ 2096.548493][T17263] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 2096.555067][T17263] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 2096.574729][T17263] RSP: 0018:ffff88810b0c7ab0 EFLAGS: 00010206 [ 2096.580769][T17263] RAX: ffffffff81f73901 RBX: 0000000020400340 RCX: 0000000000000340 [ 2096.588712][T17263] RDX: 0000000000001000 RSI: 0000000020400000 RDI: ffff88805bc9fcc0 [ 2096.596657][T17263] RBP: ffff88810b0c7cc8 R08: dffffc0000000000 R09: ffffed100b794000 [ 2096.604601][T17263] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffffffff000 [ 2096.612544][T17263] R13: 0000000000001000 R14: 00000000203ff340 R15: ffff88805bc9f000 [ 2096.620496][T17263] ? copyin+0x11/0xb0 [ 2096.624451][T17263] copyin+0x8e/0xb0 [ 2096.628318][T17263] copy_page_from_iter+0x37f/0x660 [ 2096.633415][T17263] pipe_write+0x525/0xe40 [ 2096.637740][T17263] __vfs_write+0x59d/0x720 [ 2096.642130][T17263] ? __kernel_write+0x340/0x340 [ 2096.646955][T17263] ? security_file_permission+0x128/0x300 [ 2096.652644][T17263] vfs_write+0x217/0x4f0 [ 2096.656873][T17263] ksys_write+0x18c/0x2c0 [ 2096.661175][T17263] ? __ia32_sys_read+0x80/0x80 [ 2096.665909][T17263] ? fput_many+0x42/0x1a0 [ 2096.670211][T17263] do_syscall_64+0xcb/0x150 [ 2096.674700][T17263] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2096.680566][T17263] RIP: 0033:0x45c829 [ 2096.684439][T17263] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2096.704016][T17263] RSP: 002b:00007f78ac9f5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2096.712395][T17263] RAX: ffffffffffffffda RBX: 0000000000509e40 RCX: 000000000045c829 [ 2096.720337][T17263] RDX: 0000000041395527 RSI: 0000000020000340 RDI: 0000000000000005 [ 2096.728282][T17263] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2096.736226][T17263] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2096.744171][T17263] R13: 0000000000000c4e R14: 00000000004ca088 R15: 00007f78ac9f66d4 [ 2096.776523][T17263] Mem-Info: [ 2096.786689][T17263] active_anon:1386702 inactive_anon:17088 isolated_anon:0 [ 2096.786689][T17263] active_file:275 inactive_file:437 isolated_file:60 [ 2096.786689][T17263] unevictable:0 dirty:14 writeback:0 unstable:0 [ 2096.786689][T17263] slab_reclaimable:8509 slab_unreclaimable:78494 [ 2096.786689][T17263] mapped:62081 shmem:17095 pagetables:42319 bounce:0 [ 2096.786689][T17263] free:17096 free_pcp:6 free_cma:0 [ 2096.837196][T17263] Node 0 active_anon:5546808kB inactive_anon:68352kB active_file:980kB inactive_file:1848kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:248224kB dirty:56kB writeback:0kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2096.884333][T17263] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2096.928981][T17263] lowmem_reserve[]: 0 2912 6416 6416 [ 2096.936937][T17263] DMA32 free:34044kB min:20548kB low:23528kB high:26508kB active_anon:2727192kB inactive_anon:8904kB active_file:668kB inactive_file:312kB unevictable:0kB writepending:20kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:21504kB pagetables:52492kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2096.980727][T17263] lowmem_reserve[]: 0 0 3504 3504 [ 2096.986136][T17263] Normal free:18020kB min:17880kB low:21468kB high:25056kB active_anon:2819352kB inactive_anon:59448kB active_file:1276kB inactive_file:1656kB unevictable:0kB writepending:36kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30848kB pagetables:116784kB bounce:0kB free_pcp:104kB local_pcp:104kB free_cma:0kB [ 2097.016825][T17263] lowmem_reserve[]: 0 0 0 0 [ 2097.021931][T17263] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2097.035766][T17263] DMA32: 3525*4kB (UMH) 852*8kB (UMH) 218*16kB (UMH) 317*32kB (UMH) 5*64kB (MH) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 34996kB [ 2097.093508][T17263] Normal: 709*4kB (UME) 607*8kB (UME) 170*16kB (M) 159*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 15500kB [ 2097.108612][T17263] 18305 total pagecache pages [ 2097.116988][T17263] 0 pages in swap cache [ 2097.126771][T17263] Swap cache stats: add 0, delete 0, find 0/0 [ 2097.137002][T17263] Free swap = 0kB [ 2097.146176][T17263] Total swap = 0kB [ 2097.150967][T17263] 1965979 pages RAM [ 2097.155415][T17263] 0 pages HighMem/MovableOnly [ 2097.161155][T17263] 318830 pages reserved [ 2097.165629][T17263] 0 pages cma reserved [ 2097.171775][T17263] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.2,pid=20573,uid=0 04:06:12 executing program 1: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xbf000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:06:12 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xfc000}], 0x1, 0x0) pipe(0x0) [ 2097.189014][T17263] Out of memory: Killed process 20573 (syz-executor.2) total-vm:75756kB, anon-rss:14256kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000 [ 2097.211676][ T23] oom_reaper: reaped process 20573 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 04:06:13 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r0, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[@ANYPTR=&(0x7f0000000640)=ANY=[@ANYBLOB="e8bb68ce5fe4b842261d36a28c25494433acba4a5a569c31a26b6b8924a7902acadf4062e689edc9672da66c5d0e61275fdd", @ANYRES16, @ANYRESHEX=r0, @ANYBLOB="6652e8b63e2311f9c2f4b3b82b9eb8427a7ab679c407733e8114b04dddecd3dd54a13d992d185a28a295e5400bef8529fa559c289c03bb02a6d3eb652cf9ec611cc0eee059f22e721af96eea1a51bc49f915f3a78e7b6b0ee33bc60446c3ec85aea63229b27605aeb75ba5f900f6d238035a4129e0d0777ac4617f6950bc241f4d16183c39b934b71e4d57ea6de09cf871caa918ba401131fde70517a51c0dea9b4b53717edc23fbb5e2b716a23327ff7c78a6c61dcfa74f5ca5b0ad7d3217c0b9afc5932a5a79b264f79df9f8d0774f79741665e53b00045bda030040858ee9", @ANYRESDEC, @ANYRESHEX, @ANYPTR=&(0x7f00000002c0)=ANY=[@ANYRESDEC], @ANYPTR64=&(0x7f0000000580)=ANY=[@ANYBLOB="87ce907350e688797e379a42858192421f5aea8e8603e700c19bea9b3685378691b69ed5b0836b109c49165e7a3abf3086ea55657d450e458ec644d57b32a943a5fa48b17b2ff2a900d379250005800fc858cd2dd0dd851e10583ef8c059b3d1a5553219d5a56c493ac46b21eeb2ad92d4b0011e380e7d47098b8d065766faea0ef7", @ANYRES64]], @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10000, 0x0, 0x0, 0x8, 0x0, 0xfffffffc, 0x9}, 0x0, 0x3, 0xffffffffffffffff, 0x8) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x2203183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:06:13 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x6f000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) [ 2097.468576][T27637] usb 4-1: new high-speed USB device number 13 using dummy_hcd 04:06:13 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xc7000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) [ 2097.568669][T27637] usb 4-1: Using ep0 maxpacket: 16 [ 2097.698738][T27637] usb 4-1: config 0 has an invalid interface number: 219 but max is 0 [ 2097.707816][T27637] usb 4-1: config 0 has no interface number 0 [ 2097.715377][T27637] usb 4-1: config 0 interface 219 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 2097.726076][T27637] usb 4-1: New USB device found, idVendor=078c, idProduct=1002, bcdDevice=e6.47 [ 2097.735574][T27637] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2097.761600][T27637] usb 4-1: config 0 descriptor?? 04:06:13 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xfd000}], 0x1, 0x0) pipe(0x0) 04:06:13 executing program 1: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r2, &(0x7f0000000500), 0x37d, 0x0) [ 2098.029159][T27637] input: GTCO_CalComp as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.219/input/input8 04:06:14 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) write$P9_RREADDIR(r2, &(0x7f00000002c0)={0xf3, 0x29, 0x2, {0x7fffffff, [{{0x10}, 0x78, 0x9, 0x5, './bus'}, {{0x20, 0x0, 0x3}, 0xb2d3, 0x3, 0x5, './bus'}, {{0x0, 0x1, 0x5}, 0x2, 0x6, 0x5, './bus'}, {{0x80, 0x2, 0x1}, 0x1000, 0x48, 0x5, './bus'}, {{0x80, 0x0, 0x4}, 0x9, 0x27, 0x5, './bus'}, {{0x20, 0x0, 0x3}, 0x800, 0x9, 0x5, './bus'}, {{0x80, 0x0, 0x3}, 0x1, 0x0, 0x5, './bus'}, {{0x80, 0x2, 0x5}, 0x400, 0x81, 0x5, './bus'}]}}, 0xf3) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:06:14 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x70000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:06:14 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xc8000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:06:14 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x71000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:06:15 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xfe000}], 0x1, 0x0) pipe(0x0) 04:06:15 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r0, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[@ANYPTR=&(0x7f0000000640)=ANY=[@ANYBLOB="e8bb68ce5fe4b842261d36a28c25494433acba4a5a569c31a26b6b8924a7902acadf4062e689edc9672da66c5d0e61275fdd", @ANYRES16, @ANYRESHEX=r0, @ANYBLOB="6652e8b63e2311f9c2f4b3b82b9eb8427a7ab679c407733e8114b04dddecd3dd54a13d992d185a28a295e5400bef8529fa559c289c03bb02a6d3eb652cf9ec611cc0eee059f22e721af96eea1a51bc49f915f3a78e7b6b0ee33bc60446c3ec85aea63229b27605aeb75ba5f900f6d238035a4129e0d0777ac4617f6950bc241f4d16183c39b934b71e4d57ea6de09cf871caa918ba401131fde70517a51c0dea9b4b53717edc23fbb5e2b716a23327ff7c78a6c61dcfa74f5ca5b0ad7d3217c0b9afc5932a5a79b264f79df9f8d0774f79741665e53b00045bda030040858ee9", @ANYRESDEC, @ANYRESHEX, @ANYPTR=&(0x7f00000002c0)=ANY=[@ANYRESDEC], @ANYPTR64=&(0x7f0000000580)=ANY=[@ANYBLOB="87ce907350e688797e379a42858192421f5aea8e8603e700c19bea9b3685378691b69ed5b0836b109c49165e7a3abf3086ea55657d450e458ec644d57b32a943a5fa48b17b2ff2a900d379250005800fc858cd2dd0dd851e10583ef8c059b3d1a5553219d5a56c493ac46b21eeb2ad92d4b0011e380e7d47098b8d065766faea0ef7", @ANYRES64]], @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10000, 0x0, 0x0, 0x8, 0x0, 0xfffffffc, 0x9}, 0x0, 0x3, 0xffffffffffffffff, 0x8) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x2203183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:06:15 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB="2b30e1c4647f51838cfaba0bbf38416d7c81a92c"], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = io_uring_setup(0xcf3, &(0x7f00000002c0)={0x0, 0x0, 0x4, 0x3, 0x38c}) flock(r4, 0x5) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) [ 2099.295841][T27637] usb 4-1: USB disconnect, device number 13 04:06:15 executing program 3: r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) ioctl$GIO_UNISCRNMAP(r0, 0x4b69, &(0x7f0000001c80)=""/4096) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$ASHMEM_SET_NAME(0xffffffffffffffff, 0x41007701, &(0x7f0000000100)='-@(%-etE0Zmd5sumem0\x83\x0f\x91\xaf\xe6\x18\x13\xd2\x94\x00\x00\x00\x00\x00\x00\x00') syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400244) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r2, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r4 = socket$inet6(0xa, 0x3, 0x7) ioctl$sock_SIOCSIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(r1, 0x8983, &(0x7f0000000080)={0x2, 'batadv_slave_1\x00', {0x4fb61b12}, 0x4}) recvmmsg(r4, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(0xffffffffffffffff, &(0x7f00000015c0)=[{&(0x7f0000000500)=""/202, 0xca}, {&(0x7f0000000340)=""/202, 0xca}, {&(0x7f0000000440)=""/189, 0xbd}, {&(0x7f0000002c80)=""/4096, 0x1000}, {&(0x7f0000000040)=""/27, 0x1b}, {&(0x7f0000001500)=""/170, 0xaa}], 0x6, 0xfffffffffffffff9) [ 2099.349067][T27637] gtco 4-1:0.219: gtco driver disconnected [ 2100.167700][T26523] syz-executor.4 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2100.181336][T26523] CPU: 1 PID: 26523 Comm: syz-executor.4 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2100.191749][T26523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2100.201795][T26523] Call Trace: [ 2100.210463][T26523] dump_stack+0x14a/0x1ce [ 2100.214766][T26523] ? devkmsg_release+0x11c/0x11c [ 2100.219672][T26523] ? show_regs_print_info+0x12/0x12 [ 2100.224839][T26523] ? radix_tree_cpu_dead+0x160/0x160 [ 2100.230091][T26523] ? _raw_spin_lock+0xa1/0x170 [ 2100.234824][T26523] ? _raw_spin_trylock_bh+0x190/0x190 [ 2100.240164][T26523] dump_header+0xdb/0x700 [ 2100.244463][T26523] oom_kill_process+0xd3/0x280 [ 2100.249197][T26523] out_of_memory+0x5b6/0x890 [ 2100.253782][T26523] ? unregister_oom_notifier+0x20/0x20 [ 2100.259234][T26523] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2100.264766][T26523] ? get_page_from_freelist+0x7c0/0x7c0 [ 2100.270286][T26523] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2100.275631][T26523] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2100.281153][T26523] pagecache_get_page+0x50f/0x880 [ 2100.286149][T26523] filemap_fault+0x1474/0x19d0 [ 2100.290889][T26523] ? generic_file_read_iter+0x20b0/0x20b0 [ 2100.296927][T26523] ? enqueue_hrtimer+0x1cf/0x230 [ 2100.303305][T26523] ext4_filemap_fault+0x7b/0x90 [ 2100.308522][T26523] handle_mm_fault+0x2837/0x40a0 [ 2100.313613][T26523] ? finish_fault+0x230/0x230 [ 2100.319491][T26523] ? put_timespec64+0x109/0x150 [ 2100.324620][T26523] ? __up_read+0x1b0/0x1b0 [ 2100.329038][T26523] ? vmacache_find+0x205/0x4b0 [ 2100.333799][T26523] do_user_addr_fault+0x48a/0x9f0 [ 2100.338814][T26523] page_fault+0x2f/0x40 [ 2100.342943][T26523] RIP: 0033:0x4103ae [ 2100.346825][T26523] Code: Bad RIP value. [ 2100.350867][T26523] RSP: 002b:00007ffe517c2bc0 EFLAGS: 00010206 [ 2100.356923][T26523] RAX: 0000000000200d6b RBX: 0000000000200aa9 RCX: 0000000000200b20 [ 2100.366807][T26523] RDX: 0000001b2d620000 RSI: 0000000000000000 RDI: 0000000000000001 [ 2100.375100][T26523] RBP: 0000000000000d6c R08: 0000000000000001 R09: 0000000002716940 [ 2100.383054][T26523] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000011 [ 2100.391009][T26523] R13: 00007ffe517c2bf0 R14: 0000000000200776 R15: 00007ffe517c2c00 [ 2100.408345][T26523] Mem-Info: [ 2100.411977][T26523] active_anon:1390992 inactive_anon:17088 isolated_anon:0 [ 2100.411977][T26523] active_file:183 inactive_file:185 isolated_file:18 [ 2100.411977][T26523] unevictable:0 dirty:4 writeback:1 unstable:0 [ 2100.411977][T26523] slab_reclaimable:8501 slab_unreclaimable:78006 [ 2100.411977][T26523] mapped:61687 shmem:17095 pagetables:42508 bounce:0 [ 2100.411977][T26523] free:12528 free_pcp:810 free_cma:0 [ 2100.450844][T26523] Node 0 active_anon:5563968kB inactive_anon:68352kB active_file:732kB inactive_file:1040kB unevictable:0kB isolated(anon):0kB isolated(file):72kB mapped:246948kB dirty:16kB writeback:4kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2100.475990][T26523] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2100.502849][T26523] lowmem_reserve[]: 0 2912 6416 6416 [ 2100.508786][T26523] DMA32 free:24852kB min:4644kB low:7624kB high:10604kB active_anon:2734424kB inactive_anon:8904kB active_file:512kB inactive_file:116kB unevictable:0kB writepending:8kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:21952kB pagetables:52964kB bounce:0kB free_pcp:2224kB local_pcp:1376kB free_cma:0kB [ 2100.538721][T26523] lowmem_reserve[]: 0 0 3504 3504 04:06:16 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xc9000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) [ 2100.543884][T26523] Normal free:9860kB min:5592kB low:9180kB high:12768kB active_anon:2830156kB inactive_anon:59448kB active_file:24kB inactive_file:1044kB unevictable:0kB writepending:12kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30752kB pagetables:117068kB bounce:0kB free_pcp:732kB local_pcp:672kB free_cma:0kB 04:06:16 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xff000}], 0x1, 0x0) pipe(0x0) [ 2100.608599][T26523] lowmem_reserve[]: 0 0 0 0 [ 2100.613159][T26523] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2100.626624][T26523] DMA32: 64*4kB (UH) 339*8kB (UMH) 271*16kB (MH) 368*32kB (UMH) 28*64kB (UMH) 3*128kB (UH) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 21256kB [ 2100.642451][T26523] Normal: 40*4kB (UE) 15*8kB (UME) 104*16kB (UM) 112*32kB (UM) 8*64kB (UM) 6*128kB (M) 0*256kB 1*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 7320kB [ 2100.657012][T26523] 19784 total pagecache pages [ 2100.684644][T26523] 0 pages in swap cache [ 2100.689129][T26523] Swap cache stats: add 0, delete 0, find 0/0 [ 2100.695243][T26523] Free swap = 0kB [ 2100.699068][T26523] Total swap = 0kB [ 2100.702782][T26523] 1965979 pages RAM [ 2100.729065][T26523] 0 pages HighMem/MovableOnly [ 2100.733803][T26523] 318830 pages reserved [ 2100.738053][T26523] 0 pages cma reserved [ 2100.743334][T26523] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=17365,uid=0 [ 2100.760806][T26523] Out of memory: Killed process 17365 (syz-executor.0) total-vm:75624kB, anon-rss:16580kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 04:06:16 executing program 1: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xc8000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:06:16 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x72000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:06:16 executing program 0: vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$XDP_TX_RING(0xffffffffffffffff, 0x11b, 0x3, &(0x7f00000002c0)=0x128400, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB="d5f187a2ed90eea67ee78dcc264fd97c7dff3b750cc2822ba1629a4f22d708f50586748b860b812167c4bbb3c88979c3fa72f6309cab91728e5514fed5c813a0448d8ee9c51bd63949f1f185f03b0aacf2f89088aadd3421eae02b1af68747e4537db159ce9277ce19943c6f5537a27ea24a7403448ae220c175df104603b231eaccbcb53bdc9f26902b616cb0ba4370ec65600d50be40c5d99c591f0a0129d334066afd"], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x101382, 0x1fa) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x101}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:06:16 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) r0 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r0, &(0x7f0000000500), 0x37d, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x9) r1 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$EVIOCSMASK(r1, 0x40104593, &(0x7f0000000040)={0x12, 0x1000, &(0x7f0000000340)="794b97322246216758e4aea3c7d8318f1f8f92ba2f8642036941b6644893f8b9d3b5a149c9f384ba1c1de09c0e913ac83ecd68115bd57aaaac6551a2790328e6e59bbb6918ff539fc4419acf53955adb3375aa2dc8e36ff3e1195edb7da60750c973aae69f4c11bfb28944dfa7ced84f9f2cb18b6b5b8136212d40bfb400410522704f72a769969fe999240b3eaabc31951a8d3bf1acdb20cf4fab59571de87acb8fdb85f8cd2a07b731e7427bab8bb2fa5bc4f51b8db1cff0afb64dd0a3a4eeaf3f0534a6154230855c858f99412c62ad5c57cf7fd06401f133c9c3ae34be44c4750e8011311e1fa3deb36f78bdf2856785f533caf88a92e778d82e07b620877ef6a570c288e45b5bed0cd57fe21b8b8c33f558b8200a98437720eec66e42916b38852530bd36732d748ffdaa48021aac53a582dd330fe1847952a049475c1886dcb51372304971a235da47a6f0dfee4a14140fd4e82a9a027f890b9e19ca149325a53bffb5c7c2fb981bd9637c94d0e79cadb8236ce74407289b4b011f495ce572c878bfbff06e437f957f703fda9ee34cce68d9a4eddc680f013747213db7b0967af9c37fdae28756aabafd4a2760ec84c028a852cc5d7bec0b531a574bc9eae55e607d71cd163c0b49f6f1a914d1e8793d36c2b1fa79fdfae727de7eb3876ed9b23a92538a09f5cc06b4331f24fa9e39724f3c6f04c4e8576842e657b766f7cd2475b7da8a3978008babc377a034b4c9399075d0beafb4e8802e9a53e98c1a4fa10a6cec65f6141cdaa439c39cd240d11ec51ffb431c7e75979fd905cf12f763f34d2b60a7c65faa1076b6b2fcdb68c0bb387147430609e9e335ee51e4583ae1473755f64f837fb12251e4d0a9e9a326e0d5c142b93104b1fc646d5c35678688e576aca7260462e8c4a9dd3ce787294d83234e39699cd494220e829825bf399fb5e7672c43b21d02df55cda1fc702c5bc443dc3273bbfbe6312760049bf0d4966a5f75ba127fe6c0cbb321f3a6ebf59c70c9bbffa7ef447dcafef733ae374238ebe5a05950e413220625d29ab049a2fc15a3e76e745a58a1255ed11c99ef8a7abf6b1d6776bcf5cf9ae3ed7109b1c2bbc23f0268aa7be82f4d5c4e68654f73bafee0a5b700440b39771a70c6b696e8721f21dad0ed572adde089d9f70760484f522ff63d1be7fb31e40f5dcc8a3697ed96bd46b5f28f3f38d9172cd7397ad20e307dc056a29ef315bf62170add718c2f39ff57608e93faa09fe9c026611522294b1093f8b5e7a594afa7ac6f76e1bb2b0bc3aabc89ab7eb4890df13a546d63df61f55498ab0bd2aedcc9ff61876fd34dae8acf91c74531a70e7e6f97b59096d297c3f9a4f56e5417bf95a3f5d5828d814f8dcc5dfe1aa7820cccd26b508b5dbd152f88ac6eeb6fd9fc3a3dd1d1918410a0c5898e35b9f414594d460f5161e01df5d823c150fcb0025b23a9f87c85734ba267bee9c4f2a80122b43b393bf496201c40b0d07ee68631263e0563394ec8b1f0c091a031fe3ff3605599244e25709badb17465d9e224319114a9fdf2a69abb9e8f9ffb01033f6373ca6614328104bc634d97d0ef6b8fcbe39c8fcc0bed440c9ea54e7f06578773445ab60196f8c02d39a5ebbd57a2b0d544d8ad5cf8a2e641ee6b0cd715345c3c3489ad7c816e44ae7836235283e8568f2b40bfed15bd2e1f17d23c979eb4f5b5e3cb1ae3bac1501a8504801f1546f654f8f34e188159b676a85906b2d5fa20517b2cf1d95d5b0a72f8fb35f36260026b2ce909baf279d8e0e16369f249428091e87fd363900b303af707f1cc4053bcd46927ef437f7dbca460d20b967d4ce2e22abb2744e9511cddaa1821d069abb273b444a7e124309007ead83f58bfc36351301d72b49b7b86b496911ae1854420451833f0496df021863f941fe9bf3283498f633042ec7d205a26bcf616b7f7d2d947613c70c6f43dc6fb66b5414cd79adc273204f51b7ea742ec445d4fc31190ff8eb5206c987f6ae04e1476d9158280905f1ed0b4bd41f23971e5a927bf1065404b915537b2195bdb6cbeec16e2c2202fa75717f968e8cb5e9dd829df3691cab417fbd5f75446f08a1adc640eb210e6963db819b02da48302863b51bb997a8fcff9289c67bb18861636a3b7bf9ee0158c791d235d2856593ad636fb15fd1bf15d5be7e15ad36459dfc4c799b91272fbca52d8bea5d3154f536859760105d163a277ceb0fcc776d26b6b777620eb102dbf4087aff76c81eda6377284ad442e9c608b6eef4446208b2679201f509b7a597a935f4241aa4d0d175f625670e56f35df6c395badc75fc8c3c2e4a5bb0960f9f58d829a77645d155a06ac363428d209c01b2d963d43e43098037de58e4d0204f15527d96f91091b1891c3794fbc39b311a5081bc35b57fc91c811e0ab2bff74d90ab2a687b9b7d6bf28048fdb81718e04cc362423e6acf46a04eb572f36bd050f0ecdfd6cf015742a30069abcb063e52b6eea15125214e5716e921367f0f5b7c458a6a41ed600c7ff4c59f63aa8f57040cc380b391a5676710c13ce99caf3d1d52875cb9b1b237fdee344e6af0009c6f4bea0f140fe898cf8ac6e0c4cfc2522dfcf69a70d58d1e9cb66a16ad881ee7c59a84941a2714562ce09a165cef0c4c084df5fd17f4f765a832e6bed60a4574fc3a182a2c2bf67f26ee96bf9d3bcc7515f9a947d45fee43d72dce3b50f67bcd4ae3a3563bea7f564ff324605f5f78b233ade8de132b9c999c62a1d5f6bd36e481d244571475fb28f5aacb1ac388140834374d54b08407cb1234dbf2797a3fdd8bb3a47226c7cf77dd125de46dbb31c4eb637d02b40a28eeee0af613a1b41c7bc93c42f3a96ec5af5c33ea6e0af3e30f345493f9fd253444d565617bad37755360355adde573832db33be396fd8fdc8251798e4317321e6b5134936f3042b95a7e9d1fe6d20e20cae9abb485299bfe79f04acd7501fe4818c1234fe2aa5c78bf41c076bd16326dee81f6f1e6009b9977af577cba769f8cb7f380405b663e9e1221b6cc1b9a4e4a9561e4ac825ffd29f22a19c602775d70fba5ac7606cfea51f69c92d4b9144bbd14fa9ea5204a01f947b1435e92dd040959b9c72b7f3492394ecafa8cdd2275245f013e74a6dfae62ce8db7c66861b946dc9eebd032192a8b61ff07cd083136808407408f27a31f79cf3663ed5be86c99251847e5b136eaebddd69e3ce0e6f24d226f25e94f0881e46b811bb9e9ecb9f07738786b7f59ce8f242994e6502fb2a50d5166736c3e5d2ec2f41b5fc35980e0ef104384d14f1498bcdf14dbd0718201650b9ffa16529c230a4b6b7cf6a5d355636dea0550403fca4120eefc2eaa334caf3faa547651a9b7e4f4cc2ac89a763edde3579655908fe29d8462e8205c2bf6e3c8c4bd29e8156bbb74a91375dd4c863873963317725099993e0428da126ff630767c9d4ac6923c8ff3832d559e916a59db64a542b868e9cee235e778b9f16a263a43dd785e30ee419cc0e794d229eacc81e7ed4aa125235f08a5e1f28458287dbb35ab6d6dd59fa16b984fa1581f7a67b1c58bd02e1edcb4a2d9ca294657c2e9184ca83510afad2f7bcf7c501c738be99510fbd00c3f66663dd572ce5fe7e2e611f3833f077dc6c35b76f996e4277dc7322d58fce67e3aaa86988d868b28f8ce016e37e29c80e974205c279fda9a60ff7001b3abda6f17fc469e6f16556b82b19748481054334f0ea5c4e8f953ee882214a125f1add70d281a5faa003c1d93f219c6ee93d56d12341712b5ff627a8748286c23ed7ca16fea48948ff573fe176fe4381b5ca360ca99e40b893ad86a88b763b66f37a73f418e407a404387fc8ffc50cd5ab5de51d099165ef06e1846a96da68a9f43a6fc530ff858dc81e32cbf4cb13e7a3d47db175d78cea869400553de2a313c7b47cfdc3c34305153fd1534650656f5c5e217669e08017ca73d4fa17cb043bbecd759fe6829f89c9ed530c29d1809b7db7e6f0de42e044de487a6c481d1e2359c5982efb5cb187f2acd64bb8507b1550c1c603d611e63f465f3244e1105e72f6ecd885eb0125d3d1e8227bcd0155940cc2dbecaa91800784bd045d2bb3a02c7a1dee36778938c1508abf8ebe988980d645ecc99f1337a12f3812d0ca4459e983db87e29f158e2e3278163df92e8227286899fabbb45b58b25c8d9617549e9886b9c7db1eb78d02a237e1509b851c82cb0e16f24465a6b32dab9c6da6343e712eb45c0ff650bfe8f4c8a1f2a723263b4876902a7d7a90bcea9de695532e2e455ec9dd174455191a8cac94645ca5ab78bf30d844fcfcf6185eff5576f0fd9bb99be3edbd658d3ff7a26989765ebc09dbc0a2db59b8b39119d7eb8b00d5475054468f0a1be069a0ff6c23ca0148fb77d5fa371f9244b5e1ab9d74a37cc6d5a8391732af924e04ad89d3acdb61d665dbe2c301e7aa7ca8f8ebd49921e0141e111295d0b9415087e8acec823b32bf4bebd41cf2fa5a6b2ef8d12f93029c02e16e194f3d289771099b0f0ae1c89eb0e127d7134be91e24a4d8082bdb1e2634f94abce5cf5919bf249b4dbd0915b9b08cd9209ecaeeb7c57b051c98e11f6371e5987c9da97ee874e96047b6ef84db8e42a228af84858050677b1fde1b7016752de66513128c8fcf06c38f142a7e5c9396afe40f95d586b5850eadc712541fdb970b9ff23324f12803a0fa51dec7553cfcd246178000f64fca7c45d927d42051c766fd1630680c593d40593709b780cbe92ff428c4407ff26d5426946d7908e3eb0f3e8a7634e25688baf7ea6ec7eacc2b44059739a91873cf1b77fca7a7f32cdaa19ab039a0ce2d1b32c2d828a64ab194ba8eca7bc0988430cbc6f466ef8450de6f459ab421f6b61db6eb7e06dfbaed7df6bfda1640ffa85848e16e3d26a9af0f531ec4ebd0d51f4a78a9f04e57ec28898e567fc0bc03aa3f2c1f0ac167416c51b8543d8c006541fe3d56a7586fddfcfa666ec18a721dfbab8b8f7fc9bf4e20e72c260336672496df95ad97f5596a44f7550ecead0d48442a5e76eca2c195b1322f369ed770f43e4288b1e5a962f0a5f71ad7ad08256957cfb7cea6ed4b6d897a6e00fa748ff7470eb2710d7a197b437803af74a75ae587e9fa2bf61d9f0aaefa2e8dbd06db85d40c88e0d328d2d5ad8e63cf6e63bb31de4da019f640e5b7e867e5dfe885f70ea5b2c6bee1861e06b035b6623c8c925981be3409ae64287b9202e9001ed497a101243038eabf68377fc8b3697dba4765ab98c8545f2283a58f95b60ef189a88f0355e11b8e4a9efc0f8af1171fac964c7d18364d42122e6b0a399c232639020c8b93ec19a246f4268d5826d44738e66b943ad06ceaa9f471be6a13b6abea21e42796bb96714767703047bf3f71ec558cc96ee7c189b61b8e638fb43ade27c6cd6ddf781b7f025b72218b52cd008c8f366f445f2092040cd4d63d73b8802bf09953b7166ebe2ac9d9b02ca31d8580f5e05ec22e918d7e908fa92add16c2003629ec4a790f56747a33a15ede3e22928d900be3ba4ff22748ad6db92d56029354e3347f47f2f8be9521b4baaefd60e97c46d922f89fe5b5a66fcd1733cc92a498eb96c2176b1365e4f465c1f612c45f538a0f554bc5a663c84b238f063edfb19c9dee668fb3c3260d50d1d49b4e489aa21c5e1fcdddc2353dcbd7b024a250c07ac368afdb0e75e85de000c5c7669fe7d1863d5659e18091ca4405fc9ec089682e9d884a254e73c964e1efb529eeccece9ca3d6f7829d398f1167f"}) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r2, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r4 = socket$inet6(0xa, 0x5, 0xffffff80) socket$inet6_icmp(0xa, 0x2, 0x3a) recvmmsg(r4, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f0000000500), 0x37d, 0x0) 04:06:17 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xca000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:06:17 executing program 1: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r2 = syz_usb_connect(0x0, 0x36, &(0x7f0000000540)=ANY=[@ANYBLOB="1201000039542f108c07021047e6000000010902240001000000000904db00010a04c80009210003000000810009050a00000000000003f0afdc0a5c1aa7f091e22771a776868238520ff38068566d29acd233134c457404ff87031d268946bd4d3812510e552cd7281c524591cf13749cef7a636fe8333aa3375bf73d4ee75a0b57df80d54a41c91aac5b35faeac55c28029add48809faaf8606f4036a77ed0dd9c176a4385f895830e01b7a7f7c646eb507fbef7047e1d3fc6fe92a51a2fb09f6643068290caedb6bdfc4083058eb55131379791bdf1b6a88eb1c88b0d368bf8507d4e384a38d7f16eae524a39600300608258e1f5132f1b2c62626161e749a2dacc4a070000001d671b3ffee0224776b16f00000000000000000000000400000000cb930d7f893121e267923d55655e1d4c033452c0ca23928d855c3640e9a0604b3079917a163f5d3f26853cd07e73efb1b5d8927ed5999a6a0b27efb43ac36a868ed8ec74bbf68a321ab8a9992244c7e8e85066cc09dc434fad748c4f0f236e648673cd8d58c3c4fcdae52a0cfd5de91f1883b016d7f1b0d3c04e46b5b3cf030c3b32642e626412f1cf884bdeaf4a54c56f5e2f72736d12822330ac7fcd8212cdaf3e0a757f380ec685c2b5d08bdf674b7e82d015c34720d32ee97cd5a253b5b20548b51eb0a50193a135f76a9dab4e2355073d467f14d20ab629d701cee051157b31147c9dd514e600c747c6ee97ab1fac669f3fb0f0"], 0x0) syz_usb_control_io$uac1(r2, &(0x7f0000000140)={0x14, &(0x7f0000000340)=ANY=[@ANYBLOB="00008300000083010000000000eb570000c48a3dfe41e41f6fd14b0827dd2ef7326c28cccdf881c694df15e78d298444796e81331cf99f5dfce5a3743ef2a8a1"], 0x0}, 0x0) syz_usb_ep_write$ath9k_ep2(r2, 0x2, 0x10, &(0x7f0000000040)=@ready={0x0, 0x0, 0x8, "36d4cb91", {0x1, 0x40, 0xff81, 0xbe, 0x50}}) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r3, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) 04:06:17 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x100000}], 0x1, 0x0) pipe(0x0) 04:06:17 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB="85abba33fde6d689cf6f2d03b1ec8f4a3f0fa4ac33c74e18564aac8c62ca726b95415e213b45daa43787e7362b09f589d65d1c11069bb1f00c4591ae85fa05c65b"], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) ioctl$sock_SIOCGIFVLAN_GET_VLAN_EGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000340)) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:06:17 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x73000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:06:17 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB="b7a66c026376f00564d451808d14a430906bed3a26f6e18bf19a04edf05236216fc73dec8bb2e19f36e2f722fef41a65b114f227cf8090570e3150baf9f74682142f7190cd79595e5aec1e0c3d8880a2a750a7772c7742b7c3a957bc0d6759503b65f2c7ec93bf632b0354d68a1631ab9970e7b9e444833be6b7c731f8f92961362b7bb5080503a9323b59387eb7ad84fd6e17248af1b6aad69ed76ec0a41243a249103ad4cc179913718da07fc44d7f0074afc593a1a5", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) lgetxattr(&(0x7f00000002c0)='./bus\x00', &(0x7f0000000400)=ANY=[@ANYBLOB="7379738665b5546393bf628e4b7963e0854b8400"/35], &(0x7f0000000340)=""/31, 0xa) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) setxattr$trusted_overlay_origin(&(0x7f0000000380)='./bus\x00', &(0x7f00000003c0)='trusted.overlay.origin\x00', &(0x7f0000000440)='y\x00', 0x2, 0x2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500)}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x1}, 0x0, 0x0) 04:06:17 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) bind(0xffffffffffffffff, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000240)={@mcast1, @empty, @local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20c000a6, r0}) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'batadv0\x00', r0}) sendmsg$ETHTOOL_MSG_LINKINFO_SET(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB="38010000", @ANYRES16=0x0, @ANYBLOB="20002bbd7000fddbdf25030000000c00018008000100", @ANYRES32=0x0, @ANYBLOB="05000200200000003800018008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="1400020074756e6c30000000000000000000000005000500050000004000018008000300030000000800030000000000080003000100000008000300030000001400020076657468305f6d61637674617000000008000300010000008800018008000100", @ANYRES32=0x0, @ANYBLOB="140002006c6163766c616e00020076657448305f766c616e0000000000001400020047726530000000000000000000000000140002006772653000000000000000000000000008000300030000000800010002000000000000000000943ce9ff1d57753155f68544240efbe440a68a4a908aea79fd8536be356f955cbd2e45e7a342b6292a6a66a0353f608d47ec0a8930355f41c828cb0e1d87ea4a0a447421d453a77057a9eb9315768e9ffab7633e90f6f3c8c87b9df957fdee10b8bee3113952c2bce8256178e18befb21c3cd682eb54647e6a98d74e3a6f1e4d4b2793538a1a967c488bfa4c2f5334b9e1817bf7d4cb3f97545725ca365464566c1f58f3", @ANYRES32=r1, @ANYBLOB="14000200766574e8305f746f5f626f6e640000000800f6ff0000000005000300400000009da3c460535b222bb3558e33057fef723825d759b92dc540bc0c8a1f004b14568d2b140223451c58ef110922c88daa729d55a3314f659a3c6c8a5a01c92da3dfed33d33791d1403bc6bb01b7a2dee5a941359a00000000000000"], 0x138}, 0x1, 0x0, 0x0, 0x4800}, 0x80) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r2, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r4 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r4, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f0000000500), 0x37d, 0x0) [ 2102.178258][ T8383] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 2102.268211][ T8383] usb 2-1: Using ep0 maxpacket: 16 [ 2102.388223][ T8383] usb 2-1: config 0 has an invalid interface number: 219 but max is 0 [ 2102.396630][ T8383] usb 2-1: config 0 has no interface number 0 [ 2102.403468][ T8383] usb 2-1: config 0 interface 219 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 2102.413924][ T8383] usb 2-1: New USB device found, idVendor=078c, idProduct=1002, bcdDevice=e6.47 [ 2102.423751][ T8383] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2102.433077][ T8383] usb 2-1: config 0 descriptor?? 04:06:18 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xcb000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:06:18 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x101000}], 0x1, 0x0) pipe(0x0) [ 2102.698758][ T8383] input: GTCO_CalComp as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.219/input/input9 04:06:18 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x74000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:06:18 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r4 = dup2(0xffffffffffffffff, r2) sendmsg$AUDIT_LIST_RULES(r4, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x10, 0x3f5, 0x400, 0x70bd26, 0x25dfdbff, "", ["", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x48814}, 0xc0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000003c0)}, 0x102}, 0x0, 0x0, 0xffffffffffffffff, 0xa) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) [ 2103.360275][T17503] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2103.372687][T17503] CPU: 0 PID: 17503 Comm: syz-executor.4 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2103.382828][T17503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2103.392881][T17503] Call Trace: [ 2103.396170][T17503] dump_stack+0x14a/0x1ce [ 2103.400499][T17503] ? devkmsg_release+0x11c/0x11c [ 2103.405426][T17503] ? show_regs_print_info+0x12/0x12 [ 2103.410614][T17503] ? radix_tree_cpu_dead+0x160/0x160 [ 2103.415892][T17503] ? _raw_spin_lock+0xa1/0x170 [ 2103.420649][T17503] ? _raw_spin_trylock_bh+0x190/0x190 [ 2103.426050][T17503] dump_header+0xdb/0x700 [ 2103.430379][T17503] oom_kill_process+0xd3/0x280 [ 2103.435137][T17503] out_of_memory+0x5b6/0x890 [ 2103.439812][T17503] ? unregister_oom_notifier+0x20/0x20 [ 2103.445267][T17503] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2103.450812][T17503] ? __zone_watermark_ok+0x91/0x280 [ 2103.456009][T17503] ? get_page_from_freelist+0x7c0/0x7c0 [ 2103.461547][T17503] ? __zone_watermark_ok+0x91/0x280 [ 2103.466740][T17503] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2103.472106][T17503] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2103.477660][T17503] ? copy_process+0x5a4/0x5110 [ 2103.482415][T17503] ? copy_process+0x5a4/0x5110 [ 2103.487169][T17503] ? kmem_cache_alloc+0x1d5/0x260 [ 2103.492201][T17503] copy_process+0x5f3/0x5110 [ 2103.496781][T17503] ? get_mem_cgroup_from_mm+0x27b/0x2c0 [ 2103.502300][T17503] ? _raw_spin_lock+0xa1/0x170 [ 2103.507032][T17503] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2103.512808][T17503] ? fork_idle+0x290/0x290 [ 2103.517199][T17503] ? _raw_spin_unlock+0x5/0x20 [ 2103.521950][T17503] ? handle_mm_fault+0xb16/0x40a0 [ 2103.526948][T17503] _do_fork+0x196/0x920 [ 2103.531078][T17503] ? dup_mm+0x300/0x300 [ 2103.535205][T17503] ? do_mmap+0x9ad/0x1060 [ 2103.539506][T17503] __x64_sys_clone+0x25f/0x2c0 [ 2103.544239][T17503] ? __ia32_sys_vfork+0x110/0x110 [ 2103.549234][T17503] ? do_user_addr_fault+0x55c/0x9f0 [ 2103.554405][T17503] do_syscall_64+0xcb/0x150 [ 2103.558879][T17503] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2103.564741][T17503] RIP: 0033:0x45f1f9 [ 2103.568609][T17503] Code: ff 48 85 f6 0f 84 37 8d fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 0e 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2103.588184][T17503] RSP: 002b:00007ffe517c28c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2103.596588][T17503] RAX: ffffffffffffffda RBX: 00007fa744f9c700 RCX: 000000000045f1f9 [ 2103.604547][T17503] RDX: 00007fa744f9c9d0 RSI: 00007fa744f9bdb0 RDI: 00000000003d0f00 [ 2103.612489][T17503] RBP: 00007ffe517c2af0 R08: 00007fa744f9c700 R09: 00007fa744f9c700 [ 2103.620430][T17503] R10: 00007fa744f9c9d0 R11: 0000000000000202 R12: 0000000000000000 [ 2103.628389][T17503] R13: 00007ffe517c297f R14: 00007fa744f9c9c0 R15: 000000000078c04c [ 2103.653935][T17503] Mem-Info: [ 2103.660199][T17503] active_anon:1389572 inactive_anon:17089 isolated_anon:0 [ 2103.660199][T17503] active_file:377 inactive_file:357 isolated_file:64 [ 2103.660199][T17503] unevictable:0 dirty:0 writeback:0 unstable:0 [ 2103.660199][T17503] slab_reclaimable:8509 slab_unreclaimable:77822 [ 2103.660199][T17503] mapped:62208 shmem:17099 pagetables:42737 bounce:0 [ 2103.660199][T17503] free:13710 free_pcp:337 free_cma:0 [ 2103.699299][T17503] Node 0 active_anon:5558288kB inactive_anon:68356kB active_file:1508kB inactive_file:1428kB unevictable:0kB isolated(anon):0kB isolated(file):256kB mapped:248832kB dirty:0kB writeback:0kB shmem:68396kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2103.724168][T17503] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2103.751447][T17503] lowmem_reserve[]: 0 2912 6416 6416 [ 2103.757363][T17503] DMA32 free:30316kB min:20548kB low:23528kB high:26508kB active_anon:2728280kB inactive_anon:8908kB active_file:904kB inactive_file:692kB unevictable:0kB writepending:0kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:22144kB pagetables:53476kB bounce:0kB free_pcp:96kB local_pcp:0kB free_cma:0kB [ 2103.797326][T17503] lowmem_reserve[]: 0 0 3504 3504 [ 2103.802867][T17503] Normal free:9612kB min:13784kB low:17372kB high:20960kB active_anon:2829612kB inactive_anon:59448kB active_file:1236kB inactive_file:928kB unevictable:0kB writepending:0kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30720kB pagetables:117472kB bounce:0kB free_pcp:468kB local_pcp:0kB free_cma:0kB [ 2103.862698][T17503] lowmem_reserve[]: 0 0 0 0 [ 2103.867468][T17503] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2103.881297][T17503] DMA32: 1386*4kB (UMEH) 908*8kB (UMEH) 269*16kB (UMEH) 377*32kB (UMEH) 21*64kB (UMEH) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 30648kB [ 2103.897173][T17503] Normal: 304*4kB (UME) 180*8kB (UME) 29*16kB (UME) 181*32kB (UME) 10*64kB (UME) 3*128kB (ME) 0*256kB 1*512kB (E) 0*1024kB 0*2048kB 0*4096kB = 10448kB [ 2103.920366][T17503] 17838 total pagecache pages [ 2103.931048][T17503] 0 pages in swap cache [ 2103.941342][T17503] Swap cache stats: add 0, delete 0, find 0/0 [ 2103.955987][T17503] Free swap = 0kB [ 2103.964643][T17503] Total swap = 0kB [ 2103.972230][T17503] 1965979 pages RAM [ 2103.991847][T17503] 0 pages HighMem/MovableOnly [ 2104.007306][T17503] 318830 pages reserved [ 2104.021070][T17503] 0 pages cma reserved [ 2104.033588][T17503] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=17512,uid=0 [ 2104.061842][T17503] Out of memory: Killed process 17512 (syz-executor.0) total-vm:75624kB, anon-rss:16580kB, file-rss:35240kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 04:06:20 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x75000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:06:20 executing program 3: sendmsg$SOCK_DESTROY(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000280)={&(0x7f0000000340)={0x70, 0x15, 0x406, 0x70bd25, 0x25dfdbfd, {0x22, 0x9}, [@INET_DIAG_REQ_BYTECODE={0x59, 0x1, "ed7fcb8b813b12a2cef175d62556235631969f5389897f2f14e7cf6d812b157d1426153177c4b5032a6cfad021c513ff8413b6b45dbee699ff762eb3e5ea69abff1c74cb73bbc86dbaab824a9fdd208f10f36bdb3b"}]}, 0x70}, 0x1, 0x0, 0x0, 0xc044}, 0x24000000) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r0 = socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r1, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) r2 = dup(r0) preadv(r2, &(0x7f0000000080)=[{&(0x7f0000000180)=""/224, 0xe0}], 0x1, 0x99a) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r4 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r4, &(0x7f0000000040)=[{{0x0, 0x0, &(0x7f0000000040)}, 0x2}], 0x1, 0x20, 0x0) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f0000000500), 0x37d, 0x0) 04:06:20 executing program 1: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) r0 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r0, &(0x7f0000000500), 0x37d, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x9) r1 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$EVIOCSMASK(r1, 0x40104593, &(0x7f0000000040)={0x12, 0x1000, &(0x7f0000000340)="794b97322246216758e4aea3c7d8318f1f8f92ba2f8642036941b6644893f8b9d3b5a149c9f384ba1c1de09c0e913ac83ecd68115bd57aaaac6551a2790328e6e59bbb6918ff539fc4419acf53955adb3375aa2dc8e36ff3e1195edb7da60750c973aae69f4c11bfb28944dfa7ced84f9f2cb18b6b5b8136212d40bfb400410522704f72a769969fe999240b3eaabc31951a8d3bf1acdb20cf4fab59571de87acb8fdb85f8cd2a07b731e7427bab8bb2fa5bc4f51b8db1cff0afb64dd0a3a4eeaf3f0534a6154230855c858f99412c62ad5c57cf7fd06401f133c9c3ae34be44c4750e8011311e1fa3deb36f78bdf2856785f533caf88a92e778d82e07b620877ef6a570c288e45b5bed0cd57fe21b8b8c33f558b8200a98437720eec66e42916b38852530bd36732d748ffdaa48021aac53a582dd330fe1847952a049475c1886dcb51372304971a235da47a6f0dfee4a14140fd4e82a9a027f890b9e19ca149325a53bffb5c7c2fb981bd9637c94d0e79cadb8236ce74407289b4b011f495ce572c878bfbff06e437f957f703fda9ee34cce68d9a4eddc680f013747213db7b0967af9c37fdae28756aabafd4a2760ec84c028a852cc5d7bec0b531a574bc9eae55e607d71cd163c0b49f6f1a914d1e8793d36c2b1fa79fdfae727de7eb3876ed9b23a92538a09f5cc06b4331f24fa9e39724f3c6f04c4e8576842e657b766f7cd2475b7da8a3978008babc377a034b4c9399075d0beafb4e8802e9a53e98c1a4fa10a6cec65f6141cdaa439c39cd240d11ec51ffb431c7e75979fd905cf12f763f34d2b60a7c65faa1076b6b2fcdb68c0bb387147430609e9e335ee51e4583ae1473755f64f837fb12251e4d0a9e9a326e0d5c142b93104b1fc646d5c35678688e576aca7260462e8c4a9dd3ce787294d83234e39699cd494220e829825bf399fb5e7672c43b21d02df55cda1fc702c5bc443dc3273bbfbe6312760049bf0d4966a5f75ba127fe6c0cbb321f3a6ebf59c70c9bbffa7ef447dcafef733ae374238ebe5a05950e413220625d29ab049a2fc15a3e76e745a58a1255ed11c99ef8a7abf6b1d6776bcf5cf9ae3ed7109b1c2bbc23f0268aa7be82f4d5c4e68654f73bafee0a5b700440b39771a70c6b696e8721f21dad0ed572adde089d9f70760484f522ff63d1be7fb31e40f5dcc8a3697ed96bd46b5f28f3f38d9172cd7397ad20e307dc056a29ef315bf62170add718c2f39ff57608e93faa09fe9c026611522294b1093f8b5e7a594afa7ac6f76e1bb2b0bc3aabc89ab7eb4890df13a546d63df61f55498ab0bd2aedcc9ff61876fd34dae8acf91c74531a70e7e6f97b59096d297c3f9a4f56e5417bf95a3f5d5828d814f8dcc5dfe1aa7820cccd26b508b5dbd152f88ac6eeb6fd9fc3a3dd1d1918410a0c5898e35b9f414594d460f5161e01df5d823c150fcb0025b23a9f87c85734ba267bee9c4f2a80122b43b393bf496201c40b0d07ee68631263e0563394ec8b1f0c091a031fe3ff3605599244e25709badb17465d9e224319114a9fdf2a69abb9e8f9ffb01033f6373ca6614328104bc634d97d0ef6b8fcbe39c8fcc0bed440c9ea54e7f06578773445ab60196f8c02d39a5ebbd57a2b0d544d8ad5cf8a2e641ee6b0cd715345c3c3489ad7c816e44ae7836235283e8568f2b40bfed15bd2e1f17d23c979eb4f5b5e3cb1ae3bac1501a8504801f1546f654f8f34e188159b676a85906b2d5fa20517b2cf1d95d5b0a72f8fb35f36260026b2ce909baf279d8e0e16369f249428091e87fd363900b303af707f1cc4053bcd46927ef437f7dbca460d20b967d4ce2e22abb2744e9511cddaa1821d069abb273b444a7e124309007ead83f58bfc36351301d72b49b7b86b496911ae1854420451833f0496df021863f941fe9bf3283498f633042ec7d205a26bcf616b7f7d2d947613c70c6f43dc6fb66b5414cd79adc273204f51b7ea742ec445d4fc31190ff8eb5206c987f6ae04e1476d9158280905f1ed0b4bd41f23971e5a927bf1065404b915537b2195bdb6cbeec16e2c2202fa75717f968e8cb5e9dd829df3691cab417fbd5f75446f08a1adc640eb210e6963db819b02da48302863b51bb997a8fcff9289c67bb18861636a3b7bf9ee0158c791d235d2856593ad636fb15fd1bf15d5be7e15ad36459dfc4c799b91272fbca52d8bea5d3154f536859760105d163a277ceb0fcc776d26b6b777620eb102dbf4087aff76c81eda6377284ad442e9c608b6eef4446208b2679201f509b7a597a935f4241aa4d0d175f625670e56f35df6c395badc75fc8c3c2e4a5bb0960f9f58d829a77645d155a06ac363428d209c01b2d963d43e43098037de58e4d0204f15527d96f91091b1891c3794fbc39b311a5081bc35b57fc91c811e0ab2bff74d90ab2a687b9b7d6bf28048fdb81718e04cc362423e6acf46a04eb572f36bd050f0ecdfd6cf015742a30069abcb063e52b6eea15125214e5716e921367f0f5b7c458a6a41ed600c7ff4c59f63aa8f57040cc380b391a5676710c13ce99caf3d1d52875cb9b1b237fdee344e6af0009c6f4bea0f140fe898cf8ac6e0c4cfc2522dfcf69a70d58d1e9cb66a16ad881ee7c59a84941a2714562ce09a165cef0c4c084df5fd17f4f765a832e6bed60a4574fc3a182a2c2bf67f26ee96bf9d3bcc7515f9a947d45fee43d72dce3b50f67bcd4ae3a3563bea7f564ff324605f5f78b233ade8de132b9c999c62a1d5f6bd36e481d244571475fb28f5aacb1ac388140834374d54b08407cb1234dbf2797a3fdd8bb3a47226c7cf77dd125de46dbb31c4eb637d02b40a28eeee0af613a1b41c7bc93c42f3a96ec5af5c33ea6e0af3e30f345493f9fd253444d565617bad37755360355adde573832db33be396fd8fdc8251798e4317321e6b5134936f3042b95a7e9d1fe6d20e20cae9abb485299bfe79f04acd7501fe4818c1234fe2aa5c78bf41c076bd16326dee81f6f1e6009b9977af577cba769f8cb7f380405b663e9e1221b6cc1b9a4e4a9561e4ac825ffd29f22a19c602775d70fba5ac7606cfea51f69c92d4b9144bbd14fa9ea5204a01f947b1435e92dd040959b9c72b7f3492394ecafa8cdd2275245f013e74a6dfae62ce8db7c66861b946dc9eebd032192a8b61ff07cd083136808407408f27a31f79cf3663ed5be86c99251847e5b136eaebddd69e3ce0e6f24d226f25e94f0881e46b811bb9e9ecb9f07738786b7f59ce8f242994e6502fb2a50d5166736c3e5d2ec2f41b5fc35980e0ef104384d14f1498bcdf14dbd0718201650b9ffa16529c230a4b6b7cf6a5d355636dea0550403fca4120eefc2eaa334caf3faa547651a9b7e4f4cc2ac89a763edde3579655908fe29d8462e8205c2bf6e3c8c4bd29e8156bbb74a91375dd4c863873963317725099993e0428da126ff630767c9d4ac6923c8ff3832d559e916a59db64a542b868e9cee235e778b9f16a263a43dd785e30ee419cc0e794d229eacc81e7ed4aa125235f08a5e1f28458287dbb35ab6d6dd59fa16b984fa1581f7a67b1c58bd02e1edcb4a2d9ca294657c2e9184ca83510afad2f7bcf7c501c738be99510fbd00c3f66663dd572ce5fe7e2e611f3833f077dc6c35b76f996e4277dc7322d58fce67e3aaa86988d868b28f8ce016e37e29c80e974205c279fda9a60ff7001b3abda6f17fc469e6f16556b82b19748481054334f0ea5c4e8f953ee882214a125f1add70d281a5faa003c1d93f219c6ee93d56d12341712b5ff627a8748286c23ed7ca16fea48948ff573fe176fe4381b5ca360ca99e40b893ad86a88b763b66f37a73f418e407a404387fc8ffc50cd5ab5de51d099165ef06e1846a96da68a9f43a6fc530ff858dc81e32cbf4cb13e7a3d47db175d78cea869400553de2a313c7b47cfdc3c34305153fd1534650656f5c5e217669e08017ca73d4fa17cb043bbecd759fe6829f89c9ed530c29d1809b7db7e6f0de42e044de487a6c481d1e2359c5982efb5cb187f2acd64bb8507b1550c1c603d611e63f465f3244e1105e72f6ecd885eb0125d3d1e8227bcd0155940cc2dbecaa91800784bd045d2bb3a02c7a1dee36778938c1508abf8ebe988980d645ecc99f1337a12f3812d0ca4459e983db87e29f158e2e3278163df92e8227286899fabbb45b58b25c8d9617549e9886b9c7db1eb78d02a237e1509b851c82cb0e16f24465a6b32dab9c6da6343e712eb45c0ff650bfe8f4c8a1f2a723263b4876902a7d7a90bcea9de695532e2e455ec9dd174455191a8cac94645ca5ab78bf30d844fcfcf6185eff5576f0fd9bb99be3edbd658d3ff7a26989765ebc09dbc0a2db59b8b39119d7eb8b00d5475054468f0a1be069a0ff6c23ca0148fb77d5fa371f9244b5e1ab9d74a37cc6d5a8391732af924e04ad89d3acdb61d665dbe2c301e7aa7ca8f8ebd49921e0141e111295d0b9415087e8acec823b32bf4bebd41cf2fa5a6b2ef8d12f93029c02e16e194f3d289771099b0f0ae1c89eb0e127d7134be91e24a4d8082bdb1e2634f94abce5cf5919bf249b4dbd0915b9b08cd9209ecaeeb7c57b051c98e11f6371e5987c9da97ee874e96047b6ef84db8e42a228af84858050677b1fde1b7016752de66513128c8fcf06c38f142a7e5c9396afe40f95d586b5850eadc712541fdb970b9ff23324f12803a0fa51dec7553cfcd246178000f64fca7c45d927d42051c766fd1630680c593d40593709b780cbe92ff428c4407ff26d5426946d7908e3eb0f3e8a7634e25688baf7ea6ec7eacc2b44059739a91873cf1b77fca7a7f32cdaa19ab039a0ce2d1b32c2d828a64ab194ba8eca7bc0988430cbc6f466ef8450de6f459ab421f6b61db6eb7e06dfbaed7df6bfda1640ffa85848e16e3d26a9af0f531ec4ebd0d51f4a78a9f04e57ec28898e567fc0bc03aa3f2c1f0ac167416c51b8543d8c006541fe3d56a7586fddfcfa666ec18a721dfbab8b8f7fc9bf4e20e72c260336672496df95ad97f5596a44f7550ecead0d48442a5e76eca2c195b1322f369ed770f43e4288b1e5a962f0a5f71ad7ad08256957cfb7cea6ed4b6d897a6e00fa748ff7470eb2710d7a197b437803af74a75ae587e9fa2bf61d9f0aaefa2e8dbd06db85d40c88e0d328d2d5ad8e63cf6e63bb31de4da019f640e5b7e867e5dfe885f70ea5b2c6bee1861e06b035b6623c8c925981be3409ae64287b9202e9001ed497a101243038eabf68377fc8b3697dba4765ab98c8545f2283a58f95b60ef189a88f0355e11b8e4a9efc0f8af1171fac964c7d18364d42122e6b0a399c232639020c8b93ec19a246f4268d5826d44738e66b943ad06ceaa9f471be6a13b6abea21e42796bb96714767703047bf3f71ec558cc96ee7c189b61b8e638fb43ade27c6cd6ddf781b7f025b72218b52cd008c8f366f445f2092040cd4d63d73b8802bf09953b7166ebe2ac9d9b02ca31d8580f5e05ec22e918d7e908fa92add16c2003629ec4a790f56747a33a15ede3e22928d900be3ba4ff22748ad6db92d56029354e3347f47f2f8be9521b4baaefd60e97c46d922f89fe5b5a66fcd1733cc92a498eb96c2176b1365e4f465c1f612c45f538a0f554bc5a663c84b238f063edfb19c9dee668fb3c3260d50d1d49b4e489aa21c5e1fcdddc2353dcbd7b024a250c07ac368afdb0e75e85de000c5c7669fe7d1863d5659e18091ca4405fc9ec089682e9d884a254e73c964e1efb529eeccece9ca3d6f7829d398f1167f"}) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r2, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r4 = socket$inet6(0xa, 0x5, 0xffffff80) socket$inet6_icmp(0xa, 0x2, 0x3a) recvmmsg(r4, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f0000000500), 0x37d, 0x0) [ 2104.834367][ T8383] usb 2-1: USB disconnect, device number 2 04:06:20 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x102000}], 0x1, 0x0) pipe(0x0) 04:06:20 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xcc000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) [ 2104.898633][ T8383] gtco 2-1:0.219: gtco driver disconnected 04:06:21 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x76000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:06:21 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000003c0)='./file0\x00', 0xc0202, 0x131) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000280)=[{&(0x7f0000000180)=""/103, 0x67}, {&(0x7f0000000100)=""/64, 0x40}, {&(0x7f0000000200)=""/80, 0x50}], 0x3, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCGLCKTRMIOS(r2, 0x5456, &(0x7f0000000080)={0x4, 0x80000001, 0x4, 0x4, 0x1b, "872b2302e8ee6b10f290e297b82aa9d52531f2"}) pivot_root(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00') r3 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r3, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') prctl$PR_GET_TSC(0x19, &(0x7f0000000040)) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) 04:06:21 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NLBL_CALIPSO_C_REMOVE(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="475a01000000382019375d7219f052e0ea57ddab48ea45d09c46", @ANYRES16, @ANYBLOB="200027bd7000fddbdf250200000008000200020000000800010003000000"], 0x24}, 0x1, 0x0, 0x0, 0x4008004}, 0x0) sendmsg$NLBL_CALIPSO_C_LISTALL(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, 0x0, 0x500, 0x70bd2b, 0x25dfdbfc, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x20000000) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:06:21 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) io_uring_register$IORING_UNREGISTER_EVENTFD(0xffffffffffffffff, 0x5, 0x0, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:06:21 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x103000}], 0x1, 0x0) pipe(0x0) 04:06:21 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x63000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) [ 2106.029546][T17541] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2106.068015][T17541] CPU: 1 PID: 17541 Comm: syz-executor.5 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2106.078268][T17541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2106.088315][T17541] Call Trace: [ 2106.091611][T17541] dump_stack+0x14a/0x1ce [ 2106.095933][T17541] ? devkmsg_release+0x11c/0x11c [ 2106.100866][T17541] ? show_regs_print_info+0x12/0x12 [ 2106.106057][T17541] ? radix_tree_cpu_dead+0x160/0x160 [ 2106.111330][T17541] ? _raw_spin_lock+0xa1/0x170 [ 2106.116083][T17541] ? _raw_spin_trylock_bh+0x190/0x190 [ 2106.121448][T17541] dump_header+0xdb/0x700 [ 2106.125771][T17541] oom_kill_process+0xd3/0x280 [ 2106.130527][T17541] out_of_memory+0x5b6/0x890 [ 2106.135110][T17541] ? unregister_oom_notifier+0x20/0x20 [ 2106.140573][T17541] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2106.146112][T17541] ? __zone_watermark_ok+0x91/0x280 [ 2106.151311][T17541] ? get_page_from_freelist+0x7c0/0x7c0 [ 2106.156881][T17541] ? __zone_watermark_ok+0x91/0x280 [ 2106.162249][T17541] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2106.167879][T17541] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2106.173415][T17541] ? copy_process+0x5a4/0x5110 [ 2106.178171][T17541] ? copy_process+0x5a4/0x5110 [ 2106.182928][T17541] ? kmem_cache_alloc+0x1d5/0x260 [ 2106.187950][T17541] copy_process+0x5f3/0x5110 [ 2106.192540][T17541] ? get_mem_cgroup_from_mm+0x27b/0x2c0 [ 2106.198081][T17541] ? _raw_spin_lock+0xa1/0x170 [ 2106.202926][T17541] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2106.208726][T17541] ? fork_idle+0x290/0x290 [ 2106.213137][T17541] ? _raw_spin_unlock+0x5/0x20 [ 2106.217896][T17541] ? handle_mm_fault+0xb16/0x40a0 [ 2106.222930][T17541] _do_fork+0x196/0x920 [ 2106.227083][T17541] ? dup_mm+0x300/0x300 [ 2106.231238][T17541] ? do_mmap+0x9ad/0x1060 [ 2106.235573][T17541] __x64_sys_clone+0x25f/0x2c0 [ 2106.240344][T17541] ? __ia32_sys_vfork+0x110/0x110 [ 2106.245489][T17541] ? do_user_addr_fault+0x55c/0x9f0 [ 2106.250683][T17541] do_syscall_64+0xcb/0x150 [ 2106.255179][T17541] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2106.261065][T17541] RIP: 0033:0x45f1f9 [ 2106.264949][T17541] Code: ff 48 85 f6 0f 84 37 8d fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 0e 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2106.284670][T17541] RSP: 002b:00007ffce0d0df68 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2106.293065][T17541] RAX: ffffffffffffffda RBX: 00007f9080003700 RCX: 000000000045f1f9 [ 2106.301023][T17541] RDX: 00007f90800039d0 RSI: 00007f9080002db0 RDI: 00000000003d0f00 [ 2106.308980][T17541] RBP: 00007ffce0d0e190 R08: 00007f9080003700 R09: 00007f9080003700 [ 2106.316932][T17541] R10: 00007f90800039d0 R11: 0000000000000202 R12: 0000000000000000 [ 2106.324896][T17541] R13: 00007ffce0d0e01f R14: 00007f90800039c0 R15: 000000000078c18c [ 2106.377546][T17541] Mem-Info: [ 2106.381277][T17541] active_anon:1390154 inactive_anon:17088 isolated_anon:0 [ 2106.381277][T17541] active_file:795 inactive_file:1103 isolated_file:32 [ 2106.381277][T17541] unevictable:0 dirty:78 writeback:5 unstable:0 [ 2106.381277][T17541] slab_reclaimable:8512 slab_unreclaimable:77852 [ 2106.381277][T17541] mapped:63136 shmem:17095 pagetables:42870 bounce:0 [ 2106.381277][T17541] free:11735 free_pcp:353 free_cma:0 [ 2106.444507][T17541] Node 0 active_anon:5562016kB inactive_anon:68352kB active_file:2836kB inactive_file:2900kB unevictable:0kB isolated(anon):0kB isolated(file):280kB mapped:251144kB dirty:312kB writeback:20kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2106.476907][T17541] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2106.518670][T17541] lowmem_reserve[]: 0 2912 6416 6416 [ 2106.525068][T17541] DMA32 free:27364kB min:20548kB low:23528kB high:26508kB active_anon:2728388kB inactive_anon:8904kB active_file:516kB inactive_file:1344kB unevictable:0kB writepending:52kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:22624kB pagetables:53828kB bounce:0kB free_pcp:416kB local_pcp:92kB free_cma:0kB [ 2106.556625][T17541] lowmem_reserve[]: 0 0 3504 3504 [ 2106.568321][T17541] Normal free:3988kB min:5592kB low:9180kB high:12768kB active_anon:2832144kB inactive_anon:59448kB active_file:2440kB inactive_file:1280kB unevictable:0kB writepending:280kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30752kB pagetables:117652kB bounce:0kB free_pcp:1112kB local_pcp:300kB free_cma:0kB [ 2106.647832][T17541] lowmem_reserve[]: 0 0 0 0 [ 2106.652803][T17541] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2106.666842][T17541] DMA32: 1283*4kB (UMH) 941*8kB (UMH) 262*16kB (UMH) 345*32kB (UMH) 2*64kB (H) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 28148kB [ 2106.682278][T17541] Normal: 122*4kB (UME) 48*8kB (UME) 26*16kB (UM) 85*32kB (UM) 5*64kB (M) 2*128kB (M) 0*256kB 1*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 5096kB [ 2106.697648][T17541] 18006 total pagecache pages [ 2106.707461][T17541] 0 pages in swap cache [ 2106.712199][T17541] Swap cache stats: add 0, delete 0, find 0/0 [ 2106.719306][T17541] Free swap = 0kB [ 2106.723482][T17541] Total swap = 0kB [ 2106.727715][T17541] 1965979 pages RAM [ 2106.731959][T17541] 0 pages HighMem/MovableOnly [ 2106.737036][T17541] 318830 pages reserved [ 2106.741612][T17541] 0 pages cma reserved [ 2106.746050][T17541] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.3,pid=18247,uid=0 [ 2106.763984][T17541] Out of memory: Killed process 18247 (syz-executor.3) total-vm:75756kB, anon-rss:14244kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000 04:06:22 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x77000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:06:22 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x104000}], 0x1, 0x0) pipe(0x0) 04:06:22 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r2, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) setsockopt$SO_TIMESTAMP(r2, 0x1, 0x0, &(0x7f0000000080)=0x3, 0x4) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r3, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x511500, 0x0) 04:06:22 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0xfe, 0x8001, 0x72, 0x0, 0x0, 0x4, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_config_ext, 0x0, 0x1, 0x2, 0x0, 0x802}, 0x0, 0x0, 0xffffffffffffffff, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) write(0xffffffffffffffff, &(0x7f00000002c0)="7b5da807c7875c155716a29f2cb4146db1a22f7d6bc3e3e713154ddcb4d6f78e6c7b1f1b8e27e0227324ea99921c9d8c54513ea4fb4cb928da6629852a32d95866cd9c6675fae37a0083c4e92a4480b3806e5a13639bc8a9acd8c66050455fb86d287e10", 0x64) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:06:22 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xcd000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:06:22 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x63000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) [ 2107.496384][T17599] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2107.534228][T17599] CPU: 1 PID: 17599 Comm: syz-executor.3 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2107.544506][T17599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2107.554773][T17599] Call Trace: [ 2107.558062][T17599] dump_stack+0x14a/0x1ce [ 2107.562505][T17599] ? devkmsg_release+0x11c/0x11c [ 2107.567443][T17599] ? show_regs_print_info+0x12/0x12 [ 2107.572617][T17599] ? radix_tree_cpu_dead+0x160/0x160 [ 2107.577881][T17599] ? _raw_spin_lock+0xa1/0x170 [ 2107.582878][T17599] ? _raw_spin_trylock_bh+0x190/0x190 [ 2107.588239][T17599] dump_header+0xdb/0x700 [ 2107.592567][T17599] oom_kill_process+0xd3/0x280 [ 2107.597329][T17599] out_of_memory+0x5b6/0x890 [ 2107.602013][T17599] ? unregister_oom_notifier+0x20/0x20 [ 2107.607450][T17599] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2107.613174][T17599] ? unwind_get_return_address+0x48/0x90 [ 2107.618803][T17599] ? get_page_from_freelist+0x7c0/0x7c0 [ 2107.624320][T17599] ? __zone_watermark_ok+0x91/0x280 [ 2107.629585][T17599] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2107.634930][T17599] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2107.640453][T17599] ? copy_process+0x5a4/0x5110 [ 2107.645207][T17599] ? copy_process+0x5a4/0x5110 [ 2107.651597][T17599] ? kmem_cache_alloc+0x1d5/0x260 [ 2107.656593][T17599] copy_process+0x5f3/0x5110 [ 2107.661165][T17599] ? get_mem_cgroup_from_mm+0x27b/0x2c0 [ 2107.666771][T17599] ? _raw_spin_lock+0xa1/0x170 [ 2107.671535][T17599] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2107.677323][T17599] ? fork_idle+0x290/0x290 [ 2107.681726][T17599] ? _raw_spin_unlock+0x5/0x20 [ 2107.686481][T17599] ? handle_mm_fault+0xb16/0x40a0 [ 2107.691478][T17599] _do_fork+0x196/0x920 [ 2107.695608][T17599] ? dup_mm+0x300/0x300 [ 2107.699735][T17599] ? do_mmap+0x9ad/0x1060 [ 2107.704130][T17599] __x64_sys_clone+0x25f/0x2c0 [ 2107.708874][T17599] ? __ia32_sys_vfork+0x110/0x110 [ 2107.713883][T17599] ? do_user_addr_fault+0x55c/0x9f0 [ 2107.719063][T17599] do_syscall_64+0xcb/0x150 [ 2107.723593][T17599] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2107.729927][T17599] RIP: 0033:0x45f1f9 [ 2107.733806][T17599] Code: ff 48 85 f6 0f 84 37 8d fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 0e 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2107.753530][T17599] RSP: 002b:00007ffcb99f8438 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2107.761928][T17599] RAX: ffffffffffffffda RBX: 00007f77fb306700 RCX: 000000000045f1f9 [ 2107.769953][T17599] RDX: 00007f77fb3069d0 RSI: 00007f77fb305db0 RDI: 00000000003d0f00 [ 2107.777908][T17599] RBP: 00007ffcb99f8660 R08: 00007f77fb306700 R09: 00007f77fb306700 [ 2107.785909][T17599] R10: 00007f77fb3069d0 R11: 0000000000000202 R12: 0000000000000000 [ 2107.793870][T17599] R13: 00007ffcb99f84ef R14: 00007f77fb3069c0 R15: 000000000078bfac [ 2107.867310][T17599] Mem-Info: [ 2107.870526][T17599] active_anon:1390431 inactive_anon:17088 isolated_anon:0 [ 2107.870526][T17599] active_file:230 inactive_file:262 isolated_file:32 [ 2107.870526][T17599] unevictable:0 dirty:19 writeback:18 unstable:0 [ 2107.870526][T17599] slab_reclaimable:8515 slab_unreclaimable:77782 [ 2107.870526][T17599] mapped:61963 shmem:17095 pagetables:42912 bounce:0 [ 2107.870526][T17599] free:13123 free_pcp:0 free_cma:0 [ 2107.914613][T17599] Node 0 active_anon:5561796kB inactive_anon:68352kB active_file:856kB inactive_file:940kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:247768kB dirty:72kB writeback:76kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2107.939018][T17599] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2107.965135][T17599] lowmem_reserve[]: 0 2912 6416 6416 [ 2107.970485][T17599] DMA32 free:29496kB min:20548kB low:23528kB high:26508kB active_anon:2728640kB inactive_anon:8904kB active_file:680kB inactive_file:468kB unevictable:0kB writepending:144kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:22176kB pagetables:53992kB bounce:0kB free_pcp:28kB local_pcp:0kB free_cma:0kB [ 2108.000901][T17599] lowmem_reserve[]: 0 0 3504 3504 [ 2108.012449][T17599] Normal free:7492kB min:9688kB low:13276kB high:16864kB active_anon:2832964kB inactive_anon:59448kB active_file:1044kB inactive_file:784kB unevictable:0kB writepending:204kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30656kB pagetables:117660kB bounce:0kB free_pcp:56kB local_pcp:56kB free_cma:0kB [ 2108.080412][T17599] lowmem_reserve[]: 0 0 0 0 [ 2108.091142][T17599] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2108.104990][T17599] DMA32: 554*4kB (UMEH) 1159*8kB (UMEH) 336*16kB (UMEH) 378*32kB (UMEH) 11*64kB (UMH) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 29792kB [ 2108.126747][T17599] Normal: 95*4kB (UME) 37*8kB (UME) 50*16kB (UM) 146*32kB (UM) 16*64kB (UM) 5*128kB (UM) 1*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8068kB [ 2108.142137][T17599] 17431 total pagecache pages [ 2108.147351][T17599] 0 pages in swap cache [ 2108.152766][T17599] Swap cache stats: add 0, delete 0, find 0/0 [ 2108.167030][T17599] Free swap = 0kB [ 2108.177027][T17599] Total swap = 0kB [ 2108.185858][T17599] 1965979 pages RAM [ 2108.194726][T17599] 0 pages HighMem/MovableOnly [ 2108.207153][T17599] 318830 pages reserved [ 2108.216439][T17599] 0 pages cma reserved [ 2108.226814][T17599] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=17584,uid=0 [ 2108.241601][T17599] Out of memory: Killed process 17584 (syz-executor.0) total-vm:75756kB, anon-rss:15040kB, file-rss:35080kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 2108.263285][ T23] oom_reaper: reaped process 17584 (syz-executor.0), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 04:06:24 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x105000}], 0x1, 0x0) pipe(0x0) [ 2108.432108][ T204] systemd-journal invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=0 [ 2108.527482][ T204] CPU: 1 PID: 204 Comm: systemd-journal Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2108.537849][ T204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2108.547895][ T204] Call Trace: [ 2108.551183][ T204] dump_stack+0x14a/0x1ce [ 2108.555506][ T204] ? devkmsg_release+0x11c/0x11c [ 2108.560435][ T204] ? show_regs_print_info+0x12/0x12 [ 2108.565626][ T204] ? radix_tree_cpu_dead+0x160/0x160 [ 2108.570900][ T204] ? _raw_spin_lock+0xa1/0x170 [ 2108.575654][ T204] ? _raw_spin_trylock_bh+0x190/0x190 [ 2108.582317][ T204] dump_header+0xdb/0x700 [ 2108.586643][ T204] oom_kill_process+0xd3/0x280 [ 2108.591420][ T204] out_of_memory+0x5b6/0x890 [ 2108.596001][ T204] ? unregister_oom_notifier+0x20/0x20 [ 2108.601464][ T204] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2108.606987][ T204] ? get_page_from_freelist+0x7c0/0x7c0 [ 2108.612526][ T204] ? __zone_watermark_ok+0x91/0x280 [ 2108.617703][ T204] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2108.623049][ T204] ? __kasan_kmalloc+0x12c/0x1c0 [ 2108.627957][ T204] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2108.633473][ T204] alloc_slab_page+0x3a/0x3a0 [ 2108.638124][ T204] new_slab+0x408/0x450 [ 2108.642252][ T204] ? should_fail+0x18e/0x860 [ 2108.646814][ T204] ___slab_alloc+0x2e0/0x450 [ 2108.651395][ T204] ? getname_flags+0xb8/0x610 [ 2108.656044][ T204] ? getname_flags+0xb8/0x610 [ 2108.660693][ T204] kmem_cache_alloc+0x23f/0x260 [ 2108.665516][ T204] getname_flags+0xb8/0x610 [ 2108.669992][ T204] ? security_prepare_creds+0x197/0x220 [ 2108.675529][ T204] user_path_at_empty+0x28/0x50 [ 2108.680351][ T204] do_faccessat+0x306/0x800 [ 2108.684827][ T204] ? __ia32_sys_fallocate+0x100/0x100 [ 2108.690170][ T204] do_syscall_64+0xcb/0x150 [ 2108.694645][ T204] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2108.700509][ T204] RIP: 0033:0x7fbb5d4e19c7 [ 2108.704899][ T204] Code: 83 c4 08 48 3d 01 f0 ff ff 73 01 c3 48 8b 0d c8 d4 2b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 b8 15 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d a1 d4 2b 00 f7 d8 64 89 01 48 [ 2108.724474][ T204] RSP: 002b:00007ffd7e9a9508 EFLAGS: 00000246 ORIG_RAX: 0000000000000015 [ 2108.732856][ T204] RAX: ffffffffffffffda RBX: 00007ffd7e9ac530 RCX: 00007fbb5d4e19c7 [ 2108.740800][ T204] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00005648273279a3 [ 2108.748745][ T204] RBP: 00007ffd7e9a9650 R08: 000056482731d3e5 R09: 0000000000000018 [ 2108.756694][ T204] R10: 0000000000000069 R11: 0000000000000246 R12: 0000000000000000 [ 2108.764637][ T204] R13: 0000000000000000 R14: 00005648291dd8c0 R15: 00007ffd7e9a9b40 04:06:24 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB="4b155f5d1e45f408ff988978247bb620a039a0ef34508954c943f3d2685fbda1690dae356f3c8c6ffb9ef7def0673dc01cd7dffcf36f9c9a24973e4e02165add6875db0423cc7c88f4b535e735cffe4a302f7591e4a72cdcda6a7d179f865a2f7406e3192300bda4062ab8b888b6b28671c7dcd1e32a978c60e1d7f65bbed3f99f80d270c7018c72ac939cd3cb888bc295e2c6ad26befc7c29f1822e000000000000000000c9cf98284d488f89a01f844deb25c8b13f08146e93d920e19ef95dfb5677e1c311848f9e2c605a17b4b864d8e8f17f20f446547edbf04630b6c65286672130fae57d96d2552577af1a18b5a121374d223c41bab4917d1c795954731a636d4a531c84373f2958e0c4839c0588e92c3775ce3efb81c4dcf24193c17d83de66c74349d1e1e8e5ad0bf267695ded0e1774d9c7927fc6260b83034c25bb5812d4f33c711f7a695eeb237a5ed0f13d6d86c676e356ecb733d3988608c9f44265efbb7b7b00"/374], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x0, 0x1}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) ioctl$TIOCSCTTY(0xffffffffffffffff, 0x540e, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x5}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0x0) [ 2108.858336][ T204] Mem-Info: [ 2108.878196][ T204] active_anon:1384335 inactive_anon:17088 isolated_anon:0 [ 2108.878196][ T204] active_file:857 inactive_file:1245 isolated_file:32 [ 2108.878196][ T204] unevictable:0 dirty:15 writeback:1 unstable:0 [ 2108.878196][ T204] slab_reclaimable:8515 slab_unreclaimable:77887 [ 2108.878196][ T204] mapped:63231 shmem:17095 pagetables:42923 bounce:0 [ 2108.878196][ T204] free:17413 free_pcp:265 free_cma:0 [ 2108.919235][ T204] Node 0 active_anon:5537540kB inactive_anon:68352kB active_file:3428kB inactive_file:4816kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:253024kB dirty:60kB writeback:4kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2108.977644][ T204] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2109.027606][ T204] lowmem_reserve[]: 0 2912 6416 6416 [ 2109.032996][ T204] DMA32 free:38560kB min:20548kB low:23528kB high:26508kB active_anon:2718560kB inactive_anon:8904kB active_file:204kB inactive_file:1220kB unevictable:0kB writepending:48kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:22464kB pagetables:54000kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2109.136251][ T204] lowmem_reserve[]: 0 0 3504 3504 [ 2109.155941][ T204] Normal free:16468kB min:9688kB low:13276kB high:16864kB active_anon:2819088kB inactive_anon:59448kB active_file:1292kB inactive_file:2096kB unevictable:0kB writepending:116kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30720kB pagetables:117692kB bounce:0kB free_pcp:2236kB local_pcp:840kB free_cma:0kB [ 2109.200493][ T204] lowmem_reserve[]: 0 0 0 0 [ 2109.205489][ T204] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2109.219372][ T204] DMA32: 2728*4kB (UMH) 1173*8kB (UMH) 336*16kB (UMH) 382*32kB (MH) 8*64kB (UMH) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 38536kB [ 2109.234867][ T204] Normal: 85*4kB (ME) 410*8kB (UME) 187*16kB (UM) 224*32kB (UM) 16*64kB (UM) 4*128kB (M) 0*256kB 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 15828kB [ 2109.250308][ T204] 18479 total pagecache pages [ 2109.255551][ T204] 0 pages in swap cache [ 2109.260309][ T204] Swap cache stats: add 0, delete 0, find 0/0 [ 2109.266961][ T204] Free swap = 0kB [ 2109.284902][ T204] Total swap = 0kB [ 2109.294878][ T204] 1965979 pages RAM [ 2109.303630][ T204] 0 pages HighMem/MovableOnly 04:06:25 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$SNDRV_TIMER_IOCTL_PAUSE(r0, 0x54a3) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r1, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) pipe(&(0x7f0000000300)={0xffffffffffffffff}) preadv(r2, &(0x7f0000000240), 0x6, 0x4) pipe(&(0x7f0000000100)={0xffffffffffffffff}) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r4 = socket$inet6(0xa, 0x3, 0x7) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f0000000500), 0x37d, 0x0) write$FUSE_LSEEK(r5, &(0x7f0000000040)={0x18, 0xfffffffffffffffe, 0x1, {0x2}}, 0x18) recvmmsg(r4, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r6 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r6, &(0x7f0000000500), 0x37d, 0x0) 04:06:25 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xce000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) [ 2109.324729][ T204] 318830 pages reserved [ 2109.340599][ T204] 0 pages cma reserved [ 2109.345270][ T204] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=10553,uid=0 [ 2109.433344][ T204] Out of memory: Killed process 10553 (syz-executor.0) total-vm:75756kB, anon-rss:14148kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 04:06:25 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6, 0x1, 0x400000000}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000002fc0)=[{{&(0x7f0000000a80)=@isdn, 0x80, 0x0}, 0x3}, {{0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000007380)=""/4104, 0x1008}, {&(0x7f0000000340)=""/122, 0x7a}, {&(0x7f0000000b00)=""/212, 0xd4}, {&(0x7f0000000740)=""/5, 0x5}], 0x4}, 0x4009840}, {{&(0x7f0000001240)=@nfc, 0x80, &(0x7f0000002940)=[{&(0x7f00000025c0)=""/147, 0x93}, {&(0x7f0000002680)=""/219, 0xdb}, {&(0x7f0000001080)=""/119, 0x77}, {&(0x7f0000000d40)=""/156, 0x9c}, {&(0x7f00000004c0)=""/106, 0x6a}], 0x5, &(0x7f00000029c0)=""/234, 0xea}}, {{&(0x7f0000002ac0)=@phonet, 0x80, &(0x7f0000002c40)=[{0x0}], 0x1, &(0x7f0000000c80)=""/185, 0xb9}, 0x5}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000002f00)=""/130, 0x82}}], 0x5, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x2000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x0) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f0000000100)={0x0, 0x5, 0x0, 0xffffffffffff7fbe}) sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)={0x14, 0x4, 0x1, 0x0, 0x0, 0x0, {0x0, 0x0, 0x3}, ["", ""]}, 0x14}}, 0x4048081) sendmsg$NL80211_CMD_SET_STATION(0xffffffffffffffff, &(0x7f0000003300)={0x0, 0x0, &(0x7f00000032c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="0000f4d569110000b97f5db202282292956d5c91f0a4acda116895523d7fff057be1651304a2548b60d331b03ab966241c48d75b415ada9c86130d1f3320e02daa5cf08a9162150151d92902ebe99fe4e32d9f8dad1d10e7eb01122242e8fcf1732be6c72a5622a98409302112d5e51aeee5551cf51279e324a5ce27188ab0c33454a74e2a14561c856b93b4807a48f73f5d5a3ff282d1826b0cb46c11eb6525c4f7d19849b20e6e041f25a2583bf15c7bd68f1400cbad2ddf44db7f8b4e2671195df1d464a07cfb02a7a03a20986e94d89e5c718fcb18968637b3ef9eb883e4fc4651fc36214209b7a7784e111a0c54ee8c5ec456ada15e5c1c5b3a5e376a4268c4750d866f81afcfb86b7171cc203d0ce89641c97a9ec401eab1c6c620e954a4714c9548fbb761d051c6cca24bcca025808f19c56500e34c5b345beff42401d07d2d53033ea27a4f44e98df195a45fee4d4f38d16a5041b1fc13b4a91ede2609e2977f514d3a8ed55b3fcbf3085dd106c1e9d4e9009be47f6265450d60a5e7381327df45ae9d389e4588b130628484a7ef036371bc62d6d4de0000000000000000000000e1821b30e670717df76ef23c946e8ceda7d2e3babf70439fdee8fe1b01ba17f2c1a6c4aee35e3a36838d5e6876aa4ad5d69564a1c4c0ec426be76bfbcd5d76bf1c9557a6e71fa59a4483cb4992e9d7d75253441b54f9dcc42a9c8479c65d796b584b333cb8e0a31af3a9b33ceef0003160c30c1ba2a837ce09c4f33afa8bd69058649cdaff179e37ae2cc6da1fcd7f91edc13eba4f0e52dcb3d300bad58d5c25fcff9e056ebd7f", @ANYPTR=&(0x7f0000003340)=ANY=[@ANYRES32=r1, @ANYBLOB="a4b1106406db80b7275fbf12e8c2d2f99358152b323d8fb48f47cc4a1236e4115ed9e9c9615f12e1e5dea3a3a530df802723d0d89c7344daa5738c67bcb47c04277adec6e2b98bdcb9879ad2e6a09a4ae947fb840f82007105d3d57ee47842d004c6cbbb91e6316416902dd5f2ecdab00ecd0f486e9ee307ba", @ANYRES16, @ANYPTR64, @ANYRESHEX, @ANYBLOB="653650c52f65c85ead26f3b7d7081e285c4aa1aaa6b5db39084ce2245a6a5f2e2f62797da92db2b9c2b4018661bf5e473fedc5ade07768b5b4500d6caf1268af8e42885d564de6c1dd50042cd206899d627ef7830d29f82f24451f5a9a591eec262164affc7578add14e692f915ae5cbf2678acfc56b2d17b0005aeebabcae4e28e34d71dff562fac35054405e512855adb4cc0f1c1b002862b1c3d3309320d409b4c95c5e6410463149b0f8219ebe51dfbf221e1b90db190e46e200a90277bd9afaf5dea47ee03b419357fae076434e798e11dde08680a01f76c25b491a5825006b348ead2f8308da976b8fa6c1de9db65b6a40c46a1ba64c2044abc1aa9a208edf45f295b3bf37fb9eefb0f8e4a6c5ff66667cc8b099eacd31bb1a18b669472fede8d71c87497455dc84813217dd738709e3908633d2a2bbe4b8f5e74df08546d53c7527f037d6ae534f7c4d99bfe9ebaf52de7c7c1f14dc9663b692eadce710883d15b0c77c73d88d5fbf8a5a94877927ae072c374fa2da14895ac3c6ad548b65b9974eae31aac0e19de29a194aa964a032b4c184d4a4ce26a6513161031b8b599c94ba471941ed648bb055a7e5e3a755e448758f966e4e4ff694f80f9f69dea11b37162cc49ca1153f0e8fee99060f44bdb26cb81ac533f94faab6b7bbf5053c2a3de609abb305bf20eb491a57ca1332a73589e5f6d21294f548528a8958e7b6967b3cb6a2d844dac5492910eeba455495dbd1a787d3400d1a9e4a6476abae169d6666ca8498263a71cf6a429606e475402e79a01b1434cc100213da4c4a13366e4f6818bb977e2c818defb1fbd2233207373c8e7122ee6aea3cebb0ab25203b75824445dbcd3bcf4d3bbfb0133831b132e4ca8b0084bfbab2ba2aea89c4e9f2a55835dff11156dc9beb1a220dec415012990fb664e6fbcd4e4cf403c9d9ebecfe8802a746b1f5d3537957bbfe659982dcaabdb2763d860dbf260973940c050c05e0beee3c67bcb77e87efdddb92d16971e0a24343759cfc03f9ca3d3dc1e95db69ca7ceb3dd15873aaefcde0c69a9d14b4659e6310d65c993517e6aee617edc8f0699992b281bc28c16e710db69180ad5b20b17cfb11e26da6f4ca0ce89b53a323a5ab2e2c9669808fa148eb2ef39bff47dece66aa40ee996bbeac36896711904ed5efda8f5ab9f5cb7c4f17703a57e7732b983be07b8c2d843378ad18ab268259ceafcc56dc1de1be2219276aa8b86b83e32dd2fa8fef6ea65f128f8432619894f6b14005661443ce4d2075e11cecc832b8c0781acf60fd183390aa754c17ec5398a468d12394a4a9be6b3ecb4883ecb7a0422bc2247588ae56334a20feed7988c7139260000e6cc49819efa0d33b31432180d91177b4611424e9c3167f78a00bf8fd4ee035639de9e1315e6a1621b1177217c738104bcd96b0ffff997c24565058d72271f72f079e8f8634e95b7632505952f077a77115684268679ba0a3441ebdfd0b371c75d346a5ee5a7ddcd72ec9ef2747716c3b643beb2d083b82b64fdda86989a70642fd4e0d5428d7bc9194e8dd354cfba89a1e8ae414e4a5fb93cf9b3e85c5c03e27d0c0254264516de4743f74472cf067adc7c6646973e25c128ec1e08b77656e370c654a8872fddb9674803ef8629342372464fbe1e5171473c1beb44479fffd9789cc13434ddca86c8b502c8fc697b7c2487354c92d90cf0fec010bfdfeff8f195944996776dd3c120bb631872bee5097da1f6340b62e300d90b49110a1fe8f317312b645b8873b70a241076f3bae9d1a486d2a1ddeed28e60a4131f672d6854573530260e65931a9fef23b804b0ae2d3217825b8c6f53a2bc44e3f3d297c431f699456202194b237c14e32f2245506dca57ffa79ba7903b840e946da5528d9efd643f9cbe392d8a77ab57c1b8a6ff39f780524ac4a30c58581fe726ff7cea7d16b7cfbe1db762698eef05cab80d7a29bced58a322affa5111819da9273c369e82d690f4f98778e4b6a5d905735c853f792cb018101ea1f6bd55a600987bd5d47f290a413621f6f0bf6fd56f024f57c2b2bbd44b06be8f32ac65a0ff8d692b599706a8c8c33d6493a93cf2edee88eeeedcfb86728eba93ed4b6f267818c92029456173fe921c31b08304975192b715f7c59a6a360baf4af27d44ae560305f4341b406d868e9277105adaa835dc8975c1de3d9964c91d536bb32c615ddf547a94fa7c992155990800000000000000130a4338e7e2946911d6243ba3b81e269c8a4b696b158e3d09ac4cfc3010e12757497769743f9656fc72ef7d39c9e8d819f0b3df79b698595a707e5db4172e79f4fcd39add5538d7c296aa7aced57e29d4d85e274b3e4a007d6d3eb07412213dffece141896177b2b3dce2902c729fe4c0b4135a02f2a58ce7ba444b28fbcf530576bc2e6a598b95db32ea735731cc0631d5ceb410fa901d9dd776a3a913ce94e307d5fd4d3f06e8fe8d7fc745aa64456c5fb530a30ea16c74fa354e5fada14dec92709520914f04646ecb6f48dff092918e9486ce9f14d63613a8800cabc07e8218bc518dff5f9b8375d16a9a8825d47b0a5528d310d29cde74261645d41bc45df735f1b0a484399a7c12ff0067106ddd2a3c6f9d436b08201cfa34b2967308f741101d0b480461cb6950601b973e497cae7ea89082a42a719c6213353e7996054b07363b0525ebfc17b4625186aef2aaea9519fddf6f84fb3eab8eaaf01bce969f305ecee6e5db3b017cd21d1964aedbfd5121de479ba43c2a883952e5189e1db83566a4c696b2e53fd92c722802b9d01b2d8bed8710eefe6a22ef3e103f472feec2275732a98b6eae58134cd04f043366dd66f247c77ecdb53359cdb906e984e68c6649b42c4262314fdc4ef82877216cbb7bd656b345f423dda1df4b2e4754434968d2d55ea409e278497f9a14ebd81a1f641a503cc42e2cb2c358891114c35706db9a62cb658a29e44d8e5e9e3ceea359a8ef42c0b5e91d81aa50921e2664a2c4a6a5a8f2b5fb9d60a98bb59c673d13817ea399da7b722644f996f721b40b5bec170d59a0f89524c8c4701492f42bffc7a057919fc9f2b2061153d670c2fdee227dfb9248805a207a4f46c816b759e2099b735d23ef8888fdace3ff41bcf85366c660749d97172ca7c2033abd318ed197ae1d3d20f022639c8e43a0a16bb5a4b60be1265fd285a9e5f0c5bc39131f8e150e65a23327f8ac5fcd266e0e4ef115a866c76af97a5bb04560cb6c9dc79e98408e59ee4113fda67c78d71d4c2eeddd9b26d462eb8f78de9734d3ab51601c23f85a6262f2fb7b7f86225c4d2ff8f2ad186ca420393b51adf4f86ebcce7d747888a9e93cce3f60c07744fa30ab8ace5f38793a3e462423b58dc9894025b0b4f9299346ba7f29c8a31d6d554c341f80f9650e7d03345df14390df82bbcc9dbf6083bf28dff67f6dbc3a0d998bd9f0ec60f17845dcca394504b2067964444dec395dbfc0669b699d55552ce6b9d00ef86aff14e477beef58d8e819442248bd6a77fbf748059f0f337a3fdd007dd1c37d9607d3b443281c08d6c5ed14f2934c554bbdb4ea50aa5a1131378fe1e18bd0b350ede4f54b7d6f28747f7de78b1de94c433686ae630f36a4e3e99845e30bbb7fd3ffe454efa12652d6d3efa04fd71c491b6988aee451eafa9aced54412f2814edf4b508d0cee60aad493d3f2ab52625fd0140ab46b9e06f08407c1b174a6536300ded15e157f3171b09cc63c23a7ccf78ada0fcfee843b4800576c15b8887af4fe61fb68a45e880c41ec9c0769370c3a9f5d7f5fb9c7628aa407e96993d08ff5c53c1e21f44580a95209c96b37c8c8934509e0ba0592b457c6ae0399988ba8efb0e00368b31c9606fdffe0e282210e227ae8a3aebff330159dd27e1165d75318578f0851e9fe3433fc3faff29271fcc345375f64540c1ace0ee819c484b4903a78c8b94633d1047a8b807e58f898e4b2bcec6141193a05f72520637c2847153cb30997fa4cfb26624ca5ecd203159a8c17821c2174e0c48aee65168f42bb8dc1ff264aae0db7d693df8b94927e26121063edb0f2c033e60d09a1b94100fa43780737dc74ade6fab736e5d22e4e3c44eba38e38c09f287cd8ee2874e4885195aa92b1af71bb7dfd1adf352a176618a49dec58c45e5a9fd908926349ea37622aba520c019f98f418107e9c75a6371044087d6f255af034a541219604f916c29627ccbf441f012ab569e4903844be483fa1184326bde8dce53a246b542d16a2a107878965a6e31ce573a67c543add0396b49c16b8e847686bf16e09d93bcb835e5db4bd7c3b2e8e521f8115617d08d1a0c998388820e19c6e5acfb766382906914eb2d1d0d9000892dee03e6485c4e5b28d38aa529d9a5b2fa1a229a66aa3c6933094ea37604a91e89a4fdc7909228f11d87fb3119b5968c807cb6f6c751e4ed962fd48e2fb6f2f5c5a8c8788445eea4686ae8de53f83e38adda0ce2ab63909bb18eb87e32762c57b53abddc9c3bba59ab0141b6094c2a57898e8b57a3c0ae76684e83ce6d14cbb4aad9b6556f43c99c1fbce5dc06d3e9fe59d17404dea4c8b7345e74fcd3bd921a655dde7d327a1e3b92102dc8f32a33d72b6c051a5f0cc393c3e0314abca1c70e92626c172be6523dc416407e91f6d46a6897b8fe5e80b6df85bf0ba38ac2dc811befb377510039416a466947882cde3e519ce84aef909b1c151aa9ba03b3c78a36c59b09ae95a37280c37557f8fcc311e30b15f4fca5c18fe091c41fb3b9bcf8f2be1511b39db9f89d867f34f8b6d6560f78369a1febeb3ca89a139fa446d5de354884ac7640e0301964f5e89fc367527817bef03b08c7427f98f4688323aaa46d7838da02ecbd495d29a08a95808264f69b8c26d0c7e48679ad65eca6d4c993957237c48f8621cf8ca71992fa60432c9544e55a757ef7f11c832aad26e5338561b83ea6e9b26907717d31f106c6455f9947e52cb5c78368e4cd3b24d4ab0a15752eceb690c0971d62997c772066af5787c8a70aba9208fdd2e4e66a7811486562525f0361df84f7575ca161428e1d2093254ff318cd29abbe363abb47aac834ccaa906c86d414953da94d058881821b2c8d7adddb08bfb3eb0969cfc62acb1a5c5ac06992dcdf3cd9a1fd42943a407c0fd35ba8ce7bc39fc3d95e42f7d1abf84e10ce4e7a9d05f7d62c12959dbe1dcb7b20cee82f06aa052b3671f378a05c95408c0e075c8963e015fa4e1e3228e694ce80029f744f45f042abdd268f4e9f1c19f4631cc909b8f21e64de7fa23d614a104c68ff267473c7ff51254959fd6608d55dbd79a06423506c05618ea5652de16f7e9ada0a8a5e2a9629fb6467231dfa8a5724715870213e6a268334610f028394008662773f46ff5bf667d98bec2b4a314e2e064e843e18aac8c0ed4e521f9246e6573db82a86c945cc59751ed4a8728e71a2826d26f8cbcbebff2de57b71f3a0d1b4ff794a67e8756ee409b74f90247d9894a6b42d4683da3b77fbc6aa8533b205592eea49ac54ebd555881560bb5c5bb35aacb907bd2dd63d20e66fc61ffd95365bbdef05b91b027fd6265955384481163a6d7dc2893ac8909e7af04bb23f9056710abd2e195481ea09f1d7ff11d952e391c62d3e37e376c1d0c5ed55949e84409e8308a436618c21f472c6780b969294f8ef4006a49d2ce539c51cb14fee20945de87267b692f9506de4b240198b59a8589dc6c7c3bb5446a480f4f9881496167df5393d069adbd0132a193aa29805c26d1ece7cc21bb64f4eaeb669a8533cac7c922bccacf052a6930fd204dd3f76e33223ee1e312eb66b5f1ef9b7b4be9f326b4a267634a540783f268f334737fcf0d10c335d1df95a9c80b649e5c8e72068400bd62593efe9a09238877dc539553e8efa60ec62e3277f61602e9b72ca3e792246a", @ANYRESDEC], @ANYBLOB="000000f70e0100"], 0x3}}, 0x0) 04:06:25 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x106000}], 0x1, 0x0) pipe(0x0) 04:06:25 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x78000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:06:25 executing program 1: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) ioctl$NS_GET_PARENT(r4, 0xb702, 0x0) [ 2110.366313][T17678] syz-executor.1 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=2, oom_score_adj=1000 [ 2110.379006][T17678] CPU: 1 PID: 17678 Comm: syz-executor.1 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2110.389159][T17678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2110.399430][T17678] Call Trace: [ 2110.402724][T17678] dump_stack+0x14a/0x1ce [ 2110.407052][T17678] ? devkmsg_release+0x11c/0x11c [ 2110.412018][T17678] ? show_regs_print_info+0x12/0x12 [ 2110.417211][T17678] ? radix_tree_cpu_dead+0x160/0x160 [ 2110.422490][T17678] ? _raw_spin_lock+0xa1/0x170 [ 2110.427248][T17678] ? _raw_spin_trylock_bh+0x190/0x190 [ 2110.432616][T17678] dump_header+0xdb/0x700 [ 2110.436942][T17678] oom_kill_process+0xd3/0x280 [ 2110.441707][T17678] out_of_memory+0x5b6/0x890 [ 2110.446327][T17678] ? unregister_oom_notifier+0x20/0x20 [ 2110.451781][T17678] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2110.457675][T17678] ? get_page_from_freelist+0x7c0/0x7c0 [ 2110.463216][T17678] ? __zone_watermark_ok+0x91/0x280 [ 2110.469625][T17678] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2110.474999][T17678] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2110.480535][T17678] ? __kasan_slab_free+0x1f2/0x230 [ 2110.485651][T17678] ? __kasan_slab_free+0x181/0x230 [ 2110.490752][T17678] ? __perf_event_task_sched_out+0xfe4/0x1110 [ 2110.496810][T17678] kmalloc_order_trace+0x2a/0xf0 [ 2110.501736][T17678] __kmalloc+0x268/0x2d0 [ 2110.505969][T17678] kmalloc_array+0x2b/0x50 [ 2110.510465][T17678] rw_copy_check_uvector+0x8a/0x310 [ 2110.515652][T17678] import_iovec+0x113/0x380 [ 2110.520144][T17678] ? __rcu_read_lock+0x50/0x50 [ 2110.524894][T17678] ? dup_iter+0x110/0x110 [ 2110.529212][T17678] do_preadv+0x1d9/0x350 [ 2110.533472][T17678] ? do_writev+0x5b0/0x5b0 [ 2110.537903][T17678] do_syscall_64+0xcb/0x150 [ 2110.542402][T17678] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2110.548276][T17678] RIP: 0033:0x45c829 [ 2110.552147][T17678] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2110.571740][T17678] RSP: 002b:00007f5714157c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 2110.580120][T17678] RAX: ffffffffffffffda RBX: 00000000004fa1c0 RCX: 000000000045c829 [ 2110.588080][T17678] RDX: 000000000000037d RSI: 0000000020000500 RDI: 000000000000000b [ 2110.596026][T17678] RBP: 000000000078c040 R08: 0000000000000000 R09: 0000000000000000 [ 2110.603973][T17678] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff 04:06:26 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xcf000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) [ 2110.611916][T17678] R13: 000000000000085c R14: 00000000004cb1c7 R15: 00007f57141586d4 [ 2110.627926][T17678] Mem-Info: [ 2110.668612][T17678] active_anon:1390244 inactive_anon:17088 isolated_anon:0 [ 2110.668612][T17678] active_file:500 inactive_file:1548 isolated_file:32 [ 2110.668612][T17678] unevictable:0 dirty:22 writeback:0 unstable:0 [ 2110.668612][T17678] slab_reclaimable:8515 slab_unreclaimable:77935 [ 2110.668612][T17678] mapped:63061 shmem:17095 pagetables:42990 bounce:0 [ 2110.668612][T17678] free:11252 free_pcp:0 free_cma:0 [ 2110.793329][T17678] Node 0 active_anon:5560976kB inactive_anon:68352kB active_file:3136kB inactive_file:3144kB unevictable:0kB isolated(anon):0kB isolated(file):236kB mapped:252244kB dirty:88kB writeback:0kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2110.880802][T17678] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2110.920404][T17678] lowmem_reserve[]: 0 2912 6416 6416 04:06:26 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x107000}], 0x1, 0x0) pipe(0x0) [ 2110.925820][T17678] DMA32 free:34600kB min:8740kB low:11720kB high:14700kB active_anon:2719644kB inactive_anon:8904kB active_file:792kB inactive_file:612kB unevictable:0kB writepending:16kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:22624kB pagetables:53712kB bounce:0kB free_pcp:2792kB local_pcp:1372kB free_cma:0kB [ 2110.959061][T17678] lowmem_reserve[]: 0 0 3504 3504 04:06:26 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000300)={&(0x7f00000002c0)='./bus\x00', 0x0, 0x10}, 0x10) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) sendmsg$NFT_MSG_GETOBJ_RESET(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x34, 0x15, 0xa, 0x801, 0x0, 0x0, {0xa, 0x0, 0x7}, [@NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x1}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x6}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x3}]}, 0x34}}, 0x14040000) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) [ 2110.966973][T17678] Normal free:10560kB min:5592kB low:9180kB high:12768kB active_anon:2824052kB inactive_anon:59448kB active_file:2376kB inactive_file:2708kB unevictable:0kB writepending:172kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30624kB pagetables:118248kB bounce:0kB free_pcp:1684kB local_pcp:1316kB free_cma:0kB 04:06:26 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r3 = socket(0x11, 0x800000003, 0x0) bind(r3, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r3, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000240)={@mcast1, @empty, @local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20c000a6, r4}) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000040)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, r4}, 0x14) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f0000000500), 0x37d, 0x0) [ 2111.079953][T17678] lowmem_reserve[]: 0 0 0 0 [ 2111.084807][T17678] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2111.098545][T17678] DMA32: 2021*4kB (UMH) 1187*8kB (UMH) 365*16kB (UMH) 382*32kB (UMH) 9*64kB (UMH) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 36348kB [ 2111.113881][T17678] Normal: 295*4kB (UME) 103*8kB (UME) 144*16kB (UM) 194*32kB (UM) 17*64kB (UM) 4*128kB (M) 0*256kB 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 12628kB [ 2111.129279][T17678] 18494 total pagecache pages [ 2111.134340][T17678] 0 pages in swap cache [ 2111.138858][T17678] Swap cache stats: add 0, delete 0, find 0/0 [ 2111.145190][T17678] Free swap = 0kB [ 2111.150375][T17678] Total swap = 0kB [ 2111.159018][T17678] 1965979 pages RAM [ 2111.171986][T17678] 0 pages HighMem/MovableOnly [ 2111.182726][T17678] 318830 pages reserved [ 2111.191739][T17678] 0 pages cma reserved [ 2111.200535][T17678] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=17657,uid=0 04:06:27 executing program 1: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) ioctl$NS_GET_PARENT(r4, 0xb702, 0x0) [ 2111.679596][T17692] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2111.692406][T17692] CPU: 0 PID: 17692 Comm: syz-executor.5 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2111.702550][T17692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2111.712596][T17692] Call Trace: [ 2111.715881][T17692] dump_stack+0x14a/0x1ce [ 2111.720381][T17692] ? devkmsg_release+0x11c/0x11c [ 2111.725344][T17692] ? show_regs_print_info+0x12/0x12 [ 2111.730538][T17692] ? radix_tree_cpu_dead+0x160/0x160 [ 2111.735813][T17692] ? _raw_spin_lock+0xa1/0x170 [ 2111.740584][T17692] ? _raw_spin_trylock_bh+0x190/0x190 [ 2111.745962][T17692] dump_header+0xdb/0x700 [ 2111.750283][T17692] oom_kill_process+0xd3/0x280 [ 2111.755042][T17692] out_of_memory+0x5b6/0x890 [ 2111.759629][T17692] ? unregister_oom_notifier+0x20/0x20 [ 2111.765081][T17692] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2111.770625][T17692] ? unwind_get_return_address+0x48/0x90 [ 2111.776231][T17692] ? get_page_from_freelist+0x7c0/0x7c0 [ 2111.781751][T17692] ? __zone_watermark_ok+0x91/0x280 [ 2111.786920][T17692] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2111.792265][T17692] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2111.797797][T17692] ? copy_process+0x5a4/0x5110 [ 2111.802530][T17692] ? kmem_cache_alloc+0x1d5/0x260 [ 2111.807527][T17692] copy_process+0x5f3/0x5110 [ 2111.812104][T17692] ? get_mem_cgroup_from_mm+0x27b/0x2c0 [ 2111.817641][T17692] ? _raw_spin_lock+0xa1/0x170 [ 2111.822377][T17692] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2111.828151][T17692] ? fork_idle+0x290/0x290 [ 2111.832538][T17692] ? _raw_spin_unlock+0x5/0x20 [ 2111.837270][T17692] ? handle_mm_fault+0xb16/0x40a0 [ 2111.842279][T17692] _do_fork+0x196/0x920 [ 2111.846406][T17692] ? dup_mm+0x300/0x300 [ 2111.850531][T17692] ? do_mmap+0x9ad/0x1060 [ 2111.854832][T17692] __x64_sys_clone+0x25f/0x2c0 [ 2111.859566][T17692] ? __ia32_sys_vfork+0x110/0x110 [ 2111.864572][T17692] ? do_user_addr_fault+0x55c/0x9f0 [ 2111.869739][T17692] do_syscall_64+0xcb/0x150 [ 2111.874227][T17692] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2111.880087][T17692] RIP: 0033:0x45f1f9 [ 2111.883955][T17692] Code: ff 48 85 f6 0f 84 37 8d fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 0e 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2111.903529][T17692] RSP: 002b:00007ffce0d0df68 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2111.911908][T17692] RAX: ffffffffffffffda RBX: 00007f9080045700 RCX: 000000000045f1f9 [ 2111.919868][T17692] RDX: 00007f90800459d0 RSI: 00007f9080044db0 RDI: 00000000003d0f00 [ 2111.927810][T17692] RBP: 00007ffce0d0e190 R08: 00007f9080045700 R09: 00007f9080045700 [ 2111.935754][T17692] R10: 00007f90800459d0 R11: 0000000000000202 R12: 0000000000000000 [ 2111.943699][T17692] R13: 00007ffce0d0e01f R14: 00007f90800459c0 R15: 000000000078c04c [ 2112.026374][T17692] Mem-Info: [ 2112.030215][T17692] active_anon:1390053 inactive_anon:17088 isolated_anon:0 [ 2112.030215][T17692] active_file:629 inactive_file:569 isolated_file:53 [ 2112.030215][T17692] unevictable:0 dirty:45 writeback:0 unstable:0 [ 2112.030215][T17692] slab_reclaimable:8517 slab_unreclaimable:77794 [ 2112.030215][T17692] mapped:62666 shmem:17095 pagetables:43014 bounce:0 [ 2112.030215][T17692] free:12273 free_pcp:385 free_cma:0 [ 2112.087216][T17692] Node 0 active_anon:5560212kB inactive_anon:68352kB active_file:2248kB inactive_file:2068kB unevictable:0kB isolated(anon):0kB isolated(file):348kB mapped:250096kB dirty:180kB writeback:0kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2112.112521][T17692] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2112.168196][T17692] lowmem_reserve[]: 0 2912 6416 6416 [ 2112.181364][T17692] DMA32 free:30344kB min:20548kB low:23528kB high:26508kB active_anon:2726012kB inactive_anon:8904kB active_file:420kB inactive_file:796kB unevictable:0kB writepending:16kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:22688kB pagetables:53908kB bounce:0kB free_pcp:108kB local_pcp:40kB free_cma:0kB [ 2112.285595][T17692] lowmem_reserve[]: 0 0 3504 3504 [ 2112.302369][T17692] Normal free:4820kB min:5592kB low:9180kB high:12768kB active_anon:2834496kB inactive_anon:59448kB active_file:1604kB inactive_file:1224kB unevictable:0kB writepending:172kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30752kB pagetables:118060kB bounce:0kB free_pcp:472kB local_pcp:184kB free_cma:0kB [ 2112.347223][T17692] lowmem_reserve[]: 0 0 0 0 [ 2112.351923][T17692] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2112.365915][T17692] DMA32: 652*4kB (UMH) 1279*8kB (UMH) 362*16kB (UMH) 377*32kB (UMH) 2*64kB (H) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 30952kB [ 2112.387594][T17692] Normal: 254*4kB (UME) 115*8kB (UME) 17*16kB (UM) 47*32kB (UM) 17*64kB (UM) 4*128kB (M) 0*256kB 1*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 5824kB [ 2112.428279][T17692] 17726 total pagecache pages [ 2112.447337][T17692] 0 pages in swap cache [ 2112.451588][T17692] Swap cache stats: add 0, delete 0, find 0/0 [ 2112.464732][T17692] Free swap = 0kB [ 2112.468962][T17692] Total swap = 0kB [ 2112.473498][T17692] 1965979 pages RAM [ 2112.478017][T17692] 0 pages HighMem/MovableOnly [ 2112.497333][T17692] 318830 pages reserved [ 2112.501500][T17692] 0 pages cma reserved [ 2112.505699][T17692] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=17654,uid=0 [ 2112.535153][T17692] Out of memory: Killed process 17654 (syz-executor.0) total-vm:75492kB, anon-rss:16568kB, file-rss:34924kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 2112.577442][ T23] oom_reaper: reaped process 17654 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 04:06:28 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x108000}], 0x1, 0x0) pipe(0x0) 04:06:28 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xd0000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:06:28 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x79000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:06:28 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB="2d3f132cb8690e7ee9"], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) setuid(0x0) lsetxattr$security_capability(&(0x7f00000002c0)='./bus\x00', &(0x7f0000000300)='security.capability\x00', &(0x7f0000000340)=@v3={0x3000000, [{0xfffffffa, 0x400}, {0x7, 0x84a}]}, 0x18, 0x1) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:06:29 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x401, 0x1, 0x37, 0xfff}]}) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x5, 0x3) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x40, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) syz_open_pts(0xffffffffffffffff, 0x105000) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x3) [ 2114.018314][T17721] syz-executor.5 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2114.064312][T17721] CPU: 0 PID: 17721 Comm: syz-executor.5 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2114.074478][T17721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2114.084613][T17721] Call Trace: [ 2114.088008][T17721] dump_stack+0x14a/0x1ce [ 2114.092671][T17721] ? devkmsg_release+0x11c/0x11c [ 2114.097596][T17721] ? show_regs_print_info+0x12/0x12 [ 2114.102783][T17721] ? radix_tree_cpu_dead+0x160/0x160 [ 2114.108052][T17721] ? _raw_spin_lock+0xa1/0x170 [ 2114.112805][T17721] ? _raw_spin_trylock_bh+0x190/0x190 [ 2114.118165][T17721] dump_header+0xdb/0x700 [ 2114.122535][T17721] oom_kill_process+0xd3/0x280 [ 2114.127285][T17721] out_of_memory+0x5b6/0x890 [ 2114.131865][T17721] ? unregister_oom_notifier+0x20/0x20 [ 2114.137309][T17721] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2114.142850][T17721] ? get_page_from_freelist+0x7c0/0x7c0 [ 2114.148386][T17721] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2114.153744][T17721] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2114.159262][T17721] pagecache_get_page+0x50f/0x880 [ 2114.164263][T17721] ? _raw_spin_unlock_irq+0x5/0x20 [ 2114.170474][T17721] ? finish_task_switch+0x235/0x4c0 [ 2114.175641][T17721] filemap_fault+0x1474/0x19d0 [ 2114.180379][T17721] ? generic_file_read_iter+0x20b0/0x20b0 [ 2114.186074][T17721] ? __rcu_read_lock+0x50/0x50 [ 2114.191171][T17721] ? enqueue_hrtimer+0x1cf/0x230 [ 2114.196100][T17721] ext4_filemap_fault+0x7b/0x90 [ 2114.200921][T17721] handle_mm_fault+0x19ac/0x40a0 [ 2114.205829][T17721] ? finish_fault+0x230/0x230 [ 2114.210479][T17721] ? put_timespec64+0x109/0x150 [ 2114.215303][T17721] ? __up_read+0x1b0/0x1b0 [ 2114.219690][T17721] ? vmacache_update+0x9f/0xf0 [ 2114.224438][T17721] do_user_addr_fault+0x48a/0x9f0 [ 2114.229484][T17721] page_fault+0x2f/0x40 [ 2114.233616][T17721] RIP: 0033:0x403717 [ 2114.237487][T17721] Code: 00 00 00 48 83 ec 08 48 8b 15 85 ef 89 00 48 8b 05 76 ef 89 00 48 39 d0 48 8d 8a 00 00 00 01 72 17 48 39 c8 73 12 48 8d 50 04 <89> 38 48 89 15 58 ef 89 00 48 83 c4 08 c3 48 89 c6 bf 50 fa 4c 00 [ 2114.257062][T17721] RSP: 002b:00007ffce0d0e050 EFLAGS: 00010283 [ 2114.263202][T17721] RAX: 0000001b2e122134 RBX: 0000000000000005 RCX: 0000001b2f120000 [ 2114.271144][T17721] RDX: 0000001b2e122138 RSI: 0000000000000000 RDI: 0000000000000004 [ 2114.279086][T17721] RBP: 00000000000003e7 R08: 0000000000000000 R09: 0000000000000000 [ 2114.287981][T17721] R10: 00007ffce0d0e180 R11: 0000000000000246 R12: 000000000078c900 [ 2114.295930][T17721] R13: 000000000078c900 R14: 000000000078bf00 R15: 000000000078bfac [ 2114.384444][T17721] Mem-Info: 04:06:30 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x109000}], 0x1, 0x0) pipe(0x0) [ 2114.410557][T17721] active_anon:1387499 inactive_anon:17088 isolated_anon:0 [ 2114.410557][T17721] active_file:598 inactive_file:1115 isolated_file:82 [ 2114.410557][T17721] unevictable:0 dirty:4 writeback:0 unstable:0 [ 2114.410557][T17721] slab_reclaimable:8514 slab_unreclaimable:78029 [ 2114.410557][T17721] mapped:62889 shmem:17095 pagetables:43028 bounce:0 [ 2114.410557][T17721] free:13954 free_pcp:474 free_cma:0 [ 2114.636270][T17721] Node 0 active_anon:5555896kB inactive_anon:68352kB active_file:2168kB inactive_file:2084kB unevictable:0kB isolated(anon):0kB isolated(file):204kB mapped:250356kB dirty:16kB writeback:0kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2114.726296][T17721] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2114.783475][T17721] lowmem_reserve[]: 0 2912 6416 6416 [ 2114.789883][T17721] DMA32 free:24876kB min:8740kB low:11720kB high:14700kB active_anon:2730076kB inactive_anon:8904kB active_file:576kB inactive_file:624kB unevictable:0kB writepending:0kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:22400kB pagetables:53996kB bounce:0kB free_pcp:1064kB local_pcp:660kB free_cma:0kB [ 2114.820365][T17721] lowmem_reserve[]: 0 0 3504 3504 [ 2114.825778][T17721] Normal free:12448kB min:9688kB low:13276kB high:16864kB active_anon:2827388kB inactive_anon:59448kB active_file:840kB inactive_file:1060kB unevictable:0kB writepending:0kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30720kB pagetables:118156kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2114.856289][T17721] lowmem_reserve[]: 0 0 0 0 [ 2114.861371][T17721] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2114.875407][T17721] DMA32: 427*4kB (UMH) 822*8kB (UMH) 358*16kB (UMH) 364*32kB (UMH) 2*64kB (H) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 25916kB [ 2114.890676][T17721] Normal: 368*4kB (UME) 617*8kB (UME) 171*16kB (UM) 74*32kB (UM) 16*64kB (UM) 4*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 13048kB [ 2114.918752][T17721] 17669 total pagecache pages [ 2114.923664][T17721] 0 pages in swap cache [ 2114.928496][T17721] Swap cache stats: add 0, delete 0, find 0/0 [ 2114.934986][T17721] Free swap = 0kB [ 2114.939143][T17721] Total swap = 0kB [ 2114.943083][T17721] 1965979 pages RAM [ 2114.947144][T17721] 0 pages HighMem/MovableOnly [ 2114.952368][T17721] 318830 pages reserved [ 2114.956744][T17721] 0 pages cma reserved [ 2114.961253][T17721] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=17710,uid=0 [ 2114.988005][T17721] Out of memory: Killed process 17710 (syz-executor.0) total-vm:75492kB, anon-rss:16568kB, file-rss:34856kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 04:06:30 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xd1000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:06:30 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB="d3edce008e14d1825bcc2306eaac900cc934c12cdc4d078094d3a48ecc02f64a5092f9ec80c0d97a3e24c3fe0cf9490edee58b5ece6f95508255f80a85e7d6b6c42285e281003c7f417018076fc663955d1fca4351113ba454b32777f38479acd33af1de823d09daaccdc0a18c37c689375ffd7552c0554bca73c0b49b8681ab5aceaf320810dab802497893e2c1550f729e08beaf8c1a0279debd9585c8807ee3f68ed88bcdd70beb7026d7cb8f211a43565d14eb474c76a240a0f8bfe4d350f66424b8026042fd5de8965d84"], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0xc56, 0xbb}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:06:30 executing program 1: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) ioctl$NS_GET_PARENT(r4, 0xb702, 0x0) [ 2115.455205][T17718] syz-executor.4 invoked oom-killer: gfp_mask=0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x1000000), order=0, oom_score_adj=1000 [ 2115.507769][T17718] CPU: 0 PID: 17718 Comm: syz-executor.4 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2115.517928][T17718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2115.527981][T17718] Call Trace: [ 2115.531263][T17718] dump_stack+0x14a/0x1ce [ 2115.535589][T17718] ? devkmsg_release+0x11c/0x11c [ 2115.540512][T17718] ? show_regs_print_info+0x12/0x12 [ 2115.545699][T17718] ? radix_tree_cpu_dead+0x160/0x160 [ 2115.550975][T17718] ? _raw_spin_lock+0xa1/0x170 [ 2115.555726][T17718] ? _raw_spin_trylock_bh+0x190/0x190 [ 2115.561084][T17718] dump_header+0xdb/0x700 [ 2115.565403][T17718] oom_kill_process+0xd3/0x280 [ 2115.570155][T17718] out_of_memory+0x5b6/0x890 [ 2115.574736][T17718] ? unregister_oom_notifier+0x20/0x20 [ 2115.580181][T17718] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2115.585720][T17718] ? get_page_from_freelist+0x7c0/0x7c0 [ 2115.591261][T17718] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2115.596629][T17718] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2115.602165][T17718] handle_mm_fault+0x1689/0x40a0 [ 2115.607094][T17718] ? finish_fault+0x230/0x230 [ 2115.611763][T17718] ? __up_read+0x1b0/0x1b0 [ 2115.616166][T17718] ? vmacache_update+0x9f/0xf0 [ 2115.620919][T17718] do_user_addr_fault+0x48a/0x9f0 [ 2115.625949][T17718] page_fault+0x2f/0x40 [ 2115.630180][T17718] RIP: 0033:0x41407f [ 2115.634063][T17718] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 2115.653651][T17718] RSP: 002b:00007ffe517c2910 EFLAGS: 00010206 [ 2115.659702][T17718] RAX: 00007fa744f5b000 RBX: 0000000000020000 RCX: 000000000045c87a [ 2115.667663][T17718] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 2115.675621][T17718] RBP: 00007ffe517c29f0 R08: ffffffffffffffff R09: 0000000000000000 [ 2115.683584][T17718] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe517c2af0 [ 2115.691544][T17718] R13: 00007fa744f7b700 R14: 00000000000007f8 R15: 000000000078c0ec [ 2115.703621][T17718] Mem-Info: [ 2115.706826][T17718] active_anon:1389555 inactive_anon:17088 isolated_anon:0 [ 2115.706826][T17718] active_file:663 inactive_file:615 isolated_file:28 [ 2115.706826][T17718] unevictable:0 dirty:59 writeback:0 unstable:0 [ 2115.706826][T17718] slab_reclaimable:8514 slab_unreclaimable:77934 [ 2115.706826][T17718] mapped:62778 shmem:17095 pagetables:42959 bounce:0 [ 2115.706826][T17718] free:12609 free_pcp:95 free_cma:0 [ 2115.747670][T17718] Node 0 active_anon:5558420kB inactive_anon:68352kB active_file:2236kB inactive_file:2560kB unevictable:0kB isolated(anon):0kB isolated(file):112kB mapped:250812kB dirty:136kB writeback:0kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2115.842577][T17718] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2115.961308][T17718] lowmem_reserve[]: 0 2912 6416 6416 [ 2115.990939][T17718] DMA32 free:24712kB min:12836kB low:15816kB high:18796kB active_anon:2731992kB inactive_anon:8904kB active_file:44kB inactive_file:152kB unevictable:0kB writepending:36kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:22656kB pagetables:53788kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2116.031117][T17718] lowmem_reserve[]: 0 0 3504 3504 [ 2116.037288][T17718] Normal free:5736kB min:5592kB low:9180kB high:12768kB active_anon:2830976kB inactive_anon:59448kB active_file:1620kB inactive_file:1996kB unevictable:0kB writepending:100kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30624kB pagetables:118048kB bounce:0kB free_pcp:1260kB local_pcp:48kB free_cma:0kB [ 2116.107037][T17718] lowmem_reserve[]: 0 0 0 0 [ 2116.111568][T17718] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2116.137146][T17718] DMA32: 104*4kB (UMH) 841*8kB (UMH) 357*16kB (UMH) 370*32kB (UMH) 3*64kB (UH) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 25016kB [ 2116.164912][T17718] Normal: 241*4kB (UME) 152*8kB (UME) 114*16kB (UM) 45*32kB (M) 17*64kB (UM) 4*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 7044kB [ 2116.197060][T17718] 18087 total pagecache pages [ 2116.201748][T17718] 0 pages in swap cache [ 2116.205902][T17718] Swap cache stats: add 0, delete 0, find 0/0 [ 2116.230900][T17718] Free swap = 0kB [ 2116.234636][T17718] Total swap = 0kB [ 2116.238386][T17718] 1965979 pages RAM [ 2116.242295][T17718] 0 pages HighMem/MovableOnly [ 2116.246962][T17718] 318830 pages reserved [ 2116.251141][T17718] 0 pages cma reserved [ 2116.255302][T17718] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=17738,uid=0 [ 2116.301578][T17718] Out of memory: Killed process 17738 (syz-executor.0) total-vm:75624kB, anon-rss:16580kB, file-rss:35048kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 04:06:32 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x10a000}], 0x1, 0x0) pipe(0x0) 04:06:32 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x7a000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:06:32 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000d40)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB="7b998d23849b657699a0c35ee81253606555a39887aa307ee9b040901ea92997e34275b394f947eadc19a2761380c697dd264677ff4b75d43393d20b7d2b66fb844ea3cf0182c9aca4b8dd484f6661bdebc5bd9f255fb3896e41e2033131e1531e97b3c46c8d879a835a012d9cec7c96d9531a03e8b67f9f4d812fe6633daf7106683f00000000000000986ad94505a5e164b6d316c807df6d836b12e4106e249d82b80afe8e9eb4a6c37a050c206149151328391acde09078b1871ab2eaa342c69de1a1180469b2b66daadc2cde036c5c38"], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) ioctl$UI_SET_KEYBIT(0xffffffffffffffff, 0x40045565, 0x242) futex$FUTEX_WAIT_MULTIPLE(&(0x7f0000000b00)=[{&(0x7f00000002c0)=0x1, 0x1}, {&(0x7f0000000300)=0x2, 0x2}, {&(0x7f0000000340), 0x2}, {&(0x7f0000000380)=0x1}, {&(0x7f00000003c0)}, {&(0x7f0000000440)=0x1, 0x2}, {&(0x7f0000000480)}, {&(0x7f00000004c0)}, {&(0x7f0000000500)=0x2, 0x6}, {&(0x7f0000000540)}, {&(0x7f0000000580)=0x1, 0x1}, {&(0x7f00000005c0)=0x2}, {&(0x7f0000000600)=0x2, 0x1}, {&(0x7f0000000640)=0x2}, {&(0x7f0000000680)=0x1, 0x1}, {&(0x7f00000006c0), 0x1}, {&(0x7f0000000700), 0x1}, {&(0x7f0000000740)=0x2, 0x2}, {&(0x7f0000000780)=0x2, 0xfff}, {&(0x7f00000007c0)=0x1}, {&(0x7f0000000800)=0x2, 0x2}, {&(0x7f0000000840), 0x1}, {&(0x7f0000000880)=0x1, 0x1}, {&(0x7f00000008c0)=0x2}, {&(0x7f0000000900)=0x2}, {&(0x7f0000000940)=0x1, 0x2}, {&(0x7f0000000980), 0x1}, {&(0x7f00000009c0)=0x1, 0x2}, {&(0x7f0000000a00)=0x2}, {&(0x7f0000000a40)}, {&(0x7f0000000a80)=0x1, 0x1}, {&(0x7f0000000ac0)=0x2}], 0xd, 0x20, &(0x7f0000000d00)={0x77359400}, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:06:32 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xd2000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) [ 2116.572965][T17760] modprobe invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=0 [ 2116.602335][T17760] CPU: 1 PID: 17760 Comm: modprobe Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2116.611995][T17760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2116.622036][T17760] Call Trace: [ 2116.625320][T17760] dump_stack+0x14a/0x1ce [ 2116.629642][T17760] ? devkmsg_release+0x11c/0x11c [ 2116.634569][T17760] ? show_regs_print_info+0x12/0x12 [ 2116.639753][T17760] ? radix_tree_cpu_dead+0x160/0x160 [ 2116.645024][T17760] ? _raw_spin_lock+0xa1/0x170 [ 2116.649777][T17760] ? _raw_spin_trylock_bh+0x190/0x190 [ 2116.655139][T17760] dump_header+0xdb/0x700 [ 2116.659461][T17760] oom_kill_process+0xd3/0x280 [ 2116.664198][T17760] out_of_memory+0x5b6/0x890 [ 2116.668757][T17760] ? unregister_oom_notifier+0x20/0x20 [ 2116.674184][T17760] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2116.679701][T17760] ? get_page_from_freelist+0x7c0/0x7c0 [ 2116.685218][T17760] ? __zone_watermark_ok+0x91/0x280 [ 2116.690387][T17760] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2116.695727][T17760] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2116.701241][T17760] ? __fput+0x4a2/0x6c0 [ 2116.705367][T17760] alloc_slab_page+0x3a/0x3a0 [ 2116.710013][T17760] new_slab+0x408/0x450 [ 2116.714137][T17760] ? getname_flags+0xb8/0x610 [ 2116.718783][T17760] ___slab_alloc+0x2e0/0x450 [ 2116.723343][T17760] ? getname_flags+0xb8/0x610 [ 2116.727988][T17760] ? getname_flags+0xb8/0x610 [ 2116.732632][T17760] kmem_cache_alloc+0x23f/0x260 [ 2116.737454][T17760] getname_flags+0xb8/0x610 [ 2116.741926][T17760] do_sys_open+0x33d/0x7d0 [ 2116.746313][T17760] ? _raw_spin_lock_irqsave+0x1e0/0x1e0 [ 2116.751835][T17760] ? file_open_root+0x450/0x450 [ 2116.756656][T17760] ? __fput+0x4fd/0x6c0 [ 2116.760779][T17760] do_syscall_64+0xcb/0x150 [ 2116.765252][T17760] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2116.771123][T17760] RIP: 0033:0x7f035599b6f0 [ 2116.775510][T17760] Code: 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d 19 30 2c 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 fe 9d 01 00 48 89 04 24 [ 2116.795093][T17760] RSP: 002b:00007fff725b0e28 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 2116.803481][T17760] RAX: ffffffffffffffda RBX: 000055886fa29841 RCX: 00007f035599b6f0 [ 2116.811429][T17760] RDX: 00007fff725b1034 RSI: 0000000000080000 RDI: 00007fff725b1010 [ 2116.819372][T17760] RBP: 0000000000000000 R08: 000055886eca5a9d R09: 0000000000000024 [ 2116.827332][T17760] R10: 0000000000000073 R11: 0000000000000246 R12: 0000000000000001 [ 2116.835282][T17760] R13: 00007fff725b0edc R14: 000055886fa30270 R15: 000055886fa28270 [ 2116.925196][T17760] Mem-Info: [ 2116.928437][T17760] active_anon:1386600 inactive_anon:17088 isolated_anon:0 [ 2116.928437][T17760] active_file:359 inactive_file:640 isolated_file:60 [ 2116.928437][T17760] unevictable:0 dirty:0 writeback:0 unstable:0 [ 2116.928437][T17760] slab_reclaimable:8510 slab_unreclaimable:78016 [ 2116.928437][T17760] mapped:62543 shmem:17095 pagetables:43070 bounce:0 [ 2116.928437][T17760] free:15927 free_pcp:0 free_cma:0 [ 2116.977241][T17760] Node 0 active_anon:5546400kB inactive_anon:68352kB active_file:1436kB inactive_file:1888kB unevictable:0kB isolated(anon):0kB isolated(file):272kB mapped:249672kB dirty:0kB writeback:0kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2117.003391][T17760] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2117.029730][T17760] lowmem_reserve[]: 0 2912 6416 6416 [ 2117.035238][T17760] DMA32 free:34680kB min:16932kB low:19912kB high:22892kB active_anon:2722580kB inactive_anon:8904kB active_file:548kB inactive_file:92kB unevictable:0kB writepending:0kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:22560kB pagetables:53976kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2117.070230][T17760] lowmem_reserve[]: 0 0 3504 3504 [ 2117.075358][T17760] Normal free:14132kB min:5592kB low:9180kB high:12768kB active_anon:2823792kB inactive_anon:59448kB active_file:1344kB inactive_file:1996kB unevictable:0kB writepending:72kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30656kB pagetables:118304kB bounce:0kB free_pcp:616kB local_pcp:4kB free_cma:0kB [ 2117.105407][T17760] lowmem_reserve[]: 0 0 0 0 [ 2117.110149][T17760] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2117.123877][T17760] DMA32: 1644*4kB (UMH) 1327*8kB (UMH) 355*16kB (UMH) 363*32kB (UMH) 2*64kB (H) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 34744kB [ 2117.138947][T17760] Normal: 1493*4kB (UME) 452*8kB (UME) 165*16kB (UM) 52*32kB (UM) 16*64kB (UM) 3*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 15300kB [ 2117.154001][T17760] 17609 total pagecache pages [ 2117.158957][T17760] 0 pages in swap cache [ 2117.163332][T17760] Swap cache stats: add 0, delete 0, find 0/0 [ 2117.169624][T17760] Free swap = 0kB [ 2117.173320][T17760] Total swap = 0kB [ 2117.177160][T17760] 1965979 pages RAM [ 2117.180939][T17760] 0 pages HighMem/MovableOnly [ 2117.185634][T17760] 318830 pages reserved [ 2117.193775][T17760] 0 pages cma reserved [ 2117.198186][T17760] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=17770,uid=0 [ 2117.212775][T17760] Out of memory: Killed process 17770 (syz-executor.0) total-vm:75492kB, anon-rss:16568kB, file-rss:34928kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 04:06:33 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x8) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) 04:06:33 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x62000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) [ 2117.875832][ T439] syz-executor.1 invoked oom-killer: gfp_mask=0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), order=0, oom_score_adj=0 [ 2117.889672][ T439] CPU: 0 PID: 439 Comm: syz-executor.1 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2117.899642][ T439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2117.909683][ T439] Call Trace: [ 2117.912966][ T439] dump_stack+0x14a/0x1ce [ 2117.917283][ T439] ? devkmsg_release+0x11c/0x11c [ 2117.922293][ T439] ? show_regs_print_info+0x12/0x12 [ 2117.927478][ T439] ? radix_tree_cpu_dead+0x160/0x160 [ 2117.932748][ T439] ? _raw_spin_lock+0xa1/0x170 [ 2117.937500][ T439] ? _raw_spin_trylock_bh+0x190/0x190 [ 2117.942861][ T439] dump_header+0xdb/0x700 [ 2117.947186][ T439] oom_kill_process+0xd3/0x280 [ 2117.951942][ T439] out_of_memory+0x5b6/0x890 [ 2117.956520][ T439] ? unregister_oom_notifier+0x20/0x20 [ 2117.961964][ T439] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2117.967485][ T439] ? get_page_from_freelist+0x7c0/0x7c0 [ 2117.973001][ T439] ? ip_getsockopt+0x13c/0x230 [ 2117.977744][ T439] ? __zone_watermark_ok+0x91/0x280 [ 2117.982922][ T439] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2117.988262][ T439] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2117.993873][ T439] ? __vmalloc_node_range+0x439/0x7b0 [ 2117.999233][ T439] ? __kmalloc+0xf7/0x2d0 [ 2118.003528][ T439] ? __vmalloc_node_range+0x439/0x7b0 [ 2118.008877][ T439] __vmalloc_node_range+0x360/0x7b0 [ 2118.014042][ T439] vzalloc+0x70/0x80 [ 2118.017917][ T439] ? alloc_counters+0x66/0x520 [ 2118.022655][ T439] alloc_counters+0x66/0x520 [ 2118.027213][ T439] ? xt_find_table_lock+0x1b0/0x350 [ 2118.032391][ T439] do_arpt_get_ctl+0x5b9/0xa10 [ 2118.037125][ T439] ? alloc_file+0x81/0x4a0 [ 2118.041509][ T439] ? compat_do_arpt_set_ctl+0x24f0/0x24f0 [ 2118.047209][ T439] ? mutex_lock+0xa6/0x110 [ 2118.051952][ T439] ? __module_get+0x130/0x130 [ 2118.056607][ T439] ? memset+0x1f/0x40 [ 2118.060560][ T439] ? selinux_socket_getsockopt+0x122/0x340 [ 2118.066353][ T439] nf_getsockopt+0x2c1/0x2f0 [ 2118.070915][ T439] ip_getsockopt+0x13c/0x230 [ 2118.075473][ T439] ? compat_ip_setsockopt+0x100/0x100 [ 2118.080811][ T439] ? tcp_getsockopt+0x66/0xd0 [ 2118.085469][ T439] __sys_getsockopt+0x240/0x2b0 [ 2118.090288][ T439] __x64_sys_getsockopt+0xb1/0xc0 [ 2118.095280][ T439] do_syscall_64+0xcb/0x150 [ 2118.099760][ T439] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2118.105618][ T439] RIP: 0033:0x45f33a [ 2118.109495][ T439] Code: b8 34 01 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ed 8b fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 37 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ca 8b fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2118.129338][ T439] RSP: 002b:00007ffead41bdf8 EFLAGS: 00000212 ORIG_RAX: 0000000000000037 [ 2118.137718][ T439] RAX: ffffffffffffffda RBX: 00007ffead41bf00 RCX: 000000000045f33a [ 2118.145658][ T439] RDX: 0000000000000061 RSI: 0000000000000000 RDI: 0000000000000003 [ 2118.153599][ T439] RBP: 0000000000000003 R08: 00007ffead41be0c R09: 000000000000000a [ 2118.161548][ T439] R10: 00007ffead41bf00 R11: 0000000000000212 R12: 0000000000000000 [ 2118.169612][ T439] R13: 00007ffead41c580 R14: 0000000000204875 R15: 00007ffead41c590 [ 2118.211786][ T439] Mem-Info: [ 2118.221088][ T439] active_anon:1387222 inactive_anon:17088 isolated_anon:0 [ 2118.221088][ T439] active_file:667 inactive_file:649 isolated_file:81 [ 2118.221088][ T439] unevictable:0 dirty:62 writeback:1 unstable:0 [ 2118.221088][ T439] slab_reclaimable:8506 slab_unreclaimable:78170 [ 2118.221088][ T439] mapped:62891 shmem:17095 pagetables:43086 bounce:0 [ 2118.221088][ T439] free:14688 free_pcp:9 free_cma:0 [ 2118.261451][ T439] Node 0 active_anon:5548888kB inactive_anon:68352kB active_file:2544kB inactive_file:2480kB unevictable:0kB isolated(anon):0kB isolated(file):400kB mapped:251264kB dirty:248kB writeback:4kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2118.287430][ T439] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2118.321298][ T439] lowmem_reserve[]: 0 2912 6416 6416 [ 2118.351840][ T439] DMA32 free:31624kB min:20548kB low:23528kB high:26508kB active_anon:2723504kB inactive_anon:8904kB active_file:92kB inactive_file:132kB unevictable:0kB writepending:28kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:22592kB pagetables:54036kB bounce:0kB free_pcp:112kB local_pcp:112kB free_cma:0kB [ 2118.385354][ T439] lowmem_reserve[]: 0 0 3504 3504 [ 2118.391441][ T439] Normal free:11728kB min:17880kB low:21468kB high:25056kB active_anon:2825384kB inactive_anon:59448kB active_file:1368kB inactive_file:2340kB unevictable:0kB writepending:224kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30720kB pagetables:118308kB bounce:0kB free_pcp:1016kB local_pcp:300kB free_cma:0kB [ 2118.422460][ T439] lowmem_reserve[]: 0 0 0 0 [ 2118.431073][ T439] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2118.444728][ T439] DMA32: 1167*4kB (UMH) 1337*8kB (UMH) 343*16kB (UMH) 345*32kB (UMH) 2*64kB (H) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 32148kB [ 2118.465458][ T439] Normal: 1112*4kB (UME) 334*8kB (UME) 18*16kB (UM) 154*32kB (UM) 14*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 13232kB [ 2118.487043][ T439] 17926 total pagecache pages [ 2118.504883][ T439] 0 pages in swap cache [ 2118.516868][ T439] Swap cache stats: add 0, delete 0, find 0/0 [ 2118.522944][ T439] Free swap = 0kB [ 2118.536842][ T439] Total swap = 0kB [ 2118.547013][ T439] 1965979 pages RAM [ 2118.551347][ T439] 0 pages HighMem/MovableOnly [ 2118.584556][ T439] 318830 pages reserved [ 2118.606836][ T439] 0 pages cma reserved [ 2118.610939][ T439] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=17809,uid=0 04:06:34 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x10b000}], 0x1, 0x0) pipe(0x0) [ 2118.649352][ T439] Out of memory: Killed process 17809 (syz-executor.0) total-vm:75492kB, anon-rss:16568kB, file-rss:35464kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 04:06:34 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="b7a66c2c470a8f14", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x4c9f5103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) [ 2118.696207][ T23] oom_reaper: reaped process 17809 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 04:06:34 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r1, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_group_source_req(r0, 0x0, 0x2c, &(0x7f0000000180)={0x1000, {{0x2, 0x4e20, @empty}}, {{0x2, 0x4e22, @empty}}}, 0x108) r3 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r3, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x0) write(r5, &(0x7f0000000340), 0x41395527) getsockname$inet(r5, &(0x7f0000000040)={0x2, 0x0, @remote}, &(0x7f0000000080)=0x10) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) 04:06:34 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xd3000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:06:34 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x7b000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) [ 2119.085133][T17842] syz-executor.5 invoked oom-killer: gfp_mask=0x500cc2(GFP_HIGHUSER|__GFP_ACCOUNT), order=0, oom_score_adj=1000 [ 2119.129855][T17842] CPU: 1 PID: 17842 Comm: syz-executor.5 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2119.140044][T17842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2119.150091][T17842] Call Trace: [ 2119.153379][T17842] dump_stack+0x14a/0x1ce [ 2119.157701][T17842] ? devkmsg_release+0x11c/0x11c [ 2119.162630][T17842] ? show_regs_print_info+0x12/0x12 [ 2119.167817][T17842] ? radix_tree_cpu_dead+0x160/0x160 [ 2119.173089][T17842] ? _raw_spin_lock+0xa1/0x170 [ 2119.177840][T17842] ? _raw_spin_trylock_bh+0x190/0x190 [ 2119.183200][T17842] dump_header+0xdb/0x700 [ 2119.187519][T17842] oom_kill_process+0xd3/0x280 [ 2119.192270][T17842] out_of_memory+0x5b6/0x890 [ 2119.196850][T17842] ? unregister_oom_notifier+0x20/0x20 [ 2119.202301][T17842] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2119.207844][T17842] ? get_page_from_freelist+0x7c0/0x7c0 [ 2119.213384][T17842] ? __zone_watermark_ok+0x91/0x280 [ 2119.218578][T17842] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2119.223946][T17842] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2119.229508][T17842] ? copy_page_from_iter+0x3f3/0x660 [ 2119.234788][T17842] pipe_write+0x4da/0xe40 [ 2119.239113][T17842] __vfs_write+0x59d/0x720 [ 2119.243525][T17842] ? __kernel_write+0x340/0x340 [ 2119.248372][T17842] ? security_file_permission+0x128/0x300 [ 2119.254094][T17842] vfs_write+0x217/0x4f0 [ 2119.258338][T17842] ksys_write+0x18c/0x2c0 [ 2119.262665][T17842] ? __ia32_sys_read+0x80/0x80 [ 2119.268394][T17842] do_syscall_64+0xcb/0x150 [ 2119.272896][T17842] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2119.278866][T17842] RIP: 0033:0x45c829 [ 2119.282750][T17842] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2119.302342][T17842] RSP: 002b:00007f9080086c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2119.310730][T17842] RAX: ffffffffffffffda RBX: 0000000000509e40 RCX: 000000000045c829 [ 2119.318690][T17842] RDX: 0000000041395527 RSI: 0000000020000340 RDI: 0000000000000004 [ 2119.326651][T17842] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2119.334598][T17842] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2119.342559][T17842] R13: 0000000000000c4e R14: 00000000004ca088 R15: 00007f90800876d4 [ 2119.533352][T17842] Mem-Info: [ 2119.536510][T17842] active_anon:1387146 inactive_anon:17088 isolated_anon:0 [ 2119.536510][T17842] active_file:414 inactive_file:432 isolated_file:38 [ 2119.536510][T17842] unevictable:0 dirty:21 writeback:3 unstable:0 [ 2119.536510][T17842] slab_reclaimable:8506 slab_unreclaimable:78097 [ 2119.536510][T17842] mapped:62258 shmem:17095 pagetables:43163 bounce:0 [ 2119.536510][T17842] free:14676 free_pcp:447 free_cma:0 [ 2119.574809][T17842] Node 0 active_anon:5548584kB inactive_anon:68352kB active_file:1656kB inactive_file:1828kB unevictable:0kB isolated(anon):0kB isolated(file):152kB mapped:249032kB dirty:84kB writeback:12kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2119.643837][T17842] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2119.733821][T17842] lowmem_reserve[]: 0 2912 6416 6416 [ 2119.746090][T17842] DMA32 free:37380kB min:20548kB low:23528kB high:26508kB active_anon:2717024kB inactive_anon:8904kB active_file:832kB inactive_file:648kB unevictable:0kB writepending:136kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:22560kB pagetables:54024kB bounce:0kB free_pcp:104kB local_pcp:24kB free_cma:0kB [ 2119.777195][T17842] lowmem_reserve[]: 0 0 3504 3504 04:06:35 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="b70a6c0c2b3477b0dfb83162ac6be9baf7cd1d2efb25915d30345d9110004a5186c37025ba107cfb6f6a1cc4f4213fa9cd36312ff6624183693486f3d699baf85121355be1af56bc9a27a997ae00d3c08db204a9b6e66c0ae20cb0d233d849189b7df1f81f51f42331a52de05492c04ba51f5feec7b894f9d0487ddb253a43eb71b336940ffbc117452aa629b64c000000000000008127c1ea4bb3aeaf404209e2d8c112567c359f218e49c185ce37136d56d354e89a049241df0b8f369f9a9c92e6fbb50970de45d7313c3f62b5427c61767735b3a9ef622c5f7e887e4b0bd3c84f00a9aca1004190697d8b609418bf9e3ddf4fac9b6ce67568dd31c143c92db857a008aa44b2c3af8d13676e089a9d1eb1c4d1351652a382c8ed489ab8e8805cea78afa25b22f48b", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) flistxattr(r4, &(0x7f00000002c0)=""/177, 0xb1) 04:06:35 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x10c000}], 0x1, 0x0) pipe(0x0) 04:06:35 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x10, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) r5 = dup2(0xffffffffffffffff, r4) setsockopt$inet_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f00000002c0)='tls\x00', 0x4) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc, 0xfffffffffffffffc}, 0x0, 0x0) [ 2119.782491][T17842] Normal free:19932kB min:17880kB low:21468kB high:25056kB active_anon:2816024kB inactive_anon:59448kB active_file:1152kB inactive_file:4380kB unevictable:0kB writepending:160kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30656kB pagetables:118628kB bounce:0kB free_pcp:556kB local_pcp:192kB free_cma:0kB [ 2119.813386][T17842] lowmem_reserve[]: 0 0 0 0 [ 2119.818575][T17842] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2119.832778][T17842] DMA32: 2665*4kB (UMH) 1285*8kB (UMH) 346*16kB (UMH) 332*32kB (UMH) 2*64kB (H) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 37356kB [ 2119.881913][T17842] Normal: 229*4kB (UME) 603*8kB (UME) 273*16kB (UM) 245*32kB (UM) 12*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18716kB [ 2119.897788][T17842] 19209 total pagecache pages [ 2119.905038][T17842] 0 pages in swap cache [ 2119.931233][T17842] Swap cache stats: add 0, delete 0, find 0/0 [ 2119.965666][T17842] Free swap = 0kB [ 2119.984017][T17842] Total swap = 0kB [ 2120.001130][T17842] 1965979 pages RAM [ 2120.018727][T17842] 0 pages HighMem/MovableOnly [ 2120.035318][T17842] 318830 pages reserved [ 2120.056739][T17842] 0 pages cma reserved [ 2120.060819][T17842] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=17821,uid=0 04:06:35 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) r0 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r1, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) openat$cgroup_type(r0, &(0x7f0000000040)='cgroup.type\x00', 0x2, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r3, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000080)=[{&(0x7f0000000340)=""/4096, 0x1000}], 0x1, 0x0) 04:06:36 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xd4000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) [ 2120.458007][T17877] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2120.488553][T17877] CPU: 0 PID: 17877 Comm: syz-executor.5 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2120.498714][T17877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2120.508763][T17877] Call Trace: [ 2120.512049][T17877] dump_stack+0x14a/0x1ce [ 2120.516371][T17877] ? devkmsg_release+0x11c/0x11c [ 2120.521327][T17877] ? show_regs_print_info+0x12/0x12 [ 2120.526519][T17877] ? radix_tree_cpu_dead+0x160/0x160 [ 2120.531792][T17877] ? _raw_spin_lock+0xa1/0x170 [ 2120.536543][T17877] ? _raw_spin_trylock_bh+0x190/0x190 [ 2120.541904][T17877] dump_header+0xdb/0x700 [ 2120.546226][T17877] oom_kill_process+0xd3/0x280 [ 2120.550981][T17877] out_of_memory+0x5b6/0x890 [ 2120.555562][T17877] ? unregister_oom_notifier+0x20/0x20 [ 2120.561013][T17877] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2120.566559][T17877] ? unwind_get_return_address+0x48/0x90 [ 2120.572184][T17877] ? get_page_from_freelist+0x7c0/0x7c0 [ 2120.577751][T17877] ? __zone_watermark_ok+0x91/0x280 [ 2120.583055][T17877] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2120.588422][T17877] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2120.593985][T17877] ? copy_process+0x5a4/0x5110 [ 2120.598751][T17877] ? copy_process+0x5a4/0x5110 [ 2120.603505][T17877] ? kmem_cache_alloc+0x1d5/0x260 [ 2120.608620][T17877] copy_process+0x5f3/0x5110 [ 2120.613235][T17877] ? get_mem_cgroup_from_mm+0x27b/0x2c0 [ 2120.618779][T17877] ? _raw_spin_lock+0xa1/0x170 [ 2120.623531][T17877] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2120.629323][T17877] ? fork_idle+0x290/0x290 [ 2120.633727][T17877] ? _raw_spin_unlock+0x5/0x20 [ 2120.638516][T17877] ? handle_mm_fault+0xb16/0x40a0 [ 2120.643527][T17877] _do_fork+0x196/0x920 [ 2120.647672][T17877] ? dup_mm+0x300/0x300 [ 2120.651815][T17877] ? do_mmap+0x9ad/0x1060 [ 2120.656136][T17877] __x64_sys_clone+0x25f/0x2c0 [ 2120.660895][T17877] ? __ia32_sys_vfork+0x110/0x110 [ 2120.665913][T17877] ? do_user_addr_fault+0x55c/0x9f0 [ 2120.671102][T17877] do_syscall_64+0xcb/0x150 [ 2120.675590][T17877] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2120.681457][T17877] RIP: 0033:0x45f1f9 [ 2120.685342][T17877] Code: ff 48 85 f6 0f 84 37 8d fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 0e 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2120.704918][T17877] RSP: 002b:00007ffce0d0df68 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2120.713298][T17877] RAX: ffffffffffffffda RBX: 00007f9080087700 RCX: 000000000045f1f9 [ 2120.721243][T17877] RDX: 00007f90800879d0 RSI: 00007f9080086db0 RDI: 00000000003d0f00 [ 2120.729201][T17877] RBP: 00007ffce0d0e190 R08: 00007f9080087700 R09: 00007f9080087700 [ 2120.737260][T17877] R10: 00007f90800879d0 R11: 0000000000000202 R12: 0000000000000000 [ 2120.745203][T17877] R13: 00007ffce0d0e01f R14: 00007f90800879c0 R15: 000000000078bf0c [ 2120.814839][T17877] Mem-Info: [ 2120.818415][T17877] active_anon:1389154 inactive_anon:17088 isolated_anon:0 [ 2120.818415][T17877] active_file:891 inactive_file:864 isolated_file:32 [ 2120.818415][T17877] unevictable:0 dirty:38 writeback:0 unstable:0 [ 2120.818415][T17877] slab_reclaimable:8504 slab_unreclaimable:78149 [ 2120.818415][T17877] mapped:63124 shmem:17095 pagetables:43214 bounce:0 [ 2120.818415][T17877] free:11904 free_pcp:288 free_cma:0 04:06:36 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) mmap$xdp(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x1000001, 0x30, 0xffffffffffffffff, 0x180000000) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:06:36 executing program 1: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xd3000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) [ 2121.008062][T17877] Node 0 active_anon:5546016kB inactive_anon:68352kB active_file:3112kB inactive_file:5600kB unevictable:0kB isolated(anon):0kB isolated(file):228kB mapped:253296kB dirty:52kB writeback:0kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 04:06:36 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x10d000}], 0x1, 0x0) pipe(0x0) 04:06:36 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x7c000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) [ 2121.048641][T17877] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2121.078986][T17877] lowmem_reserve[]: 0 2912 6416 6416 [ 2121.105061][T17877] DMA32 free:27988kB min:12836kB low:15816kB high:18796kB active_anon:2721612kB inactive_anon:8904kB active_file:1936kB inactive_file:3700kB unevictable:0kB writepending:32kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:22656kB pagetables:54032kB bounce:0kB free_pcp:380kB local_pcp:228kB free_cma:0kB [ 2121.264718][T17877] lowmem_reserve[]: 0 0 3504 3504 [ 2121.287486][T17877] Normal free:15312kB min:9688kB low:13276kB high:16864kB active_anon:2823544kB inactive_anon:59448kB active_file:1660kB inactive_file:792kB unevictable:0kB writepending:76kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30624kB pagetables:118580kB bounce:0kB free_pcp:368kB local_pcp:260kB free_cma:0kB [ 2121.324305][T17877] lowmem_reserve[]: 0 0 0 0 [ 2121.378775][T17877] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2121.436922][T17877] DMA32: 2781*4kB (UMH) 735*8kB (UMH) 342*16kB (UMH) 333*32kB (MH) 2*64kB (H) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 33388kB [ 2121.509598][T17877] Normal: 448*4kB (UME) 375*8kB (UME) 245*16kB (UM) 201*32kB (UM) 9*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 15720kB [ 2121.526079][T17877] 17465 total pagecache pages [ 2121.531190][T17877] 0 pages in swap cache [ 2121.535701][T17877] Swap cache stats: add 0, delete 0, find 0/0 [ 2121.543304][T17877] Free swap = 0kB [ 2121.549024][T17877] Total swap = 0kB [ 2121.560689][T17877] 1965979 pages RAM [ 2121.568140][T17877] 0 pages HighMem/MovableOnly [ 2121.578925][T17877] 318830 pages reserved [ 2121.587968][T17877] 0 pages cma reserved [ 2121.596891][T17877] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=17857,uid=0 [ 2121.649987][ T204] systemd-journal invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=0 [ 2121.671915][ T204] CPU: 1 PID: 204 Comm: systemd-journal Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2121.681994][ T204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2121.692042][ T204] Call Trace: [ 2121.695329][ T204] dump_stack+0x14a/0x1ce [ 2121.699651][ T204] ? devkmsg_release+0x11c/0x11c [ 2121.704583][ T204] ? show_regs_print_info+0x12/0x12 [ 2121.709799][ T204] ? radix_tree_cpu_dead+0x160/0x160 [ 2121.715071][ T204] ? _raw_spin_lock+0xa1/0x170 [ 2121.719828][ T204] ? _raw_spin_trylock_bh+0x190/0x190 [ 2121.725193][ T204] dump_header+0xdb/0x700 [ 2121.729514][ T204] oom_kill_process+0xd3/0x280 [ 2121.734268][ T204] out_of_memory+0x5b6/0x890 [ 2121.738848][ T204] ? unregister_oom_notifier+0x20/0x20 [ 2121.744329][ T204] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2121.749892][ T204] ? get_page_from_freelist+0x7c0/0x7c0 [ 2121.755437][ T204] ? __zone_watermark_ok+0x91/0x280 [ 2121.760635][ T204] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2121.765998][ T204] ? __kasan_kmalloc+0x12c/0x1c0 [ 2121.770922][ T204] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2121.776480][ T204] alloc_slab_page+0x3a/0x3a0 [ 2121.781130][ T204] new_slab+0x408/0x450 [ 2121.785257][ T204] ? should_fail+0x18e/0x860 [ 2121.789822][ T204] ___slab_alloc+0x2e0/0x450 [ 2121.794386][ T204] ? getname_flags+0xb8/0x610 [ 2121.799034][ T204] ? getname_flags+0xb8/0x610 [ 2121.803708][ T204] kmem_cache_alloc+0x23f/0x260 [ 2121.808532][ T204] getname_flags+0xb8/0x610 [ 2121.813008][ T204] ? security_prepare_creds+0x197/0x220 [ 2121.818541][ T204] user_path_at_empty+0x28/0x50 [ 2121.823378][ T204] do_faccessat+0x306/0x800 [ 2121.827852][ T204] ? __ia32_sys_fallocate+0x100/0x100 [ 2121.833195][ T204] do_syscall_64+0xcb/0x150 [ 2121.837690][ T204] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2121.843560][ T204] RIP: 0033:0x7fbb5d4e19c7 [ 2121.847960][ T204] Code: Bad RIP value. [ 2121.852000][ T204] RSP: 002b:00007ffd7e9a9618 EFLAGS: 00000246 ORIG_RAX: 0000000000000015 [ 2121.860394][ T204] RAX: ffffffffffffffda RBX: 00007ffd7e9ac530 RCX: 00007fbb5d4e19c7 [ 2121.868340][ T204] RDX: 00007fbb5df52a00 RSI: 0000000000000000 RDI: 00005648273279a3 [ 2121.876284][ T204] RBP: 00007ffd7e9a9650 R08: 0000000000000000 R09: 0000000000000000 [ 2121.884241][ T204] R10: 0000000000000069 R11: 0000000000000246 R12: 0000000000000000 [ 2121.892185][ T204] R13: 0000000000000000 R14: 00007ffd7e9ac530 R15: 00007ffd7e9a9b40 [ 2121.916903][ T204] Mem-Info: [ 2121.920246][ T204] active_anon:1386463 inactive_anon:17088 isolated_anon:0 [ 2121.920246][ T204] active_file:114 inactive_file:297 isolated_file:51 [ 2121.920246][ T204] unevictable:0 dirty:20 writeback:1 unstable:0 [ 2121.920246][ T204] slab_reclaimable:8504 slab_unreclaimable:78130 [ 2121.920246][ T204] mapped:61859 shmem:17095 pagetables:43209 bounce:0 [ 2121.920246][ T204] free:16059 free_pcp:100 free_cma:0 [ 2121.959229][ T204] Node 0 active_anon:5545852kB inactive_anon:68352kB active_file:456kB inactive_file:1188kB unevictable:0kB isolated(anon):0kB isolated(file):204kB mapped:247436kB dirty:80kB writeback:4kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2121.985623][ T204] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2122.012381][ T204] lowmem_reserve[]: 0 2912 6416 6416 [ 2122.018512][ T204] DMA32 free:33608kB min:16932kB low:19912kB high:22892kB active_anon:2721460kB inactive_anon:8904kB active_file:688kB inactive_file:444kB unevictable:0kB writepending:20kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:22688kB pagetables:54256kB bounce:0kB free_pcp:236kB local_pcp:0kB free_cma:0kB [ 2122.053558][ T204] lowmem_reserve[]: 0 0 3504 3504 [ 2122.059513][ T204] Normal free:12948kB min:9688kB low:13276kB high:16864kB active_anon:2824392kB inactive_anon:59448kB active_file:856kB inactive_file:1624kB unevictable:0kB writepending:64kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30624kB pagetables:118580kB bounce:0kB free_pcp:1152kB local_pcp:368kB free_cma:0kB [ 2122.092059][ T204] lowmem_reserve[]: 0 0 0 0 [ 2122.096759][ T204] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB 04:06:37 executing program 1: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xb8000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) [ 2122.110293][ T204] DMA32: 2914*4kB (UMH) 739*8kB (UMH) 341*16kB (UMH) 333*32kB (MH) 2*64kB (H) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 33936kB [ 2122.125026][ T204] Normal: 5*4kB (E) 48*8kB (UME) 92*16kB (UM) 202*32kB (UM) 9*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8916kB [ 2122.138825][ T204] 19069 total pagecache pages [ 2122.143698][ T204] 0 pages in swap cache [ 2122.148058][ T204] Swap cache stats: add 0, delete 0, find 0/0 [ 2122.154299][ T204] Free swap = 0kB [ 2122.158187][ T204] Total swap = 0kB [ 2122.162064][ T204] 1965979 pages RAM [ 2122.166015][ T204] 0 pages HighMem/MovableOnly [ 2122.187930][ T204] 318830 pages reserved [ 2122.197941][ T204] 0 pages cma reserved [ 2122.207145][ T204] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.5,pid=31451,uid=0 [ 2122.223616][ T204] Out of memory: Killed process 31451 (syz-executor.5) total-vm:75228kB, anon-rss:14156kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 [ 2122.247920][ T23] oom_reaper: reaped process 31451 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 04:06:38 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r1, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) ioctl$sock_inet_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000040)) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000040), 0xf}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r3, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) [ 2122.569459][T17908] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2122.651575][T17908] CPU: 0 PID: 17908 Comm: syz-executor.4 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2122.661743][T17908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2122.671825][T17908] Call Trace: [ 2122.675115][T17908] dump_stack+0x14a/0x1ce [ 2122.679450][T17908] ? devkmsg_release+0x11c/0x11c [ 2122.684381][T17908] ? show_regs_print_info+0x12/0x12 [ 2122.689577][T17908] ? radix_tree_cpu_dead+0x160/0x160 [ 2122.694852][T17908] ? _raw_spin_lock+0xa1/0x170 [ 2122.699610][T17908] ? _raw_spin_trylock_bh+0x190/0x190 [ 2122.704977][T17908] dump_header+0xdb/0x700 [ 2122.709309][T17908] oom_kill_process+0xd3/0x280 [ 2122.714067][T17908] out_of_memory+0x5b6/0x890 [ 2122.718738][T17908] ? unregister_oom_notifier+0x20/0x20 [ 2122.724191][T17908] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2122.729736][T17908] ? get_page_from_freelist+0x7c0/0x7c0 [ 2122.735280][T17908] ? __zone_watermark_ok+0x91/0x280 [ 2122.740475][T17908] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2122.745846][T17908] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2122.751383][T17908] ? copy_process+0x5a4/0x5110 [ 2122.756139][T17908] ? copy_process+0x5a4/0x5110 [ 2122.760893][T17908] ? kmem_cache_alloc+0x1d5/0x260 [ 2122.765893][T17908] copy_process+0x5f3/0x5110 [ 2122.770457][T17908] ? fork_idle+0x290/0x290 [ 2122.774849][T17908] _do_fork+0x196/0x920 [ 2122.778978][T17908] ? slab_free_freelist_hook+0xd0/0x150 [ 2122.784497][T17908] ? dup_mm+0x300/0x300 [ 2122.788711][T17908] ? ktime_get_raw+0x130/0x130 [ 2122.793447][T17908] __x64_sys_clone+0x25f/0x2c0 [ 2122.798184][T17908] ? __ia32_sys_vfork+0x110/0x110 [ 2122.803179][T17908] ? __x64_sys_clock_gettime+0x20d/0x260 [ 2122.808784][T17908] do_syscall_64+0xcb/0x150 [ 2122.813259][T17908] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2122.819122][T17908] RIP: 0033:0x45c829 [ 2122.822992][T17908] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2122.842569][T17908] RSP: 002b:00007fa744f9bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2122.850968][T17908] RAX: ffffffffffffffda RBX: 00000000004da840 RCX: 000000000045c829 [ 2122.858928][T17908] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000200183 [ 2122.866874][T17908] RBP: 000000000078c040 R08: ffffffffffffffff R09: 0000000000000000 [ 2122.874998][T17908] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2122.882942][T17908] R13: 0000000000000076 R14: 00000000004c311e R15: 00007fa744f9c6d4 [ 2122.912731][T17908] Mem-Info: [ 2122.916718][T17908] active_anon:1387227 inactive_anon:17088 isolated_anon:0 [ 2122.916718][T17908] active_file:853 inactive_file:858 isolated_file:110 [ 2122.916718][T17908] unevictable:0 dirty:29 writeback:0 unstable:0 [ 2122.916718][T17908] slab_reclaimable:8504 slab_unreclaimable:78345 [ 2122.916718][T17908] mapped:63322 shmem:17095 pagetables:43232 bounce:0 [ 2122.916718][T17908] free:12994 free_pcp:781 free_cma:0 [ 2122.993812][T17908] Node 0 active_anon:5548908kB inactive_anon:68352kB active_file:2216kB inactive_file:2476kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:250788kB dirty:116kB writeback:0kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2123.053987][T17908] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2123.125789][T17908] lowmem_reserve[]: 0 2912 6416 6416 [ 2123.142870][T17908] DMA32 free:30408kB min:16932kB low:19912kB high:22892kB active_anon:2723476kB inactive_anon:8904kB active_file:692kB inactive_file:340kB unevictable:0kB writepending:8kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:22624kB pagetables:54156kB bounce:0kB free_pcp:760kB local_pcp:696kB free_cma:0kB [ 2123.196487][T17908] lowmem_reserve[]: 0 0 3504 3504 [ 2123.201884][T17908] Normal free:13704kB min:9688kB low:13276kB high:16864kB active_anon:2824672kB inactive_anon:59448kB active_file:868kB inactive_file:732kB unevictable:0kB writepending:0kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30688kB pagetables:118692kB bounce:0kB free_pcp:32kB local_pcp:32kB free_cma:0kB [ 2123.232163][T17908] lowmem_reserve[]: 0 0 0 0 [ 2123.237209][T17908] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2123.251111][T17908] DMA32: 2201*4kB (UMH) 738*8kB (UMH) 353*16kB (UMH) 330*32kB (UMH) 2*64kB (H) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 31172kB [ 2123.266486][T17908] Normal: 1290*4kB (UME) 311*8kB (UME) 102*16kB (UM) 91*32kB (M) 26*64kB (UM) 2*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 14112kB [ 2123.282173][T17908] 17615 total pagecache pages [ 2123.287402][T17908] 0 pages in swap cache [ 2123.292070][T17908] Swap cache stats: add 0, delete 0, find 0/0 04:06:39 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x10e000}], 0x1, 0x0) pipe(0x0) [ 2123.329033][T17908] Free swap = 0kB [ 2123.336338][T17908] Total swap = 0kB [ 2123.355286][T17908] 1965979 pages RAM [ 2123.407212][T17908] 0 pages HighMem/MovableOnly [ 2123.437217][T17908] 318830 pages reserved [ 2123.450746][T17908] 0 pages cma reserved [ 2123.464128][T17908] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=17910,uid=0 [ 2123.497946][T17908] Out of memory: Killed process 17910 (syz-executor.0) total-vm:75624kB, anon-rss:16580kB, file-rss:35060kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 2123.569273][ T23] oom_reaper: reaped process 17910 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 04:06:39 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xd5000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:06:39 executing program 1: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xb6000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:06:39 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) close(0xffffffffffffffff) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:06:40 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x10f000}], 0x1, 0x0) pipe(0x0) 04:06:40 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x7d000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:06:40 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e22, @rand_addr=0x64010100}, 0x10) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) getsockopt$IP6T_SO_GET_REVISION_MATCH(0xffffffffffffffff, 0x29, 0x44, &(0x7f0000000100)={'HL\x00'}, &(0x7f0000000180)=0x1e) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') setsockopt$inet6_MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000080)={0xff, 0x1, 0xff, 0x2, 0x4}, 0xc) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) [ 2125.048970][T17946] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2125.069832][T17946] CPU: 0 PID: 17946 Comm: syz-executor.4 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2125.080013][T17946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2125.090060][T17946] Call Trace: [ 2125.093340][T17946] dump_stack+0x14a/0x1ce [ 2125.097641][T17946] ? devkmsg_release+0x11c/0x11c [ 2125.102547][T17946] ? show_regs_print_info+0x12/0x12 [ 2125.107714][T17946] ? radix_tree_cpu_dead+0x160/0x160 [ 2125.112969][T17946] ? _raw_spin_lock+0xa1/0x170 [ 2125.117703][T17946] ? _raw_spin_trylock_bh+0x190/0x190 [ 2125.123044][T17946] dump_header+0xdb/0x700 [ 2125.127347][T17946] oom_kill_process+0xd3/0x280 [ 2125.132093][T17946] out_of_memory+0x5b6/0x890 [ 2125.136655][T17946] ? unregister_oom_notifier+0x20/0x20 [ 2125.142082][T17946] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2125.147595][T17946] ? unwind_get_return_address+0x48/0x90 [ 2125.153200][T17946] ? get_page_from_freelist+0x7c0/0x7c0 [ 2125.158733][T17946] ? __zone_watermark_ok+0x91/0x280 [ 2125.163905][T17946] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2125.169266][T17946] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2125.174782][T17946] ? copy_process+0x5a4/0x5110 [ 2125.179517][T17946] ? kmem_cache_alloc+0x1d5/0x260 [ 2125.184511][T17946] copy_process+0x5f3/0x5110 [ 2125.189075][T17946] ? get_mem_cgroup_from_mm+0x27b/0x2c0 [ 2125.194591][T17946] ? _raw_spin_lock+0xa1/0x170 [ 2125.199325][T17946] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2125.205099][T17946] ? fork_idle+0x290/0x290 [ 2125.209487][T17946] ? _raw_spin_unlock+0x5/0x20 [ 2125.214224][T17946] ? handle_mm_fault+0xb16/0x40a0 [ 2125.219227][T17946] _do_fork+0x196/0x920 [ 2125.223356][T17946] ? dup_mm+0x300/0x300 [ 2125.227496][T17946] ? do_mmap+0x9ad/0x1060 [ 2125.231802][T17946] __x64_sys_clone+0x25f/0x2c0 [ 2125.236540][T17946] ? __ia32_sys_vfork+0x110/0x110 [ 2125.241545][T17946] ? do_user_addr_fault+0x55c/0x9f0 [ 2125.246730][T17946] do_syscall_64+0xcb/0x150 [ 2125.251207][T17946] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2125.257068][T17946] RIP: 0033:0x45f1f9 [ 2125.261067][T17946] Code: ff 48 85 f6 0f 84 37 8d fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 0e 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2125.280650][T17946] RSP: 002b:00007ffe517c28c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2125.289035][T17946] RAX: ffffffffffffffda RBX: 00007fa744f9c700 RCX: 000000000045f1f9 04:06:41 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000640)=ANY=[@ANYBLOB="0000ddb41266cd0a95ffe088a58c4c1d99cfd3f1826c6fa578a76282d37d6cf5a194147994797f3bed8f0c2c2aa6da7dc17f21ad08ebae2f06bc1aab1296230bd137211453d098b9b153ba42d5904611e7664f1c89ee36c6e827f36a65a52939b71bb9f6ac6a6e64815966cdfe3e35f251fa274421fb5c6ac94137eefa76d89393938fc1d2c0d6018eb688195712e1ed9b8e231b558d35165d0522329bfb0c967e2b4a5d42beb85364a300c2f6a250e07c4cdf9e5ac2e53919b5f07d9fa64b3e8df7a40330db81425208b89fa9c659be4a4a24b8408f315a03f741883e12daf1cf294c4b5b3b0e4f8867bd67b2b5984ad46c803369b6dfd2981bd46ace5bc1096adfd9f87f5e4366e0", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x40}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) r4 = syz_genetlink_get_family_id$smc(&(0x7f0000000300)='SMC_PNETID\x00') sendmsg$SMC_PNETID_FLUSH(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x28, r4, 0x400, 0x70bd2d, 0x25dfdbfb, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'veth0_to_team\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x20004040}, 0x4000000) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:06:41 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x7c000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) [ 2125.296992][T17946] RDX: 00007fa744f9c9d0 RSI: 00007fa744f9bdb0 RDI: 00000000003d0f00 [ 2125.304934][T17946] RBP: 00007ffe517c2af0 R08: 00007fa744f9c700 R09: 00007fa744f9c700 [ 2125.312877][T17946] R10: 00007fa744f9c9d0 R11: 0000000000000202 R12: 0000000000000000 [ 2125.320835][T17946] R13: 00007ffe517c297f R14: 00007fa744f9c9c0 R15: 000000000078c04c [ 2125.335033][T17946] Mem-Info: [ 2125.360535][T17946] active_anon:1388038 inactive_anon:17088 isolated_anon:0 [ 2125.360535][T17946] active_file:862 inactive_file:1393 isolated_file:103 [ 2125.360535][T17946] unevictable:0 dirty:32 writeback:0 unstable:0 [ 2125.360535][T17946] slab_reclaimable:8501 slab_unreclaimable:78312 [ 2125.360535][T17946] mapped:63660 shmem:17095 pagetables:43287 bounce:0 [ 2125.360535][T17946] free:12144 free_pcp:170 free_cma:0 [ 2125.531077][T17946] Node 0 active_anon:5552152kB inactive_anon:68352kB active_file:2380kB inactive_file:2348kB unevictable:0kB isolated(anon):0kB isolated(file):272kB mapped:251040kB dirty:28kB writeback:0kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 04:06:41 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x110000}], 0x1, 0x0) pipe(0x0) [ 2125.576319][T17946] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2125.602958][T17946] lowmem_reserve[]: 0 2912 6416 6416 [ 2125.608815][T17946] DMA32 free:28612kB min:12836kB low:15816kB high:18796kB active_anon:2725904kB inactive_anon:8904kB active_file:684kB inactive_file:348kB unevictable:0kB writepending:40kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:22688kB pagetables:54200kB bounce:0kB free_pcp:552kB local_pcp:180kB free_cma:0kB [ 2125.638759][T17946] lowmem_reserve[]: 0 0 3504 3504 [ 2125.644183][T17946] Normal free:9196kB min:5592kB low:9180kB high:12768kB active_anon:2825240kB inactive_anon:59448kB active_file:1856kB inactive_file:1708kB unevictable:0kB writepending:128kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30720kB pagetables:118948kB bounce:0kB free_pcp:1108kB local_pcp:432kB free_cma:0kB [ 2125.674435][T17946] lowmem_reserve[]: 0 0 0 0 [ 2125.706632][T17946] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2125.748643][T17946] DMA32: 1792*4kB (UMH) 744*8kB (UMH) 344*16kB (UMH) 343*32kB (UMH) 3*64kB (UH) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 29920kB [ 2125.791226][T17946] Normal: 776*4kB (UME) 229*8kB (UME) 49*16kB (UM) 90*32kB (UM) 31*64kB (UM) 5*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 11224kB [ 2125.826277][T17946] 17806 total pagecache pages [ 2125.834607][T17946] 0 pages in swap cache [ 2125.845934][T17946] Swap cache stats: add 0, delete 0, find 0/0 [ 2125.852344][T17946] Free swap = 0kB [ 2125.856058][T17946] Total swap = 0kB [ 2125.859966][T17946] 1965979 pages RAM [ 2125.863765][T17946] 0 pages HighMem/MovableOnly [ 2125.868713][T17946] 318830 pages reserved [ 2125.872856][T17946] 0 pages cma reserved [ 2125.877111][T17946] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=17944,uid=0 [ 2125.891468][T17946] Out of memory: Killed process 17944 (syz-executor.0) total-vm:75624kB, anon-rss:16580kB, file-rss:34992kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 04:06:41 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xd6000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:06:41 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x7e000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) [ 2126.258468][T17992] syz-executor.4 invoked oom-killer: gfp_mask=0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x1000000), order=0, oom_score_adj=1000 [ 2126.295583][T17992] CPU: 0 PID: 17992 Comm: syz-executor.4 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2126.305921][T17992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2126.315970][T17992] Call Trace: [ 2126.319262][T17992] dump_stack+0x14a/0x1ce [ 2126.323585][T17992] ? devkmsg_release+0x11c/0x11c [ 2126.328514][T17992] ? show_regs_print_info+0x12/0x12 [ 2126.333711][T17992] ? radix_tree_cpu_dead+0x160/0x160 [ 2126.338983][T17992] ? _raw_spin_lock+0xa1/0x170 [ 2126.343739][T17992] ? _raw_spin_trylock_bh+0x190/0x190 [ 2126.349102][T17992] dump_header+0xdb/0x700 [ 2126.353426][T17992] oom_kill_process+0xd3/0x280 [ 2126.358181][T17992] out_of_memory+0x5b6/0x890 [ 2126.362849][T17992] ? unregister_oom_notifier+0x20/0x20 [ 2126.368322][T17992] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2126.373861][T17992] ? get_page_from_freelist+0x7c0/0x7c0 [ 2126.379400][T17992] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2126.384770][T17992] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2126.390324][T17992] handle_mm_fault+0x1689/0x40a0 [ 2126.395258][T17992] ? finish_fault+0x230/0x230 [ 2126.399926][T17992] ? __up_read+0x1b0/0x1b0 [ 2126.404337][T17992] ? vmacache_update+0x9f/0xf0 [ 2126.409098][T17992] do_user_addr_fault+0x48a/0x9f0 [ 2126.414116][T17992] page_fault+0x2f/0x40 [ 2126.418258][T17992] RIP: 0033:0x41407f [ 2126.422145][T17992] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 2126.441739][T17992] RSP: 002b:00007ffe517c2910 EFLAGS: 00010206 [ 2126.447797][T17992] RAX: 00007fa744f9d000 RBX: 0000000000020000 RCX: 000000000045c87a [ 2126.455760][T17992] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 2126.463729][T17992] RBP: 00007ffe517c29f0 R08: ffffffffffffffff R09: 0000000000000000 [ 2126.471698][T17992] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe517c2af0 [ 2126.479662][T17992] R13: 00007fa744fbd700 R14: 000000000000081e R15: 000000000078bfac [ 2126.544164][T17992] Mem-Info: [ 2126.554307][T17992] active_anon:1388400 inactive_anon:17088 isolated_anon:0 [ 2126.554307][T17992] active_file:790 inactive_file:802 isolated_file:60 [ 2126.554307][T17992] unevictable:0 dirty:15 writeback:0 unstable:0 [ 2126.554307][T17992] slab_reclaimable:8500 slab_unreclaimable:78441 [ 2126.554307][T17992] mapped:63180 shmem:17095 pagetables:43388 bounce:0 [ 2126.554307][T17992] free:12329 free_pcp:61 free_cma:0 [ 2126.635890][T17992] Node 0 active_anon:5555200kB inactive_anon:68352kB active_file:2056kB inactive_file:2728kB unevictable:0kB isolated(anon):0kB isolated(file):308kB mapped:251520kB dirty:60kB writeback:0kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2126.674258][T17992] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2126.736294][T17992] lowmem_reserve[]: 0 2912 6416 6416 [ 2126.742075][T17992] DMA32 free:29092kB min:20548kB low:23528kB high:26508kB active_anon:2725736kB inactive_anon:8904kB active_file:100kB inactive_file:8kB unevictable:0kB writepending:8kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:23040kB pagetables:54188kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2126.772177][T17992] lowmem_reserve[]: 0 0 3504 3504 [ 2126.778072][T17992] Normal free:4824kB min:5592kB low:9180kB high:12768kB active_anon:2828512kB inactive_anon:59448kB active_file:2732kB inactive_file:2568kB unevictable:0kB writepending:252kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30784kB pagetables:119364kB bounce:0kB free_pcp:88kB local_pcp:4kB free_cma:0kB [ 2126.831677][T17992] lowmem_reserve[]: 0 0 0 0 [ 2126.861864][T17992] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2126.879245][T17992] DMA32: 1795*4kB (UMH) 735*8kB (UMH) 336*16kB (UMH) 337*32kB (UMH) 4*64kB (UMH) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 29604kB [ 2126.895641][T17992] Normal: 271*4kB (UMEH) 163*8kB (UMEH) 46*16kB (UM) 33*32kB (M) 25*64kB (MH) 3*128kB (MH) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 6164kB [ 2126.912132][T17992] 18032 total pagecache pages [ 2126.917389][T17992] 0 pages in swap cache [ 2126.921753][T17992] Swap cache stats: add 0, delete 0, find 0/0 [ 2126.928161][T17992] Free swap = 0kB [ 2126.932052][T17992] Total swap = 0kB [ 2126.935918][T17992] 1965979 pages RAM [ 2126.940225][T17992] 0 pages HighMem/MovableOnly [ 2126.945120][T17992] 318830 pages reserved [ 2126.949408][T17992] 0 pages cma reserved [ 2126.953569][T17992] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.3,pid=22825,uid=0 [ 2126.967702][T17992] Out of memory: Killed process 22825 (syz-executor.3) total-vm:75756kB, anon-rss:14148kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000 [ 2127.009971][ T23] oom_reaper: reaped process 22825 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 04:06:42 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x111000}], 0x1, 0x0) pipe(0x0) 04:06:43 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) open(&(0x7f0000000040)='./file0\x00', 0x4100, 0x40) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) 04:06:43 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() ioctl$TCSETSF2(0xffffffffffffffff, 0x402c542d, &(0x7f00000002c0)={0x24, 0x1, 0xffffffff, 0x735e, 0x81, "2dea285a2329c3e5c5fa07b5dd0088146961d8", 0x8, 0x80000000}) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500)}], 0x1000000000000138, 0x1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:06:43 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x7f000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:06:43 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) mmap$xdp(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x1000001, 0x30, 0xffffffffffffffff, 0x180000000) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:06:43 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xd7000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:06:43 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x112000}], 0x1, 0x0) pipe(0x0) 04:06:43 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x4, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1800000000000000000000000000000073014300000000009500000000000000ee44cbf6f96e43c2905770549d6e2e97e901361625861e2b4ae91b0fd2b0588c04f67ea44feb5d10d2f20417e1ca78db20d9e9c0f2a7f1ee7f9077f8ead2163ba119784acccff331410dac0700e5799fe29770f1588a1035b940e2cb1334a467710e90fadb1d92e1185dcdaca5c4661f7bc44a8b44562fde53458952ac8e69b88d61cc105fef94b792729c228b606cb35e35b45923c024c8ae7246d227643be304fab2f65791c2a659708b341cf9f4f5e669ebddad736ef6983d885f0ea7c3956b8220befc34120e2fe5170938c7f4c1ada084e67d8bdf72f971342595051f8d36a0f1157bd60a45edf4f47736f557badc627d5e447429e78343a1a65c372e3d43dd23a06e416ffaa6aee599accc734a1c5a89156b11bb8ee830a31802b78eed4bcdced9453403c527b2d58e3a23dc085a953a54b3b2696c2c4b184edd099bca6dc4906f22a189da980c5999d03427dbb1e983c601e3fbf2d36522942bfa221f7762621c0304b98cb44d52b57fa93e4d94b2cb0095fcaf457da570800558d456080b77cee0dd48792cd60500ec44595000002087dc9227a69b89b3564e2414c3d9e4461cd058836dbaa16764b4a9997e8380867fabbea4d4e9164e2dc7affb5c10af519f8112e8b630f20dd89e8e6da2d02547613c723d7ab1bc25103346d102d78ce7ac54622dc5cdfc9b607379dd09478525a9ea3d7ca0adacbfbc9aa0dc89e23d232cf131948dbb986b78e662b03eec9a1b71bd57620c25fe37ba253cc7ebe3ce7b20afb3929a88cf88d26efb1db363010a63e65b5bf2bc477b222cee3f3a9caf915db0f1c50842d8c6df0a"], &(0x7f0000000000)='GPL\x00', 0x5, 0x3e2, &(0x7f00001a7f05)=""/251}, 0x34) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000500)={r2, 0xc0, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x83) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000140)={r3}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, r1, 0x0, 0x22, &(0x7f0000000040)='vboxnet0nodev.wlan0vmnet0\xf2-ppp0*&\x00', r3}, 0x30) write$P9_RRENAME(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x15, 0x1}, 0x7) lseek(r4, 0x7fffffff, 0x1) 04:06:43 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xd8000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:06:43 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff) sendmsg$AUDIT_LIST_RULES(r3, &(0x7f00000003c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x10, 0x3f5, 0x1, 0x70bd27, 0x25dfdbfe, "", ["", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x40880}, 0x4805) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) r5 = accept4(0xffffffffffffffff, &(0x7f0000000040)=@ipx, &(0x7f0000000100)=0x80, 0x400) getsockopt$inet6_buf(r5, 0x29, 0x32, &(0x7f0000000180)=""/139, &(0x7f0000000240)=0x8b) 04:06:43 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x80000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:06:44 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB="c96bdef89c08946d81fdcf34d5c8dae6"], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) recvmmsg(r1, &(0x7f0000000d80)=[{{&(0x7f0000000300)=@nl, 0x80, &(0x7f0000000440)=[{&(0x7f0000000380)=""/116, 0x74}, {&(0x7f0000000400)}], 0x2, &(0x7f0000000480)=""/129, 0x81}, 0x7}, {{&(0x7f0000000540)=@nfc, 0x80, &(0x7f0000000400)=[{&(0x7f00000005c0)=""/138}], 0x6, &(0x7f0000000900)=""/141, 0xffffffffffffffa7}, 0xc5b268d}, {{&(0x7f00000009c0)=@nfc, 0x80, &(0x7f0000000c80)=[{&(0x7f0000000a40)=""/2, 0x2}, {&(0x7f0000000a80)=""/174, 0xae}, {&(0x7f0000000b40)=""/150, 0x96}, {&(0x7f0000000c00)=""/83, 0x53}], 0x4, &(0x7f0000000cc0)=""/187, 0xbb}, 0x6}], 0x3, 0x40010144, &(0x7f0000000e40)={0x77359400}) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x401}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setresgid(0x0, 0x0, 0x0) keyctl$chown(0x4, 0x0, 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0) 04:06:44 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x81000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:06:44 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x113000}], 0x1, 0x0) pipe(0x0) 04:06:44 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x80000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:06:44 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xd9000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:06:44 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB="6957ecb0f28f085aa361a5edcf68713d79623d16c85ba149c8a8a174272101ad30a399bdb0a616383638f6b33e496f21f81b436b990e35f9bb9dd00948aa3115cd44aeaf0bef7ebf932b76b9c3a417d3126b381966b1353c30da2de2091e9efca15790628535e866aa26d10c13644d970a225c666acbdead3e43c078d6548f9c209e382a3d6ed1f5d300b4cad4d20d31ce6cae9f958a80de9afb1a3c2ec5a19bf1c0f0d6baa57143cf4d8c5a4cd37db2f57c2198b55f5e2e98930574a0453568ff1cde6e9626dd33318a0c27d498cbef2cbcb1d2b772c40000"], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$EVIOCGPHYS(0xffffffffffffffff, 0x80404507, &(0x7f0000000340)=""/58) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x240040, 0x0) ioctl$EVIOCREVOKE(r4, 0x40044591, &(0x7f00000002c0)=0x7) pselect6(0xfffffffffffffc38, &(0x7f00000000c0)={0x0, 0x0, 0x800000000005, 0x0, 0x1000, 0x400, 0x7, 0x80000000}, 0x0, &(0x7f0000000140)={0xffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x0) 04:06:44 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x82000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:06:45 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x14, r3, 0x400, 0x70bd2a, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x20004040) sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000080)={&(0x7f0000000180)={0x4a, r3, 0x300, 0x70bd27, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x1000}, @IPVS_CMD_ATTR_DEST={0x2c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x4}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e23}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x1}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e21}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xf1}, @IPVS_CMD_ATTR_DEST={0x4}]}, 0x54}, 0x1, 0x0, 0x0, 0x840}, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) getsockopt$XDP_STATISTICS(0xffffffffffffffff, 0x11b, 0x7, &(0x7f0000000200), &(0x7f0000000240)=0x18) [ 2129.401650][T18121] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2129.444338][T18121] CPU: 0 PID: 18121 Comm: syz-executor.3 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2129.454511][T18121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2129.464566][T18121] Call Trace: [ 2129.467856][T18121] dump_stack+0x14a/0x1ce [ 2129.472208][T18121] ? devkmsg_release+0x11c/0x11c [ 2129.477137][T18121] ? show_regs_print_info+0x12/0x12 [ 2129.482328][T18121] ? radix_tree_cpu_dead+0x160/0x160 [ 2129.487608][T18121] ? _raw_spin_lock+0xa1/0x170 [ 2129.492370][T18121] ? _raw_spin_trylock_bh+0x190/0x190 [ 2129.497735][T18121] dump_header+0xdb/0x700 [ 2129.502061][T18121] oom_kill_process+0xd3/0x280 [ 2129.506819][T18121] out_of_memory+0x5b6/0x890 [ 2129.511411][T18121] ? unregister_oom_notifier+0x20/0x20 [ 2129.517644][T18121] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2129.523188][T18121] ? get_page_from_freelist+0x7c0/0x7c0 [ 2129.528725][T18121] ? __zone_watermark_ok+0x91/0x280 [ 2129.533915][T18121] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2129.539283][T18121] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2129.544823][T18121] ? copy_process+0x5a4/0x5110 [ 2129.549583][T18121] ? copy_process+0x5a4/0x5110 [ 2129.554344][T18121] ? kmem_cache_alloc+0x1d5/0x260 [ 2129.559365][T18121] copy_process+0x5f3/0x5110 [ 2129.563965][T18121] ? get_mem_cgroup_from_mm+0x27b/0x2c0 [ 2129.569503][T18121] ? _raw_spin_lock+0xa1/0x170 [ 2129.574270][T18121] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2129.580066][T18121] ? fork_idle+0x290/0x290 [ 2129.584471][T18121] ? _raw_spin_unlock+0x5/0x20 [ 2129.589229][T18121] ? handle_mm_fault+0xb16/0x40a0 [ 2129.594273][T18121] _do_fork+0x196/0x920 [ 2129.598514][T18121] ? dup_mm+0x300/0x300 [ 2129.602658][T18121] ? do_mmap+0x9ad/0x1060 [ 2129.606977][T18121] __x64_sys_clone+0x25f/0x2c0 [ 2129.611734][T18121] ? __ia32_sys_vfork+0x110/0x110 [ 2129.616751][T18121] ? do_user_addr_fault+0x55c/0x9f0 [ 2129.622056][T18121] do_syscall_64+0xcb/0x150 [ 2129.626542][T18121] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2129.632411][T18121] RIP: 0033:0x45f1f9 [ 2129.636287][T18121] Code: ff 48 85 f6 0f 84 37 8d fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 0e 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2129.657277][T18121] RSP: 002b:00007ffcb99f8438 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2129.665691][T18121] RAX: ffffffffffffffda RBX: 00007f77fb306700 RCX: 000000000045f1f9 [ 2129.673644][T18121] RDX: 00007f77fb3069d0 RSI: 00007f77fb305db0 RDI: 00000000003d0f00 [ 2129.681628][T18121] RBP: 00007ffcb99f8660 R08: 00007f77fb306700 R09: 00007f77fb306700 04:06:45 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x114000}], 0x1, 0x0) pipe(0x0) [ 2129.689686][T18121] R10: 00007f77fb3069d0 R11: 0000000000000202 R12: 0000000000000000 [ 2129.697643][T18121] R13: 00007ffcb99f84ef R14: 00007f77fb3069c0 R15: 000000000078bfac [ 2129.707586][T18121] Mem-Info: [ 2129.711420][T18121] active_anon:1385572 inactive_anon:17088 isolated_anon:0 [ 2129.711420][T18121] active_file:697 inactive_file:807 isolated_file:0 [ 2129.711420][T18121] unevictable:0 dirty:69 writeback:0 unstable:0 [ 2129.711420][T18121] slab_reclaimable:8485 slab_unreclaimable:78432 [ 2129.711420][T18121] mapped:62949 shmem:17095 pagetables:43578 bounce:0 [ 2129.711420][T18121] free:14275 free_pcp:621 free_cma:0 [ 2129.750350][T18121] Node 0 active_anon:5541288kB inactive_anon:68352kB active_file:3688kB inactive_file:6928kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:255196kB dirty:276kB writeback:0kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2129.774929][T18121] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2129.801010][T18121] lowmem_reserve[]: 0 2912 6416 6416 [ 2129.806420][T18121] DMA32 free:30288kB min:8740kB low:11720kB high:14700kB active_anon:2716608kB inactive_anon:8904kB active_file:1360kB inactive_file:4636kB unevictable:0kB writepending:8kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:23424kB pagetables:54644kB bounce:0kB free_pcp:268kB local_pcp:44kB free_cma:0kB [ 2129.835910][T18121] lowmem_reserve[]: 0 0 3504 3504 [ 2129.841091][T18121] Normal free:7420kB min:9688kB low:13276kB high:16864kB active_anon:2824240kB inactive_anon:59448kB active_file:2736kB inactive_file:3084kB unevictable:0kB writepending:268kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30720kB pagetables:119668kB bounce:0kB free_pcp:2032kB local_pcp:600kB free_cma:0kB [ 2129.883718][T18121] lowmem_reserve[]: 0 0 0 0 [ 2129.898253][T18121] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2129.964972][T18121] DMA32: 65*4kB (UMH) 819*8kB (UMH) 371*16kB (UMH) 409*32kB (UMH) 7*64kB (UMH) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 26412kB [ 2130.025077][T18121] Normal: 133*4kB (UME) 193*8kB (UME) 52*16kB (UM) 93*32kB (UM) 25*64kB (UM) 4*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 7996kB [ 2130.076601][T18121] 18985 total pagecache pages [ 2130.086378][T18121] 0 pages in swap cache [ 2130.098073][T18121] Swap cache stats: add 0, delete 0, find 0/0 [ 2130.105353][T18121] Free swap = 0kB [ 2130.155922][T18121] Total swap = 0kB [ 2130.159664][T18121] 1965979 pages RAM [ 2130.175434][T18121] 0 pages HighMem/MovableOnly [ 2130.212148][T18121] 318830 pages reserved [ 2130.220062][T18121] 0 pages cma reserved [ 2130.224118][T18121] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.5,pid=28149,uid=0 [ 2130.241608][T18121] Out of memory: Killed process 28149 (syz-executor.5) total-vm:75228kB, anon-rss:14140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 04:06:46 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x115000}], 0x1, 0x0) pipe(0x0) 04:06:46 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xda000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:06:46 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB="57fbdbdc5942182b9a31e87b558b750e924c9a1b46b7a85a97dd27cb1401741e67ce8dcb5f0868828a2cafd306c1d2b0263d7962b2b4d501a3aa63e04daaded7029c9af840f404cb4967ff5c73aeb4b79c88cda89af1b998ef1637924888420e290625f7a00248317fa84ce5683f0a116eb359c31bcd3dfd6e0893ff504e68ba5d2c85120ccfd05f48c3dfb1c4da4d88e6232b35bc66ee2c9d28dca18729bea5824bf1b36b0998b35bd2ecf841c9488de394922c779f6088225158cc9f2782c9dbfbeed8791dc7f1c16e3ff1f827984a942f7e412773e11f99a260047fdf"], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:06:46 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x83000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:06:46 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x9) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) recvfrom$inet6(r4, &(0x7f00000002c0)=""/22, 0x16, 0x40004000, &(0x7f0000000300)={0xa, 0x4e22, 0x0, @empty, 0x800}, 0x1c) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:06:46 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) preadv(r1, &(0x7f0000000080)=[{&(0x7f0000000040)=""/54, 0x36}], 0x1, 0x5) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet6(0xa, 0x4, 0x7) recvmmsg(r3, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) [ 2130.946007][T18158] syz-executor.4 invoked oom-killer: gfp_mask=0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x1000000), order=0, oom_score_adj=1000 [ 2130.988408][T18158] CPU: 0 PID: 18158 Comm: syz-executor.4 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2130.998573][T18158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2131.008621][T18158] Call Trace: [ 2131.011910][T18158] dump_stack+0x14a/0x1ce [ 2131.016247][T18158] ? devkmsg_release+0x11c/0x11c [ 2131.021226][T18158] ? show_regs_print_info+0x12/0x12 [ 2131.026565][T18158] ? radix_tree_cpu_dead+0x160/0x160 [ 2131.031842][T18158] ? _raw_spin_lock+0xa1/0x170 [ 2131.036602][T18158] ? _raw_spin_trylock_bh+0x190/0x190 [ 2131.041973][T18158] dump_header+0xdb/0x700 [ 2131.046299][T18158] oom_kill_process+0xd3/0x280 [ 2131.051060][T18158] out_of_memory+0x5b6/0x890 [ 2131.055646][T18158] ? unregister_oom_notifier+0x20/0x20 [ 2131.061101][T18158] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2131.066644][T18158] ? get_page_from_freelist+0x7c0/0x7c0 [ 2131.072196][T18158] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2131.077572][T18158] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2131.083114][T18158] handle_mm_fault+0x1689/0x40a0 [ 2131.088079][T18158] ? finish_fault+0x230/0x230 [ 2131.092747][T18158] ? do_mmap+0x9ad/0x1060 [ 2131.097065][T18158] ? up_read+0x10/0x10 [ 2131.101124][T18158] ? __up_read+0x1b0/0x1b0 [ 2131.105532][T18158] ? vmacache_update+0x9f/0xf0 [ 2131.110286][T18158] do_user_addr_fault+0x48a/0x9f0 [ 2131.115305][T18158] page_fault+0x2f/0x40 [ 2131.119447][T18158] RIP: 0033:0x41407f [ 2131.123334][T18158] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 2131.142926][T18158] RSP: 002b:00007ffe517c2910 EFLAGS: 00010206 [ 2131.148989][T18158] RAX: 00007fa744f5b000 RBX: 0000000000020000 RCX: 000000000045c87a [ 2131.156951][T18158] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 2131.164913][T18158] RBP: 00007ffe517c29f0 R08: ffffffffffffffff R09: 0000000000000000 [ 2131.172873][T18158] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe517c2af0 [ 2131.180831][T18158] R13: 00007fa744f7b700 R14: 0000000000000818 R15: 000000000078c0ec [ 2131.215132][T18158] Mem-Info: [ 2131.263192][T18158] active_anon:1388478 inactive_anon:17088 isolated_anon:0 [ 2131.263192][T18158] active_file:681 inactive_file:821 isolated_file:25 [ 2131.263192][T18158] unevictable:0 dirty:25 writeback:2 unstable:0 [ 2131.263192][T18158] slab_reclaimable:8476 slab_unreclaimable:78282 [ 2131.263192][T18158] mapped:62926 shmem:17095 pagetables:43719 bounce:0 [ 2131.263192][T18158] free:11630 free_pcp:503 free_cma:0 [ 2131.393787][T18158] Node 0 active_anon:5553992kB inactive_anon:68352kB active_file:2308kB inactive_file:2400kB unevictable:0kB isolated(anon):0kB isolated(file):144kB mapped:250288kB dirty:64kB writeback:0kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2131.453096][T18158] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2131.528491][T18158] lowmem_reserve[]: 0 2912 6416 6416 [ 2131.560593][T18158] DMA32 free:21508kB min:4644kB low:7624kB high:10604kB active_anon:2731100kB inactive_anon:8904kB active_file:144kB inactive_file:228kB unevictable:0kB writepending:12kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:23552kB pagetables:54708kB bounce:0kB free_pcp:504kB local_pcp:456kB free_cma:0kB 04:06:47 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x116000}], 0x1, 0x0) pipe(0x0) 04:06:47 executing program 1: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x114000}], 0x1, 0x0) pipe(0x0) [ 2131.608064][T18158] lowmem_reserve[]: 0 0 3504 3504 [ 2131.613958][T18158] Normal free:13108kB min:9688kB low:13276kB high:16864kB active_anon:2818364kB inactive_anon:59448kB active_file:2336kB inactive_file:2840kB unevictable:0kB writepending:52kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30560kB pagetables:120168kB bounce:0kB free_pcp:1592kB local_pcp:1324kB free_cma:0kB 04:06:47 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="d0a66c51c842c9a4e3fdbeac6cd8e516d00cdbb5038d9c7a599567320a98b253ce78a4b77b0e369339d90ec7df89d4e52e972941c4c90993ffbaaa6468819762b1a4e25585d610aafc9739b4427166ea8fe5d4c21db3b10d3a2c6c5069af589b5201330ae3feaa4ff3a1145e2c1a1a699943c1b2c99b3543a9e964361a20327c515ac924d413d7b5f40b81", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) ioctl$UI_SET_LEDBIT(r1, 0x40045569, 0x1) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) [ 2131.697106][T18158] lowmem_reserve[]: 0 0 0 0 [ 2131.716204][T18158] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB 04:06:47 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xdb000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) [ 2131.731782][T18158] DMA32: 1263*4kB (UMH) 477*8kB (UMH) 354*16kB (UMH) 429*32kB (UMH) 18*64kB (UMH) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 29540kB [ 2131.772376][T18158] Normal: 757*4kB (UMEH) 319*8kB (UME) 73*16kB (UM) 167*32kB (UMH) 22*64kB (UM) 4*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 14012kB [ 2131.869849][T18158] 19649 total pagecache pages [ 2131.874549][T18158] 0 pages in swap cache [ 2131.947900][T18158] Swap cache stats: add 0, delete 0, find 0/0 [ 2131.953987][T18158] Free swap = 0kB [ 2131.990041][T18158] Total swap = 0kB [ 2131.993777][T18158] 1965979 pages RAM [ 2132.010801][T18158] 0 pages HighMem/MovableOnly [ 2132.015494][T18158] 318830 pages reserved [ 2132.086967][T18158] 0 pages cma reserved [ 2132.096778][T18158] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=18161,uid=0 [ 2132.242778][ T204] systemd-journal invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=0 [ 2132.267472][ T204] CPU: 0 PID: 204 Comm: systemd-journal Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2132.277557][ T204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2132.287608][ T204] Call Trace: [ 2132.290880][ T204] dump_stack+0x14a/0x1ce [ 2132.295182][ T204] ? devkmsg_release+0x11c/0x11c [ 2132.300091][ T204] ? show_regs_print_info+0x12/0x12 [ 2132.305266][ T204] ? radix_tree_cpu_dead+0x160/0x160 [ 2132.310540][ T204] ? _raw_spin_lock+0xa1/0x170 [ 2132.315380][ T204] ? _raw_spin_trylock_bh+0x190/0x190 [ 2132.320733][ T204] dump_header+0xdb/0x700 [ 2132.325038][ T204] oom_kill_process+0xd3/0x280 [ 2132.329863][ T204] out_of_memory+0x5b6/0x890 [ 2132.334427][ T204] ? unregister_oom_notifier+0x20/0x20 [ 2132.339859][ T204] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2132.345380][ T204] ? get_page_from_freelist+0x7c0/0x7c0 [ 2132.350901][ T204] ? __zone_watermark_ok+0x91/0x280 [ 2132.356085][ T204] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2132.361430][ T204] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2132.366948][ T204] ? __secure_computing+0x250/0x250 [ 2132.372120][ T204] alloc_slab_page+0x3a/0x3a0 [ 2132.376769][ T204] new_slab+0x408/0x450 [ 2132.380925][ T204] ___slab_alloc+0x2e0/0x450 [ 2132.385487][ T204] ? slab_free_freelist_hook+0xd0/0x150 [ 2132.391008][ T204] ? getname_flags+0xb8/0x610 [ 2132.395658][ T204] ? getname_flags+0xb8/0x610 [ 2132.400307][ T204] kmem_cache_alloc+0x23f/0x260 [ 2132.405132][ T204] ? __secure_computing+0x1b6/0x250 [ 2132.410447][ T204] getname_flags+0xb8/0x610 [ 2132.414948][ T204] do_mkdirat+0xa1/0x310 [ 2132.419252][ T204] ? do_syscall_64+0x150/0x150 [ 2132.424000][ T204] ? vfs_mkdir+0x30/0x30 [ 2132.428233][ T204] do_syscall_64+0xcb/0x150 [ 2132.432722][ T204] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2132.438592][ T204] RIP: 0033:0x7fbb5d4e1687 [ 2132.443006][ T204] Code: Bad RIP value. [ 2132.447059][ T204] RSP: 002b:00007ffd7e9a94c8 EFLAGS: 00000293 ORIG_RAX: 0000000000000053 [ 2132.455470][ T204] RAX: ffffffffffffffda RBX: 00007ffd7e9ac530 RCX: 00007fbb5d4e1687 [ 2132.463422][ T204] RDX: 0000000000000000 RSI: 00000000000001ed RDI: 00005648291dd8c0 [ 2132.471370][ T204] RBP: 00007ffd7e9a9500 R08: 000056482731d3e5 R09: 0000000000000018 [ 2132.479314][ T204] R10: 0000000000000069 R11: 0000000000000293 R12: 0000000000000000 [ 2132.487260][ T204] R13: 0000000000000001 R14: 00005648291dd8c0 R15: 00007ffd7e9a9b40 [ 2132.572660][ T204] Mem-Info: [ 2132.576123][ T204] active_anon:1388206 inactive_anon:17088 isolated_anon:0 [ 2132.576123][ T204] active_file:429 inactive_file:398 isolated_file:29 [ 2132.576123][ T204] unevictable:0 dirty:7 writeback:0 unstable:0 [ 2132.576123][ T204] slab_reclaimable:8475 slab_unreclaimable:78340 [ 2132.576123][ T204] mapped:62278 shmem:17095 pagetables:43742 bounce:0 [ 2132.576123][ T204] free:12244 free_pcp:589 free_cma:0 [ 2132.628759][ T204] Node 0 active_anon:5552908kB inactive_anon:68352kB active_file:1544kB inactive_file:1304kB unevictable:0kB isolated(anon):0kB isolated(file):180kB mapped:248980kB dirty:68kB writeback:0kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2132.654329][ T204] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2132.744418][ T204] lowmem_reserve[]: 0 2912 6416 6416 [ 2132.776046][ T204] DMA32 free:26392kB min:20548kB low:23528kB high:26508kB active_anon:2723924kB inactive_anon:8904kB active_file:928kB inactive_file:1292kB unevictable:0kB writepending:8kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:23232kB pagetables:54904kB bounce:0kB free_pcp:528kB local_pcp:156kB free_cma:0kB [ 2132.862656][ T204] lowmem_reserve[]: 0 0 3504 3504 [ 2132.875122][ T204] Normal free:5776kB min:5592kB low:9180kB high:12768kB active_anon:2829176kB inactive_anon:59448kB active_file:1344kB inactive_file:2212kB unevictable:0kB writepending:60kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30656kB pagetables:120056kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2132.956295][ T204] lowmem_reserve[]: 0 0 0 0 [ 2132.960962][ T204] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2133.008086][ T204] DMA32: 848*4kB (UMH) 592*8kB (UMH) 368*16kB (UMH) 428*32kB (UMH) 18*64kB (UMH) 2*128kB (MH) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 29120kB [ 2133.039840][ T204] Normal: 212*4kB (UME) 95*8kB (UME) 19*16kB (UM) 67*32kB (UM) 24*64kB (UM) 3*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 5976kB [ 2133.059614][ T204] 18046 total pagecache pages [ 2133.064484][ T204] 0 pages in swap cache [ 2133.068886][ T204] Swap cache stats: add 0, delete 0, find 0/0 [ 2133.075118][ T204] Free swap = 0kB [ 2133.079139][ T204] Total swap = 0kB [ 2133.083025][ T204] 1965979 pages RAM [ 2133.087095][ T204] 0 pages HighMem/MovableOnly [ 2133.092234][ T204] 318830 pages reserved [ 2133.096687][ T204] 0 pages cma reserved [ 2133.100954][ T204] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=18202,uid=0 [ 2133.115396][ T204] Out of memory: Killed process 18202 (syz-executor.0) total-vm:75360kB, anon-rss:16560kB, file-rss:34984kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 2133.173772][ T23] oom_reaper: reaped process 18202 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 04:06:48 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x117000}], 0x1, 0x0) pipe(0x0) 04:06:48 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB="a22843569e1762d8fb714052"], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x8000000000) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:06:49 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r1, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) pwrite64(r2, &(0x7f0000000040)="41c1fcd01886acc5b2e652b5d335f1e060b144149209fc25", 0x18, 0x7) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r3, 0x400, 0x70bd2a, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x80000000}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x20004040) sendmsg$IPVS_CMD_NEW_SERVICE(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x28, r3, 0x300, 0x70bd28, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_SERVICE={0xc, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xc6}]}, 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x4010) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r5 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r5, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r6 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r6, &(0x7f0000000500), 0x37d, 0x0) [ 2133.749517][T18158] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2133.765900][T18158] CPU: 1 PID: 18158 Comm: syz-executor.4 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2133.776052][T18158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2133.786097][T18158] Call Trace: [ 2133.789383][T18158] dump_stack+0x14a/0x1ce [ 2133.793704][T18158] ? devkmsg_release+0x11c/0x11c [ 2133.798632][T18158] ? show_regs_print_info+0x12/0x12 [ 2133.803818][T18158] ? radix_tree_cpu_dead+0x160/0x160 [ 2133.809088][T18158] ? _raw_spin_lock+0xa1/0x170 [ 2133.813847][T18158] ? _raw_spin_trylock_bh+0x190/0x190 [ 2133.819207][T18158] dump_header+0xdb/0x700 [ 2133.823525][T18158] oom_kill_process+0xd3/0x280 [ 2133.828272][T18158] out_of_memory+0x5b6/0x890 [ 2133.832840][T18158] ? unregister_oom_notifier+0x20/0x20 [ 2133.838271][T18158] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2133.843788][T18158] ? get_page_from_freelist+0x7c0/0x7c0 [ 2133.849305][T18158] ? __zone_watermark_ok+0x91/0x280 [ 2133.854473][T18158] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2133.859818][T18158] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2133.865347][T18158] ? copy_process+0x5a4/0x5110 [ 2133.870096][T18158] ? copy_process+0x5a4/0x5110 [ 2133.874830][T18158] ? kmem_cache_alloc+0x1d5/0x260 [ 2133.879823][T18158] copy_process+0x5f3/0x5110 [ 2133.884385][T18158] ? get_mem_cgroup_from_mm+0x27b/0x2c0 [ 2133.889915][T18158] ? _raw_spin_lock+0xa1/0x170 [ 2133.894648][T18158] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2133.900425][T18158] ? fork_idle+0x290/0x290 [ 2133.904813][T18158] ? _raw_spin_unlock+0x5/0x20 [ 2133.909548][T18158] ? handle_mm_fault+0xb16/0x40a0 [ 2133.914540][T18158] _do_fork+0x196/0x920 [ 2133.918666][T18158] ? dup_mm+0x300/0x300 [ 2133.922790][T18158] ? do_mmap+0x9ad/0x1060 [ 2133.927090][T18158] __x64_sys_clone+0x25f/0x2c0 [ 2133.931823][T18158] ? __ia32_sys_vfork+0x110/0x110 [ 2133.936818][T18158] ? do_user_addr_fault+0x55c/0x9f0 [ 2133.941986][T18158] do_syscall_64+0xcb/0x150 [ 2133.946459][T18158] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2133.952320][T18158] RIP: 0033:0x45f1f9 [ 2133.956186][T18158] Code: ff 48 85 f6 0f 84 37 8d fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 0e 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2133.976048][T18158] RSP: 002b:00007ffe517c28c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2133.984427][T18158] RAX: ffffffffffffffda RBX: 00007fa744f5a700 RCX: 000000000045f1f9 [ 2133.992378][T18158] RDX: 00007fa744f5a9d0 RSI: 00007fa744f59db0 RDI: 00000000003d0f00 [ 2134.000340][T18158] RBP: 00007ffe517c2af0 R08: 00007fa744f5a700 R09: 00007fa744f5a700 [ 2134.008283][T18158] R10: 00007fa744f5a9d0 R11: 0000000000000202 R12: 0000000000000000 [ 2134.016227][T18158] R13: 00007ffe517c297f R14: 00007fa744f5a9c0 R15: 000000000078c18c [ 2134.044728][T18158] Mem-Info: [ 2134.048336][T18158] active_anon:1386560 inactive_anon:17088 isolated_anon:0 [ 2134.048336][T18158] active_file:195 inactive_file:195 isolated_file:26 [ 2134.048336][T18158] unevictable:0 dirty:34 writeback:0 unstable:0 [ 2134.048336][T18158] slab_reclaimable:8472 slab_unreclaimable:78332 [ 2134.048336][T18158] mapped:61945 shmem:17095 pagetables:43737 bounce:0 [ 2134.048336][T18158] free:14615 free_pcp:388 free_cma:0 [ 2134.087104][T18158] Node 0 active_anon:5546240kB inactive_anon:68352kB active_file:600kB inactive_file:880kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:247780kB dirty:136kB writeback:0kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2134.112059][T18158] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2134.138758][T18158] lowmem_reserve[]: 0 2912 6416 6416 [ 2134.144671][T18158] DMA32 free:27660kB min:20548kB low:23528kB high:26508kB active_anon:2725148kB inactive_anon:8904kB active_file:92kB inactive_file:108kB unevictable:0kB writepending:16kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:23296kB pagetables:54632kB bounce:0kB free_pcp:868kB local_pcp:404kB free_cma:0kB [ 2134.183528][T18158] lowmem_reserve[]: 0 0 3504 3504 [ 2134.189253][T18158] Normal free:15904kB min:24744kB low:28332kB high:31920kB active_anon:2821176kB inactive_anon:59448kB active_file:380kB inactive_file:544kB unevictable:0kB writepending:108kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30752kB pagetables:120320kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2134.242492][T18158] lowmem_reserve[]: 0 0 0 0 [ 2134.247481][T18158] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2134.261244][T18158] DMA32: 1993*4kB (UMH) 556*8kB (UMH) 351*16kB (UMH) 312*32kB (UMH) 2*64kB (H) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 28276kB [ 2134.276464][T18158] Normal: 1073*4kB (UME) 409*8kB (UME) 109*16kB (UM) 164*32kB (UM) 18*64kB (UM) 1*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 15836kB [ 2134.291903][T18158] 17438 total pagecache pages [ 2134.341283][T18158] 0 pages in swap cache [ 2134.346066][T18158] Swap cache stats: add 0, delete 0, find 0/0 [ 2134.352613][T18158] Free swap = 0kB [ 2134.375936][T18158] Total swap = 0kB [ 2134.385582][T18158] 1965979 pages RAM [ 2134.389395][T18158] 0 pages HighMem/MovableOnly [ 2134.394050][T18158] 318830 pages reserved [ 2134.415550][T18158] 0 pages cma reserved [ 2134.419635][T18158] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=18180,uid=0 [ 2134.445966][T18158] Out of memory: Killed process 18180 (syz-executor.1) total-vm:75360kB, anon-rss:16564kB, file-rss:34888kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 04:06:50 executing program 1: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) preadv(r1, &(0x7f0000000080)=[{&(0x7f0000000040)=""/54, 0x36}], 0x1, 0x5) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet6(0xa, 0x4, 0x7) recvmmsg(r3, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) 04:06:50 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x84000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) [ 2134.657337][T18225] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2134.687108][T18225] CPU: 1 PID: 18225 Comm: syz-executor.4 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2134.697287][T18225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2134.709061][T18225] Call Trace: [ 2134.712342][T18225] dump_stack+0x14a/0x1ce [ 2134.716659][T18225] ? devkmsg_release+0x11c/0x11c [ 2134.721565][T18225] ? show_regs_print_info+0x12/0x12 [ 2134.726908][T18225] ? radix_tree_cpu_dead+0x160/0x160 [ 2134.732174][T18225] ? _raw_spin_lock+0xa1/0x170 [ 2134.736950][T18225] ? _raw_spin_trylock_bh+0x190/0x190 [ 2134.742314][T18225] dump_header+0xdb/0x700 [ 2134.746634][T18225] oom_kill_process+0xd3/0x280 [ 2134.751388][T18225] out_of_memory+0x5b6/0x890 [ 2134.755969][T18225] ? unregister_oom_notifier+0x20/0x20 [ 2134.761416][T18225] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2134.766950][T18225] ? unwind_get_return_address+0x48/0x90 [ 2134.772591][T18225] ? get_page_from_freelist+0x7c0/0x7c0 [ 2134.778129][T18225] ? __zone_watermark_ok+0x91/0x280 [ 2134.783323][T18225] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2134.788689][T18225] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2134.794318][T18225] ? copy_process+0x5a4/0x5110 [ 2134.799070][T18225] ? copy_process+0x5a4/0x5110 [ 2134.803928][T18225] ? kmem_cache_alloc+0x1d5/0x260 [ 2134.808922][T18225] copy_process+0x5f3/0x5110 [ 2134.813489][T18225] ? get_mem_cgroup_from_mm+0x27b/0x2c0 [ 2134.819057][T18225] ? _raw_spin_lock+0xa1/0x170 [ 2134.823809][T18225] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2134.829607][T18225] ? fork_idle+0x290/0x290 [ 2134.834011][T18225] ? _raw_spin_unlock+0x5/0x20 [ 2134.838747][T18225] ? handle_mm_fault+0xb16/0x40a0 [ 2134.843743][T18225] _do_fork+0x196/0x920 [ 2134.847869][T18225] ? dup_mm+0x300/0x300 [ 2134.852019][T18225] ? do_mmap+0x9ad/0x1060 [ 2134.856316][T18225] __x64_sys_clone+0x25f/0x2c0 [ 2134.861061][T18225] ? __ia32_sys_vfork+0x110/0x110 [ 2134.866080][T18225] ? do_user_addr_fault+0x55c/0x9f0 [ 2134.871259][T18225] do_syscall_64+0xcb/0x150 [ 2134.875746][T18225] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2134.881635][T18225] RIP: 0033:0x45f1f9 [ 2134.885505][T18225] Code: ff 48 85 f6 0f 84 37 8d fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 0e 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2134.905184][T18225] RSP: 002b:00007ffe517c28c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2134.913579][T18225] RAX: ffffffffffffffda RBX: 00007fa744fbd700 RCX: 000000000045f1f9 [ 2134.921519][T18225] RDX: 00007fa744fbd9d0 RSI: 00007fa744fbcdb0 RDI: 00000000003d0f00 [ 2134.929466][T18225] RBP: 00007ffe517c2af0 R08: 00007fa744fbd700 R09: 00007fa744fbd700 [ 2134.937408][T18225] R10: 00007fa744fbd9d0 R11: 0000000000000202 R12: 0000000000000000 [ 2134.945350][T18225] R13: 00007ffe517c297f R14: 00007fa744fbd9c0 R15: 000000000078bfac [ 2134.955568][T18225] Mem-Info: [ 2134.958801][T18225] active_anon:1380083 inactive_anon:17088 isolated_anon:0 [ 2134.958801][T18225] active_file:1126 inactive_file:885 isolated_file:0 [ 2134.958801][T18225] unevictable:0 dirty:25 writeback:6 unstable:0 [ 2134.958801][T18225] slab_reclaimable:8472 slab_unreclaimable:78595 [ 2134.958801][T18225] mapped:63488 shmem:17095 pagetables:43738 bounce:0 [ 2134.958801][T18225] free:19124 free_pcp:580 free_cma:0 04:06:50 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x5, 0x0, 0x0, 0x5, 0x0, 0x81, 0x0, 0xfffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000002c0), 0x1}, 0x9000, 0x95}, 0x0, 0x9, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) [ 2134.997888][T18225] Node 0 active_anon:5520532kB inactive_anon:68352kB active_file:6104kB inactive_file:4340kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:255152kB dirty:100kB writeback:24kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2135.022572][T18225] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2135.049119][T18225] lowmem_reserve[]: 0 2912 6416 6416 04:06:50 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r2, &(0x7f0000000500), 0x37d, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet6(0xa, 0x3, 0x7) sendmsg$NL80211_CMD_SET_KEY(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x20, 0x0, 0x1, 0x0, 0x0, {}, [@NL80211_ATTR_KEY_SEQ={0x4}, @NL80211_ATTR_KEY_IDX={0x5, 0x5}]}, 0x20}}, 0x0) sendmsg$NL80211_CMD_DEL_STATION(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000a020}, 0xc, &(0x7f0000000080)={&(0x7f0000000180)={0x7c, 0x0, 0x200, 0x70bd2a, 0x25dfdbfc, {}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0xe, 0x13, "4b6efe421dd75a74f787"}, @NL80211_ATTR_MGMT_SUBTYPE={0x5, 0x29, 0xc}, @NL80211_ATTR_STA_SUPPORTED_RATES={0xc, 0x13, "b21fd71fd7fa2fb3"}, @NL80211_ATTR_STA_WME={0x34, 0x81, [@NL80211_STA_WME_MAX_SP={0x5, 0x2, 0x6}, @NL80211_STA_WME_MAX_SP={0x5, 0x2, 0x7}, @NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0xff}, @NL80211_STA_WME_UAPSD_QUEUES={0x5}, @NL80211_STA_WME_MAX_SP={0x5, 0x2, 0x1b}, @NL80211_STA_WME_MAX_SP={0x5, 0x2, 0x6}]}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0xffffffffffffffff}, @NL80211_ATTR_STA_PLINK_ACTION={0x5, 0x19, 0x2}]}, 0x7c}, 0x1, 0x0, 0x0, 0x4000000}, 0x2000c080) recvmmsg(r3, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) [ 2135.054601][T18225] DMA32 free:44916kB min:4644kB low:7624kB high:10604kB active_anon:2704492kB inactive_anon:8904kB active_file:656kB inactive_file:72kB unevictable:0kB writepending:16kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:23424kB pagetables:54632kB bounce:0kB free_pcp:1144kB local_pcp:524kB free_cma:0kB [ 2135.084526][T18225] lowmem_reserve[]: 0 0 3504 3504 [ 2135.089931][T18225] Normal free:9044kB min:5592kB low:9180kB high:12768kB active_anon:2816260kB inactive_anon:59448kB active_file:6184kB inactive_file:4492kB unevictable:0kB writepending:108kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30752kB pagetables:120624kB bounce:0kB free_pcp:1996kB local_pcp:1228kB free_cma:0kB [ 2135.121346][T18225] lowmem_reserve[]: 0 0 0 0 [ 2135.126137][T18225] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2135.140257][T18225] DMA32: 4014*4kB (UMH) 1164*8kB (UMH) 370*16kB (UMH) 371*32kB (UMH) 3*64kB (UH) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 43480kB [ 2135.155326][T18225] Normal: 9*4kB (ME) 10*8kB (UME) 108*16kB (UM) 180*32kB (UM) 19*64kB (UM) 3*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9204kB [ 2135.170124][T18225] 20476 total pagecache pages [ 2135.174835][T18225] 0 pages in swap cache [ 2135.179266][T18225] Swap cache stats: add 0, delete 0, find 0/0 [ 2135.185902][T18225] Free swap = 0kB [ 2135.191976][T18225] Total swap = 0kB [ 2135.196141][T18225] 1965979 pages RAM [ 2135.200252][T18225] 0 pages HighMem/MovableOnly 04:06:50 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xdc000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) [ 2135.210094][T18225] 318830 pages reserved [ 2135.214430][T18225] 0 pages cma reserved [ 2135.219133][T18225] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=18216,uid=0 04:06:51 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x118000}], 0x1, 0x0) pipe(0x0) 04:06:51 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r0, &(0x7f0000000500), 0x37d, 0x0) ioctl$BLKGETSIZE64(r0, 0x80081272, &(0x7f0000000000)) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000040)=[{&(0x7f0000000500)}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') ioctl$HIDIOCGCOLLECTIONINFO(0xffffffffffffffff, 0xc0104811, &(0x7f0000000080)={0x81, 0x3ff, 0xffffff01, 0x3ff}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) [ 2136.111091][T18268] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2136.151103][T18268] CPU: 1 PID: 18268 Comm: syz-executor.4 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2136.161272][T18268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2136.171398][T18268] Call Trace: [ 2136.174670][T18268] dump_stack+0x14a/0x1ce [ 2136.178985][T18268] ? devkmsg_release+0x11c/0x11c [ 2136.183905][T18268] ? show_regs_print_info+0x12/0x12 [ 2136.189126][T18268] ? radix_tree_cpu_dead+0x160/0x160 [ 2136.194408][T18268] ? _raw_spin_lock+0xa1/0x170 [ 2136.199150][T18268] ? _raw_spin_trylock_bh+0x190/0x190 [ 2136.204519][T18268] dump_header+0xdb/0x700 [ 2136.208826][T18268] oom_kill_process+0xd3/0x280 [ 2136.213612][T18268] out_of_memory+0x5b6/0x890 [ 2136.218191][T18268] ? unregister_oom_notifier+0x20/0x20 [ 2136.223654][T18268] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2136.229294][T18268] ? get_page_from_freelist+0x7c0/0x7c0 [ 2136.234821][T18268] ? __zone_watermark_ok+0x91/0x280 [ 2136.240008][T18268] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2136.245363][T18268] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2136.250903][T18268] ? copy_process+0x5a4/0x5110 [ 2136.255656][T18268] ? kmem_cache_alloc+0x1d5/0x260 [ 2136.260689][T18268] copy_process+0x5f3/0x5110 [ 2136.265261][T18268] ? fork_idle+0x290/0x290 [ 2136.269655][T18268] _do_fork+0x196/0x920 [ 2136.273792][T18268] ? slab_free_freelist_hook+0xd0/0x150 [ 2136.279314][T18268] ? dup_mm+0x300/0x300 [ 2136.283449][T18268] ? ktime_get_raw+0x130/0x130 [ 2136.288220][T18268] __x64_sys_clone+0x25f/0x2c0 [ 2136.293053][T18268] ? __ia32_sys_vfork+0x110/0x110 [ 2136.298055][T18268] ? __x64_sys_clock_gettime+0x20d/0x260 [ 2136.303673][T18268] do_syscall_64+0xcb/0x150 [ 2136.308154][T18268] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2136.314046][T18268] RIP: 0033:0x45c829 [ 2136.317936][T18268] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2136.337601][T18268] RSP: 002b:00007fa744f7ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2136.346102][T18268] RAX: ffffffffffffffda RBX: 00000000004da840 RCX: 000000000045c829 [ 2136.354068][T18268] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000200183 [ 2136.362046][T18268] RBP: 000000000078c0e0 R08: ffffffffffffffff R09: 0000000000000000 [ 2136.369994][T18268] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2136.377955][T18268] R13: 0000000000000076 R14: 00000000004c311e R15: 00007fa744f7b6d4 [ 2136.408886][T18268] Mem-Info: [ 2136.422765][T18268] active_anon:1380791 inactive_anon:17088 isolated_anon:0 [ 2136.422765][T18268] active_file:594 inactive_file:1823 isolated_file:50 [ 2136.422765][T18268] unevictable:0 dirty:22 writeback:0 unstable:0 [ 2136.422765][T18268] slab_reclaimable:8463 slab_unreclaimable:78754 [ 2136.422765][T18268] mapped:63412 shmem:17095 pagetables:43811 bounce:0 [ 2136.422765][T18268] free:17466 free_pcp:801 free_cma:0 [ 2136.502807][T18268] Node 0 active_anon:5524264kB inactive_anon:68352kB active_file:2776kB inactive_file:9620kB unevictable:0kB isolated(anon):0kB isolated(file):200kB mapped:255848kB dirty:88kB writeback:0kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 04:06:52 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="d0ad8a13ddc39f1e0720f18476175fb8c3750bf04d921470fdcd2ab91b760a4458a7180b80713a9cf5fcc975854f050985052be928a72527d6a11b6c718524a79ade1c492ae97a08fa1a3ffb7a03b8edfcfa43df82c7936f2e5c045791f4d8c4d90f2b8c69849c90f10e88a7208c3cf7e153ff1b3b6c108f916057afd07b0f639c55fa9b758c700ace6f2117b6abaad92fc93a323e183ccceda684b7ff9d97603d1837ed7b00", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x6, 0x18000078, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) connect$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) sendmsg$IPCTNL_MSG_EXP_GET(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x10024}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c00000001020103e4ffffff00000000050000090600074000030000"], 0x1}, 0x1, 0x0, 0x0, 0x4000090}, 0x20000004) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) [ 2136.532949][T18268] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2136.559575][T18268] lowmem_reserve[]: 0 2912 6416 6416 [ 2136.565287][T18268] DMA32 free:37696kB min:20548kB low:23528kB high:26508kB active_anon:2707156kB inactive_anon:8904kB active_file:24kB inactive_file:5552kB unevictable:0kB writepending:8kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:23392kB pagetables:54796kB bounce:0kB free_pcp:344kB local_pcp:256kB free_cma:0kB [ 2136.595413][T18268] lowmem_reserve[]: 0 0 3504 3504 04:06:52 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xdd000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:06:52 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') bind(0xffffffffffffffff, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000240)={@mcast1, @empty, @local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20c000a6, r4}) accept$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000340)={0x58, 0x0, 0x300, 0x70bd2b, 0x25dfdbff, {}, [@NL80211_ATTR_WIPHY={0x8}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x9, 0x2}}, @NL80211_ATTR_IFINDEX={0x8}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x9, 0x2}}, @NL80211_ATTR_IFINDEX={0x8}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x800}}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r5}]}, 0x58}, 0x1, 0x0, 0x0, 0x800}, 0x40000) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) [ 2136.600591][T18268] Normal free:13008kB min:9688kB low:13276kB high:16864kB active_anon:2816992kB inactive_anon:59448kB active_file:2312kB inactive_file:4164kB unevictable:0kB writepending:80kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30752kB pagetables:120448kB bounce:0kB free_pcp:1796kB local_pcp:1268kB free_cma:0kB [ 2136.631086][T18268] lowmem_reserve[]: 0 0 0 0 04:06:52 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x119000}], 0x1, 0x0) pipe(0x0) [ 2136.640747][T18268] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2136.654726][T18268] DMA32: 2460*4kB (UMH) 1180*8kB (UMH) 376*16kB (UMH) 387*32kB (UMH) 2*64kB (H) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 37936kB [ 2136.685367][T18268] Normal: 420*4kB (UME) 405*8kB (UME) 175*16kB (UM) 185*32kB (UM) 19*64kB (UM) 2*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 15112kB [ 2136.715371][T18268] 19696 total pagecache pages [ 2136.720061][T18268] 0 pages in swap cache [ 2136.724355][T18268] Swap cache stats: add 0, delete 0, find 0/0 [ 2136.731146][T18268] Free swap = 0kB [ 2136.734861][T18268] Total swap = 0kB [ 2136.743233][T18268] 1965979 pages RAM [ 2136.747895][T18268] 0 pages HighMem/MovableOnly [ 2136.752570][T18268] 318830 pages reserved [ 2136.758305][T18268] 0 pages cma reserved 04:06:52 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r0, &(0x7f0000000500), 0x37d, 0x0) ioctl$BLKGETSIZE64(r0, 0x80081272, &(0x7f0000000000)) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000040)=[{&(0x7f0000000500)}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') ioctl$HIDIOCGCOLLECTIONINFO(0xffffffffffffffff, 0xc0104811, &(0x7f0000000080)={0x81, 0x3ff, 0xffffff01, 0x3ff}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) 04:06:52 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x85000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) [ 2136.762371][T18268] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=18239,uid=0 04:06:53 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x11a000}], 0x1, 0x0) pipe(0x0) 04:06:53 executing program 1: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) socket(0x0, 0x1, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x10000000000000ed, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop-control\x00', 0x141201, 0x0) 04:06:53 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xde000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:06:53 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000240)={@mcast1, @empty, @local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20c000a6}) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010102}, 0xc) [ 2138.256659][T18332] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2138.286392][T18332] CPU: 1 PID: 18332 Comm: syz-executor.5 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2138.296549][T18332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2138.306593][T18332] Call Trace: [ 2138.309878][T18332] dump_stack+0x14a/0x1ce [ 2138.314285][T18332] ? devkmsg_release+0x11c/0x11c [ 2138.319210][T18332] ? show_regs_print_info+0x12/0x12 [ 2138.324402][T18332] ? radix_tree_cpu_dead+0x160/0x160 [ 2138.329695][T18332] ? _raw_spin_lock+0xa1/0x170 [ 2138.334448][T18332] ? _raw_spin_trylock_bh+0x190/0x190 [ 2138.339832][T18332] dump_header+0xdb/0x700 [ 2138.344155][T18332] oom_kill_process+0xd3/0x280 [ 2138.348914][T18332] out_of_memory+0x5b6/0x890 [ 2138.353498][T18332] ? unregister_oom_notifier+0x20/0x20 [ 2138.359131][T18332] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2138.364672][T18332] ? get_page_from_freelist+0x7c0/0x7c0 [ 2138.370211][T18332] ? __zone_watermark_ok+0x91/0x280 [ 2138.375400][T18332] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2138.380766][T18332] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2138.386326][T18332] ? copy_process+0x5a4/0x5110 [ 2138.391101][T18332] ? copy_process+0x5a4/0x5110 [ 2138.395863][T18332] ? kmem_cache_alloc+0x1d5/0x260 [ 2138.400899][T18332] copy_process+0x5f3/0x5110 [ 2138.405484][T18332] ? get_mem_cgroup_from_mm+0x27b/0x2c0 [ 2138.411019][T18332] ? _raw_spin_lock+0xa1/0x170 [ 2138.415773][T18332] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2138.421573][T18332] ? fork_idle+0x290/0x290 [ 2138.425985][T18332] ? _raw_spin_unlock+0x5/0x20 [ 2138.430737][T18332] ? handle_mm_fault+0xb16/0x40a0 [ 2138.435775][T18332] _do_fork+0x196/0x920 [ 2138.440049][T18332] ? dup_mm+0x300/0x300 [ 2138.444193][T18332] ? do_mmap+0x9ad/0x1060 [ 2138.448538][T18332] __x64_sys_clone+0x25f/0x2c0 [ 2138.453292][T18332] ? __ia32_sys_vfork+0x110/0x110 [ 2138.458307][T18332] ? do_user_addr_fault+0x55c/0x9f0 [ 2138.463497][T18332] do_syscall_64+0xcb/0x150 [ 2138.467994][T18332] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2138.473875][T18332] RIP: 0033:0x45f1f9 [ 2138.477840][T18332] Code: ff 48 85 f6 0f 84 37 8d fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 0e 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2138.497427][T18332] RSP: 002b:00007ffce0d0df68 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2138.505823][T18332] RAX: ffffffffffffffda RBX: 00007f9080087700 RCX: 000000000045f1f9 [ 2138.513766][T18332] RDX: 00007f90800879d0 RSI: 00007f9080086db0 RDI: 00000000003d0f00 [ 2138.521719][T18332] RBP: 00007ffce0d0e190 R08: 00007f9080087700 R09: 00007f9080087700 [ 2138.529665][T18332] R10: 00007f90800879d0 R11: 0000000000000202 R12: 0000000000000000 [ 2138.537613][T18332] R13: 00007ffce0d0e01f R14: 00007f90800879c0 R15: 000000000078bf0c 04:06:54 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x86000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:06:54 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[@ANYBLOB="a0a66cabab49c65f9235a1fbbb3359482c7c451a553911e1d7faffffff7f00bbb8e3", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x3e9, 0x1, 0x70bd2c, 0x25dfdbfe, {0x37, 0x0, 0x0, 0x0, 0x1ff, 0x6, 0x7fff, 0x0, 0x8}, ["", "", "", "", "", "", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x20008000}, 0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, r3, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x493602, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:06:54 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x11b000}], 0x1, 0x0) pipe(0x0) [ 2138.562388][T18332] Mem-Info: [ 2138.567402][T18332] active_anon:1385361 inactive_anon:17088 isolated_anon:0 [ 2138.567402][T18332] active_file:361 inactive_file:1048 isolated_file:24 [ 2138.567402][T18332] unevictable:0 dirty:12 writeback:0 unstable:0 [ 2138.567402][T18332] slab_reclaimable:8460 slab_unreclaimable:78565 [ 2138.567402][T18332] mapped:62567 shmem:17095 pagetables:43888 bounce:0 [ 2138.567402][T18332] free:14484 free_pcp:221 free_cma:0 [ 2138.755214][T18332] Node 0 active_anon:5541444kB inactive_anon:68352kB active_file:3296kB inactive_file:3100kB unevictable:0kB isolated(anon):0kB isolated(file):504kB mapped:252968kB dirty:48kB writeback:0kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2138.805213][T18332] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2138.875185][T18332] lowmem_reserve[]: 0 2912 6416 6416 [ 2138.880516][T18332] DMA32 free:30272kB min:12836kB low:15816kB high:18796kB active_anon:2719640kB inactive_anon:8904kB active_file:800kB inactive_file:996kB unevictable:0kB writepending:28kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:23552kB pagetables:54936kB bounce:0kB free_pcp:1840kB local_pcp:1184kB free_cma:0kB [ 2138.975181][T18332] lowmem_reserve[]: 0 0 3504 3504 [ 2138.980243][T18332] Normal free:11208kB min:5592kB low:9180kB high:12768kB active_anon:2822600kB inactive_anon:59448kB active_file:516kB inactive_file:2388kB unevictable:0kB writepending:20kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30656kB pagetables:120616kB bounce:0kB free_pcp:2832kB local_pcp:1460kB free_cma:0kB [ 2139.025235][T18332] lowmem_reserve[]: 0 0 0 0 [ 2139.029966][T18332] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2139.043596][T18332] DMA32: 761*4kB (UMH) 1058*8kB (UMH) 373*16kB (UMH) 383*32kB (UMH) 3*64kB (MH) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 30052kB [ 2139.058935][T18332] Normal: 1235*4kB (UME) 159*8kB (UME) 114*16kB (UM) 195*32kB (UM) 16*64kB (M) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 15300kB [ 2139.073728][T18332] 17588 total pagecache pages [ 2139.078759][T18332] 0 pages in swap cache [ 2139.083195][T18332] Swap cache stats: add 0, delete 0, find 0/0 [ 2139.090011][T18332] Free swap = 0kB [ 2139.094617][T18332] Total swap = 0kB [ 2139.099021][T18332] 1965979 pages RAM [ 2139.108171][T18332] 0 pages HighMem/MovableOnly [ 2139.113753][T18332] 318830 pages reserved [ 2139.118432][T18332] 0 pages cma reserved [ 2139.122854][T18332] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=18325,uid=0 [ 2139.140547][T18332] Out of memory: Killed process 18325 (syz-executor.0) total-vm:75492kB, anon-rss:16568kB, file-rss:34864kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 2139.163088][ T23] oom_reaper: reaped process 18325 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2139.368823][T18332] syz-executor.5 invoked oom-killer: gfp_mask=0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x1000000), order=0, oom_score_adj=1000 [ 2139.429454][T18332] CPU: 1 PID: 18332 Comm: syz-executor.5 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2139.439650][T18332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2139.449700][T18332] Call Trace: [ 2139.452983][T18332] dump_stack+0x14a/0x1ce [ 2139.457299][T18332] ? devkmsg_release+0x11c/0x11c [ 2139.462224][T18332] ? show_regs_print_info+0x12/0x12 [ 2139.467409][T18332] ? radix_tree_cpu_dead+0x160/0x160 [ 2139.472678][T18332] ? _raw_spin_lock+0xa1/0x170 [ 2139.477428][T18332] ? _raw_spin_trylock_bh+0x190/0x190 [ 2139.482786][T18332] dump_header+0xdb/0x700 [ 2139.487104][T18332] oom_kill_process+0xd3/0x280 [ 2139.491847][T18332] out_of_memory+0x5b6/0x890 [ 2139.496408][T18332] ? unregister_oom_notifier+0x20/0x20 [ 2139.501837][T18332] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2139.507355][T18332] ? get_page_from_freelist+0x7c0/0x7c0 [ 2139.512871][T18332] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2139.518224][T18332] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2139.523752][T18332] handle_mm_fault+0x1689/0x40a0 [ 2139.528658][T18332] ? finish_fault+0x230/0x230 [ 2139.533304][T18332] ? do_mmap+0x9ad/0x1060 [ 2139.537602][T18332] ? up_read+0x10/0x10 [ 2139.541643][T18332] ? __up_read+0x1b0/0x1b0 [ 2139.546029][T18332] ? vmacache_update+0x9f/0xf0 [ 2139.550850][T18332] do_user_addr_fault+0x48a/0x9f0 [ 2139.555844][T18332] page_fault+0x2f/0x40 [ 2139.559966][T18332] RIP: 0033:0x41407f [ 2139.563830][T18332] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 2139.583418][T18332] RSP: 002b:00007ffce0d0dfb0 EFLAGS: 00010206 [ 2139.589451][T18332] RAX: 00007f9080025000 RBX: 0000000000020000 RCX: 000000000045c87a [ 2139.597405][T18332] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 2139.605388][T18332] RBP: 00007ffce0d0e090 R08: ffffffffffffffff R09: 0000000000000000 [ 2139.613329][T18332] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffce0d0e190 [ 2139.621270][T18332] R13: 00007f9080045700 R14: 000000000000081e R15: 000000000078c04c [ 2139.655147][T18332] Mem-Info: [ 2139.658603][T18332] active_anon:1385524 inactive_anon:17088 isolated_anon:0 [ 2139.658603][T18332] active_file:495 inactive_file:435 isolated_file:32 [ 2139.658603][T18332] unevictable:0 dirty:44 writeback:5 unstable:0 [ 2139.658603][T18332] slab_reclaimable:8459 slab_unreclaimable:78637 [ 2139.658603][T18332] mapped:62535 shmem:17095 pagetables:43919 bounce:0 [ 2139.658603][T18332] free:14531 free_pcp:141 free_cma:0 [ 2139.697255][T18332] Node 0 active_anon:5542096kB inactive_anon:68352kB active_file:1868kB inactive_file:1612kB unevictable:0kB isolated(anon):0kB isolated(file):232kB mapped:250040kB dirty:176kB writeback:20kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2139.723059][T18332] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2139.765485][T18332] lowmem_reserve[]: 0 2912 6416 6416 [ 2139.778288][T18332] DMA32 free:30992kB min:20548kB low:23528kB high:26508kB active_anon:2718148kB inactive_anon:8904kB active_file:160kB inactive_file:664kB unevictable:0kB writepending:20kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:23648kB pagetables:55100kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2139.891896][T18332] lowmem_reserve[]: 0 0 3504 3504 [ 2139.905189][T18332] Normal free:10036kB min:13784kB low:17372kB high:20960kB active_anon:2825212kB inactive_anon:59448kB active_file:1372kB inactive_file:936kB unevictable:0kB writepending:176kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30784kB pagetables:120576kB bounce:0kB free_pcp:132kB local_pcp:60kB free_cma:0kB [ 2139.936026][T18332] lowmem_reserve[]: 0 0 0 0 [ 2139.940909][T18332] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2139.954623][T18332] DMA32: 636*4kB (UMH) 1120*8kB (UMH) 370*16kB (UMH) 371*32kB (UMH) 2*64kB (H) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 29552kB [ 2139.969648][T18332] Normal: 96*4kB (UME) 52*8kB (UME) 144*16kB (UM) 200*32kB (UM) 14*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 10400kB [ 2140.021628][T18332] 17761 total pagecache pages [ 2140.029611][T18332] 0 pages in swap cache [ 2140.033965][T18332] Swap cache stats: add 0, delete 0, find 0/0 [ 2140.040382][T18332] Free swap = 0kB [ 2140.044332][T18332] Total swap = 0kB [ 2140.048305][T18332] 1965979 pages RAM [ 2140.052359][T18332] 0 pages HighMem/MovableOnly [ 2140.057516][T18332] 318830 pages reserved [ 2140.061942][T18332] 0 pages cma reserved [ 2140.066244][T18332] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.5,pid=24808,uid=0 [ 2140.081654][T18332] Out of memory: Killed process 24808 (syz-executor.5) total-vm:75360kB, anon-rss:14128kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 [ 2140.148392][ T23] oom_reaper: reaped process 24808 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2140.283294][ T23] oom_reaper: reaped process 18336 (syz-executor.2), now anon-rss:0kB, file-rss:33884kB, shmem-rss:0kB [ 2140.340837][ T266] rs:main Q:Reg invoked oom-killer: gfp_mask=0x101cca(GFP_HIGHUSER_MOVABLE|__GFP_WRITE), order=0, oom_score_adj=0 [ 2140.353515][ T266] CPU: 0 PID: 266 Comm: rs:main Q:Reg Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2140.363403][ T266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2140.373472][ T266] Call Trace: [ 2140.376758][ T266] dump_stack+0x14a/0x1ce [ 2140.381104][ T266] ? devkmsg_release+0x11c/0x11c [ 2140.386033][ T266] ? show_regs_print_info+0x12/0x12 [ 2140.391218][ T266] ? radix_tree_cpu_dead+0x160/0x160 [ 2140.396491][ T266] ? _raw_spin_lock+0xa1/0x170 [ 2140.401247][ T266] ? _raw_spin_trylock_bh+0x190/0x190 [ 2140.406611][ T266] dump_header+0xdb/0x700 [ 2140.410937][ T266] oom_kill_process+0xd3/0x280 [ 2140.415836][ T266] out_of_memory+0x5b6/0x890 [ 2140.420424][ T266] ? unregister_oom_notifier+0x20/0x20 [ 2140.425882][ T266] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2140.431663][ T266] ? get_page_from_freelist+0x7c0/0x7c0 [ 2140.437216][ T266] ? __ext4_handle_dirty_metadata+0x2d8/0x910 [ 2140.443269][ T266] ? node_dirty_ok+0x5f9/0x650 [ 2140.448025][ T266] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2140.453388][ T266] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2140.458929][ T266] ? ext4_reserve_inode_write+0x19c/0x220 [ 2140.464640][ T266] pagecache_get_page+0x50f/0x880 [ 2140.469660][ T266] grab_cache_page_write_begin+0x50/0x90 [ 2140.475281][ T266] ext4_da_write_begin+0x9e1/0xfc0 [ 2140.480385][ T266] ? ext4_set_page_dirty+0x190/0x190 [ 2140.485658][ T266] ? __ext4_expand_extra_isize+0x3b0/0x3b0 [ 2140.491453][ T266] ? __mark_inode_dirty+0x47d/0xba0 [ 2140.496680][ T266] ? __block_commit_write+0x226/0x240 [ 2140.502050][ T266] ? generic_write_end+0x1fd/0x2e0 [ 2140.507140][ T266] ? __ext4_journal_stop+0x2f/0x190 [ 2140.512315][ T266] ? iov_iter_fault_in_readable+0x2d2/0x630 [ 2140.518186][ T266] ? uuid_parse+0x3e0/0x3e0 [ 2140.522677][ T266] ? balance_dirty_pages_ratelimited+0x302/0x4c0 [ 2140.529017][ T266] generic_perform_write+0x2f7/0x5a0 [ 2140.534292][ T266] ? grab_cache_page_write_begin+0x90/0x90 [ 2140.540111][ T266] ? file_remove_privs+0x640/0x640 [ 2140.545209][ T266] ? down_write_trylock+0xd8/0x150 [ 2140.550307][ T266] __generic_file_write_iter+0x217/0x440 [ 2140.555928][ T266] ext4_file_write_iter+0x46f/0x1070 [ 2140.561203][ T266] ? ext4_file_read_iter+0x140/0x140 [ 2140.566566][ T266] ? filemap_fault+0x19d0/0x19d0 [ 2140.571497][ T266] ? iov_iter_init+0x83/0x160 [ 2140.576161][ T266] __vfs_write+0x59d/0x720 [ 2140.580567][ T266] ? __kernel_write+0x340/0x340 [ 2140.585409][ T266] ? avc_policy_seqno+0x17/0x70 [ 2140.590246][ T266] ? security_file_permission+0x128/0x300 [ 2140.595951][ T266] vfs_write+0x217/0x4f0 [ 2140.600189][ T266] ksys_write+0x18c/0x2c0 [ 2140.604511][ T266] ? __ia32_sys_read+0x80/0x80 [ 2140.609351][ T266] do_syscall_64+0xcb/0x150 [ 2140.613841][ T266] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2140.619718][ T266] RIP: 0033:0x7f9f8c6ef1cd [ 2140.624115][ T266] Code: c2 20 00 00 75 10 b8 01 00 00 00 0f 05 48 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 ae fc ff ff 48 89 04 24 b8 01 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 f7 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 2140.644039][ T266] RSP: 002b:00007f9f89caa590 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 2140.652419][ T266] RAX: ffffffffffffffda RBX: 00007f9f80022050 RCX: 00007f9f8c6ef1cd [ 2140.660363][ T266] RDX: 0000000000000dbe RSI: 00007f9f80022050 RDI: 0000000000000006 [ 2140.668831][ T266] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 2140.676773][ T266] R10: 0000000000000000 R11: 0000000000000293 R12: 00007f9f80021dd0 [ 2140.684723][ T266] R13: 00007f9f89caa5b0 R14: 000055ee5f2ab360 R15: 0000000000000dbe 04:06:56 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x100000001) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) 04:06:56 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB="601b7c088882ea5d1b9cb427c6b91e079e7ff6f8470000000000009a0000000000000000"], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:06:56 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[@ANYBLOB="a0a66cabab49c65f9235a1fbbb3359482c7c451a553911e1d7faffffff7f00bbb8e3", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x3e9, 0x1, 0x70bd2c, 0x25dfdbfe, {0x37, 0x0, 0x0, 0x0, 0x1ff, 0x6, 0x7fff, 0x0, 0x8}, ["", "", "", "", "", "", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x20008000}, 0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, r3, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x493602, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:06:56 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xdf000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) [ 2140.871278][ T266] Mem-Info: [ 2140.876228][ T266] active_anon:1377875 inactive_anon:17088 isolated_anon:0 [ 2140.876228][ T266] active_file:719 inactive_file:2170 isolated_file:32 [ 2140.876228][ T266] unevictable:0 dirty:37 writeback:5 unstable:0 [ 2140.876228][ T266] slab_reclaimable:8459 slab_unreclaimable:78580 [ 2140.876228][ T266] mapped:63811 shmem:17095 pagetables:43921 bounce:0 [ 2140.876228][ T266] free:19325 free_pcp:1373 free_cma:0 04:06:56 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x11c000}], 0x1, 0x0) pipe(0x0) [ 2140.918399][ T266] Node 0 active_anon:5511500kB inactive_anon:68352kB active_file:3240kB inactive_file:8740kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:255544kB dirty:148kB writeback:20kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2140.943537][ T266] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2140.970506][ T266] lowmem_reserve[]: 0 2912 6416 6416 [ 2140.976094][ T266] DMA32 free:47360kB min:8740kB low:11720kB high:14700kB active_anon:2694452kB inactive_anon:8904kB active_file:592kB inactive_file:5444kB unevictable:0kB writepending:32kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:23680kB pagetables:55104kB bounce:0kB free_pcp:2752kB local_pcp:1364kB free_cma:0kB [ 2141.011822][ T266] lowmem_reserve[]: 0 0 3504 3504 [ 2141.030975][ T266] Normal free:11604kB min:5592kB low:9180kB high:12768kB active_anon:2820556kB inactive_anon:59448kB active_file:1800kB inactive_file:3896kB unevictable:0kB writepending:136kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30592kB pagetables:120832kB bounce:0kB free_pcp:932kB local_pcp:476kB free_cma:0kB 04:06:56 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x87000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) [ 2141.228302][ T266] lowmem_reserve[]: 0 0 0 0 [ 2141.237994][ T266] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2141.253887][ T266] DMA32: 500*4kB (UMH) 165*8kB (UMH) 265*16kB (UMH) 406*32kB (MH) 20*64kB (MH) 10*128kB (MH) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 23112kB [ 2141.271156][ T266] Normal: 164*4kB (UME) 84*8kB (ME) 71*16kB (M) 205*32kB (UM) 15*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9984kB [ 2141.296304][ T266] 19064 total pagecache pages [ 2141.306843][ T266] 0 pages in swap cache [ 2141.311099][ T266] Swap cache stats: add 0, delete 0, find 0/0 [ 2141.317799][ T266] Free swap = 0kB [ 2141.321773][ T266] Total swap = 0kB [ 2141.326164][ T266] 1965979 pages RAM [ 2141.330112][ T266] 0 pages HighMem/MovableOnly [ 2141.334929][ T266] 318830 pages reserved [ 2141.340230][ T266] 0 pages cma reserved [ 2141.349458][ T266] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=18342,uid=0 04:06:57 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[@ANYBLOB="a0a66cabab49c65f9235a1fbbb3359482c7c451a553911e1d7faffffff7f00bbb8e3", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x3e9, 0x1, 0x70bd2c, 0x25dfdbfe, {0x37, 0x0, 0x0, 0x0, 0x1ff, 0x6, 0x7fff, 0x0, 0x8}, ["", "", "", "", "", "", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x20008000}, 0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, r3, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x493602, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:06:57 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x11d000}], 0x1, 0x0) pipe(0x0) 04:06:57 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000002c0)=@gcm_128={{0x304}, "611173de00c3dc36", "e5ef1f723e72466c2ab4cb4f642ab060", "0f17cbe1", "8461a825b78e0134"}, 0x28) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x1b4a0fd1ac729270, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:06:57 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x4e22, @empty}, 0x10) write(r1, &(0x7f0000000340), 0x41395527) sendmsg$NLBL_MGMT_C_VERSION(r1, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x30, 0x0, 0x2, 0x70bd26, 0x25dfdbfd, {}, [@NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @empty}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @local}]}, 0x30}, 0x1, 0x0, 0x0, 0x5c884}, 0x880) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r3, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) 04:06:57 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xe0000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:06:58 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x11e000}], 0x1, 0x0) pipe(0x0) 04:06:58 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB='\x00\x00\x00', @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:06:58 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[@ANYBLOB="a0a66cabab49c65f9235a1fbbb3359482c7c451a553911e1d7faffffff7f00bbb8e3", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x3e9, 0x1, 0x70bd2c, 0x25dfdbfe, {0x37, 0x0, 0x0, 0x0, 0x1ff, 0x6, 0x7fff, 0x0, 0x8}, ["", "", "", "", "", "", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x20008000}, 0x1) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, r3, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x493602, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:06:58 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x88000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:06:58 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) fsetxattr(r2, &(0x7f0000000040)=@known='trusted.overlay.upper\x00', &(0x7f0000000080)='\x00', 0x1, 0x3) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r3, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) 04:06:59 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x11f000}], 0x1, 0x0) pipe(0x0) 04:06:59 executing program 1: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f0000000040)) setsockopt$netlink_NETLINK_RX_RING(r0, 0x10e, 0x6, &(0x7f0000000080)={0x7, 0x8, 0x20, 0xfffffffe}, 0x10) connect$inet(r1, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f00000015c0)=[{&(0x7f0000000100)=""/36, 0x24}, {&(0x7f0000000180)}, {&(0x7f00000001c0)=""/116, 0x74}, {&(0x7f0000000340)=""/192, 0xc0}, {&(0x7f0000000400)=""/4096, 0x1000}, {&(0x7f0000001400)=""/179, 0xb3}, {&(0x7f0000000240)=""/72, 0x48}, {&(0x7f00000014c0)=""/197, 0xc5}], 0x8, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r3, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f0000000100)}, 0x1}], 0x1, 0x20, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000001640)='net/udp6\x00') preadv(r5, &(0x7f0000000500), 0x37d, 0x0) ioctl$HIDIOCAPPLICATION(r5, 0x4802, 0x3d31) 04:06:59 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xe1000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:06:59 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) setsockopt$pppl2tp_PPPOL2TP_SO_REORDERTO(0xffffffffffffffff, 0x111, 0x5, 0x4, 0x4) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:06:59 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x89000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:06:59 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x8a000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:06:59 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x10c) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) 04:07:00 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x120000}], 0x1, 0x0) pipe(0x0) 04:07:00 executing program 1: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xaa000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:07:00 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="b7de80", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) keyctl$search(0xa, 0x0, &(0x7f0000000180)='rxrpc_s\x00', &(0x7f0000000280)={'syz', 0x0}, 0x0) keyctl$KEYCTL_PKEY_QUERY(0x18, 0x0, 0x0, &(0x7f00000002c0)='\'ppp0[[\x00', &(0x7f0000000300)) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:07:00 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xe2000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) [ 2144.759812][T18506] syz-executor.4 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2144.783089][T18506] CPU: 1 PID: 18506 Comm: syz-executor.4 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2144.793424][T18506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2144.803470][T18506] Call Trace: [ 2144.806757][T18506] dump_stack+0x14a/0x1ce [ 2144.811077][T18506] ? devkmsg_release+0x11c/0x11c [ 2144.816002][T18506] ? show_regs_print_info+0x12/0x12 [ 2144.821191][T18506] ? radix_tree_cpu_dead+0x160/0x160 [ 2144.826461][T18506] ? _raw_spin_lock+0xa1/0x170 [ 2144.831213][T18506] ? _raw_spin_trylock_bh+0x190/0x190 [ 2144.836560][T18506] dump_header+0xdb/0x700 [ 2144.840861][T18506] oom_kill_process+0xd3/0x280 [ 2144.845630][T18506] out_of_memory+0x5b6/0x890 [ 2144.850191][T18506] ? unregister_oom_notifier+0x20/0x20 [ 2144.855640][T18506] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2144.861168][T18506] ? get_page_from_freelist+0x7c0/0x7c0 [ 2144.866712][T18506] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2144.872054][T18506] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2144.877571][T18506] pagecache_get_page+0x50f/0x880 [ 2144.882563][T18506] ? __perf_event_task_sched_in+0x4f7/0x560 [ 2144.888424][T18506] filemap_fault+0x1474/0x19d0 [ 2144.893157][T18506] ? generic_file_read_iter+0x20b0/0x20b0 [ 2144.898844][T18506] ? __rcu_read_lock+0x50/0x50 [ 2144.903580][T18506] ext4_filemap_fault+0x7b/0x90 [ 2144.908400][T18506] handle_mm_fault+0x19ac/0x40a0 [ 2144.913305][T18506] ? finish_fault+0x230/0x230 [ 2144.918043][T18506] ? preempt_schedule_irq+0xe7/0x140 [ 2144.923298][T18506] ? preempt_schedule_notrace+0x130/0x130 [ 2144.928983][T18506] ? put_timespec64+0x109/0x150 [ 2144.933803][T18506] ? __up_read+0x1b0/0x1b0 [ 2144.938188][T18506] ? vmacache_find+0x205/0x4b0 [ 2144.942922][T18506] do_user_addr_fault+0x48a/0x9f0 [ 2144.947925][T18506] page_fault+0x2f/0x40 [ 2144.952049][T18506] RIP: 0033:0x403717 [ 2144.955914][T18506] Code: 00 00 00 48 83 ec 08 48 8b 15 85 ef 89 00 48 8b 05 76 ef 89 00 48 39 d0 48 8d 8a 00 00 00 01 72 17 48 39 c8 73 12 48 8d 50 04 <89> 38 48 89 15 58 ef 89 00 48 83 c4 08 c3 48 89 c6 bf 50 fa 4c 00 [ 2144.975485][T18506] RSP: 002b:00007ffe517c29b0 EFLAGS: 00010283 [ 2144.981521][T18506] RAX: 0000001b2d622438 RBX: 0000000000000005 RCX: 0000001b2e620000 [ 2144.989463][T18506] RDX: 0000001b2d62243c RSI: 0000000000000000 RDI: 0000000000000005 [ 2144.997408][T18506] RBP: 00000000000003e7 R08: 0000000000000000 R09: 0000000000000000 [ 2145.005436][T18506] R10: 00007ffe517c2ae0 R11: 0000000000000246 R12: 000000000078c900 [ 2145.013375][T18506] R13: 000000000078c900 R14: 000000000078bf00 R15: 000000000078c04c [ 2145.148535][T18506] Mem-Info: [ 2145.151689][T18506] active_anon:1384950 inactive_anon:17088 isolated_anon:0 [ 2145.151689][T18506] active_file:259 inactive_file:260 isolated_file:57 [ 2145.151689][T18506] unevictable:0 dirty:10 writeback:0 unstable:0 [ 2145.151689][T18506] slab_reclaimable:8443 slab_unreclaimable:78658 [ 2145.151689][T18506] mapped:62210 shmem:17095 pagetables:44078 bounce:0 [ 2145.151689][T18506] free:14704 free_pcp:372 free_cma:0 [ 2145.189786][T18506] Node 0 active_anon:5539808kB inactive_anon:68352kB active_file:976kB inactive_file:1012kB unevictable:0kB isolated(anon):0kB isolated(file):196kB mapped:248752kB dirty:52kB writeback:0kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2145.214222][T18506] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2145.240171][T18506] lowmem_reserve[]: 0 2912 6416 6416 [ 2145.245488][T18506] DMA32 free:29884kB min:20548kB low:23528kB high:26508kB active_anon:2718108kB inactive_anon:8904kB active_file:80kB inactive_file:188kB unevictable:0kB writepending:0kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:24256kB pagetables:55864kB bounce:0kB free_pcp:100kB local_pcp:4kB free_cma:0kB [ 2145.310874][T18506] lowmem_reserve[]: 0 0 3504 3504 [ 2145.318014][T18506] Normal free:14032kB min:5592kB low:9180kB high:12768kB active_anon:2822296kB inactive_anon:59448kB active_file:292kB inactive_file:832kB unevictable:0kB writepending:0kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30592kB pagetables:120792kB bounce:0kB free_pcp:1524kB local_pcp:1064kB free_cma:0kB [ 2145.352744][T18506] lowmem_reserve[]: 0 0 0 0 [ 2145.357280][T18506] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2145.370652][T18506] DMA32: 198*4kB (MH) 1195*8kB (UMH) 413*16kB (UMH) 392*32kB (UMH) 2*64kB (H) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 29760kB [ 2145.385316][T18506] Normal: 428*4kB (MEH) 263*8kB (MEH) 106*16kB (MH) 192*32kB (MH) 8*64kB (MH) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12168kB [ 2145.400711][T18506] 17883 total pagecache pages [ 2145.429276][T18506] 0 pages in swap cache [ 2145.440341][T18506] Swap cache stats: add 0, delete 0, find 0/0 [ 2145.446889][T18506] Free swap = 0kB [ 2145.451062][T18506] Total swap = 0kB [ 2145.454815][T18506] 1965979 pages RAM [ 2145.458602][T18506] 0 pages HighMem/MovableOnly [ 2145.474373][T18506] 318830 pages reserved 04:07:01 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xe3000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:07:01 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x4e000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:07:01 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fspick(r3, &(0x7f00000002c0)='./file0\x00', 0x0) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) [ 2145.478855][T18506] 0 pages cma reserved [ 2145.483272][T18506] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=18499,uid=0 [ 2145.498001][T18506] Out of memory: Killed process 18499 (syz-executor.0) total-vm:75492kB, anon-rss:16568kB, file-rss:35068kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 04:07:01 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x121000}], 0x1, 0x0) pipe(0x0) 04:07:01 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x8b000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:07:01 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000180)="03b9c222d1fb45c59884d55d27f3fb5961c228f0dd815b6677241f072da0fbf0000100000000000000416d702a9ff090301c7be487c50fd8d70d8cdc6ba724eef64e19228e30a8feb086a847388e3f21a7ff6f01a3d0b7c09592120131310164c140d1c469d917518dcd86bfbaf5b0e729c1c9fa3835f016861e6396a7ed7d03f70b002845b2c6431a0d82e065dfb563c3bc757dd3a35a29cf07bd02358d02c8c0f4e1de2def26ffea060077c8fbe3a0e7d8fc39036fbda322461a86361f348a52f854c88748c043675f19199531b4c409902e283ecddd38d34e71e5848ed020d3c4429d", 0xe4}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) 04:07:01 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) pipe(&(0x7f00000002c0)) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) [ 2146.125423][ T256] cron invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2146.144601][ T256] CPU: 0 PID: 256 Comm: cron Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2146.153717][ T256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2146.163869][ T256] Call Trace: [ 2146.167227][ T256] dump_stack+0x14a/0x1ce [ 2146.171627][ T256] ? devkmsg_release+0x11c/0x11c [ 2146.176547][ T256] ? show_regs_print_info+0x12/0x12 [ 2146.181733][ T256] ? radix_tree_cpu_dead+0x160/0x160 [ 2146.187008][ T256] ? _raw_spin_lock+0xa1/0x170 [ 2146.191747][ T256] ? _raw_spin_trylock_bh+0x190/0x190 [ 2146.197101][ T256] dump_header+0xdb/0x700 [ 2146.201421][ T256] oom_kill_process+0xd3/0x280 [ 2146.206299][ T256] out_of_memory+0x5b6/0x890 [ 2146.210882][ T256] ? unregister_oom_notifier+0x20/0x20 [ 2146.216324][ T256] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2146.221864][ T256] ? get_page_from_freelist+0x7c0/0x7c0 [ 2146.227402][ T256] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2146.232759][ T256] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2146.238295][ T256] pagecache_get_page+0x50f/0x880 [ 2146.243306][ T256] filemap_fault+0x1474/0x19d0 [ 2146.248062][ T256] ? generic_file_read_iter+0x20b0/0x20b0 [ 2146.253769][ T256] ? ___preempt_schedule+0x16/0x20 [ 2146.258868][ T256] ext4_filemap_fault+0x7b/0x90 [ 2146.263710][ T256] handle_mm_fault+0x2837/0x40a0 [ 2146.268637][ T256] ? finish_fault+0x230/0x230 [ 2146.273318][ T256] ? memset+0x1f/0x40 [ 2146.277280][ T256] ? hrtimer_init_sleeper+0x23a/0x380 [ 2146.282634][ T256] ? __up_read+0x1b0/0x1b0 [ 2146.287027][ T256] ? vmacache_find+0x205/0x4b0 [ 2146.291769][ T256] do_user_addr_fault+0x48a/0x9f0 [ 2146.296797][ T256] page_fault+0x2f/0x40 [ 2146.300992][ T256] RIP: 0033:0x55eba02e9373 [ 2146.305401][ T256] Code: Bad RIP value. [ 2146.309451][ T256] RSP: 002b:00007ffd754a7d90 EFLAGS: 00010246 [ 2146.315499][ T256] RAX: 0000000000000000 RBX: 000000000000003a RCX: 00007faf6389d270 [ 2146.323482][ T256] RDX: 0000000000000008 RSI: 00007ffd754a7d60 RDI: 00007ffd754a7d60 [ 2146.331433][ T256] RBP: 00007ffd754a7d90 R08: 0000000000000002 R09: 0000000000000003 [ 2146.339424][ T256] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2146.347429][ T256] R13: 00007ffd754a7eb0 R14: 0000000000000000 R15: 0000000000000000 [ 2146.373932][ T256] Mem-Info: [ 2146.377106][ T256] active_anon:1386729 inactive_anon:17088 isolated_anon:0 [ 2146.377106][ T256] active_file:863 inactive_file:851 isolated_file:33 [ 2146.377106][ T256] unevictable:0 dirty:14 writeback:0 unstable:0 [ 2146.377106][ T256] slab_reclaimable:8440 slab_unreclaimable:78383 [ 2146.377106][ T256] mapped:63325 shmem:17095 pagetables:44243 bounce:0 [ 2146.377106][ T256] free:12116 free_pcp:108 free_cma:0 [ 2146.432465][ T256] Node 0 active_anon:5545716kB inactive_anon:68352kB active_file:2876kB inactive_file:2840kB unevictable:0kB isolated(anon):0kB isolated(file):360kB mapped:252600kB dirty:56kB writeback:0kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2146.457535][ T256] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2146.591198][ T256] lowmem_reserve[]: 0 2912 6416 6416 [ 2146.596863][ T256] DMA32 free:30712kB min:16932kB low:19912kB high:22892kB active_anon:2715104kB inactive_anon:8904kB active_file:1324kB inactive_file:1636kB unevictable:0kB writepending:36kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:24032kB pagetables:56196kB bounce:0kB free_pcp:1364kB local_pcp:340kB free_cma:0kB [ 2146.644724][ T256] lowmem_reserve[]: 0 0 3504 3504 [ 2146.650149][ T256] Normal free:5564kB min:9688kB low:13276kB high:16864kB active_anon:2831204kB inactive_anon:59448kB active_file:1116kB inactive_file:632kB unevictable:0kB writepending:20kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30720kB pagetables:120776kB bounce:0kB free_pcp:68kB local_pcp:0kB free_cma:0kB [ 2146.680309][ T256] lowmem_reserve[]: 0 0 0 0 [ 2146.695031][ T256] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2146.736391][ T256] DMA32: 1078*4kB (UMH) 998*8kB (UMH) 449*16kB (UMH) 398*32kB (UMH) 5*64kB (MH) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 32664kB [ 2146.767281][ T256] Normal: 550*4kB (UME) 131*8kB (UME) 9*16kB (UM) 86*32kB (M) 7*64kB (M) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 6592kB [ 2146.781350][ T256] 18179 total pagecache pages 04:07:02 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x122000}], 0x1, 0x0) pipe(0x0) 04:07:02 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdffffff}, 0x0, 0x0) [ 2146.786885][ T256] 0 pages in swap cache [ 2146.791694][ T256] Swap cache stats: add 0, delete 0, find 0/0 [ 2146.798426][ T256] Free swap = 0kB [ 2146.802772][ T256] Total swap = 0kB [ 2146.813661][ T256] 1965979 pages RAM [ 2146.817787][ T256] 0 pages HighMem/MovableOnly [ 2146.822479][ T256] 318830 pages reserved [ 2146.839693][ T256] 0 pages cma reserved 04:07:02 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="b7866c4534287e1df466717f0642189654a5f75882946d", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x0, 0x5, 0x2, 0x0, 0x40, 0x0, 0xffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) [ 2146.865603][ T256] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=18587,uid=0 [ 2146.887850][ T256] Out of memory: Killed process 18587 (syz-executor.0) total-vm:75360kB, anon-rss:16560kB, file-rss:35108kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 04:07:02 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000000a80)=[{{&(0x7f0000000040)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private2}}}, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)=""/80, 0x50}, {&(0x7f0000000200)=""/89, 0x59}], 0x2}, 0x101}, {{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000340)=""/71, 0x47}, {&(0x7f00000003c0)=""/239, 0xef}], 0x2, &(0x7f00000004c0)=""/179, 0xb3}, 0x8}, {{&(0x7f0000000580)=@phonet, 0x80, &(0x7f0000000980)=[{&(0x7f0000000600)=""/128, 0x80}, {&(0x7f0000000680)=""/181, 0xb5}, {&(0x7f0000000740)=""/29, 0x1d}, {&(0x7f0000000780)=""/213, 0xd5}, {&(0x7f0000000880)=""/198, 0xc6}], 0x5, &(0x7f0000000b40)=""/122, 0x7a}, 0xcc94}], 0x3, 0x0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) 04:07:02 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xe4000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:07:02 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x8c000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) [ 2147.256631][T18612] syz-executor.2 invoked oom-killer: gfp_mask=0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x1000000), order=0, oom_score_adj=1000 [ 2147.295294][T18612] CPU: 1 PID: 18612 Comm: syz-executor.2 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2147.305479][T18612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2147.315526][T18612] Call Trace: [ 2147.318836][T18612] dump_stack+0x14a/0x1ce [ 2147.323332][T18612] ? devkmsg_release+0x11c/0x11c [ 2147.328257][T18612] ? show_regs_print_info+0x12/0x12 [ 2147.333458][T18612] ? radix_tree_cpu_dead+0x160/0x160 [ 2147.339785][T18612] ? _raw_spin_lock+0xa1/0x170 [ 2147.344537][T18612] ? _raw_spin_trylock_bh+0x190/0x190 [ 2147.349899][T18612] dump_header+0xdb/0x700 [ 2147.354227][T18612] oom_kill_process+0xd3/0x280 [ 2147.358985][T18612] out_of_memory+0x5b6/0x890 [ 2147.363569][T18612] ? unregister_oom_notifier+0x20/0x20 [ 2147.369023][T18612] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2147.374597][T18612] ? get_page_from_freelist+0x7c0/0x7c0 [ 2147.380167][T18612] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2147.385513][T18612] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2147.391029][T18612] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 2147.396717][T18612] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2147.402586][T18612] ? __lru_cache_add+0x1a1/0x1f0 [ 2147.407641][T18612] wp_page_copy+0x1cb/0x1120 [ 2147.412208][T18612] ? add_mm_rss_vec+0x270/0x270 [ 2147.417305][T18612] ? __perf_event_task_sched_in+0x4f7/0x560 [ 2147.423167][T18612] ? vm_normal_page+0x1c9/0x1d0 [ 2147.428002][T18612] do_wp_page+0x4c1/0x1530 [ 2147.432438][T18612] ? _raw_spin_lock+0xa1/0x170 [ 2147.437195][T18612] ? do_swap_page+0x1560/0x1560 [ 2147.442075][T18612] ? __perf_event_task_sched_in+0x4f7/0x560 [ 2147.447962][T18612] handle_mm_fault+0x1354/0x40a0 [ 2147.452902][T18612] ? finish_fault+0x230/0x230 [ 2147.457559][T18612] ? __up_read+0x1b0/0x1b0 [ 2147.461944][T18612] ? vmacache_find+0x205/0x4b0 [ 2147.466678][T18612] do_user_addr_fault+0x48a/0x9f0 [ 2147.471676][T18612] page_fault+0x2f/0x40 [ 2147.475811][T18612] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 2147.482381][T18612] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 2147.501968][T18612] RSP: 0018:ffff88808989f888 EFLAGS: 00010206 [ 2147.508095][T18612] RAX: ffffffff81f71b01 RBX: 0000000020077500 RCX: 0000000000000500 [ 2147.516059][T18612] RDX: 0000000000001000 RSI: ffff88802b67db00 RDI: 0000000020077000 [ 2147.524003][T18612] RBP: ffff88808989fda8 R08: dffffc0000000000 R09: ffffed10056cfc00 [ 2147.531944][T18612] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffffffff000 [ 2147.539895][T18612] R13: 0000000000001000 R14: ffff88802b67d000 R15: 0000000020076500 [ 2147.547984][T18612] ? copyout+0x21/0xb0 [ 2147.552042][T18612] copyout+0x8e/0xb0 [ 2147.555914][T18612] copy_page_to_iter+0x393/0xbd0 [ 2147.560832][T18612] pipe_to_user+0xa3/0x130 [ 2147.565244][T18612] __splice_from_pipe+0x2d3/0x870 [ 2147.570240][T18612] ? user_page_pipe_buf_steal+0xc0/0xc0 [ 2147.575858][T18612] do_vmsplice+0x252/0xee0 [ 2147.580246][T18612] ? avc_ss_reset+0x3a0/0x3a0 [ 2147.584906][T18612] ? write_pipe_buf+0x1d0/0x1d0 [ 2147.589727][T18612] ? __rcu_read_lock+0x50/0x50 [ 2147.594463][T18612] ? check_stack_object+0x5a/0x90 [ 2147.599471][T18612] ? _copy_from_user+0xa4/0xe0 [ 2147.604217][T18612] ? rw_copy_check_uvector+0x2b3/0x310 [ 2147.609657][T18612] ? import_iovec+0x1c2/0x380 [ 2147.614388][T18612] ? dup_iter+0x110/0x110 [ 2147.618685][T18612] ? do_vfs_ioctl+0x780/0x1750 [ 2147.623419][T18612] __se_sys_vmsplice+0x1fb/0x300 [ 2147.628327][T18612] ? __x64_sys_vmsplice+0xa0/0xa0 [ 2147.633317][T18612] ? put_timespec64+0x109/0x150 [ 2147.638148][T18612] ? __x64_sys_clock_gettime+0x20d/0x260 [ 2147.643768][T18612] ? __ia32_sys_clock_settime+0x2a0/0x2a0 [ 2147.649454][T18612] do_syscall_64+0xcb/0x150 [ 2147.654099][T18612] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2147.659960][T18612] RIP: 0033:0x45c829 [ 2147.663823][T18612] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2147.683412][T18612] RSP: 002b:00007f70f56e6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 2147.692141][T18612] RAX: ffffffffffffffda RBX: 0000000000509d00 RCX: 000000000045c829 [ 2147.700096][T18612] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000003 [ 2147.709613][T18612] RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 2147.717710][T18612] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2147.725656][T18612] R13: 0000000000000c49 R14: 00000000004ce70e R15: 00007f70f56e76d4 [ 2147.733853][T18612] Mem-Info: [ 2147.737197][T18612] active_anon:1385351 inactive_anon:17088 isolated_anon:0 [ 2147.737197][T18612] active_file:334 inactive_file:373 isolated_file:14 [ 2147.737197][T18612] unevictable:0 dirty:12 writeback:0 unstable:0 [ 2147.737197][T18612] slab_reclaimable:8439 slab_unreclaimable:78437 [ 2147.737197][T18612] mapped:62300 shmem:17095 pagetables:44269 bounce:0 [ 2147.737197][T18612] free:14224 free_pcp:526 free_cma:0 [ 2147.776598][T18612] Node 0 active_anon:5541404kB inactive_anon:68352kB active_file:1436kB inactive_file:1592kB unevictable:0kB isolated(anon):0kB isolated(file):56kB mapped:249200kB dirty:48kB writeback:0kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2147.876998][T18612] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2148.014346][T18612] lowmem_reserve[]: 0 2912 6416 6416 [ 2148.034194][T18612] DMA32 free:23108kB min:8740kB low:11720kB high:14700kB active_anon:2719292kB inactive_anon:8904kB active_file:2420kB inactive_file:2928kB unevictable:0kB writepending:116kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:24224kB pagetables:56116kB bounce:0kB free_pcp:536kB local_pcp:416kB free_cma:0kB [ 2148.104433][T18612] lowmem_reserve[]: 0 0 3504 3504 [ 2148.109513][T18612] Normal free:9200kB min:13784kB low:17372kB high:20960kB active_anon:2827148kB inactive_anon:59448kB active_file:1048kB inactive_file:568kB unevictable:0kB writepending:0kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30592kB pagetables:121128kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2148.144141][T18612] lowmem_reserve[]: 0 0 0 0 [ 2148.149265][T18612] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2148.172365][T18612] DMA32: 113*4kB (UMH) 439*8kB (UMH) 448*16kB (UMH) 372*32kB (UMH) 2*64kB (H) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 23292kB [ 2148.228119][T18612] Normal: 163*4kB (UME) 167*8kB (UME) 124*16kB (UM) 167*32kB (UM) 8*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9828kB [ 2148.294356][T18612] 18209 total pagecache pages [ 2148.299499][T18612] 0 pages in swap cache [ 2148.304213][T18612] Swap cache stats: add 0, delete 0, find 0/0 [ 2148.311069][T18612] Free swap = 0kB [ 2148.329815][T18612] Total swap = 0kB [ 2148.341490][T18612] 1965979 pages RAM [ 2148.351483][T18612] 0 pages HighMem/MovableOnly [ 2148.387434][T18612] 318830 pages reserved [ 2148.404427][T18612] 0 pages cma reserved [ 2148.408518][T18612] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.3,pid=24037,uid=0 [ 2148.459396][T18612] Out of memory: Killed process 24037 (syz-executor.3) total-vm:75756kB, anon-rss:14120kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000 [ 2148.480845][ T23] oom_reaper: reaped process 24037 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2148.576501][T18613] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2148.590561][T18613] CPU: 0 PID: 18613 Comm: syz-executor.3 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2148.600710][T18613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2148.610754][T18613] Call Trace: [ 2148.614073][T18613] dump_stack+0x14a/0x1ce [ 2148.618423][T18613] ? devkmsg_release+0x11c/0x11c [ 2148.623355][T18613] ? show_regs_print_info+0x12/0x12 [ 2148.628548][T18613] ? radix_tree_cpu_dead+0x160/0x160 [ 2148.633907][T18613] ? _raw_spin_lock+0xa1/0x170 [ 2148.638683][T18613] ? _raw_spin_trylock_bh+0x190/0x190 [ 2148.644047][T18613] dump_header+0xdb/0x700 [ 2148.648371][T18613] oom_kill_process+0xd3/0x280 [ 2148.653133][T18613] out_of_memory+0x5b6/0x890 [ 2148.657722][T18613] ? unregister_oom_notifier+0x20/0x20 [ 2148.663176][T18613] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2148.668715][T18613] ? get_page_from_freelist+0x7c0/0x7c0 [ 2148.674251][T18613] ? __zone_watermark_ok+0x91/0x280 [ 2148.679443][T18613] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2148.684810][T18613] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2148.690336][T18613] ? copy_process+0x5a4/0x5110 [ 2148.695071][T18613] ? copy_process+0x5a4/0x5110 [ 2148.699806][T18613] ? kmem_cache_alloc+0x1d5/0x260 [ 2148.704803][T18613] copy_process+0x5f3/0x5110 [ 2148.709369][T18613] ? get_mem_cgroup_from_mm+0x27b/0x2c0 [ 2148.714974][T18613] ? _raw_spin_lock+0xa1/0x170 [ 2148.719797][T18613] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2148.725575][T18613] ? fork_idle+0x290/0x290 [ 2148.729965][T18613] ? _raw_spin_unlock+0x5/0x20 [ 2148.734697][T18613] ? handle_mm_fault+0xb16/0x40a0 [ 2148.739690][T18613] _do_fork+0x196/0x920 [ 2148.743820][T18613] ? dup_mm+0x300/0x300 [ 2148.747946][T18613] ? do_mmap+0x9ad/0x1060 [ 2148.752254][T18613] __x64_sys_clone+0x25f/0x2c0 [ 2148.756991][T18613] ? __ia32_sys_vfork+0x110/0x110 [ 2148.761987][T18613] ? do_user_addr_fault+0x55c/0x9f0 [ 2148.767154][T18613] do_syscall_64+0xcb/0x150 [ 2148.771657][T18613] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2148.777518][T18613] RIP: 0033:0x45f1f9 [ 2148.781385][T18613] Code: ff 48 85 f6 0f 84 37 8d fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 0e 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2148.800959][T18613] RSP: 002b:00007ffcb99f8438 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2148.809360][T18613] RAX: ffffffffffffffda RBX: 00007f77fb306700 RCX: 000000000045f1f9 [ 2148.817304][T18613] RDX: 00007f77fb3069d0 RSI: 00007f77fb305db0 RDI: 00000000003d0f00 [ 2148.825251][T18613] RBP: 00007ffcb99f8660 R08: 00007f77fb306700 R09: 00007f77fb306700 [ 2148.835279][T18613] R10: 00007f77fb3069d0 R11: 0000000000000202 R12: 0000000000000000 [ 2148.843240][T18613] R13: 00007ffcb99f84ef R14: 00007f77fb3069c0 R15: 000000000078bfac [ 2148.870688][T18613] Mem-Info: [ 2148.874201][T18613] active_anon:1385330 inactive_anon:17088 isolated_anon:0 [ 2148.874201][T18613] active_file:200 inactive_file:643 isolated_file:77 [ 2148.874201][T18613] unevictable:0 dirty:15 writeback:0 unstable:0 [ 2148.874201][T18613] slab_reclaimable:8437 slab_unreclaimable:78410 [ 2148.874201][T18613] mapped:62234 shmem:17095 pagetables:44321 bounce:0 [ 2148.874201][T18613] free:13914 free_pcp:484 free_cma:0 04:07:03 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x4000000000008d}, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r0, &(0x7f0000000500), 0x37d, 0x0) ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r0, 0x8982, &(0x7f0000000040)={0x1, 'sit0\x00', {}, 0x81}) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) ioctl$int_in(r2, 0x5421, &(0x7f0000000080)=0x4) [ 2148.912850][T18613] Node 0 active_anon:5541520kB inactive_anon:68352kB active_file:700kB inactive_file:2588kB unevictable:0kB isolated(anon):0kB isolated(file):284kB mapped:248736kB dirty:60kB writeback:0kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2149.033080][T18613] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2149.084373][T18613] lowmem_reserve[]: 0 2912 6416 6416 [ 2149.090056][T18613] DMA32 free:22928kB min:4644kB low:7624kB high:10604kB active_anon:2720724kB inactive_anon:8904kB active_file:2244kB inactive_file:2272kB unevictable:0kB writepending:12kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:24288kB pagetables:55988kB bounce:0kB free_pcp:972kB local_pcp:252kB free_cma:0kB [ 2149.135751][T18613] lowmem_reserve[]: 0 0 3504 3504 [ 2149.144019][T18613] Normal free:9832kB min:5592kB low:9180kB high:12768kB active_anon:2827724kB inactive_anon:59448kB active_file:440kB inactive_file:0kB unevictable:0kB writepending:8kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30592kB pagetables:121168kB bounce:0kB free_pcp:560kB local_pcp:356kB free_cma:0kB [ 2149.184211][T18613] lowmem_reserve[]: 0 0 0 0 [ 2149.195568][T18613] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2149.227871][T18613] DMA32: 108*4kB (UMH) 100*8kB (UMH) 439*16kB (UMH) 397*32kB (UMH) 15*64kB (UMH) 10*128kB (UMH) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 23200kB [ 2149.244091][T18613] Normal: 9*4kB (E) 223*8kB (ME) 122*16kB (M) 162*32kB (M) 1*64kB (M) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9020kB [ 2149.263276][T18613] 17766 total pagecache pages [ 2149.271911][T18613] 0 pages in swap cache [ 2149.279837][T18613] Swap cache stats: add 0, delete 0, find 0/0 [ 2149.297422][T18613] Free swap = 0kB [ 2149.342064][T18613] Total swap = 0kB [ 2149.361848][T18613] 1965979 pages RAM [ 2149.378312][T18613] 0 pages HighMem/MovableOnly 04:07:05 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x123000}], 0x1, 0x0) pipe(0x0) [ 2149.394059][T18613] 318830 pages reserved [ 2149.408718][T18613] 0 pages cma reserved [ 2149.423950][T18613] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=18616,uid=0 [ 2149.483599][T18613] Out of memory: Killed process 18616 (syz-executor.1) total-vm:75228kB, anon-rss:14768kB, file-rss:34892kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 2149.535445][ T23] oom_reaper: reaped process 18616 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 04:07:05 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCADDDLCI(r4, 0x8980, &(0x7f0000000300)={'veth0_to_batadv\x00', 0x2}) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3, 0x8001, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000002c0), 0x7}, 0x5c010, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:07:05 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x8d000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:07:05 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xe5000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) [ 2149.939434][ T428] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 2149.976959][ T428] CPU: 1 PID: 428 Comm: syz-executor.5 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2149.986949][ T428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2149.996994][ T428] Call Trace: [ 2150.000284][ T428] dump_stack+0x14a/0x1ce [ 2150.004615][ T428] ? devkmsg_release+0x11c/0x11c [ 2150.009629][ T428] ? show_regs_print_info+0x12/0x12 [ 2150.014844][ T428] ? radix_tree_cpu_dead+0x160/0x160 [ 2150.020119][ T428] ? _raw_spin_lock+0xa1/0x170 [ 2150.024876][ T428] ? _raw_spin_trylock_bh+0x190/0x190 [ 2150.030611][ T428] dump_header+0xdb/0x700 [ 2150.034931][ T428] oom_kill_process+0xd3/0x280 [ 2150.039669][ T428] out_of_memory+0x5b6/0x890 [ 2150.044229][ T428] ? unregister_oom_notifier+0x20/0x20 [ 2150.049674][ T428] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2150.055194][ T428] ? get_page_from_freelist+0x7c0/0x7c0 [ 2150.060709][ T428] ? __zone_watermark_ok+0x91/0x280 [ 2150.065878][ T428] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2150.071222][ T428] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2150.076747][ T428] ? copy_process+0x5a4/0x5110 [ 2150.081481][ T428] ? copy_process+0x5a4/0x5110 [ 2150.086217][ T428] ? kmem_cache_alloc+0x1d5/0x260 [ 2150.091307][ T428] copy_process+0x5f3/0x5110 [ 2150.095877][ T428] ? do_wp_page+0xb1b/0x1530 [ 2150.100440][ T428] ? do_swap_page+0x1560/0x1560 [ 2150.105260][ T428] ? fork_idle+0x290/0x290 [ 2150.109645][ T428] ? memset+0x1f/0x40 [ 2150.113597][ T428] ? handle_mm_fault+0xb16/0x40a0 [ 2150.118604][ T428] _do_fork+0x196/0x920 [ 2150.122736][ T428] ? dup_mm+0x300/0x300 [ 2150.126863][ T428] ? ktime_get_raw+0x130/0x130 [ 2150.131597][ T428] __x64_sys_clone+0x25f/0x2c0 [ 2150.136334][ T428] ? __ia32_sys_vfork+0x110/0x110 [ 2150.141327][ T428] ? __x64_sys_clock_gettime+0x20d/0x260 [ 2150.146939][ T428] ? do_user_addr_fault+0x55c/0x9f0 [ 2150.152106][ T428] do_syscall_64+0xcb/0x150 [ 2150.156584][ T428] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2150.162453][ T428] RIP: 0033:0x45ae5a [ 2150.166319][ T428] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2150.185906][ T428] RSP: 002b:00007ffce0d0e210 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2150.194291][ T428] RAX: ffffffffffffffda RBX: 00007ffce0d0e210 RCX: 000000000045ae5a [ 2150.202239][ T428] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2150.210194][ T428] RBP: 00007ffce0d0e250 R08: 0000000000000001 R09: 0000000002972940 [ 2150.218223][ T428] R10: 0000000002972c10 R11: 0000000000000246 R12: 0000000000000001 [ 2150.226165][ T428] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffce0d0e2a0 [ 2150.264276][ T428] Mem-Info: [ 2150.267675][ T428] active_anon:1386640 inactive_anon:17088 isolated_anon:0 [ 2150.267675][ T428] active_file:326 inactive_file:377 isolated_file:56 [ 2150.267675][ T428] unevictable:0 dirty:18 writeback:0 unstable:0 [ 2150.267675][ T428] slab_reclaimable:8432 slab_unreclaimable:78494 [ 2150.267675][ T428] mapped:62261 shmem:17095 pagetables:44292 bounce:0 [ 2150.267675][ T428] free:13289 free_pcp:111 free_cma:0 [ 2150.314720][ T428] Node 0 active_anon:5546660kB inactive_anon:68352kB active_file:1076kB inactive_file:1484kB unevictable:0kB isolated(anon):0kB isolated(file):176kB mapped:248844kB dirty:72kB writeback:0kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2150.340976][ T428] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2150.367453][ T428] lowmem_reserve[]: 0 2912 6416 6416 [ 2150.373240][ T428] DMA32 free:26528kB min:16932kB low:19912kB high:22892kB active_anon:2718768kB inactive_anon:8904kB active_file:644kB inactive_file:1152kB unevictable:0kB writepending:52kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:24096kB pagetables:56108kB bounce:0kB free_pcp:916kB local_pcp:316kB free_cma:0kB [ 2150.407442][ T428] lowmem_reserve[]: 0 0 3504 3504 [ 2150.413273][ T428] Normal free:10724kB min:13784kB low:17372kB high:20960kB active_anon:2827592kB inactive_anon:59448kB active_file:208kB inactive_file:368kB unevictable:0kB writepending:20kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30688kB pagetables:121060kB bounce:0kB free_pcp:4kB local_pcp:0kB free_cma:0kB [ 2150.443573][ T428] lowmem_reserve[]: 0 0 0 0 [ 2150.448876][ T428] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2150.463992][ T428] DMA32: 781*4kB (MH) 480*8kB (MH) 341*16kB (UMH) 410*32kB (UMH) 13*64kB (UMH) 2*128kB (UH) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 26628kB [ 2150.480063][ T428] Normal: 454*4kB (UME) 251*8kB (UME) 129*16kB (UM) 161*32kB (M) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 11040kB [ 2150.494575][ T428] 17528 total pagecache pages [ 2150.499714][ T428] 0 pages in swap cache [ 2150.504503][ T428] Swap cache stats: add 0, delete 0, find 0/0 [ 2150.511118][ T428] Free swap = 0kB [ 2150.515656][ T428] Total swap = 0kB [ 2150.520094][ T428] 1965979 pages RAM [ 2150.571635][ T428] 0 pages HighMem/MovableOnly [ 2150.580262][ T428] 318830 pages reserved [ 2150.586282][ T428] 0 pages cma reserved [ 2150.591217][ T428] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=18636,uid=0 04:07:06 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[@ANYBLOB="b7a63610ec9d06aa6c", @ANYBLOB="a8f4ab3841e39b6030e49ca8a6ad8736b0db0166b04859a88add9854b4ad787430a5d6b4d4c5a2b3173b50bb8b69d4f1e47d35907f6c4870484bc9967f2aebe49e1305ef528f70e5878302328d938ab917c95b2abe97f6f3325809ea2a04e3495c3a0167a0d092093dd9017380d725803fdb6cc50c8cf0d28b9e28a73096509257c5a146663818842ab160367b28e9272e5527b9b6eae51d2cd63224da46767c73706ef0a4b2dc9059d309b50dd7fc2b6f860dc1b17385223e6d1b365c5ac457f0fac03ed28c2ba42fb6878bee415080d01945aae262744340c1407aadfb9d2b17cf3f06d6c4b1b32a14b47000"/246], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) [ 2150.606142][ T428] Out of memory: Killed process 18636 (syz-executor.0) total-vm:75624kB, anon-rss:16580kB, file-rss:35300kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 04:07:06 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x124000}], 0x1, 0x0) pipe(0x0) 04:07:06 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x4000000000008d}, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r0, &(0x7f0000000500), 0x37d, 0x0) ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r0, 0x8982, &(0x7f0000000040)={0x1, 'sit0\x00', {}, 0x81}) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) ioctl$int_in(r2, 0x5421, &(0x7f0000000080)=0x4) 04:07:06 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040)) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) syz_open_procfs(r1, &(0x7f0000000100)='fd/3\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r2, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff}) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500)}, {&(0x7f00000017c0)="2cc54a53e70ecef3dcd03122cec742fe4dbd24abb4a39d1a3e631992270011666aeaa602a8e80a308edb10de4861a62b2566bd25cfb6478ad62cb753b78c0ee0636318904958", 0x46}], 0x2, 0xb) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r4 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r4, &(0x7f0000000280)=[{{&(0x7f0000001740)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @broadcast}}}, 0x80, &(0x7f0000001640)=[{&(0x7f0000000200)=""/72, 0x48}, {&(0x7f0000000300)=""/124, 0x7c}, {&(0x7f00000003c0)=""/4096, 0x1000}, {&(0x7f00000013c0)=""/254, 0xfe}, {&(0x7f00000014c0)=""/135, 0x87}, {&(0x7f0000001580)=""/156, 0x9c}], 0x6, &(0x7f00000016c0)=""/68, 0x44}, 0x5}], 0x1, 0x2, 0x0) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f0000000500), 0x37d, 0x0) 04:07:07 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x8e000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:07:07 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xe6000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:07:07 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB="0000000000000000fda0bfce2d3957e5d4d9886aeb071e87bbdcbad41f58b050a4c72fd03ed87022f4695e5b05519a99db17a8a93a7dce133396b523606d1629d01688fbb11b12449fd98c60fc1722302eba9444c9f3f0dd738aa43de87e5d818301d19c631d8896fae795c6179b167f729eccbe576972eb6b54a3d33b10b60e360fc0"], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:07:07 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="b7a64efe4d3d2b3fac925e3f2cd1722d3671e7c3183450c0934f394fa59a46947c274c70afc407b4fc1cd891be6fb79ae19c3e3d3fd31dd1b0b2af85e5a4a5955c65dbfe50fd4cbcdb087fbc0b832535364282c430dfeb58cf7ae4dfddf5cf92b1a57993016fe1c1e9f8749f2e13145372ecba246836ad70256df3f6ecad31ca2717022cbd81023052c124a84f92013718b2ff3256786e32ce1529ec9ac66e68bff96125c9b3e395f19da7e0095a30e7a3582751e97b5c591cdfe67f80da5b5f6ac3a2ebc75624a4dad566730ffb97e44c27c37882f5f9a9082d76626b8970310f6b6ec2cf4620", @ANYBLOB="c4ea009f2f47ae2aba93f7fd54dfa26e6c71630da7fca1aee879360e4ea4298acbdb3b9cdecaec4bd2"], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmmsg$sock(r4, &(0x7f0000005840)=[{{&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x80, &(0x7f00000016c0)=[{&(0x7f0000000080)="8adbeb25", 0x4}], 0x1}}], 0x1, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) dup3(r5, r4, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x169002, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) 04:07:09 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x125000}], 0x1, 0x0) pipe(0x0) 04:07:09 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[@ANYBLOB="b7a63610ec9d06aa6c", @ANYBLOB="a8f4ab3841e39b6030e49ca8a6ad8736b0db0166b04859a88add9854b4ad787430a5d6b4d4c5a2b3173b50bb8b69d4f1e47d35907f6c4870484bc9967f2aebe49e1305ef528f70e5878302328d938ab917c95b2abe97f6f3325809ea2a04e3495c3a0167a0d092093dd9017380d725803fdb6cc50c8cf0d28b9e28a73096509257c5a146663818842ab160367b28e9272e5527b9b6eae51d2cd63224da46767c73706ef0a4b2dc9059d309b50dd7fc2b6f860dc1b17385223e6d1b365c5ac457f0fac03ed28c2ba42fb6878bee415080d01945aae262744340c1407aadfb9d2b17cf3f06d6c4b1b32a14b47000"/246], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:07:09 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x8f000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:07:09 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r0 = socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @remote}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r3, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) 04:07:09 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="d28262a66c175b2d8b7ab2c96706e97fc752d085b0d26f2b31479ca02c9b13305aa96cd4468266659977304fdfbe2da5825cc5bfffafd10689632e15d2d95e720d6a93a6d47265274c1df2d88e682659f8ee4d98a80dedf8c62cfa8e72dedc626ea91ebf968f452909464a0b4df38236841b90ec243f6b8ee102d6df2736b45efd26265d512bd52f4a0e0eb4b465c5f8c02667323cf016c1cbd1", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) ioctl$RTC_VL_CLR(0xffffffffffffffff, 0x7014) perf_event_open(&(0x7f0000000200)={0x7472d770de33bfab, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000002c0), 0x3}, 0x44025, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) [ 2154.111284][T18755] syz-executor.2 invoked oom-killer: gfp_mask=0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x1000000), order=0, oom_score_adj=1000 [ 2154.140659][T18755] CPU: 0 PID: 18755 Comm: syz-executor.2 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2154.150939][T18755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2154.160987][T18755] Call Trace: [ 2154.164275][T18755] dump_stack+0x14a/0x1ce [ 2154.168684][T18755] ? devkmsg_release+0x11c/0x11c [ 2154.173625][T18755] ? show_regs_print_info+0x12/0x12 [ 2154.178814][T18755] ? radix_tree_cpu_dead+0x160/0x160 [ 2154.184073][T18755] ? _raw_spin_lock+0xa1/0x170 [ 2154.188819][T18755] ? _raw_spin_trylock_bh+0x190/0x190 [ 2154.194177][T18755] dump_header+0xdb/0x700 [ 2154.198494][T18755] oom_kill_process+0xd3/0x280 [ 2154.203243][T18755] out_of_memory+0x5b6/0x890 [ 2154.207832][T18755] ? unregister_oom_notifier+0x20/0x20 [ 2154.213272][T18755] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2154.218797][T18755] ? get_page_from_freelist+0x7c0/0x7c0 [ 2154.224315][T18755] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2154.229663][T18755] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2154.235191][T18755] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 2154.240880][T18755] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2154.247281][T18755] ? __lru_cache_add+0x1a1/0x1f0 [ 2154.252189][T18755] wp_page_copy+0x1cb/0x1120 [ 2154.256754][T18755] ? add_mm_rss_vec+0x270/0x270 [ 2154.261593][T18755] ? __schedule+0x920/0xef0 [ 2154.266685][T18755] ? vm_normal_page+0x1c9/0x1d0 [ 2154.271520][T18755] do_wp_page+0x4c1/0x1530 [ 2154.275916][T18755] ? _raw_spin_lock+0xa1/0x170 [ 2154.280751][T18755] ? do_swap_page+0x1560/0x1560 [ 2154.285586][T18755] ? preempt_schedule+0x110/0x130 [ 2154.290580][T18755] handle_mm_fault+0x1354/0x40a0 [ 2154.295489][T18755] ? finish_fault+0x230/0x230 [ 2154.300153][T18755] ? __up_read+0x1b0/0x1b0 [ 2154.304539][T18755] ? vmacache_find+0x205/0x4b0 [ 2154.309272][T18755] do_user_addr_fault+0x48a/0x9f0 [ 2154.314281][T18755] page_fault+0x2f/0x40 [ 2154.318413][T18755] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 2154.324970][T18755] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 2154.344547][T18755] RSP: 0018:ffff88809aa97888 EFLAGS: 00010206 [ 2154.350592][T18755] RAX: ffffffff81f71b01 RBX: 00000000200be500 RCX: 0000000000000500 [ 2154.358536][T18755] RDX: 0000000000001000 RSI: ffff88802fbbdb00 RDI: 00000000200be000 [ 2154.366479][T18755] RBP: ffff88809aa97da8 R08: dffffc0000000000 R09: ffffed1005f77c00 [ 2154.374435][T18755] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffffffff000 [ 2154.382396][T18755] R13: 0000000000001000 R14: ffff88802fbbd000 R15: 00000000200bd500 [ 2154.390357][T18755] ? copyout+0x21/0xb0 [ 2154.394403][T18755] copyout+0x8e/0xb0 [ 2154.398270][T18755] copy_page_to_iter+0x393/0xbd0 [ 2154.403181][T18755] pipe_to_user+0xa3/0x130 [ 2154.407570][T18755] __splice_from_pipe+0x2d3/0x870 [ 2154.412564][T18755] ? user_page_pipe_buf_steal+0xc0/0xc0 [ 2154.418092][T18755] do_vmsplice+0x252/0xee0 [ 2154.422504][T18755] ? avc_ss_reset+0x3a0/0x3a0 [ 2154.427160][T18755] ? write_pipe_buf+0x1d0/0x1d0 [ 2154.431986][T18755] ? __rcu_read_lock+0x50/0x50 [ 2154.436723][T18755] ? check_stack_object+0x5a/0x90 [ 2154.441727][T18755] ? _copy_from_user+0xa4/0xe0 [ 2154.446465][T18755] ? rw_copy_check_uvector+0x2b3/0x310 [ 2154.452010][T18755] ? import_iovec+0x1c2/0x380 [ 2154.456755][T18755] ? dup_iter+0x110/0x110 [ 2154.461053][T18755] ? do_vfs_ioctl+0x780/0x1750 [ 2154.465790][T18755] __se_sys_vmsplice+0x1fb/0x300 [ 2154.470701][T18755] ? __x64_sys_vmsplice+0xa0/0xa0 [ 2154.475783][T18755] ? put_timespec64+0x109/0x150 [ 2154.480605][T18755] ? __x64_sys_clock_gettime+0x20d/0x260 [ 2154.486209][T18755] ? __ia32_sys_clock_settime+0x2a0/0x2a0 [ 2154.491899][T18755] do_syscall_64+0xcb/0x150 [ 2154.496378][T18755] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2154.502242][T18755] RIP: 0033:0x45c829 [ 2154.506108][T18755] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2154.525685][T18755] RSP: 002b:00007f70f56e6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 2154.534079][T18755] RAX: ffffffffffffffda RBX: 0000000000509d00 RCX: 000000000045c829 [ 2154.542031][T18755] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000003 [ 2154.549985][T18755] RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 2154.557939][T18755] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2154.565967][T18755] R13: 0000000000000c49 R14: 00000000004ce70e R15: 00007f70f56e76d4 [ 2154.587215][T18755] Mem-Info: [ 2154.601989][T18755] active_anon:1389748 inactive_anon:17088 isolated_anon:0 [ 2154.601989][T18755] active_file:186 inactive_file:398 isolated_file:55 [ 2154.601989][T18755] unevictable:0 dirty:7 writeback:0 unstable:0 [ 2154.601989][T18755] slab_reclaimable:8425 slab_unreclaimable:78447 [ 2154.601989][T18755] mapped:62178 shmem:17095 pagetables:44448 bounce:0 [ 2154.601989][T18755] free:9813 free_pcp:402 free_cma:0 [ 2154.663963][T18755] Node 0 active_anon:5559000kB inactive_anon:68352kB active_file:692kB inactive_file:1592kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:248772kB dirty:56kB writeback:0kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2154.688960][T18755] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2154.723946][T18755] lowmem_reserve[]: 0 2912 6416 6416 [ 2154.729875][T18755] DMA32 free:18844kB min:4644kB low:7624kB high:10604kB active_anon:2725204kB inactive_anon:8904kB active_file:920kB inactive_file:1220kB unevictable:0kB writepending:52kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:24384kB pagetables:56672kB bounce:0kB free_pcp:1736kB local_pcp:292kB free_cma:0kB [ 2154.767986][T18755] lowmem_reserve[]: 0 0 3504 3504 [ 2154.797646][T18755] Normal free:5008kB min:5592kB low:9180kB high:12768kB active_anon:2834292kB inactive_anon:59448kB active_file:28kB inactive_file:4kB unevictable:0kB writepending:4kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30656kB pagetables:121120kB bounce:0kB free_pcp:188kB local_pcp:56kB free_cma:0kB [ 2154.847906][T18755] lowmem_reserve[]: 0 0 0 0 [ 2154.852707][T18755] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2154.866465][T18755] DMA32: 115*4kB (UMH) 81*8kB (UMH) 273*16kB (UMH) 426*32kB (UMH) 7*64kB (MH) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 19684kB [ 2154.881686][T18755] Normal: 137*4kB (UE) 11*8kB (UME) 4*16kB (UM) 123*32kB (UM) 2*64kB (M) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4764kB [ 2154.895845][T18755] 17434 total pagecache pages [ 2154.900870][T18755] 0 pages in swap cache [ 2154.905438][T18755] Swap cache stats: add 0, delete 0, find 0/0 [ 2154.911807][T18755] Free swap = 0kB [ 2154.915827][T18755] Total swap = 0kB [ 2154.919813][T18755] 1965979 pages RAM [ 2154.923899][T18755] 0 pages HighMem/MovableOnly [ 2154.928825][T18755] 318830 pages reserved [ 2154.933212][T18755] 0 pages cma reserved [ 2154.937536][T18755] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=18751,uid=0 [ 2154.952006][T18755] Out of memory: Killed process 18751 (syz-executor.1) total-vm:75228kB, anon-rss:16556kB, file-rss:35276kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 04:07:10 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xe7000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) [ 2155.491098][ T204] systemd-journal invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2155.502373][ T204] CPU: 1 PID: 204 Comm: systemd-journal Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2155.512425][ T204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2155.522470][ T204] Call Trace: [ 2155.525758][ T204] dump_stack+0x14a/0x1ce [ 2155.530079][ T204] ? devkmsg_release+0x11c/0x11c [ 2155.535005][ T204] ? show_regs_print_info+0x12/0x12 [ 2155.540193][ T204] ? radix_tree_cpu_dead+0x160/0x160 [ 2155.545466][ T204] ? _raw_spin_lock+0xa1/0x170 [ 2155.550219][ T204] ? _raw_spin_trylock_bh+0x190/0x190 [ 2155.555579][ T204] dump_header+0xdb/0x700 [ 2155.559944][ T204] oom_kill_process+0xd3/0x280 [ 2155.564696][ T204] out_of_memory+0x5b6/0x890 [ 2155.569276][ T204] ? unregister_oom_notifier+0x20/0x20 [ 2155.574722][ T204] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2155.580257][ T204] ? get_page_from_freelist+0x7c0/0x7c0 [ 2155.585795][ T204] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2155.591169][ T204] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2155.596716][ T204] pagecache_get_page+0x50f/0x880 [ 2155.601731][ T204] filemap_fault+0x1474/0x19d0 [ 2155.606484][ T204] ? generic_file_read_iter+0x20b0/0x20b0 [ 2155.612191][ T204] ? ___preempt_schedule+0x16/0x20 [ 2155.617302][ T204] ext4_filemap_fault+0x7b/0x90 [ 2155.622144][ T204] handle_mm_fault+0x2837/0x40a0 [ 2155.627085][ T204] ? finish_fault+0x230/0x230 [ 2155.631750][ T204] ? __secure_computing+0x1b6/0x250 [ 2155.636932][ T204] ? __up_read+0x1b0/0x1b0 [ 2155.641321][ T204] ? vmacache_find+0x205/0x4b0 [ 2155.646056][ T204] do_user_addr_fault+0x48a/0x9f0 [ 2155.651052][ T204] page_fault+0x2f/0x40 [ 2155.655876][ T204] RIP: 0033:0x7fbb5def1f80 [ 2155.660301][ T204] Code: Bad RIP value. [ 2155.664341][ T204] RSP: 002b:00007ffd7e9ac1e8 EFLAGS: 00010202 [ 2155.670377][ T204] RAX: 00000000807e7210 RBX: 00005648291dc330 RCX: 00000000000bc150 [ 2155.678323][ T204] RDX: 0000000000000000 RSI: 000000008072b0c0 RDI: 431bde82d7b634db [ 2155.686269][ T204] RBP: 00007ffd7e9ac3f0 R08: 00007ffd7e9ac1c0 R09: 00007ffd7e9cf0b8 [ 2155.694228][ T204] R10: 0000000000000000 R11: 000000000005da46 R12: 00007ffd7e9ac200 [ 2155.702174][ T204] R13: 0000000000000001 R14: 0000000000000001 R15: 0005a43dd92221a9 [ 2155.721602][ T204] Mem-Info: [ 2155.725316][ T204] active_anon:1386820 inactive_anon:17088 isolated_anon:0 [ 2155.725316][ T204] active_file:141 inactive_file:122 isolated_file:27 [ 2155.725316][ T204] unevictable:0 dirty:36 writeback:2 unstable:0 [ 2155.725316][ T204] slab_reclaimable:8425 slab_unreclaimable:78615 [ 2155.725316][ T204] mapped:61992 shmem:17095 pagetables:44367 bounce:0 [ 2155.725316][ T204] free:13066 free_pcp:195 free_cma:0 [ 2155.764313][ T204] Node 0 active_anon:5547280kB inactive_anon:68352kB active_file:564kB inactive_file:672kB unevictable:0kB isolated(anon):0kB isolated(file):108kB mapped:247868kB dirty:144kB writeback:8kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2155.789096][ T204] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2155.815208][ T204] lowmem_reserve[]: 0 2912 6416 6416 [ 2155.820595][ T204] DMA32 free:30572kB min:4644kB low:7624kB high:10604kB active_anon:2713244kB inactive_anon:8904kB active_file:704kB inactive_file:1924kB unevictable:0kB writepending:104kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:24224kB pagetables:56352kB bounce:0kB free_pcp:584kB local_pcp:104kB free_cma:0kB [ 2155.930080][ T204] lowmem_reserve[]: 0 0 3504 3504 [ 2155.953857][ T204] Normal free:4624kB min:9688kB low:13276kB high:16864kB active_anon:2834048kB inactive_anon:59448kB active_file:28kB inactive_file:0kB unevictable:0kB writepending:12kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30688kB pagetables:121116kB bounce:0kB free_pcp:788kB local_pcp:540kB free_cma:0kB [ 2155.989234][ T204] lowmem_reserve[]: 0 0 0 0 [ 2155.994153][ T204] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2156.007832][ T204] DMA32: 949*4kB (UMH) 985*8kB (UMH) 310*16kB (UMH) 399*32kB (MH) 2*64kB (H) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 29660kB [ 2156.064534][ T204] Normal: 133*4kB (UME) 10*8kB (UME) 1*16kB (U) 117*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4372kB [ 2156.084619][ T204] 17471 total pagecache pages [ 2156.089492][ T204] 0 pages in swap cache [ 2156.093739][ T204] Swap cache stats: add 0, delete 0, find 0/0 [ 2156.099922][ T204] Free swap = 0kB [ 2156.103715][ T204] Total swap = 0kB [ 2156.107621][ T204] 1965979 pages RAM [ 2156.111502][ T204] 0 pages HighMem/MovableOnly [ 2156.116265][ T204] 318830 pages reserved [ 2156.120484][ T204] 0 pages cma reserved [ 2156.124639][ T204] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=18679,uid=0 [ 2156.139348][ T204] Out of memory: Killed process 18679 (syz-executor.0) total-vm:75492kB, anon-rss:16568kB, file-rss:34840kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 2156.157214][ T23] oom_reaper: reaped process 18679 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 04:07:12 executing program 1: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000000a80)=[{{&(0x7f0000000040)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private2}}}, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)=""/80, 0x50}, {&(0x7f0000000200)=""/89, 0x59}], 0x2}, 0x101}, {{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000340)=""/71, 0x47}, {&(0x7f00000003c0)=""/239, 0xef}], 0x2, &(0x7f00000004c0)=""/179, 0xb3}, 0x8}, {{&(0x7f0000000580)=@phonet, 0x80, &(0x7f0000000980)=[{&(0x7f0000000600)=""/128, 0x80}, {&(0x7f0000000680)=""/181, 0xb5}, {&(0x7f0000000740)=""/29, 0x1d}, {&(0x7f0000000780)=""/213, 0xd5}, {&(0x7f0000000880)=""/198, 0xc6}], 0x5, &(0x7f0000000b40)=""/122, 0x7a}, 0xcc94}], 0x3, 0x0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) 04:07:12 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x48, 0x0, 0x20, 0xfffffffffffffffc, 0x100000000000, 0x0, 0x8ca9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:07:12 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f0000000040)='net/igmp\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x6) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) 04:07:12 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x126000}], 0x1, 0x0) pipe(0x0) 04:07:12 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xe8000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:07:12 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x90000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:07:12 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000180)='./file0/file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f00000001c0)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000180, &(0x7f0000000040)='./file0\x00', 0x0, 0x1002040, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) 04:07:13 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x127000}], 0x1, 0x0) pipe(0x0) 04:07:13 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) mount(&(0x7f0000000040)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='aufs\x00', 0x225242a, &(0x7f0000000180)='selinuxmime_type\'\x00') connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0), 0x0, 0x0, 0x55}, 0xfffffff9}], 0x1, 0x20, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) 04:07:14 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x128000}], 0x1, 0x0) pipe(0x0) [ 2158.471186][T18814] syz-executor.5 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=1000 [ 2158.486691][T18814] CPU: 0 PID: 18814 Comm: syz-executor.5 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2158.496846][T18814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2158.506895][T18814] Call Trace: [ 2158.510179][T18814] dump_stack+0x14a/0x1ce [ 2158.514524][T18814] ? devkmsg_release+0x11c/0x11c [ 2158.519448][T18814] ? show_regs_print_info+0x12/0x12 [ 2158.524648][T18814] ? radix_tree_cpu_dead+0x160/0x160 [ 2158.529911][T18814] ? _raw_spin_lock+0xa1/0x170 [ 2158.534667][T18814] ? _raw_spin_trylock_bh+0x190/0x190 [ 2158.540013][T18814] dump_header+0xdb/0x700 [ 2158.544316][T18814] oom_kill_process+0xd3/0x280 [ 2158.549083][T18814] out_of_memory+0x5b6/0x890 [ 2158.553645][T18814] ? unregister_oom_notifier+0x20/0x20 [ 2158.559074][T18814] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2158.564593][T18814] ? get_page_from_freelist+0x7c0/0x7c0 [ 2158.570123][T18814] ? __zone_watermark_ok+0x91/0x280 [ 2158.575293][T18814] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2158.580646][T18814] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2158.586164][T18814] ? filemap_map_pages+0x10ca/0x1140 [ 2158.591422][T18814] ? _raw_spin_lock+0xa1/0x170 [ 2158.596162][T18814] ? _raw_spin_trylock_bh+0x190/0x190 [ 2158.601510][T18814] alloc_slab_page+0x3a/0x3a0 [ 2158.606159][T18814] new_slab+0x408/0x450 [ 2158.610285][T18814] ? kcov_remote_reset+0xc0/0xc0 [ 2158.615194][T18814] ? getname_flags+0xb8/0x610 [ 2158.619841][T18814] ___slab_alloc+0x2e0/0x450 [ 2158.624402][T18814] ? selinux_file_ioctl+0x73b/0x990 [ 2158.629667][T18814] ? getname_flags+0xb8/0x610 [ 2158.634340][T18814] ? getname_flags+0xb8/0x610 [ 2158.639011][T18814] kmem_cache_alloc+0x23f/0x260 [ 2158.643843][T18814] getname_flags+0xb8/0x610 [ 2158.648318][T18814] do_sys_open+0x33d/0x7d0 [ 2158.652875][T18814] ? file_open_root+0x450/0x450 [ 2158.657698][T18814] ? __x64_sys_clock_gettime+0x20d/0x260 [ 2158.663303][T18814] do_syscall_64+0xcb/0x150 [ 2158.667798][T18814] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2158.673687][T18814] RIP: 0033:0x45c829 [ 2158.677554][T18814] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2158.700168][T18814] RSP: 002b:00007f9080002c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 2158.708549][T18814] RAX: ffffffffffffffda RBX: 00000000004f7940 RCX: 000000000045c829 [ 2158.716511][T18814] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffffffff9c [ 2158.724481][T18814] RBP: 000000000078c180 R08: 0000000000000000 R09: 0000000000000000 [ 2158.732425][T18814] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2158.740373][T18814] R13: 00000000000007ba R14: 00000000004ca690 R15: 00007f90800036d4 [ 2158.787521][T18814] Mem-Info: [ 2158.790952][T18814] active_anon:1385451 inactive_anon:17088 isolated_anon:0 [ 2158.790952][T18814] active_file:467 inactive_file:754 isolated_file:96 [ 2158.790952][T18814] unevictable:0 dirty:18 writeback:0 unstable:0 [ 2158.790952][T18814] slab_reclaimable:8421 slab_unreclaimable:78594 [ 2158.790952][T18814] mapped:62783 shmem:17095 pagetables:44462 bounce:0 [ 2158.790952][T18814] free:13037 free_pcp:342 free_cma:0 [ 2158.829453][T18814] Node 0 active_anon:5541804kB inactive_anon:68352kB active_file:1868kB inactive_file:3016kB unevictable:0kB isolated(anon):0kB isolated(file):384kB mapped:251132kB dirty:72kB writeback:0kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2158.854848][T18814] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2158.881451][T18814] lowmem_reserve[]: 0 2912 6416 6416 [ 2158.895361][T18814] DMA32 free:31164kB min:16932kB low:19912kB high:22892kB active_anon:2713456kB inactive_anon:8904kB active_file:784kB inactive_file:440kB unevictable:0kB writepending:44kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:24640kB pagetables:56640kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2158.968237][T18814] lowmem_reserve[]: 0 0 3504 3504 [ 2158.980784][T18814] Normal free:6408kB min:5592kB low:9180kB high:12768kB active_anon:2828944kB inactive_anon:59448kB active_file:1684kB inactive_file:2628kB unevictable:0kB writepending:28kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30592kB pagetables:121208kB bounce:0kB free_pcp:912kB local_pcp:436kB free_cma:0kB [ 2159.066617][T18814] lowmem_reserve[]: 0 0 0 0 [ 2159.077324][T18814] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2159.107685][T18814] DMA32: 765*4kB (UMH) 1016*8kB (UMH) 549*16kB (UMH) 350*32kB (MH) 2*64kB (H) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 31428kB [ 2159.125916][T18814] Normal: 157*4kB (UME) 66*8kB (UME) 56*16kB (UM) 155*32kB (UM) 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 7076kB [ 2159.146015][T18814] 17579 total pagecache pages [ 2159.151712][T18814] 0 pages in swap cache 04:07:14 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x47000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) [ 2159.160981][T18814] Swap cache stats: add 0, delete 0, find 0/0 [ 2159.169681][T18814] Free swap = 0kB [ 2159.213362][T18814] Total swap = 0kB [ 2159.258073][T18814] 1965979 pages RAM [ 2159.286983][T18814] 0 pages HighMem/MovableOnly [ 2159.310055][T18814] 318830 pages reserved [ 2159.330006][T18814] 0 pages cma reserved [ 2159.353527][T18814] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=18779,uid=0 [ 2159.395505][T18814] syz-executor.5 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=1000 [ 2159.417655][T18814] CPU: 1 PID: 18814 Comm: syz-executor.5 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2159.427818][T18814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2159.437899][T18814] Call Trace: [ 2159.441193][T18814] dump_stack+0x14a/0x1ce [ 2159.445519][T18814] ? devkmsg_release+0x11c/0x11c [ 2159.450447][T18814] ? show_regs_print_info+0x12/0x12 [ 2159.455623][T18814] ? radix_tree_cpu_dead+0x160/0x160 [ 2159.460880][T18814] ? _raw_spin_lock+0xa1/0x170 [ 2159.465721][T18814] ? _raw_spin_trylock_bh+0x190/0x190 [ 2159.471066][T18814] dump_header+0xdb/0x700 [ 2159.475370][T18814] oom_kill_process+0xd3/0x280 [ 2159.480104][T18814] out_of_memory+0x5b6/0x890 [ 2159.484665][T18814] ? unregister_oom_notifier+0x20/0x20 [ 2159.490122][T18814] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2159.495656][T18814] ? get_page_from_freelist+0x7c0/0x7c0 [ 2159.501175][T18814] ? __zone_watermark_ok+0x91/0x280 [ 2159.506346][T18814] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2159.511712][T18814] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2159.517227][T18814] ? filemap_map_pages+0x10ca/0x1140 [ 2159.522493][T18814] ? _raw_spin_lock+0xa1/0x170 [ 2159.527227][T18814] ? _raw_spin_trylock_bh+0x190/0x190 [ 2159.532570][T18814] alloc_slab_page+0x3a/0x3a0 [ 2159.537221][T18814] new_slab+0x408/0x450 [ 2159.541362][T18814] ? kcov_remote_reset+0xc0/0xc0 [ 2159.546293][T18814] ? getname_flags+0xb8/0x610 [ 2159.550939][T18814] ___slab_alloc+0x2e0/0x450 [ 2159.555500][T18814] ? selinux_file_ioctl+0x73b/0x990 [ 2159.560668][T18814] ? getname_flags+0xb8/0x610 [ 2159.565315][T18814] ? getname_flags+0xb8/0x610 [ 2159.569964][T18814] kmem_cache_alloc+0x23f/0x260 [ 2159.574808][T18814] getname_flags+0xb8/0x610 [ 2159.579283][T18814] do_sys_open+0x33d/0x7d0 [ 2159.583680][T18814] ? file_open_root+0x450/0x450 [ 2159.588504][T18814] ? __x64_sys_clock_gettime+0x20d/0x260 [ 2159.594108][T18814] do_syscall_64+0xcb/0x150 [ 2159.598584][T18814] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2159.604459][T18814] RIP: 0033:0x45c829 [ 2159.608327][T18814] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2159.628003][T18814] RSP: 002b:00007f9080002c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 2159.636385][T18814] RAX: ffffffffffffffda RBX: 00000000004f7940 RCX: 000000000045c829 [ 2159.644342][T18814] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffffffff9c [ 2159.652286][T18814] RBP: 000000000078c180 R08: 0000000000000000 R09: 0000000000000000 [ 2159.660227][T18814] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2159.668169][T18814] R13: 00000000000007ba R14: 00000000004ca690 R15: 00007f90800036d4 [ 2159.683448][T18814] Mem-Info: [ 2159.694959][T18814] active_anon:1385461 inactive_anon:17088 isolated_anon:0 [ 2159.694959][T18814] active_file:357 inactive_file:762 isolated_file:122 [ 2159.694959][T18814] unevictable:0 dirty:13 writeback:0 unstable:0 [ 2159.694959][T18814] slab_reclaimable:8421 slab_unreclaimable:78479 [ 2159.694959][T18814] mapped:62764 shmem:17095 pagetables:44439 bounce:0 [ 2159.694959][T18814] free:13560 free_pcp:207 free_cma:0 [ 2159.805170][T18814] Node 0 active_anon:5540844kB inactive_anon:68352kB active_file:1860kB inactive_file:3004kB unevictable:0kB isolated(anon):0kB isolated(file):444kB mapped:250656kB dirty:52kB writeback:0kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2159.863869][T18814] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2159.916957][T18814] lowmem_reserve[]: 0 2912 6416 6416 [ 2159.935437][T18814] DMA32 free:33036kB min:16932kB low:19912kB high:22892kB active_anon:2713200kB inactive_anon:8904kB active_file:136kB inactive_file:436kB unevictable:0kB writepending:44kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:24224kB pagetables:56644kB bounce:0kB free_pcp:20kB local_pcp:4kB free_cma:0kB [ 2159.965174][T18814] lowmem_reserve[]: 0 0 3504 3504 [ 2159.970344][T18814] Normal free:10252kB min:5592kB low:9180kB high:12768kB active_anon:2828140kB inactive_anon:59448kB active_file:1272kB inactive_file:1424kB unevictable:0kB writepending:8kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30592kB pagetables:121112kB bounce:0kB free_pcp:20kB local_pcp:0kB free_cma:0kB [ 2160.000144][T18814] lowmem_reserve[]: 0 0 0 0 [ 2160.004843][T18814] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2160.018304][T18814] DMA32: 927*4kB (UMH) 1096*8kB (UMH) 553*16kB (UMH) 376*32kB (UMH) 3*64kB (MH) 2*128kB (MH) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 33804kB [ 2160.033244][T18814] Normal: 571*4kB (UME) 200*8kB (UME) 98*16kB (UM) 152*32kB (UM) 2*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 10444kB [ 2160.051497][T18814] 17303 total pagecache pages [ 2160.056350][T18814] 0 pages in swap cache [ 2160.060607][T18814] Swap cache stats: add 0, delete 0, find 0/0 [ 2160.066791][T18814] Free swap = 0kB [ 2160.070583][T18814] Total swap = 0kB [ 2160.074409][T18814] 1965979 pages RAM [ 2160.078281][T18814] 0 pages HighMem/MovableOnly [ 2160.083015][T18814] 318830 pages reserved [ 2160.087338][T18814] 0 pages cma reserved [ 2160.091473][T18814] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=18824,uid=0 [ 2160.105722][T18814] Out of memory: Killed process 18824 (syz-executor.0) total-vm:75492kB, anon-rss:16568kB, file-rss:34840kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 2160.126560][ T23] oom_reaper: reaped process 18824 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 04:07:16 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xe9000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:07:16 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x91000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:07:16 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="00000000c5555391c847d17ba530c6293a302ba96f98c6387406fd4c0c883f28734f26708fc4f55082c32a9dd2d515d578ec0a8946ed1d02e2283f3f63e4bb547abdaf33887e3f45b80be54ed8c3f56c7fb953baf02a8d2d3bf23af827407fca47843f4bd86a87a24f0ed36c03b9a18eeefaf67738ce2b016b4c42956a5a65bddfa4907a3711a39f6bbafb6c2c15af5adce1e41b420b800616899989f51e56e4b2207cf0e0b86705da8e2cd8d3eeea557d947636c089ee20a96eee9ae0d96554102649bf8449b06141a4184ac3a93b9f4f74214d4f7ec8b93e94b358eb72a7fde204f86e3b73", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000004c0)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f00000000c0)='./bus\x00', 0xbcd642, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) keyctl$search(0xa, 0x0, &(0x7f0000000180)='rxrpc_s\x00', &(0x7f0000000280)={'syz', 0x0}, 0x0) keyctl$KEYCTL_PKEY_QUERY(0x18, 0x0, 0x0, &(0x7f00000003c0)='nodevsystem-\x83mime_typewlan1\x00', &(0x7f0000000400)) pselect6(0x40, &(0x7f0000000440), 0x0, &(0x7f0000000140)={0xffc, 0x7}, 0x0, 0x0) [ 2160.698749][ T400] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2160.709600][ T400] CPU: 1 PID: 400 Comm: syz-fuzzer Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2160.719218][ T400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2160.729277][ T400] Call Trace: [ 2160.732555][ T400] dump_stack+0x14a/0x1ce [ 2160.736879][ T400] ? devkmsg_release+0x11c/0x11c [ 2160.741786][ T400] ? show_regs_print_info+0x12/0x12 [ 2160.746955][ T400] ? radix_tree_cpu_dead+0x160/0x160 [ 2160.752225][ T400] ? _raw_spin_lock+0xa1/0x170 [ 2160.756962][ T400] ? _raw_spin_trylock_bh+0x190/0x190 [ 2160.762319][ T400] dump_header+0xdb/0x700 [ 2160.766620][ T400] oom_kill_process+0xd3/0x280 [ 2160.771355][ T400] out_of_memory+0x5b6/0x890 [ 2160.775919][ T400] ? unregister_oom_notifier+0x20/0x20 [ 2160.781350][ T400] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2160.786880][ T400] ? get_page_from_freelist+0x7c0/0x7c0 [ 2160.792397][ T400] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2160.797739][ T400] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2160.803258][ T400] pagecache_get_page+0x50f/0x880 [ 2160.808253][ T400] filemap_fault+0x1474/0x19d0 [ 2160.812991][ T400] ? generic_file_read_iter+0x20b0/0x20b0 [ 2160.818681][ T400] ? mm_trace_rss_stat+0x41/0x1a0 [ 2160.823680][ T400] ext4_filemap_fault+0x7b/0x90 [ 2160.828499][ T400] handle_mm_fault+0x2837/0x40a0 [ 2160.833407][ T400] ? finish_fault+0x230/0x230 [ 2160.838055][ T400] ? security_file_permission+0x128/0x300 [ 2160.843763][ T400] ? __up_read+0x1b0/0x1b0 [ 2160.848151][ T400] ? vmacache_find+0x205/0x4b0 [ 2160.852888][ T400] do_user_addr_fault+0x48a/0x9f0 [ 2160.857884][ T400] page_fault+0x2f/0x40 [ 2160.862010][ T400] RIP: 0033:0x44911b [ 2160.865877][ T400] Code: 89 0c 24 e8 b7 5c fc ff 48 8b 44 24 58 48 89 04 24 48 8b 44 24 60 48 89 44 24 08 48 8b 44 24 28 48 89 44 24 10 48 8b 54 24 50 <48> 8b 02 ff d0 48 8b 44 24 78 48 89 04 24 e8 e2 5a fc ff 48 8b 44 [ 2160.885476][ T400] RSP: 002b:000000c420038f60 EFLAGS: 00010202 [ 2160.891510][ T400] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 2160.899465][ T400] RDX: 00000000009c3060 RSI: 00000000007f8760 RDI: 000000c42f425600 [ 2160.907419][ T400] RBP: 000000c420038f58 R08: 0000000000000000 R09: 0000000000000003 [ 2160.915392][ T400] R10: 00000204a4cd2814 R11: 0000000000000001 R12: 000001f79b8e48fd [ 2160.926115][ T400] R13: 0000000000000001 R14: 0000000000000013 R15: 0000000000000100 [ 2160.937986][ T400] Mem-Info: [ 2160.953291][ T400] active_anon:1385480 inactive_anon:17088 isolated_anon:0 [ 2160.953291][ T400] active_file:896 inactive_file:881 isolated_file:86 [ 2160.953291][ T400] unevictable:0 dirty:16 writeback:25 unstable:0 [ 2160.953291][ T400] slab_reclaimable:8418 slab_unreclaimable:78212 [ 2160.953291][ T400] mapped:63576 shmem:17095 pagetables:44363 bounce:0 [ 2160.953291][ T400] free:13117 free_pcp:0 free_cma:0 [ 2161.009769][ T400] Node 0 active_anon:5541920kB inactive_anon:68352kB active_file:3484kB inactive_file:3380kB unevictable:0kB isolated(anon):0kB isolated(file):328kB mapped:254004kB dirty:64kB writeback:100kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2161.057973][ T400] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2161.105520][ T400] lowmem_reserve[]: 0 2912 6416 6416 [ 2161.111284][ T400] DMA32 free:33944kB min:20548kB low:23528kB high:26508kB active_anon:2707600kB inactive_anon:8904kB active_file:1464kB inactive_file:3108kB unevictable:0kB writepending:16kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:24352kB pagetables:56440kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2161.146872][ T400] lowmem_reserve[]: 0 0 3504 3504 [ 2161.153258][ T400] Normal free:4648kB min:5592kB low:9180kB high:12768kB active_anon:2833164kB inactive_anon:59448kB active_file:1364kB inactive_file:676kB unevictable:0kB writepending:48kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30624kB pagetables:121012kB bounce:0kB free_pcp:252kB local_pcp:184kB free_cma:0kB [ 2161.192857][ T400] lowmem_reserve[]: 0 0 0 0 [ 2161.200462][ T400] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2161.246079][ T400] DMA32: 3010*4kB (UMH) 1249*8kB (UMH) 566*16kB (UMH) 379*32kB (UMH) 5*64kB (UMH) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 43664kB [ 2161.262481][ T400] Normal: 343*4kB (UMEH) 235*8kB (UMEH) 137*16kB (UMH) 152*32kB (UMH) 2*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 10436kB [ 2161.279956][ T400] 18922 total pagecache pages [ 2161.287204][ T400] 0 pages in swap cache 04:07:17 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x129000}], 0x1, 0x0) pipe(0x0) 04:07:17 executing program 1: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x2500000000000000) 04:07:17 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000300)="b655faa0bef469fa2bcfab062d9f420a5a", 0x11}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) r4 = dup2(0xffffffffffffffff, r3) ioctl$PPPIOCSDEBUG(r4, 0x40047440, &(0x7f00000002c0)=0x1) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) [ 2161.294170][ T400] Swap cache stats: add 0, delete 0, find 0/0 [ 2161.300541][ T400] Free swap = 0kB [ 2161.304785][ T400] Total swap = 0kB [ 2161.308908][ T400] 1965979 pages RAM [ 2161.312997][ T400] 0 pages HighMem/MovableOnly [ 2161.318209][ T400] 318830 pages reserved [ 2161.322667][ T400] 0 pages cma reserved [ 2161.327285][ T400] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=18839,uid=0 04:07:17 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xea000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:07:17 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r2, &(0x7f00000001c0)=[{&(0x7f0000000340)="a23152319e26d029d0c49b8ba2135b0c338f6f9e5b98ad0573266dfdab125a167c12faad547b8b48a3ff2860275cc5725fd3faa29a7c751ab1205c5db050726e041790d3d4baf7a50cabadc170a5f383ac95886cbae03bbc5243332425994e68bef058d5434cdac2964fac65ca173172389dd028871d390d3075df72df8699c8bcf2058717ecdc7d460316b9f5c333ab9a1c0006363d3973c15ba1770e8e3702536405990bd3311c04004e05715f4b542fb8b55f086e39a6efa59702915e53bd22eb9059a458fd10b81b02e64b963b1052510100"/225, 0xe1}, {&(0x7f0000000080)="f825d76d60d9c7b76c0bd3a55cdcd368e07a2319247f7df9e60e0ad9efd6", 0x1e}, {&(0x7f0000000180)="2dad72696d62e45f2831873268c26c0d53f63accd159d05ddac5a88d5ce48d917beb1cd692022e39c3bbe99a2a8b2f051978", 0x32}], 0x3, 0xc) ioctl$RNDCLEARPOOL(r4, 0x5206, &(0x7f0000000040)=0x10000) 04:07:17 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="000000000f46956d65bbaf159645b1754b2a8e1f5ba182c7288c4d0e2f2b0108213b02f4d8873e4c3639647c643bb27f322b6f701b2539a91546ce22ef528b9de0035154af8cea902abff5d78a07d29c275b4e5fbff8a7e170430917a551f047ecf5f826fac82cf1cbd5924044513e90b0a9eedf8cbc6b5908fb80c904796a1aa0fce3e6fc21cea9717775b01c58266c6f2de9f1b4ff325a7bcda86f1ebd030058c105f590", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) ioctl$FITRIM(r4, 0xc0185879, &(0x7f00000002c0)={0x5, 0x10001}) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:07:17 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x92000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:07:17 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x12a000}], 0x1, 0x0) pipe(0x0) 04:07:18 executing program 1: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xa2000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) [ 2162.434056][T18898] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2162.447977][T18898] CPU: 1 PID: 18898 Comm: syz-executor.2 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2162.458154][T18898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2162.468197][T18898] Call Trace: [ 2162.471481][T18898] dump_stack+0x14a/0x1ce [ 2162.475799][T18898] ? devkmsg_release+0x11c/0x11c [ 2162.480732][T18898] ? show_regs_print_info+0x12/0x12 [ 2162.485924][T18898] ? radix_tree_cpu_dead+0x160/0x160 [ 2162.491199][T18898] ? _raw_spin_lock+0xa1/0x170 [ 2162.495949][T18898] ? _raw_spin_trylock_bh+0x190/0x190 [ 2162.501311][T18898] dump_header+0xdb/0x700 [ 2162.505659][T18898] oom_kill_process+0xd3/0x280 [ 2162.510409][T18898] out_of_memory+0x5b6/0x890 [ 2162.514989][T18898] ? unregister_oom_notifier+0x20/0x20 [ 2162.520440][T18898] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2162.525972][T18898] ? unwind_get_return_address+0x48/0x90 [ 2162.531944][T18898] ? get_page_from_freelist+0x7c0/0x7c0 [ 2162.537482][T18898] ? __zone_watermark_ok+0x91/0x280 [ 2162.542672][T18898] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2162.548040][T18898] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2162.553573][T18898] ? copy_process+0x5a4/0x5110 [ 2162.558334][T18898] ? kmem_cache_alloc+0x1d5/0x260 [ 2162.563345][T18898] copy_process+0x5f3/0x5110 [ 2162.567925][T18898] ? get_mem_cgroup_from_mm+0x27b/0x2c0 [ 2162.576846][T18898] ? _raw_spin_lock+0xa1/0x170 [ 2162.581606][T18898] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2162.587402][T18898] ? fork_idle+0x290/0x290 [ 2162.591821][T18898] ? _raw_spin_unlock+0x5/0x20 [ 2162.596572][T18898] ? handle_mm_fault+0xb16/0x40a0 [ 2162.601614][T18898] _do_fork+0x196/0x920 [ 2162.605757][T18898] ? dup_mm+0x300/0x300 [ 2162.610772][T18898] ? do_mmap+0x9ad/0x1060 [ 2162.615115][T18898] __x64_sys_clone+0x25f/0x2c0 [ 2162.619861][T18898] ? __ia32_sys_vfork+0x110/0x110 [ 2162.624872][T18898] ? do_user_addr_fault+0x55c/0x9f0 [ 2162.630060][T18898] do_syscall_64+0xcb/0x150 [ 2162.634559][T18898] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2162.640434][T18898] RIP: 0033:0x45f1f9 [ 2162.644307][T18898] Code: ff 48 85 f6 0f 84 37 8d fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 0e 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2162.664134][T18898] RSP: 002b:00007fff3f7faad8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2162.672518][T18898] RAX: ffffffffffffffda RBX: 00007f70f56e7700 RCX: 000000000045f1f9 [ 2162.680476][T18898] RDX: 00007f70f56e79d0 RSI: 00007f70f56e6db0 RDI: 00000000003d0f00 [ 2162.688426][T18898] RBP: 00007fff3f7fad00 R08: 00007f70f56e7700 R09: 00007f70f56e7700 [ 2162.696382][T18898] R10: 00007f70f56e79d0 R11: 0000000000000202 R12: 0000000000000000 [ 2162.713880][T18898] R13: 00007fff3f7fab8f R14: 00007f70f56e79c0 R15: 000000000078bfac [ 2162.730243][T18898] Mem-Info: [ 2162.739228][T18898] active_anon:1382221 inactive_anon:17088 isolated_anon:0 [ 2162.739228][T18898] active_file:347 inactive_file:1074 isolated_file:31 [ 2162.739228][T18898] unevictable:0 dirty:16 writeback:0 unstable:0 [ 2162.739228][T18898] slab_reclaimable:8417 slab_unreclaimable:78458 [ 2162.739228][T18898] mapped:62747 shmem:17095 pagetables:44591 bounce:0 [ 2162.739228][T18898] free:15791 free_pcp:789 free_cma:0 [ 2162.886769][T18898] Node 0 active_anon:5528884kB inactive_anon:68352kB active_file:2380kB inactive_file:9692kB unevictable:0kB isolated(anon):0kB isolated(file):352kB mapped:255988kB dirty:64kB writeback:0kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2162.984683][T18898] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2163.037865][T18898] lowmem_reserve[]: 0 2912 6416 6416 [ 2163.050909][T18898] DMA32 free:35840kB min:20548kB low:23528kB high:26508kB active_anon:2701112kB inactive_anon:8904kB active_file:2868kB inactive_file:3056kB unevictable:0kB writepending:52kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:24704kB pagetables:57224kB bounce:0kB free_pcp:1740kB local_pcp:1312kB free_cma:0kB 04:07:18 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r0 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r0, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x24, &(0x7f0000000040)=0x9aa, 0x4) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r1 = dup3(0xffffffffffffffff, r0, 0x0) ioctl$FS_IOC_SETFSLABEL(r1, 0x41009432, &(0x7f0000000180)="6dfa961210cb8b1ee896067977233be121b0b017f068b9d6dc93924a0566258bbb9f20072f38838d6f97bd31ff714eff468be16aebf1b1230f72a37b74ef26e2bad36a63228bec242ce9540f9cf8d7493a4f5183d18aadd2bd8a66469fcd8fd4d624db593f9849ff6828db5b46bebbb90b7fb54732bfd8c65346875058023ec3e8ea2c6f86bc2ada9940eed3a7797748b413b65535f3763f344e68238bd9769313f4d1b59f1fb88d3a6a6403b6246af6cd2eb83f99a20c6b859d2ec21a6468db33954ec462feb5e8bb3c6422db0ab756923ee644c3834d1cb4eb9c57cc312df73ec034cc5d31c59a0bd924bc8878b9e6848c4d77d19ad29320688dfb5d101bc9") r2 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r2, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r4 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r4, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f0000000500), 0x37d, 0x0) 04:07:18 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB="dcb2358beecb06b1722c5b6ab82db33d212a7c3743919ded5c0d1473d17ad668c02e8337a81f0aff4d42775a1c4b0554e44525f6852f60166871caee46dfc1c731237509ccb9ace9d6444d7d680c38a0758967dcf702c7da3c9bce48bdc9c15ae76a039d2d179527acebabea"], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) arch_prctl$ARCH_GET_CPUID(0x1011) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x400480, 0x20) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, &(0x7f00000002c0)={0x2, 0x1, 0x17, 0x7, 0x74, &(0x7f0000000440)="af399323af6eb7356ad3ef17cdb54e6d5c3ae7013e76b8e593660ce6c9d653b8ff5024cbf4f45cb266216cb289fadcc0b7cc01083cb0e701af3ee439b09f41df9fea2fe0b0aaa71d71970fa91ec6e590a6c82ce358ac317ee35dcc83ea3e9a291612af6d3ffa8e29247bb21e9f291086741be12fb18b3b5c393f96fee145e9bf559c3a73f19fcce5830f980a3f59df353310b5eb16b8254f2fb13ad29a4f992eac5a1a8b3a2c243d32b30db5b842201d4c3702db29f33529fb5ea4012129c3b317e763d558f9e841fbbf0e9bec1c21b38ebbb18554af06d5bd263ff17d3d1be6a9d7544d6a0838948a3c6c67e7c402160f519700407ea954a26f8cd7f52ab06ba2c95e904b0c3f6df168b87a4f9a5b5b45daf988fa3a7689d2912f3d768daef54fcd7df018e4c7a92c805c040cc49f7fa9ca25b70c39469b4216ca5a9216b74719c0c881d14029521b503ac71facc00f881162a590cd03ce89e1c4f99bd3c518ea2296d552766a357f3c1ed2787aeda3de29786e89ae4fa530df674ee0933be7bf903eb954287dc4678b0bd5490b42ee6e06b0b9ab1cae6d862dbf61f32b0df5f1a23068b7e4fba08f1776182384f1b6f09f6a16e7c53b7539e502a4d0dbe40f12d53ad47e9aabd29c1cb69935070b4e89e31af42c19deefc42c9c62995d43b8339ad92155166e102227f9ebc8da90ee0418ee626b3a5a75a9e42506830dffb8a5dd7ef2952743f8d63ca845c52bc52b2b35364732f825e60624d1eb2b6dbbb0521b1911491e82519e35ee11b7db6f5dbe502856feac66e2da9273487ee487b9dd458f4025ae5d83fdab9cd9e5c30f6b5edbe9e56fb395b107444b2595916070491c35121447036da278f892aee9402252d123d44b0a5cfe9b8b22e7a8cc32edf302f46d63e660b6c69c92f049bc53f3b4c0997a693c2a2d024bc5bb748bebe1d99ee660645339200595d7de27d8bcb3be1d858915e862dffd5b9b6056bdae08c9a00da91175ef60f1eb04a1cee061592af404ec5fb9f7e411321b97de1ec660eac3560b93f9ff62ff5d37dbbb789377c8e985efd97b659dc15cfa943b61083c481ea3298f90778c29b69add48a42b4cf0a8b9a8e6cb503f567b3ec96e88dedd138e0a8e401a3a20a614c0be074d204a6c04a16ec150f34078de266b4fd2c21834129d925e3640f11e47f95b0c80fb970a7546cfbecf03fff289829204962fb234bc6b35f2af208719bfbf9bc0f0eca54a42a42f4d8bd1d5fed1b66f205cdf90efd0c23cb812b4887ef88f2eac474cdcb719ba00a7a982a2cd91f7240600036cb47c426bbb928e457d3d13e467359a73f33c44772d6722c201ca8e73b1edf0a6d554f2d7007f1de21b1b2e14db44608c31410f9757611b1f405939e5350ac820ea68ad5915dd7e5e701c0864a3200c35669a7c022742668690bfbe2a07c86e84"}) 04:07:18 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup/syz0\x00', 0x200002, 0x0) fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000040)='\x00', 0x0, r0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$NS_GET_PARENT(r3, 0xb702, 0x0) ioctl$sock_inet_tcp_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000100)) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0xb) r4 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000300)='NLBL_MGMT\x00') sendmsg$NLBL_MGMT_C_REMOVEDEF(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x38, r4, 0x200, 0x70bd26, 0x25dfdbfc, {}, [@NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @mcast2}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x9}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}]}, 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x51) sendmsg$NLBL_MGMT_C_PROTOCOLS(r2, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x34, r4, 0x300, 0x70bd29, 0x25dfdbfc, {}, [@NLBL_MGMT_A_DOMAIN={0x5, 0x1, '\x00'}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @multicast1}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x7}, @NLBL_MGMT_A_CLPDOI={0x8, 0xc, 0x3}]}, 0x34}, 0x1, 0x0, 0x0, 0x8000}, 0x40015) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) r5 = socket$xdp(0x2c, 0x3, 0x0) syncfs(r5) [ 2163.117040][T18898] lowmem_reserve[]: 0 0 3504 3504 [ 2163.125801][T18898] Normal free:10740kB min:13784kB low:17372kB high:20960kB active_anon:2827684kB inactive_anon:59448kB active_file:1572kB inactive_file:492kB unevictable:0kB writepending:0kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30624kB pagetables:121128kB bounce:0kB free_pcp:264kB local_pcp:156kB free_cma:0kB [ 2163.282871][T18898] lowmem_reserve[]: 0 0 0 0 [ 2163.288849][T18898] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2163.305606][T18898] DMA32: 1390*4kB (MH) 1132*8kB (MH) 515*16kB (MH) 335*32kB (MH) 5*64kB (MH) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 34024kB [ 2163.321193][T18898] Normal: 578*4kB (UME) 121*8kB (UME) 148*16kB (UME) 165*32kB (UME) 3*64kB (ME) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 11120kB [ 2163.407820][T18898] 18564 total pagecache pages [ 2163.453302][T18898] 0 pages in swap cache [ 2163.463202][T18898] Swap cache stats: add 0, delete 0, find 0/0 [ 2163.469460][T18898] Free swap = 0kB [ 2163.483194][T18898] Total swap = 0kB [ 2163.487335][T18898] 1965979 pages RAM [ 2163.491149][T18898] 0 pages HighMem/MovableOnly [ 2163.503224][T18898] 318830 pages reserved [ 2163.507615][T18898] 0 pages cma reserved [ 2163.512755][T18898] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=8712,uid=0 [ 2163.527994][T18898] Out of memory: Killed process 8712 (syz-executor.0) total-vm:75756kB, anon-rss:14108kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000 [ 2163.547643][ T23] oom_reaper: reaped process 8712 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 04:07:19 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x93000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:07:19 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xeb000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:07:19 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x12b000}], 0x1, 0x0) pipe(0x0) 04:07:20 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) 04:07:20 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, 0x0, 0x0) 04:07:20 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="0e3154", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x149440, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:07:20 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xec000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) [ 2164.996360][T18974] syz-executor.0 invoked oom-killer: gfp_mask=0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x1000000), order=0, oom_score_adj=1000 [ 2165.009925][T18974] CPU: 1 PID: 18974 Comm: syz-executor.0 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2165.020451][T18974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2165.030586][T18974] Call Trace: [ 2165.033975][T18974] dump_stack+0x14a/0x1ce [ 2165.038380][T18974] ? devkmsg_release+0x11c/0x11c [ 2165.043323][T18974] ? show_regs_print_info+0x12/0x12 [ 2165.048712][T18974] ? radix_tree_cpu_dead+0x160/0x160 [ 2165.053981][T18974] ? _raw_spin_lock+0xa1/0x170 [ 2165.058735][T18974] ? _raw_spin_trylock_bh+0x190/0x190 [ 2165.064090][T18974] dump_header+0xdb/0x700 [ 2165.068407][T18974] oom_kill_process+0xd3/0x280 [ 2165.073304][T18974] out_of_memory+0x5b6/0x890 [ 2165.078004][T18974] ? unregister_oom_notifier+0x20/0x20 [ 2165.084185][T18974] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2165.089807][T18974] ? get_page_from_freelist+0x7c0/0x7c0 [ 2165.095345][T18974] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2165.100926][T18974] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2165.106471][T18974] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 2165.113468][T18974] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2165.119351][T18974] ? __mod_node_page_state+0x99/0xb0 [ 2165.124738][T18974] ? __lru_cache_add+0x1a1/0x1f0 [ 2165.129753][T18974] wp_page_copy+0x1cb/0x1120 [ 2165.134425][T18974] ? add_mm_rss_vec+0x270/0x270 [ 2165.139261][T18974] ? kvm_sched_clock_read+0x15/0x40 [ 2165.144443][T18974] ? vm_normal_page+0x1c9/0x1d0 [ 2165.149296][T18974] do_wp_page+0x4c1/0x1530 [ 2165.153697][T18974] ? psi_task_change+0x92d/0xe30 [ 2165.158633][T18974] ? _raw_spin_lock+0xa1/0x170 [ 2165.163485][T18974] ? do_swap_page+0x1560/0x1560 [ 2165.168968][T18974] ? plist_del+0x3c6/0x3e0 [ 2165.173554][T18974] handle_mm_fault+0x1354/0x40a0 [ 2165.178629][T18974] ? finish_fault+0x230/0x230 [ 2165.183290][T18974] ? rto_push_irq_work_func+0x3a0/0x3a0 [ 2165.188832][T18974] ? __up_read+0x1b0/0x1b0 [ 2165.193231][T18974] ? vmacache_find+0x3a2/0x4b0 [ 2165.198238][T18974] do_user_addr_fault+0x48a/0x9f0 [ 2165.203613][T18974] page_fault+0x2f/0x40 [ 2165.208012][T18974] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 2165.214767][T18974] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 2165.234696][T18974] RSP: 0000:ffff88809aa07888 EFLAGS: 00010206 [ 2165.240840][T18974] RAX: ffffffff81f71b01 RBX: 0000000020cbf500 RCX: 0000000000000500 [ 2165.249073][T18974] RDX: 0000000000001000 RSI: ffff88806271fb00 RDI: 0000000020cbf000 [ 2165.257353][T18974] RBP: ffff88809aa07da8 R08: dffffc0000000000 R09: ffffed100c4e4000 [ 2165.265483][T18974] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffffffff000 [ 2165.273670][T18974] R13: 0000000000001000 R14: ffff88806271f000 R15: 0000000020cbe500 [ 2165.281681][T18974] ? copyout+0x21/0xb0 [ 2165.286153][T18974] copyout+0x8e/0xb0 [ 2165.290123][T18974] copy_page_to_iter+0x393/0xbd0 [ 2165.295139][T18974] pipe_to_user+0xa3/0x130 [ 2165.299647][T18974] __splice_from_pipe+0x2d3/0x870 [ 2165.313116][T18974] ? user_page_pipe_buf_steal+0xc0/0xc0 [ 2165.318846][T18974] do_vmsplice+0x252/0xee0 [ 2165.323439][T18974] ? avc_ss_reset+0x3a0/0x3a0 [ 2165.328121][T18974] ? write_pipe_buf+0x1d0/0x1d0 [ 2165.333342][T18974] ? __rcu_read_lock+0x50/0x50 [ 2165.338091][T18974] ? check_stack_object+0x5a/0x90 [ 2165.343193][T18974] ? _copy_from_user+0xa4/0xe0 [ 2165.348088][T18974] ? rw_copy_check_uvector+0x2b3/0x310 [ 2165.353618][T18974] ? import_iovec+0x1c2/0x380 [ 2165.358512][T18974] ? dup_iter+0x110/0x110 [ 2165.362828][T18974] ? do_vfs_ioctl+0x780/0x1750 [ 2165.367579][T18974] __se_sys_vmsplice+0x1fb/0x300 [ 2165.372503][T18974] ? __x64_sys_vmsplice+0xa0/0xa0 [ 2165.377512][T18974] ? put_timespec64+0x109/0x150 [ 2165.382348][T18974] ? __x64_sys_clock_gettime+0x20d/0x260 [ 2165.388137][T18974] ? __ia32_sys_clock_settime+0x2a0/0x2a0 [ 2165.393995][T18974] do_syscall_64+0xcb/0x150 [ 2165.398694][T18974] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2165.404679][T18974] RIP: 0033:0x45c829 [ 2165.408565][T18974] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2165.428710][T18974] RSP: 002b:00007f78ac9b3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 2165.437110][T18974] RAX: ffffffffffffffda RBX: 0000000000509d00 RCX: 000000000045c829 [ 2165.446127][T18974] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 2165.454387][T18974] RBP: 000000000078c040 R08: 0000000000000000 R09: 0000000000000000 [ 2165.462345][T18974] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2165.470397][T18974] R13: 0000000000000c49 R14: 00000000004ce70e R15: 00007f78ac9b46d4 [ 2165.478474][T18974] Mem-Info: [ 2165.481744][T18974] active_anon:1386438 inactive_anon:17088 isolated_anon:0 [ 2165.481744][T18974] active_file:272 inactive_file:267 isolated_file:54 [ 2165.481744][T18974] unevictable:0 dirty:33 writeback:0 unstable:0 [ 2165.481744][T18974] slab_reclaimable:8421 slab_unreclaimable:78502 [ 2165.481744][T18974] mapped:62200 shmem:17095 pagetables:44637 bounce:0 [ 2165.481744][T18974] free:12214 free_pcp:513 free_cma:0 [ 2165.520853][T18974] Node 0 active_anon:5545756kB inactive_anon:68352kB active_file:1008kB inactive_file:972kB unevictable:0kB isolated(anon):0kB isolated(file):236kB mapped:248780kB dirty:164kB writeback:16kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2165.546148][T18974] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2165.572914][T18974] lowmem_reserve[]: 0 2912 6416 6416 [ 2165.578785][T18974] DMA32 free:26220kB min:20548kB low:23528kB high:26508kB active_anon:2713636kB inactive_anon:8904kB active_file:948kB inactive_file:1000kB unevictable:0kB writepending:132kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:25024kB pagetables:57256kB bounce:0kB free_pcp:1572kB local_pcp:688kB free_cma:0kB [ 2165.609160][T18974] lowmem_reserve[]: 0 0 3504 3504 [ 2165.614411][T18974] Normal free:7080kB min:17880kB low:21468kB high:25056kB active_anon:2831784kB inactive_anon:59448kB active_file:732kB inactive_file:364kB unevictable:0kB writepending:48kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30688kB pagetables:121300kB bounce:0kB free_pcp:484kB local_pcp:56kB free_cma:0kB [ 2165.644193][T18974] lowmem_reserve[]: 0 0 0 0 [ 2165.648701][T18974] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2165.662334][T18974] DMA32: 73*4kB (UMEH) 645*8kB (UMH) 702*16kB (UMEH) 290*32kB (MH) 2*64kB (H) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 26220kB [ 2165.677066][T18974] Normal: 345*4kB (UME) 123*8kB (UME) 93*16kB (UME) 111*32kB (UME) 2*64kB (E) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 7532kB [ 2165.691550][T18974] 17616 total pagecache pages [ 2165.696247][T18974] 0 pages in swap cache [ 2165.700402][T18974] Swap cache stats: add 0, delete 0, find 0/0 [ 2165.706488][T18974] Free swap = 0kB [ 2165.710228][T18974] Total swap = 0kB [ 2165.714064][T18974] 1965979 pages RAM [ 2165.717881][T18974] 0 pages HighMem/MovableOnly [ 2165.722786][T18974] 318830 pages reserved [ 2165.726965][T18974] 0 pages cma reserved [ 2165.731031][T18974] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=18958,uid=0 [ 2165.745502][T18974] Out of memory: Killed process 18958 (syz-executor.1) total-vm:75360kB, anon-rss:13644kB, file-rss:35152kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000 [ 2165.768094][ T23] oom_reaper: reaped process 18958 (syz-executor.1), now anon-rss:0kB, file-rss:34808kB, shmem-rss:0kB [ 2166.772825][ T405] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2166.790511][ T405] CPU: 0 PID: 405 Comm: syz-fuzzer Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2166.800230][ T405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2166.810415][ T405] Call Trace: [ 2166.813699][ T405] dump_stack+0x14a/0x1ce [ 2166.818011][ T405] ? devkmsg_release+0x11c/0x11c [ 2166.823034][ T405] ? show_regs_print_info+0x12/0x12 [ 2166.828216][ T405] ? radix_tree_cpu_dead+0x160/0x160 [ 2166.833482][ T405] ? _raw_spin_lock+0xa1/0x170 [ 2166.838382][ T405] ? _raw_spin_trylock_bh+0x190/0x190 [ 2166.843787][ T405] dump_header+0xdb/0x700 [ 2166.848101][ T405] oom_kill_process+0xd3/0x280 [ 2166.852976][ T405] out_of_memory+0x5b6/0x890 [ 2166.857545][ T405] ? unregister_oom_notifier+0x20/0x20 [ 2166.863079][ T405] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2166.868620][ T405] ? get_page_from_freelist+0x7c0/0x7c0 [ 2166.874150][ T405] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2166.879576][ T405] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2166.885110][ T405] pagecache_get_page+0x50f/0x880 [ 2166.890180][ T405] filemap_fault+0x1474/0x19d0 [ 2166.895059][ T405] ? generic_file_read_iter+0x20b0/0x20b0 [ 2166.900886][ T405] ? mm_trace_rss_stat+0x41/0x1a0 [ 2166.905934][ T405] ext4_filemap_fault+0x7b/0x90 [ 2166.910799][ T405] handle_mm_fault+0x2837/0x40a0 [ 2166.915809][ T405] ? finish_fault+0x230/0x230 [ 2166.920471][ T405] ? __up_read+0x1b0/0x1b0 [ 2166.924866][ T405] ? vmacache_update+0x9f/0xf0 [ 2166.929670][ T405] do_user_addr_fault+0x48a/0x9f0 [ 2166.934768][ T405] page_fault+0x2f/0x40 [ 2166.938954][ T405] RIP: 0033:0x41d14f [ 2166.942866][ T405] Code: 89 4c 24 58 31 d2 48 8b 9c 24 80 00 00 00 48 39 da 0f 83 2b 01 00 00 48 89 d6 48 c1 ea 06 48 8b bc 24 88 00 00 00 4c 8d 04 17 <41> 84 00 0f b6 14 17 85 d2 75 06 48 8d 56 40 eb cb 45 31 c0 eb 09 [ 2166.962659][ T405] RSP: 002b:000000c42016fdd0 EFLAGS: 00010246 [ 2166.968891][ T405] RAX: 000000c420000000 RBX: 0000000000000008 RCX: 000000c43c8a0000 [ 2166.976907][ T405] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000c057b1 [ 2166.984947][ T405] RBP: 000000c42016fe38 R08: 0000000000c057b1 R09: 0000000000000028 [ 2166.992946][ T405] R10: 0000000000000050 R11: 000000000005e188 R12: 00007f6eab7e71d4 [ 2167.001031][ T405] R13: 0000000000000001 R14: 0000000000000006 R15: 0000000000000035 [ 2167.010007][ T405] Mem-Info: [ 2167.018055][ T405] active_anon:1383502 inactive_anon:17088 isolated_anon:0 [ 2167.018055][ T405] active_file:1427 inactive_file:1504 isolated_file:32 [ 2167.018055][ T405] unevictable:0 dirty:29 writeback:0 unstable:0 [ 2167.018055][ T405] slab_reclaimable:8430 slab_unreclaimable:78446 [ 2167.018055][ T405] mapped:64412 shmem:17095 pagetables:44598 bounce:0 [ 2167.018055][ T405] free:13613 free_pcp:0 free_cma:0 [ 2167.076801][ T405] Node 0 active_anon:5534008kB inactive_anon:68352kB active_file:5380kB inactive_file:5256kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:256348kB dirty:116kB writeback:0kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 04:07:22 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x94000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:07:22 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, 0x0, 0x0) [ 2167.105252][ T405] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2167.132368][ T405] lowmem_reserve[]: 0 2912 6416 6416 [ 2167.138285][ T405] DMA32 free:33928kB min:20548kB low:23528kB high:26508kB active_anon:2706456kB inactive_anon:8904kB active_file:2512kB inactive_file:1676kB unevictable:0kB writepending:8kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:24416kB pagetables:57244kB bounce:0kB free_pcp:20kB local_pcp:0kB free_cma:0kB 04:07:22 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x12c000}], 0x1, 0x0) pipe(0x0) [ 2167.188733][ T405] lowmem_reserve[]: 0 0 3504 3504 [ 2167.194163][ T405] Normal free:6008kB min:5592kB low:9180kB high:12768kB active_anon:2827636kB inactive_anon:59448kB active_file:3252kB inactive_file:3612kB unevictable:0kB writepending:104kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30592kB pagetables:121088kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2167.251699][ T405] lowmem_reserve[]: 0 0 0 0 [ 2167.256706][ T405] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2167.270857][ T405] DMA32: 1354*4kB (MEH) 789*8kB (MEH) 706*16kB (MEH) 318*32kB (UMEH) 8*64kB (UMH) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 33840kB [ 2167.287685][ T405] Normal: 132*4kB (UE) 55*8kB (UME) 52*16kB (UME) 138*32kB (UMEH) 2*64kB (E) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 6344kB [ 2167.304366][ T405] 19678 total pagecache pages [ 2167.310513][ T405] 0 pages in swap cache [ 2167.316380][ T405] Swap cache stats: add 0, delete 0, find 0/0 [ 2167.322453][ T405] Free swap = 0kB [ 2167.329623][ T405] Total swap = 0kB [ 2167.338445][ T405] 1965979 pages RAM [ 2167.343416][ T405] 0 pages HighMem/MovableOnly [ 2167.349757][ T405] 318830 pages reserved [ 2167.355040][ T405] 0 pages cma reserved [ 2167.360729][ T405] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=18980,uid=0 04:07:23 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x802, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000080)='yeah\x00', 0x5) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r3, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) [ 2167.392668][ T405] Out of memory: Killed process 18980 (syz-executor.0) total-vm:75492kB, anon-rss:16568kB, file-rss:35496kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 2167.671351][T26523] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 2167.782300][T26523] CPU: 0 PID: 26523 Comm: syz-executor.4 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2167.792923][T26523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2167.803076][T26523] Call Trace: [ 2167.806385][T26523] dump_stack+0x14a/0x1ce [ 2167.810837][T26523] ? devkmsg_release+0x11c/0x11c [ 2167.815777][T26523] ? show_regs_print_info+0x12/0x12 [ 2167.821061][T26523] ? radix_tree_cpu_dead+0x160/0x160 [ 2167.826515][T26523] ? _raw_spin_lock+0xa1/0x170 [ 2167.831276][T26523] ? _raw_spin_trylock_bh+0x190/0x190 [ 2167.836823][T26523] dump_header+0xdb/0x700 [ 2167.841240][T26523] oom_kill_process+0xd3/0x280 [ 2167.846246][T26523] out_of_memory+0x5b6/0x890 [ 2167.851095][T26523] ? unregister_oom_notifier+0x20/0x20 [ 2167.856613][T26523] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2167.862252][T26523] ? get_page_from_freelist+0x7c0/0x7c0 [ 2167.867809][T26523] ? __zone_watermark_ok+0x91/0x280 [ 2167.873034][T26523] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2167.878492][T26523] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2167.884037][T26523] ? schedule_preempt_disabled+0x20/0x20 [ 2167.889926][T26523] pte_alloc_one+0x1b/0xb0 [ 2167.894348][T26523] __pte_alloc+0x1d/0x1d0 [ 2167.898763][T26523] copy_page_range+0x1452/0x1710 [ 2167.903707][T26523] ? print_bad_pte+0x650/0x650 [ 2167.908578][T26523] ? init_admin_reserve+0xc0/0xc0 [ 2167.913601][T26523] ? vma_gap_callbacks_rotate+0x203/0x210 [ 2167.919542][T26523] dup_mmap+0x870/0xc00 [ 2167.923794][T26523] ? __delayed_free_task+0x20/0x20 [ 2167.928929][T26523] ? mm_init+0x5c6/0x720 [ 2167.933169][T26523] dup_mm+0x98/0x300 [ 2167.937067][T26523] copy_process+0x2052/0x5110 [ 2167.941851][T26523] ? fork_idle+0x290/0x290 [ 2167.946265][T26523] ? memset+0x1f/0x40 [ 2167.950242][T26523] ? handle_mm_fault+0xb16/0x40a0 [ 2167.955263][T26523] _do_fork+0x196/0x920 [ 2167.959442][T26523] ? dup_mm+0x300/0x300 [ 2167.963587][T26523] ? ktime_get_raw+0x130/0x130 [ 2167.968454][T26523] __x64_sys_clone+0x25f/0x2c0 [ 2167.973205][T26523] ? __ia32_sys_vfork+0x110/0x110 [ 2167.978440][T26523] ? __x64_sys_clock_gettime+0x20d/0x260 [ 2167.984139][T26523] ? do_user_addr_fault+0x55c/0x9f0 [ 2167.989389][T26523] do_syscall_64+0xcb/0x150 [ 2167.993879][T26523] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2167.999754][T26523] RIP: 0033:0x45ae5a [ 2168.003719][T26523] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2168.023525][T26523] RSP: 002b:00007ffe517c2b70 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2168.031918][T26523] RAX: ffffffffffffffda RBX: 00007ffe517c2b70 RCX: 000000000045ae5a [ 2168.039905][T26523] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2168.047863][T26523] RBP: 00007ffe517c2bb0 R08: 0000000000000001 R09: 0000000002716940 [ 2168.055819][T26523] R10: 0000000002716c10 R11: 0000000000000246 R12: 0000000000000001 [ 2168.063907][T26523] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffe517c2c00 04:07:23 executing program 1: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xeb000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:07:23 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x12d000}], 0x1, 0x0) pipe(0x0) [ 2168.355650][T26523] Mem-Info: [ 2168.359656][T26523] active_anon:1383771 inactive_anon:17088 isolated_anon:0 [ 2168.359656][T26523] active_file:764 inactive_file:957 isolated_file:133 [ 2168.359656][T26523] unevictable:0 dirty:32 writeback:19 unstable:0 [ 2168.359656][T26523] slab_reclaimable:8428 slab_unreclaimable:78301 [ 2168.359656][T26523] mapped:63399 shmem:17095 pagetables:44675 bounce:0 [ 2168.359656][T26523] free:14284 free_pcp:217 free_cma:0 [ 2168.398770][T26523] Node 0 active_anon:5535084kB inactive_anon:68352kB active_file:3156kB inactive_file:3828kB unevictable:0kB isolated(anon):0kB isolated(file):532kB mapped:253596kB dirty:128kB writeback:76kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 04:07:24 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2cc8ee7170b9e644cc02d337520f1b2976", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f00000003c0)={0x0, @initdev, @loopback}, &(0x7f0000000440)=0xc) sendmsg$NL80211_CMD_DEL_INTERFACE(r3, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000480)={0x5c, 0x0, 0x0, 0x70bd2a, 0x25dfdbfe, {}, [@NL80211_ATTR_IFINDEX={0x8}, @NL80211_ATTR_IFNAME={0x14, 0x4, 'rose0\x00'}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x1}, @NL80211_ATTR_WIPHY={0x1e, 0x1, 0x1}, @NL80211_ATTR_IFTYPE={0x8}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r4}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x7, 0x3}}]}, 0x5c}}, 0x40000) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f0000000300)={0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x1f}, 0x0, &(0x7f0000000140)={0xffc, 0x4, 0x9, 0x0, 0x0, 0x0, 0x24ca, 0x1000000}, 0x0, 0x0) [ 2168.432806][T26523] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2168.541116][T26523] lowmem_reserve[]: 0 2912 6416 6416 [ 2168.555303][T26523] DMA32 free:35228kB min:20548kB low:23528kB high:26508kB active_anon:2705256kB inactive_anon:8904kB active_file:852kB inactive_file:1356kB unevictable:0kB writepending:76kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:24512kB pagetables:57648kB bounce:0kB free_pcp:1308kB local_pcp:484kB free_cma:0kB [ 2168.666584][T26523] lowmem_reserve[]: 0 0 3504 3504 [ 2168.691178][T26523] Normal free:7444kB min:5592kB low:9180kB high:12768kB active_anon:2829920kB inactive_anon:59448kB active_file:1660kB inactive_file:1652kB unevictable:0kB writepending:128kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30656kB pagetables:121052kB bounce:0kB free_pcp:44kB local_pcp:0kB free_cma:0kB [ 2168.789183][T26523] lowmem_reserve[]: 0 0 0 0 [ 2168.799031][T26523] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2168.814624][T26523] DMA32: 1157*4kB (UMEH) 1301*8kB (UMEH) 704*16kB (UMEH) 321*32kB (UMH) 3*64kB (MH) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 36892kB [ 2168.831036][T26523] Normal: 571*4kB (UME) 134*8kB (UME) 128*16kB (UME) 92*32kB (UME) 2*64kB (E) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8476kB [ 2168.847108][T26523] 18107 total pagecache pages [ 2168.861565][T26523] 0 pages in swap cache [ 2168.867895][T26523] Swap cache stats: add 0, delete 0, find 0/0 [ 2168.896199][T26523] Free swap = 0kB [ 2168.927682][T26523] Total swap = 0kB [ 2168.949393][T26523] 1965979 pages RAM [ 2168.971245][T26523] 0 pages HighMem/MovableOnly [ 2168.993351][T26523] 318830 pages reserved [ 2169.011866][T26523] 0 pages cma reserved [ 2169.049574][T26523] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=19000,uid=0 [ 2169.138871][T26523] Out of memory: Killed process 19000 (syz-executor.1) total-vm:75228kB, anon-rss:16556kB, file-rss:34852kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 04:07:25 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xed000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:07:25 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000002c0)={0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, &(0x7f0000000140)={0xffc, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x1, 0x400000}, 0x0, 0x0) 04:07:25 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x22044813) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) 04:07:25 executing program 1: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xeb000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:07:25 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x12e000}], 0x1, 0x0) pipe(0x0) [ 2170.759806][T19016] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2170.772720][T19016] CPU: 1 PID: 19016 Comm: syz-executor.4 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2170.782868][T19016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2170.792913][T19016] Call Trace: [ 2170.796239][T19016] dump_stack+0x14a/0x1ce [ 2170.800561][T19016] ? devkmsg_release+0x11c/0x11c [ 2170.805578][T19016] ? show_regs_print_info+0x12/0x12 [ 2170.810762][T19016] ? radix_tree_cpu_dead+0x160/0x160 [ 2170.816020][T19016] ? _raw_spin_lock+0xa1/0x170 [ 2170.820770][T19016] ? _raw_spin_trylock_bh+0x190/0x190 [ 2170.826115][T19016] dump_header+0xdb/0x700 [ 2170.830423][T19016] oom_kill_process+0xd3/0x280 [ 2170.835157][T19016] out_of_memory+0x5b6/0x890 [ 2170.839726][T19016] ? unregister_oom_notifier+0x20/0x20 [ 2170.845158][T19016] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2170.850692][T19016] ? get_page_from_freelist+0x7c0/0x7c0 [ 2170.856208][T19016] ? __zone_watermark_ok+0x91/0x280 [ 2170.861391][T19016] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2170.866749][T19016] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2170.872266][T19016] ? copy_process+0x5a4/0x5110 [ 2170.876999][T19016] ? kmem_cache_alloc+0x1d5/0x260 [ 2170.881993][T19016] copy_process+0x5f3/0x5110 [ 2170.886568][T19016] ? get_mem_cgroup_from_mm+0x27b/0x2c0 [ 2170.892084][T19016] ? _raw_spin_lock+0xa1/0x170 [ 2170.896907][T19016] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2170.902682][T19016] ? fork_idle+0x290/0x290 [ 2170.907067][T19016] ? _raw_spin_unlock+0x5/0x20 [ 2170.911801][T19016] ? handle_mm_fault+0xb16/0x40a0 [ 2170.916794][T19016] _do_fork+0x196/0x920 [ 2170.920957][T19016] ? dup_mm+0x300/0x300 [ 2170.925082][T19016] ? do_mmap+0x9ad/0x1060 [ 2170.929401][T19016] __x64_sys_clone+0x25f/0x2c0 [ 2170.934150][T19016] ? __ia32_sys_vfork+0x110/0x110 [ 2170.939162][T19016] ? do_user_addr_fault+0x55c/0x9f0 [ 2170.944332][T19016] do_syscall_64+0xcb/0x150 [ 2170.948812][T19016] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2170.954674][T19016] RIP: 0033:0x45f1f9 [ 2170.958541][T19016] Code: ff 48 85 f6 0f 84 37 8d fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 0e 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2170.978114][T19016] RSP: 002b:00007ffe517c28c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2170.986493][T19016] RAX: ffffffffffffffda RBX: 00007fa744f7b700 RCX: 000000000045f1f9 [ 2170.994436][T19016] RDX: 00007fa744f7b9d0 RSI: 00007fa744f7adb0 RDI: 00000000003d0f00 [ 2171.002377][T19016] RBP: 00007ffe517c2af0 R08: 00007fa744f7b700 R09: 00007fa744f7b700 [ 2171.010320][T19016] R10: 00007fa744f7b9d0 R11: 0000000000000202 R12: 0000000000000000 [ 2171.018800][T19016] R13: 00007ffe517c297f R14: 00007fa744f7b9c0 R15: 000000000078c0ec [ 2171.093276][T19016] Mem-Info: [ 2171.112953][T19016] active_anon:1387483 inactive_anon:17088 isolated_anon:0 [ 2171.112953][T19016] active_file:162 inactive_file:192 isolated_file:41 [ 2171.112953][T19016] unevictable:0 dirty:13 writeback:0 unstable:0 [ 2171.112953][T19016] slab_reclaimable:8429 slab_unreclaimable:78423 [ 2171.112953][T19016] mapped:62128 shmem:17095 pagetables:44719 bounce:0 [ 2171.112953][T19016] free:11683 free_pcp:230 free_cma:0 [ 2171.192602][T19016] Node 0 active_anon:5550636kB inactive_anon:68352kB active_file:1072kB inactive_file:2212kB unevictable:0kB isolated(anon):0kB isolated(file):132kB mapped:249856kB dirty:56kB writeback:0kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2171.299253][T19016] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2171.401750][T19016] lowmem_reserve[]: 0 2912 6416 6416 [ 2171.421931][T19016] DMA32 free:23616kB min:8740kB low:11720kB high:14700kB active_anon:2714336kB inactive_anon:8904kB active_file:1400kB inactive_file:1268kB unevictable:0kB writepending:40kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:24864kB pagetables:57796kB bounce:0kB free_pcp:2928kB local_pcp:1460kB free_cma:0kB [ 2171.454055][T19016] lowmem_reserve[]: 0 0 3504 3504 [ 2171.460453][T19016] Normal free:4064kB min:5592kB low:9180kB high:12768kB active_anon:2836204kB inactive_anon:59448kB active_file:72kB inactive_file:24kB unevictable:0kB writepending:16kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30656kB pagetables:121376kB bounce:0kB free_pcp:816kB local_pcp:688kB free_cma:0kB [ 2171.491162][T19016] lowmem_reserve[]: 0 0 0 0 [ 2171.498298][T19016] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2171.520124][T19016] DMA32: 92*4kB (UMEH) 408*8kB (UMEH) 670*16kB (UMEH) 284*32kB (UMH) 3*64kB (UH) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 23760kB [ 2171.551897][T19016] Normal: 58*4kB (UE) 21*8kB (UME) 37*16kB (UME) 92*32kB (UME) 2*64kB (E) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4064kB [ 2171.593354][T19016] 17989 total pagecache pages [ 2171.598512][T19016] 0 pages in swap cache [ 2171.603494][T19016] Swap cache stats: add 0, delete 0, find 0/0 [ 2171.610167][T19016] Free swap = 0kB [ 2171.614602][T19016] Total swap = 0kB [ 2171.618970][T19016] 1965979 pages RAM [ 2171.623732][T19016] 0 pages HighMem/MovableOnly [ 2171.667109][T19016] 318830 pages reserved [ 2171.682390][T19016] 0 pages cma reserved [ 2171.692509][T19016] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=9473,uid=0 [ 2171.721121][T19016] Out of memory: Killed process 9473 (syz-executor.0) total-vm:75756kB, anon-rss:14096kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000 [ 2171.797845][ T204] systemd-journal invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=0 [ 2171.815980][ T204] CPU: 1 PID: 204 Comm: systemd-journal Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2171.826047][ T204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2171.836089][ T204] Call Trace: [ 2171.839379][ T204] dump_stack+0x14a/0x1ce [ 2171.843696][ T204] ? devkmsg_release+0x11c/0x11c [ 2171.848626][ T204] ? show_regs_print_info+0x12/0x12 [ 2171.853816][ T204] ? radix_tree_cpu_dead+0x160/0x160 [ 2171.859092][ T204] ? _raw_spin_lock+0xa1/0x170 [ 2171.863845][ T204] ? _raw_spin_trylock_bh+0x190/0x190 [ 2171.869205][ T204] dump_header+0xdb/0x700 [ 2171.873524][ T204] oom_kill_process+0xd3/0x280 [ 2171.878276][ T204] out_of_memory+0x5b6/0x890 [ 2171.883721][ T204] ? unregister_oom_notifier+0x20/0x20 [ 2171.889166][ T204] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2171.894700][ T204] ? get_page_from_freelist+0x7c0/0x7c0 [ 2171.900229][ T204] ? __zone_watermark_ok+0x91/0x280 [ 2171.905422][ T204] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2171.910782][ T204] ? __kasan_kmalloc+0x12c/0x1c0 [ 2171.915732][ T204] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2171.921267][ T204] alloc_slab_page+0x3a/0x3a0 [ 2171.925931][ T204] new_slab+0x408/0x450 [ 2171.930075][ T204] ? should_fail+0x18e/0x860 [ 2171.934650][ T204] ___slab_alloc+0x2e0/0x450 [ 2171.939247][ T204] ? getname_flags+0xb8/0x610 [ 2171.943905][ T204] ? getname_flags+0xb8/0x610 [ 2171.948567][ T204] kmem_cache_alloc+0x23f/0x260 [ 2171.953407][ T204] getname_flags+0xb8/0x610 [ 2171.957894][ T204] ? security_prepare_creds+0x197/0x220 [ 2171.963419][ T204] user_path_at_empty+0x28/0x50 [ 2171.968255][ T204] do_faccessat+0x306/0x800 [ 2171.972743][ T204] ? __ia32_sys_fallocate+0x100/0x100 [ 2171.978099][ T204] do_syscall_64+0xcb/0x150 [ 2171.982586][ T204] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2171.988460][ T204] RIP: 0033:0x7fbb5d4e19c7 [ 2171.992871][ T204] Code: Bad RIP value. [ 2171.996918][ T204] RSP: 002b:00007ffd7e9a9618 EFLAGS: 00000246 ORIG_RAX: 0000000000000015 [ 2172.005307][ T204] RAX: ffffffffffffffda RBX: 00007ffd7e9ac530 RCX: 00007fbb5d4e19c7 [ 2172.013261][ T204] RDX: 00007fbb5df52a00 RSI: 0000000000000000 RDI: 00005648273279a3 [ 2172.021218][ T204] RBP: 00007ffd7e9a9650 R08: 0000000000000000 R09: 0000000000000000 [ 2172.029174][ T204] R10: 0000000000000069 R11: 0000000000000246 R12: 0000000000000000 [ 2172.037150][ T204] R13: 0000000000000000 R14: 00007ffd7e9ac530 R15: 00007ffd7e9a9b40 [ 2172.053927][ T204] Mem-Info: [ 2172.061824][ T204] active_anon:1384203 inactive_anon:17088 isolated_anon:0 [ 2172.061824][ T204] active_file:108 inactive_file:135 isolated_file:39 [ 2172.061824][ T204] unevictable:0 dirty:9 writeback:1 unstable:0 [ 2172.061824][ T204] slab_reclaimable:8427 slab_unreclaimable:78339 [ 2172.061824][ T204] mapped:62031 shmem:17095 pagetables:44768 bounce:0 [ 2172.061824][ T204] free:15370 free_pcp:19 free_cma:0 [ 2172.114524][ T204] Node 0 active_anon:5536820kB inactive_anon:68352kB active_file:400kB inactive_file:420kB unevictable:0kB isolated(anon):0kB isolated(file):20kB mapped:247976kB dirty:84kB writeback:4kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2172.139579][ T204] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2172.165976][ T204] lowmem_reserve[]: 0 2912 6416 6416 [ 2172.172072][ T204] DMA32 free:37544kB min:20548kB low:23528kB high:26508kB active_anon:2704840kB inactive_anon:8904kB active_file:352kB inactive_file:384kB unevictable:0kB writepending:52kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:24736kB pagetables:57580kB bounce:0kB free_pcp:56kB local_pcp:0kB free_cma:0kB [ 2172.223742][ T204] lowmem_reserve[]: 0 0 3504 3504 [ 2172.233994][ T204] Normal free:7940kB min:5592kB low:9180kB high:12768kB active_anon:2831980kB inactive_anon:59448kB active_file:128kB inactive_file:4kB unevictable:0kB writepending:36kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30560kB pagetables:121364kB bounce:0kB free_pcp:660kB local_pcp:316kB free_cma:0kB [ 2172.276004][ T204] lowmem_reserve[]: 0 0 0 0 [ 2172.280835][ T204] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2172.294905][ T204] DMA32: 1957*4kB (UMEH) 982*8kB (UMEH) 719*16kB (UMEH) 303*32kB (UMH) 3*64kB (MH) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 37204kB [ 2172.310472][ T204] Normal: 259*4kB (ME) 68*8kB (ME) 58*16kB (UME) 150*32kB (UME) 2*64kB (E) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 7436kB [ 2172.324948][ T204] 17320 total pagecache pages [ 2172.330181][ T204] 0 pages in swap cache [ 2172.334839][ T204] Swap cache stats: add 0, delete 0, find 0/0 [ 2172.341412][ T204] Free swap = 0kB [ 2172.354890][ T204] Total swap = 0kB [ 2172.365517][ T204] 1965979 pages RAM [ 2172.369624][ T204] 0 pages HighMem/MovableOnly [ 2172.374427][ T204] 318830 pages reserved [ 2172.378570][ T204] 0 pages cma reserved [ 2172.382917][ T204] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=19045,uid=0 [ 2172.397234][ T204] Out of memory: Killed process 19045 (syz-executor.0) total-vm:75492kB, anon-rss:16568kB, file-rss:34840kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 2172.418323][ T23] oom_reaper: reaped process 19045 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 04:07:28 executing program 1: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xec000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:07:28 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x95000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:07:28 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x12f000}], 0x1, 0x0) pipe(0x0) 04:07:28 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="8fe0e4a27589ba58853d4ae4e3111aafbb63a10208764bdab2812162224743d53cc2449c2dfb3e85da49dfa95acfe6ec844c6bbba4ba7f4d6b9b47969a22bee8a06f642e7afe9177385ba45a3169de115d8c2e7df7a93d1fc494818106bdf3db717eb91ec1d0c69b7e29c0392a9ca8671c34a0795df454d2b6ae55ec0706c5c8c3d3ab177bb89a9d14cfbe4c36d14b7c575a6d699be21c4beda15884a27af4b8a25a", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000004c0)=[{&(0x7f0000000300)="be", 0x1}, {&(0x7f0000000340)="164fc344eb3b2d7ed3d6bd2778b73408068b978582a4bf5fb8b6df91a002b7eccc1cd5e3d71c9e8f3856ea82700c2195ea65e261ed7dff310026a1f0a0b3bdf4c279ce6c7a5a18178a5e0837f8ae71761630f1034bbfaccd3502999fb7e78a0165b4359c6624085687de2e461bd60ee470ebe017390705373f582e2816dc0562252af6aacb509604e955123bbfcf2a14f9437a1f27f424051665c330027e7db94e77d11d7817a928e039e89f87422b971453cfd4184b49ec26dfba24", 0xbc}, {&(0x7f0000000440)="bfed0b49af19fa56db8689b75a6869a9b8f3c542879df7f1c9f3c2fd70daaa8d431ec7d6d27eef2013cc16fd5cb727d9b25c94c67e77539ad3a9b174926afd82d61b68598b20563880cb9f3f68aec14b997442568ab68edf", 0x58}], 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:07:28 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xee000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:07:29 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$IP_VS_SO_SET_FLUSH(r3, 0x0, 0x485, 0x0, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) 04:07:29 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x0) 04:07:29 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x130000}], 0x1, 0x0) pipe(0x0) 04:07:29 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x96000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:07:29 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000002c0)={{{@in=@initdev, @in=@local}}, {{@in6}, 0x0, @in=@local}}, &(0x7f00000003c0)=0xe8) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) [ 2174.245748][T19080] syz-executor.5 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2174.274993][T19080] CPU: 0 PID: 19080 Comm: syz-executor.5 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2174.285159][T19080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2174.295221][T19080] Call Trace: [ 2174.298511][T19080] dump_stack+0x14a/0x1ce [ 2174.302832][T19080] ? devkmsg_release+0x11c/0x11c [ 2174.307755][T19080] ? show_regs_print_info+0x12/0x12 [ 2174.312943][T19080] ? radix_tree_cpu_dead+0x160/0x160 [ 2174.318215][T19080] ? _raw_spin_lock+0xa1/0x170 [ 2174.322979][T19080] ? _raw_spin_trylock_bh+0x190/0x190 [ 2174.328340][T19080] dump_header+0xdb/0x700 [ 2174.332682][T19080] oom_kill_process+0xd3/0x280 [ 2174.337458][T19080] out_of_memory+0x5b6/0x890 [ 2174.342124][T19080] ? unregister_oom_notifier+0x20/0x20 [ 2174.348618][T19080] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2174.354167][T19080] ? get_page_from_freelist+0x7c0/0x7c0 [ 2174.359689][T19080] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2174.365031][T19080] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2174.370563][T19080] ? cpu_cgroup_fork+0x45e/0x4c0 [ 2174.375468][T19080] ? __perf_event_read+0xa60/0xa60 [ 2174.380549][T19080] wp_page_copy+0x1fe/0x1120 [ 2174.385110][T19080] ? futex_exit_release+0xc0/0xc0 [ 2174.390104][T19080] ? sched_clock+0x5/0x10 [ 2174.394414][T19080] ? add_mm_rss_vec+0x270/0x270 [ 2174.399244][T19080] do_wp_page+0x68b/0x1530 [ 2174.403768][T19080] ? do_swap_page+0x1560/0x1560 [ 2174.408595][T19080] handle_mm_fault+0x1354/0x40a0 [ 2174.413513][T19080] ? _copy_from_user+0xa4/0xe0 [ 2174.418262][T19080] ? finish_fault+0x230/0x230 [ 2174.422910][T19080] ? put_timespec64+0x109/0x150 [ 2174.427730][T19080] ? __up_read+0x1b0/0x1b0 [ 2174.432116][T19080] ? vmacache_update+0x9f/0xf0 [ 2174.436851][T19080] do_user_addr_fault+0x48a/0x9f0 [ 2174.441870][T19080] page_fault+0x2f/0x40 [ 2174.446008][T19080] RIP: 0033:0x40f1ba [ 2174.449885][T19080] Code: 50 20 48 8b 70 18 48 c7 04 24 00 00 00 00 48 89 53 10 48 89 e2 e8 46 78 ff ff 84 c0 0f 84 6e ff ff ff 48 8b 04 24 48 c1 e5 04 85 60 80 78 00 01 48 89 85 68 80 78 00 48 8b 43 10 48 3d 00 00 [ 2174.469635][T19080] RSP: 002b:00007ffce0d0e070 EFLAGS: 00010246 [ 2174.475693][T19080] RAX: 0000000000000003 RBX: 000000000078c040 RCX: 0000000020000140 [ 2174.483643][T19080] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000002972848 [ 2174.491596][T19080] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 2174.499971][T19080] R10: 00007ffce0d0e180 R11: 0000000000000246 R12: 00000000000003e8 [ 2174.508270][T19080] R13: 0000000000212eb5 R14: 0000000000212e88 R15: 000000000078c0ec [ 2174.525062][T19080] Mem-Info: [ 2174.528569][T19080] active_anon:1385656 inactive_anon:17088 isolated_anon:0 [ 2174.528569][T19080] active_file:242 inactive_file:239 isolated_file:32 [ 2174.528569][T19080] unevictable:0 dirty:17 writeback:0 unstable:0 [ 2174.528569][T19080] slab_reclaimable:8426 slab_unreclaimable:78906 [ 2174.528569][T19080] mapped:62284 shmem:17095 pagetables:44940 bounce:0 [ 2174.528569][T19080] free:12699 free_pcp:0 free_cma:0 [ 2174.567759][T19080] Node 0 active_anon:5542624kB inactive_anon:68352kB active_file:788kB inactive_file:844kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:249036kB dirty:68kB writeback:0kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2174.592667][T19080] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2174.619358][T19080] lowmem_reserve[]: 0 2912 6416 6416 [ 2174.625286][T19080] DMA32 free:30036kB min:20548kB low:23528kB high:26508kB active_anon:2706520kB inactive_anon:8904kB active_file:1116kB inactive_file:988kB unevictable:0kB writepending:60kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:25152kB pagetables:58332kB bounce:0kB free_pcp:1260kB local_pcp:0kB free_cma:0kB [ 2174.670623][T19080] lowmem_reserve[]: 0 0 3504 3504 [ 2174.682165][T19080] Normal free:5864kB min:5592kB low:9180kB high:12768kB active_anon:2835096kB inactive_anon:59448kB active_file:148kB inactive_file:640kB unevictable:0kB writepending:8kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30688kB pagetables:121428kB bounce:0kB free_pcp:228kB local_pcp:0kB free_cma:0kB [ 2174.752389][T19080] lowmem_reserve[]: 0 0 0 0 [ 2174.763642][T19080] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2174.806954][T19080] DMA32: 794*4kB (UMEH) 1457*8kB (UMEH) 664*16kB (UMEH) 181*32kB (UMH) 3*64kB (MH) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 31568kB [ 2174.841665][T19080] Normal: 166*4kB (UME) 108*8kB (UME) 47*16kB (UME) 109*32kB (UME) 2*64kB (E) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 5896kB [ 2174.874158][T19080] 17416 total pagecache pages [ 2174.885117][T19080] 0 pages in swap cache [ 2174.895512][T19080] Swap cache stats: add 0, delete 0, find 0/0 [ 2174.909155][T19080] Free swap = 0kB [ 2174.928090][T19080] Total swap = 0kB [ 2174.941162][T19080] 1965979 pages RAM [ 2174.961403][T19080] 0 pages HighMem/MovableOnly [ 2174.989137][T19080] 318830 pages reserved [ 2175.003703][T19080] 0 pages cma reserved [ 2175.018792][T19080] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=19111,uid=0 [ 2175.035123][T19080] Out of memory: Killed process 19111 (syz-executor.1) total-vm:75228kB, anon-rss:16556kB, file-rss:35016kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 2175.350735][ T428] syz-executor.5 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2175.362752][ T428] CPU: 1 PID: 428 Comm: syz-executor.5 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2175.372736][ T428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2175.382769][ T428] Call Trace: [ 2175.386036][ T428] dump_stack+0x14a/0x1ce [ 2175.390338][ T428] ? devkmsg_release+0x11c/0x11c [ 2175.395260][ T428] ? show_regs_print_info+0x12/0x12 [ 2175.400429][ T428] ? radix_tree_cpu_dead+0x160/0x160 [ 2175.405687][ T428] ? _raw_spin_lock+0xa1/0x170 [ 2175.410421][ T428] ? _raw_spin_trylock_bh+0x190/0x190 [ 2175.415762][ T428] dump_header+0xdb/0x700 [ 2175.420061][ T428] oom_kill_process+0xd3/0x280 [ 2175.424806][ T428] out_of_memory+0x5b6/0x890 [ 2175.429384][ T428] ? unregister_oom_notifier+0x20/0x20 [ 2175.434818][ T428] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2175.440343][ T428] ? get_page_from_freelist+0x7c0/0x7c0 [ 2175.445867][ T428] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2175.451212][ T428] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2175.456742][ T428] ? stack_trace_save+0x123/0x1f0 [ 2175.461734][ T428] wp_page_copy+0x1fe/0x1120 [ 2175.466295][ T428] ? avc_has_perm_noaudit+0x400/0x400 [ 2175.471647][ T428] ? add_mm_rss_vec+0x270/0x270 [ 2175.476468][ T428] do_wp_page+0x68b/0x1530 [ 2175.480850][ T428] ? selinux_inode_setattr+0x860/0x860 [ 2175.486285][ T428] ? do_swap_page+0x1560/0x1560 [ 2175.491105][ T428] ? from_kgid+0x350/0x350 [ 2175.495489][ T428] ? generic_fillattr+0x215/0x430 [ 2175.500481][ T428] handle_mm_fault+0x1354/0x40a0 [ 2175.505389][ T428] ? finish_fault+0x230/0x230 [ 2175.510034][ T428] ? __up_read+0x1b0/0x1b0 [ 2175.514418][ T428] ? vmacache_find+0x205/0x4b0 [ 2175.519164][ T428] do_user_addr_fault+0x48a/0x9f0 [ 2175.524171][ T428] page_fault+0x2f/0x40 [ 2175.528296][ T428] RIP: 0033:0x432ddc [ 2175.532161][ T428] Code: 83 c0 17 41 55 41 54 55 53 48 89 c5 48 83 e5 f0 48 89 fb 48 81 ec 98 00 00 00 48 83 f8 20 b8 20 00 00 00 48 0f 42 e8 48 85 ff <48> 89 74 24 08 0f 84 3a 08 00 00 48 3b 2d 8a 43 87 00 77 70 89 ef [ 2175.551734][ T428] RSP: 002b:00007ffce0d0cfd0 EFLAGS: 00010202 [ 2175.557768][ T428] RAX: 0000000000000020 RBX: 0000000000741620 RCX: 000000000045bbf4 [ 2175.565711][ T428] RDX: 00007ffce0d0d0c0 RSI: 0000000000008030 RDI: 0000000000741620 [ 2175.573650][ T428] RBP: 0000000000008040 R08: 0000000000000001 R09: 0000000002972940 [ 2175.581602][ T428] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffce0d0e2a0 [ 2175.589550][ T428] R13: 00007ffce0d0e290 R14: 0000000000000000 R15: 00007ffce0d0e2a0 [ 2175.598001][ T428] Mem-Info: [ 2175.601317][ T428] active_anon:1385547 inactive_anon:17088 isolated_anon:0 [ 2175.601317][ T428] active_file:183 inactive_file:403 isolated_file:85 [ 2175.601317][ T428] unevictable:0 dirty:19 writeback:0 unstable:0 [ 2175.601317][ T428] slab_reclaimable:8425 slab_unreclaimable:79091 [ 2175.601317][ T428] mapped:62328 shmem:17095 pagetables:44913 bounce:0 [ 2175.601317][ T428] free:12485 free_pcp:2 free_cma:0 [ 2175.643957][ T428] Node 0 active_anon:5542088kB inactive_anon:68352kB active_file:820kB inactive_file:844kB unevictable:0kB isolated(anon):0kB isolated(file):340kB mapped:248912kB dirty:76kB writeback:0kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2175.687954][ T428] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2175.714618][ T428] lowmem_reserve[]: 0 2912 6416 6416 [ 2175.720747][ T428] DMA32 free:29624kB min:4644kB low:7624kB high:10604kB active_anon:2706452kB inactive_anon:8904kB active_file:336kB inactive_file:812kB unevictable:0kB writepending:36kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:24800kB pagetables:58220kB bounce:0kB free_pcp:748kB local_pcp:488kB free_cma:0kB [ 2175.750376][ T428] lowmem_reserve[]: 0 0 3504 3504 [ 2175.755624][ T428] Normal free:3828kB min:5592kB low:9180kB high:12768kB active_anon:2835736kB inactive_anon:59448kB active_file:296kB inactive_file:560kB unevictable:0kB writepending:40kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30688kB pagetables:121432kB bounce:0kB free_pcp:456kB local_pcp:444kB free_cma:0kB [ 2175.792294][ T428] lowmem_reserve[]: 0 0 0 0 04:07:31 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xef000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:07:31 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x41000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) [ 2175.806982][ T428] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB 04:07:31 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x131000}], 0x1, 0x0) pipe(0x0) 04:07:31 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB="a6a0dbe3d45409d7bfae328a8245658806af3a1a45c0fc87ec2d8ab971427ab9f264f8d2c507dde68eefe9b6e930f60ebc9e55a9e2979b7d82e25bf9023c10021ef114a129e635e301e1a2fb63ce524ce623a135be2afaa37beb99023b3958e64e77779452fa26c124a4b290067f181a4c65227ed9494c421c57f90865aa3db3f08020ae38a0ac1ae7880cdf5297412fdcefd1a0ac6150d584903e14cea155fda417fc38e2f91a95f95f0dd9093042562ee5724990ff69886d38d67d462f2cd642feafd9e9ec268fbfbbde7f0b9dfee3438e91274694634e1a36b897ea02b32c7f74dd920486dcf093b78f9eb2733744a6f71e0c6b72554bace916475dc7deaf9f30dd95e094fd98b5d900f5c8fd7c80988971fccffadd9c9d132051fd588f38e702ac1640683e277d6db01d0e29537cdc20d8c6da82009b95dc1de7edb7f36449e3e4d7cf5c20a11431a0b5b7faccfea25e84a7711273be0b3b3ab01e614d48e070c50d2aaca214", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$IP_VS_SO_SET_DELDEST(0xffffffffffffffff, 0x0, 0x488, &(0x7f00000002c0)={{0x3b, @private=0xa010101, 0x4e20, 0x2, 'sed\x00', 0xc, 0x5cc, 0x79}, {@rand_addr=0x64010101, 0x4e24, 0x2000, 0x286c, 0x0, 0x6}}, 0x44) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x2000000000}, 0x0, &(0x7f0000000140)={0x8000000ffc, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3a}, 0x0, 0x0) [ 2175.864016][ T428] DMA32: 191*4kB (UMEH) 865*8kB (UMEH) 664*16kB (MEH) 167*32kB (MH) 2*64kB (H) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 23908kB [ 2175.883518][ T428] Normal: 188*4kB (UME) 26*8kB (UME) 36*16kB (UME) 109*32kB (UME) 2*64kB (E) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 5152kB [ 2175.899339][ T428] 19014 total pagecache pages [ 2175.904041][ T428] 0 pages in swap cache [ 2175.908225][ T428] Swap cache stats: add 0, delete 0, find 0/0 [ 2175.914389][ T428] Free swap = 0kB [ 2175.918113][ T428] Total swap = 0kB [ 2175.921858][ T428] 1965979 pages RAM [ 2175.925683][ T428] 0 pages HighMem/MovableOnly [ 2175.930340][ T428] 318830 pages reserved [ 2175.952188][ T428] 0 pages cma reserved [ 2175.961576][ T428] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=19126,uid=0 [ 2175.993755][ T428] Out of memory: Killed process 19126 (syz-executor.0) total-vm:75624kB, anon-rss:16580kB, file-rss:35576kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 04:07:31 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r1, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000001380)}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) socket$inet6(0xa, 0x3, 0x7) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f0000001480)=[{&(0x7f0000000100)=""/30, 0x1e}, {&(0x7f00000001c0)=""/253, 0xfd}, {&(0x7f0000001440)=""/4, 0x4}], 0x3}, 0x1}], 0x1, 0x20, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') r4 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r4, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r5 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r5, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) io_submit(0x0, 0x2, &(0x7f0000000040)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x6, 0x8001, r0, &(0x7f0000001340)="b2e2870f7f1d3e68dd46c77e805bcafcfec987950e429418f45ced6dc92f47559a6d16cf64bfca0b6c3071501f4e35e8b642271793ccf86713b661e0789b40b346642fe13ec196adc0d673bd5f510dd7270fec5150a919211af29792ef0d95e4dc5a1d07e93391d7ef25d60ff29c987b27c06a2391efac98ee054194bc55c313e982b8893aca06a70d01390e72654783f5f1a4feabad0febf1931f049455d32fb5b6d97e88ab20e19ddcab30875f32c04bd09fce6960f96f6b0aca81a0dac6471e5020085c23e737b030f3cf20e6f2aa0045ecc8100530bbdbe6c6f83ab7f45c753c33e9ea541d49cfa10f64d90d30b40f", 0xf1, 0xf168, 0x0, 0x2}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x3, 0x0, r0, &(0x7f0000000340)="a91253475f0e83c84a2cae27963a6876cba097c8bab640859500e4b14bf9a05b916e2be6bcf96fc1af751a34a5b7e0c20f33e8e7939e8613f49f8051566e6faa9518fb9e43a7833046d77ec205e0cfa9cff4a5845b3820b5ff6977491ec86eae2fe3ec831e0484b5635afc1797b49970c550ea878a08efe464431aa8c356a02216be57e44420ae1582338475385e1a21b4985f1b97a2fa4e6dca3a28ee773e9dd9e5c136c110598c76aee149578fad93c86688541f71925b9b749167bdea3ea85715b29fdcab7d400fc4fd9eeb1945fb05205ed3027908692457040b43eec4a27ef8250197f50c4f4677767b6f764e3bd14f9ac3ef2aba45a2bbc72353c752d9ce6eaea2d82ac3d61a6ff36c760f28f1599973272efd2a3b7804b72317ebcaee74fb233010ac8a593179e832ebce7930ab4b9f402ecc34d890cd3e8bdd97730713c1e0faede429e8526573c7b1340f54e7ac6b58fea3ae8c32529ef8dc6fb4ce95d72a8679e2d298384a2a0472bf7379df22521b6ad13e8d86f24453eae90fd2415b230471a6c35d87487f971b3b8536e414eb002b4088b98e2260b4546f01b228aa688094f761e55021081e2eac4d0844802ceaacc4dacf6d2e4d426e3bbb381c16a8b54e8c1f52a88e66e88816d5ad81e2984c75c6dca5a96c28c36368f2b6e304d94a59f131e632c7a7ac4566a42038af2623659fdeaa22df75c9b5733ca53c4e73ec8708bc595460ca3f7b5280411d1c5d43786a97b4e4f77e0cdf935fd8bce4748c11d23e274c24ebf64bf400d61ec27fa7bd88e3377e62cd71905181d4552f227298aed414a6f1b33123031def513ef80f30581af2d4c4d57fc41caeb8663af4ca66826bf9b9e079343344e67f6e2d9fe43cba6868991cfc75fd121a05e80b080f14d992ee03a126ea0acbab1e062943b7a2f8b9b7fd0799d5068be61a4ee0b32ea7af71ce910de565942319d1a6cd2ec4b8b4ad604fc86b26e69c5a7deb30044bee317a3e296a45e4f608ac8088069d33bd3e718396c3362a3f2839ec6cd8c7dd6d23dc5fd82ee160217e8aa74f432071ec543f9eb06df0952383047d05fae5e833bf2c55590428cc596306050cc4a3935d1a6357cee5c8882ab9fbd757cfbb3aeff6aaa779e1966a26258f65f81bb87605193c627e51302ee40f967ecf44c4169ccad829aef5dd3de8de8c5324f0f3129d53f477d06d1507f975dcec5dffe1d03af42e3462c7304b8eec0d0852da6222c790bde4fd70049020fe335a7a925daf91c61399e1814fe8447643c550874b37db49b223bb422d03817dd2bfdfe724309ccbe10b1d71ce4b0a15dfcdc7b938b2d1563ba4212f06c1d548f1aea9d153a8a68b4de5ab79ccdde55a163aa03d4b6e1c2cbe00306ebd30cd05dbeddcac0b0fd9809bf8cb155b5265c45e1e0157d8f21ef5dd6b8138e236d02330b252b8c3b4694d3990bfb98b1f42708b48fe32e491ac0e8f9a84a6469708149b221bb47af11f7d6c0ce634cd519eff677cbaef1b3101cb9b5413a1a5f9d319dc736ad265126737006f2a25fd7595882fce2df6672ab67b75fa0923bf93b02484c9a298dc7b1a59ac48d89aad905a79b7fa08bb435a3bd1a8132ce0d410deeec4caecc66674f406b80a09e8664f8521d4511dfa391b3874fe92fcaff3df39c64b99f573fae4e6b05d58156f7350079f6d24fed7f65489b7beb5cff2f09267b8ce4608bb849f343d50f4849b643905bbc860db48b58f620ef3e602a8efcaf0005ffe46a94c6048af1bc1a25659c8fb7923e1171f63ad08933899ff65eb61de4bdfadfeb48680a18fc46e78669e775ae9f5d780817c7c6916ae88582adf72bc9ded7679037dd2c3264cb904c98b3da0b4952329b8e83730900002cf1d5e0d79d7ecd35581cd8855dd2b7483f502c7785dc02bb68a445266a7d5b0dc1abb21f9990635c913de9be9e3d0ceff32f018f7b62a908d452b3a967eb17a2ea023d74a55500ecac4f63250e57821f5c24bfa366e53bde5a53c6c8d3169375b3a174b5f1ba0a496e110d5e5109eac88d9ecdbbec619708ae9859737db272ec62a776dc6e48bcb23dfa83048b8eb207c003d7f7e74c020206add4b30f2224d65892b8537381643f239f8465675a8d5685190334133c5b08691e028a9fad2d603cf5adb46ce3903c93c50ff79e99e560acdb0f576be19a767366658d7dd33e69e7e2873c04c989ea8d3292207b7fb59022508c5ccd2d88db3c5729aff81277c28c2f959437ba271cf34c8c2b8cc88cc182a70c4d1d8f5ed2b2d74eb7e3248adad662bd2eaa81012e47a3fad9fa03795696839fe9184e20567ada48ba9787d547546caf82d92d9454508374bb8028a97affcf1c1d7b1d20afee6f5f7fdec3a8cc39abc1e1313e2bd904bb7a4a48ea0935d59afacd38feacd9afd0bc7505b0ba7d0476d9c00428fbb096765a0f1e42300c973bbd1e67dde94876739e302f1cb180150111c6e433fade787dfd252e8fc2b36ccd8b1a60c8a333d2b5431bb5408a4845c30cafa8dcdbb248175c7d80753e8467720617ab4f237dabf90dab6379e6e48fb6018ae45042162ebd59b9527d2b88102b82e2e89ac73e75e638c31fa9efd01f1eff8c52cd11e360025ba4a1b43cad3818af5d2665dba9133e2d055f1658731038b4f10b185f4a2b1ae167b43a1c1134bdd85bce07f909460f6a9c34d2890c049dbf59b7ffa5c08e58068b2f531811e00836aadc2b603fd2d3f67dbb80559b50e096b99c484278ccb6f4ad52960bd81c561357cd33f9948d59d1d4b793e7dad187aa946dac4b3e07999f5aa20290bdac15f64532ad21d0134a2fb1ea25e52a0ec4b0527378ca8597d998ac97b13c0db4c4a488bc101245223f36d03bb1f58654d1738cd46b121154e003a425901907e7038ee9013fd57a4aa19ada200351912bde4e646067f161683f0d992a2571a6f867adf8c6e66248c4037058db8753741ad87f06745cc9eace0a5ba02d9cf064e9225312c8bdd58af1728ceb51df147992d5cd0c40b6926f6e2335bb9f4477055e2f9020d2959ed2a090985f3af293f403cbf9ed1547f2864bd83fd60bfa72ab5c80fa8c8740dae217a7f80eada7159431859c6e650348638c5f0f83464841d8426d2db448fb1b05501b7ed7d1ed60d23ac984cdd8de6231388833dbd830fa8e5e7170c2d28df2b618505426d27759f51a4b98cf72d6f182539805afea93a0e4e92ae23b7f9428a8e4f7497760307d65b986b5e5b6d7f926f09c897fba44e7cb215faebc7b7144c1f211651954e01d2d7eb0d383120cf06be0a4a0a91c600fe8dcd8fcb64249b067d5066f3ca5ebb586b81a2e923cb1c4dab6b1389ee8ae3ab031a5e2dfcf27809ca0112600f0a7d54637f5c1fbefa4601d925df00d6080537bfba8fd684b64344e687bcea925863906bb6faa747114bbbd800a49facc567aa41f86aed277ec76786c849b4f8febca91ca5c1d4d4999243ae4735ca9b2da445dace0e2c2d430ac6b91a9646e999ebb6210f75e38dca835461031732311edfea590132542d5d1e7a830931478be613cff1c0dcb38b2885e811e1eeb7389ea994a0d50e674fad306d4565a05b120303ef1c57fe47e73c20ce56fe9a49c0d7c1899cbccde7319a06c8670d2713113921fc952cbe40c58b6bf5c5b816c071bf59db9337506163033dd03b610569acf018a1ebd9d3b702f0cdf48417da2f6edd1f96a5b5c92eab24f06e709fd817450de349f91b532b73ae138e57ca3c54ba119afcc59b6eec32bb51ebacf2d281010b2217f5a3a0d5dd04cd59c7d7604f8dea73d316e6968715ad36d8fc0f06325721fda958c9e8d133f41c74482b824c8ec8050a3b41d6ee5fb2f2425bd616eae78d753d72369ed238976a01a8ed75503b300a41981a11820de6b7ae5d6b890be15b5e1f2618a004a8ac858338060692063211c8980169a42798d6a6639162d891aaf8ecacfa9cf5b783346833365dd5bf97218715ef3342d799ec76d00deb176896e5e5363509aa7518bd1a50ea4ae59721e207e3ac38eb68a5b7cd7bcafa83e8e75fab7f4dc4478ed31b6309bbbb0313e6fe663499fc8bb0447b5c43f8ae513376b47a2f1013259c2ab760783837d3bb938a955ef3061ae387fa32af6d1bd2a3bbe371e7d3d39f0c02c210f5f7fc6448020ab0e5846e05fa780b4ba92eca2aae4843de54b9cfb95332fbe2430f99f4bd3bcd01c4b6f6e5c3acfde7765a8b92560c1c6889976094e8a6b4cb673ad7ecf3ecc534f7020d23897bdc518865d708a89ec175f893c1599458a28faf020b35d14906a0179006c88270140b4b82bbfe91c2dc2d6d5ad53d3eb9dc85ee985bfd0635efd3baba26c938c249ee82c97c466fab4e43968bd3c00c5aed4e79e73f1d3647803ee6688a3608939341238231d5cbaaf0d4c8bf5fc414ee8ec8af69823322917bff808eb513f5be4161c8aa17cd0716d61bbe33e1e3c7d113d15ade426e29f4005137fcf845bfa2f31e6d9f4c490ddc8f1fc21d33cca64e7cc0eac62e8d91fd9777a8373437a34ad2fe71fa61a95460a4f589b93b71f5c86c8f62845d3907cddfe8941ee77ade43a06c821c26de02a184c71c17e16a93d63a55b1b2af46a3f008e103f88493503a9160be3abcd9f71604bad898d8ea2856d5a428e8b464f31b72d85c8e1ad707ca309e9fb5346257cef25e69006239bc9fe55c37cece4ac697cd176e434835f030fb375b0483428b7b736209598c5f61a3c3f2dbf819b77779ede75ea80ee0a6c4094bb902f220789567a757876d32e38d16cc4829153808dc7389d53164865cea94f159114113dd1b7e27f91c836c962a277497267fd765299dec0bf176b87cb347e3df46f6aa050ed9368640a76e5e7dbd4409b884e46af0e473ccfb099c715e1bf88be54a1775f1a817c56d7fc30bbfaddcba2dfe749053c7d98e8544ecb67124b08810d590b0bc470ef9a84384a595a419a5baf0e2728d37e3ba2232c4f28e08eac3cd8552018762f0b4d7979195124b8657bb9e04dc02c6ea3e479ed26233a17fd2f21262ad36fac7912c486d0902ad74ae39aaf29e25cfb71460e525e5b9865cb7c3602457e30057afcfd831dca4fb637233f0772f50b06b64177d15db3df44c57b301c25639efe57a1f02a2394854b84dc438c3697e357f385d4fefa3f899614e0428a7fae40ae1e4ab6fa2403970838ab50f4849ccee38e220e6bc2fe018aa3e146cee83b46c3377deb182136a01c1cb1e632cf2864dc09e1077af01f2bee0c63b8d508e5bc4ac322bbf1d8a0026ca610d186ca8f1f028a57a8074824c207686d1fb058a676e860c70680bbeca427f8fcb7ffe85b00d7e0af2ee032798b411b8f103febf02acf900eeeed8136f4ef3b0f25b175098ff0b28e90f3adc6811bd81b864f26480f74fa37ab8939acfc304032f2c1a308c1f8ee579a726b1aa6e2f91d517ad9322ecebcef6ca79fc200f380f6609041560c4044f3462286c6d04ba9d2e0de88d330a88033d01a56cb0e11c340c18f4dec8114b7495f7096d69e7f36e822790925cdc9e7f9a970b8f8954d0301d4eef3ec7fc78252ce05fd33c71cc870ef79ac4bc2ff8926e7f4860f3d2f4a358cbe467709bcadc86be58471cb5bbc4be3fdcc1592ea4470b435b3d18be060adc73962d02e599de97b21c081ff280dca321f5872619ea4529e7179ea9c1b89c06a9602e28537a778228e5bf06ae21c58576850d5ee693beb2604c80e4dcbec93dd56eeea37578f4098b60362f67dad8fa09d108f8afc478a7ad1af98a44cb", 0x1000, 0x3f, 0x0, 0x1, r5}]) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) [ 2176.666605][T19153] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2176.705833][T19153] CPU: 1 PID: 19153 Comm: syz-executor.5 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2176.715991][T19153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2176.726036][T19153] Call Trace: [ 2176.729322][T19153] dump_stack+0x14a/0x1ce [ 2176.733653][T19153] ? devkmsg_release+0x11c/0x11c [ 2176.738664][T19153] ? show_regs_print_info+0x12/0x12 [ 2176.743850][T19153] ? radix_tree_cpu_dead+0x160/0x160 [ 2176.749117][T19153] ? _raw_spin_lock+0xa1/0x170 [ 2176.753868][T19153] ? _raw_spin_trylock_bh+0x190/0x190 [ 2176.759313][T19153] dump_header+0xdb/0x700 [ 2176.763634][T19153] oom_kill_process+0xd3/0x280 [ 2176.768385][T19153] out_of_memory+0x5b6/0x890 [ 2176.772968][T19153] ? unregister_oom_notifier+0x20/0x20 [ 2176.778455][T19153] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2176.784193][T19153] ? get_page_from_freelist+0x7c0/0x7c0 [ 2176.789730][T19153] ? __zone_watermark_ok+0x91/0x280 [ 2176.794919][T19153] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2176.800285][T19153] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2176.805819][T19153] ? copy_process+0x5a4/0x5110 [ 2176.810570][T19153] ? kmem_cache_alloc+0x1d5/0x260 [ 2176.815586][T19153] copy_process+0x5f3/0x5110 [ 2176.820164][T19153] ? fork_idle+0x290/0x290 [ 2176.824553][T19153] _do_fork+0x196/0x920 [ 2176.828679][T19153] ? slab_free_freelist_hook+0xd0/0x150 [ 2176.834192][T19153] ? dup_mm+0x300/0x300 [ 2176.838317][T19153] ? ktime_get_raw+0x130/0x130 [ 2176.843050][T19153] __x64_sys_clone+0x25f/0x2c0 [ 2176.847792][T19153] ? __ia32_sys_vfork+0x110/0x110 [ 2176.852796][T19153] ? __x64_sys_clock_gettime+0x20d/0x260 [ 2176.858401][T19153] do_syscall_64+0xcb/0x150 [ 2176.862876][T19153] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2176.868736][T19153] RIP: 0033:0x45c829 [ 2176.872602][T19153] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2176.892177][T19153] RSP: 002b:00007f9080065c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2176.900558][T19153] RAX: ffffffffffffffda RBX: 00000000004da840 RCX: 000000000045c829 [ 2176.908500][T19153] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 2176.916453][T19153] RBP: 000000000078bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 2176.924397][T19153] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2176.932353][T19153] R13: 0000000000000076 R14: 00000000004c311e R15: 00007f90800666d4 [ 2176.982130][T19153] Mem-Info: [ 2176.985494][T19153] active_anon:1384844 inactive_anon:17088 isolated_anon:0 [ 2176.985494][T19153] active_file:373 inactive_file:337 isolated_file:32 [ 2176.985494][T19153] unevictable:0 dirty:29 writeback:0 unstable:0 [ 2176.985494][T19153] slab_reclaimable:8421 slab_unreclaimable:79089 [ 2176.985494][T19153] mapped:62483 shmem:17095 pagetables:44934 bounce:0 [ 2176.985494][T19153] free:13041 free_pcp:124 free_cma:0 [ 2177.023851][T19153] Node 0 active_anon:5539376kB inactive_anon:68352kB active_file:1492kB inactive_file:1348kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:249832kB dirty:116kB writeback:0kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2177.049470][T19153] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2177.080653][T19153] lowmem_reserve[]: 0 2912 6416 6416 [ 2177.094299][T19153] DMA32 free:29304kB min:20548kB low:23528kB high:26508kB active_anon:2705596kB inactive_anon:8904kB active_file:1084kB inactive_file:1084kB unevictable:0kB writepending:92kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:25088kB pagetables:58220kB bounce:0kB free_pcp:584kB local_pcp:0kB free_cma:0kB [ 2177.169830][T19153] lowmem_reserve[]: 0 0 3504 3504 [ 2177.182192][T19153] Normal free:7040kB min:9688kB low:13276kB high:16864kB active_anon:2833064kB inactive_anon:59448kB active_file:428kB inactive_file:892kB unevictable:0kB writepending:28kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30592kB pagetables:121516kB bounce:0kB free_pcp:412kB local_pcp:0kB free_cma:0kB [ 2177.213071][T19153] lowmem_reserve[]: 0 0 0 0 [ 2177.218664][T19153] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2177.303692][T19153] DMA32: 1022*4kB (UMEH) 1371*8kB (UMEH) 631*16kB (UMEH) 122*32kB (UMH) 3*64kB (H) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 29376kB [ 2177.319420][T19153] Normal: 159*4kB (UME) 51*8kB (UME) 73*16kB (UME) 158*32kB (UME) 1*64kB (E) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 7332kB [ 2177.334097][T19153] 17520 total pagecache pages [ 2177.339327][T19153] 0 pages in swap cache [ 2177.344054][T19153] Swap cache stats: add 0, delete 0, find 0/0 [ 2177.350708][T19153] Free swap = 0kB [ 2177.354971][T19153] Total swap = 0kB [ 2177.359205][T19153] 1965979 pages RAM [ 2177.363537][T19153] 0 pages HighMem/MovableOnly [ 2177.368680][T19153] 318830 pages reserved [ 2177.373296][T19153] 0 pages cma reserved [ 2177.377858][T19153] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.3,pid=30954,uid=0 [ 2177.392931][T19153] Out of memory: Killed process 30954 (syz-executor.3) total-vm:75756kB, anon-rss:14084kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000 [ 2177.451953][ T23] oom_reaper: reaped process 30954 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 04:07:33 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x132000}], 0x1, 0x0) pipe(0x0) 04:07:33 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x97000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:07:33 executing program 1: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x130000}], 0x1, 0x0) pipe(0x0) 04:07:33 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) ioctl$FS_IOC_FSGETXATTR(0xffffffffffffffff, 0x801c581f, &(0x7f0000000040)={0x1000, 0x3, 0x3, 0xffffffff, 0x1}) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) sendmsg$NL80211_CMD_SET_STATION(0xffffffffffffffff, &(0x7f0000001440)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000001400)={&(0x7f00000013c0)={0x24, 0x0, 0x20, 0x70bd25, 0x25dfdbfc, {}, [@NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x40004}, 0x20008800) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) r4 = getpid() sched_setattr(r4, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) process_vm_writev(r4, &(0x7f0000000080)=[{&(0x7f0000000180)=""/219, 0xdb}], 0x1, &(0x7f0000001340)=[{&(0x7f0000000340)=""/4096, 0x1000}, {&(0x7f0000001c80)=""/4096, 0x1000}, {&(0x7f0000002c80)=""/4096, 0x1000}, {&(0x7f0000003c80)=""/4096, 0x1000}, {&(0x7f0000000100)=""/39, 0x27}], 0x5, 0x0) 04:07:33 executing program 0: prlimit64(0x0, 0x4, &(0x7f0000000280)={0x1000000000000009, 0x20}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[@ANYBLOB="90bb99d938831cffc59ea1032f0c9039b6a1e6268c4ad806763deb7328c10000000000c388906c7593267e8deebb493787a2faaa6cab1bbbc2c742813a1644cb4a935887c6abc524087339b859c7abc31bba665b1b28edcb33f9697b47f55d78b0f44cc3ec", @ANYBLOB="1554da941c"], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) getpid() r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x10000015, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000380)="dc20b5035d99f24361f315239e65516f4415c2b722e1bd487e05030000002e3467d945674b97520800000000", 0x2c) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0xfd, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x24220183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:07:33 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xf0000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:07:34 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x133000}], 0x1, 0x0) pipe(0x0) 04:07:34 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x98000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:07:34 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x97000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:07:34 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x1093c3, 0x15f3e4b6661618a9) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$AUDIT_MAKE_EQUIV(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000340)={&(0x7f0000000440)=ANY=[@ANYBLOB="24004000f7030038725948fac30128bd7000fcdbdf25050000000700000e2e2f5a75732e2f66696c3000"], 0x24}, 0x1, 0x0, 0x0, 0x4001}, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:07:34 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) r4 = socket(0x11, 0x800000003, 0x0) bind(r4, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r4, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000240)={@mcast1, @empty, @local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20c000a6, r5}) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000005f00)={&(0x7f0000005e40)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000005ec0)={&(0x7f0000005e80)=@delsa={0x3c, 0x11, 0x8, 0x70bd28, 0x25dfdbfc, {@in=@remote, 0x4d6, 0x14, 0x6c}, [@XFRMA_IF_ID={0x8, 0x1f, r5}, @mark={0xc, 0x15, {0x350759, 0x800}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8800}, 0x20000004) [ 2179.433278][ T428] syz-executor.5 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2179.445055][ T428] CPU: 1 PID: 428 Comm: syz-executor.5 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2179.455030][ T428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2179.465093][ T428] Call Trace: [ 2179.468382][ T428] dump_stack+0x14a/0x1ce [ 2179.472708][ T428] ? devkmsg_release+0x11c/0x11c [ 2179.477985][ T428] ? show_regs_print_info+0x12/0x12 [ 2179.483172][ T428] ? radix_tree_cpu_dead+0x160/0x160 [ 2179.488446][ T428] ? _raw_spin_lock+0xa1/0x170 [ 2179.493283][ T428] ? _raw_spin_trylock_bh+0x190/0x190 [ 2179.498643][ T428] dump_header+0xdb/0x700 [ 2179.502961][ T428] oom_kill_process+0xd3/0x280 [ 2179.507712][ T428] out_of_memory+0x5b6/0x890 [ 2179.512307][ T428] ? unregister_oom_notifier+0x20/0x20 [ 2179.517738][ T428] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2179.523257][ T428] ? get_page_from_freelist+0x7c0/0x7c0 [ 2179.528780][ T428] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2179.534121][ T428] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2179.539643][ T428] ? stack_trace_save+0x123/0x1f0 [ 2179.544651][ T428] wp_page_copy+0x1fe/0x1120 [ 2179.549224][ T428] ? avc_has_perm_noaudit+0x400/0x400 [ 2179.554570][ T428] ? add_mm_rss_vec+0x270/0x270 [ 2179.559482][ T428] do_wp_page+0x68b/0x1530 [ 2179.563868][ T428] ? selinux_inode_setattr+0x860/0x860 [ 2179.569310][ T428] ? do_swap_page+0x1560/0x1560 [ 2179.574130][ T428] ? from_kgid+0x350/0x350 [ 2179.578534][ T428] ? generic_fillattr+0x215/0x430 [ 2179.583527][ T428] handle_mm_fault+0x1354/0x40a0 [ 2179.588443][ T428] ? finish_fault+0x230/0x230 [ 2179.593097][ T428] ? __up_read+0x1b0/0x1b0 [ 2179.597493][ T428] ? vmacache_find+0x205/0x4b0 [ 2179.602224][ T428] do_user_addr_fault+0x48a/0x9f0 [ 2179.607217][ T428] page_fault+0x2f/0x40 [ 2179.611347][ T428] RIP: 0033:0x432ddc [ 2179.615210][ T428] Code: 83 c0 17 41 55 41 54 55 53 48 89 c5 48 83 e5 f0 48 89 fb 48 81 ec 98 00 00 00 48 83 f8 20 b8 20 00 00 00 48 0f 42 e8 48 85 ff <48> 89 74 24 08 0f 84 3a 08 00 00 48 3b 2d 8a 43 87 00 77 70 89 ef [ 2179.634795][ T428] RSP: 002b:00007ffce0d0cfd0 EFLAGS: 00010202 [ 2179.640828][ T428] RAX: 0000000000000020 RBX: 0000000000741620 RCX: 000000000045bbf4 [ 2179.648783][ T428] RDX: 00007ffce0d0d0c0 RSI: 0000000000008030 RDI: 0000000000741620 [ 2179.656724][ T428] RBP: 0000000000008040 R08: 0000000000000001 R09: 0000000002972940 [ 2179.664665][ T428] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffce0d0e2a0 [ 2179.672605][ T428] R13: 00007ffce0d0e290 R14: 0000000000000000 R15: 00007ffce0d0e2a0 [ 2179.681730][ T428] Mem-Info: [ 2179.695189][ T428] active_anon:1383155 inactive_anon:17088 isolated_anon:0 [ 2179.695189][ T428] active_file:176 inactive_file:220 isolated_file:54 [ 2179.695189][ T428] unevictable:0 dirty:58 writeback:1 unstable:0 [ 2179.695189][ T428] slab_reclaimable:8419 slab_unreclaimable:79159 [ 2179.695189][ T428] mapped:62171 shmem:17095 pagetables:45036 bounce:0 [ 2179.695189][ T428] free:14944 free_pcp:115 free_cma:0 [ 2179.733740][ T428] Node 0 active_anon:5532620kB inactive_anon:68352kB active_file:704kB inactive_file:880kB unevictable:0kB isolated(anon):0kB isolated(file):64kB mapped:248584kB dirty:232kB writeback:4kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2179.758531][ T428] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2179.785006][ T428] lowmem_reserve[]: 0 2912 6416 6416 [ 2179.790779][ T428] DMA32 free:29448kB min:20548kB low:23528kB high:26508kB active_anon:2708440kB inactive_anon:8904kB active_file:164kB inactive_file:164kB unevictable:0kB writepending:24kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:25184kB pagetables:58128kB bounce:0kB free_pcp:48kB local_pcp:0kB free_cma:0kB [ 2179.820687][ T428] lowmem_reserve[]: 0 0 3504 3504 [ 2179.826259][ T428] Normal free:14424kB min:17880kB low:21468kB high:25056kB active_anon:2824180kB inactive_anon:59448kB active_file:972kB inactive_file:512kB unevictable:0kB writepending:212kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30688kB pagetables:122016kB bounce:0kB free_pcp:176kB local_pcp:0kB free_cma:0kB [ 2179.856445][ T428] lowmem_reserve[]: 0 0 0 0 [ 2179.861389][ T428] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2179.875214][ T428] DMA32: 1116*4kB (UMH) 1429*8kB (UMEH) 620*16kB (UMEH) 108*32kB (UMH) 3*64kB (H) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 29592kB [ 2179.890602][ T428] Normal: 1100*4kB (UME) 218*8kB (UME) 67*16kB (UME) 200*32kB (UME) 19*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 14832kB [ 2179.905568][ T428] 17453 total pagecache pages [ 2179.910709][ T428] 0 pages in swap cache [ 2179.915331][ T428] Swap cache stats: add 0, delete 0, find 0/0 [ 2179.921872][ T428] Free swap = 0kB [ 2179.926054][ T428] Total swap = 0kB [ 2179.930192][ T428] 1965979 pages RAM [ 2179.938770][ T428] 0 pages HighMem/MovableOnly [ 2179.943880][ T428] 318830 pages reserved [ 2179.948435][ T428] 0 pages cma reserved [ 2179.952896][ T428] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=19227,uid=0 [ 2179.967444][ T428] Out of memory: Killed process 19227 (syz-executor.0) total-vm:75228kB, anon-rss:15216kB, file-rss:35296kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 2179.990905][ T23] oom_reaper: reaped process 19227 (syz-executor.0), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB [ 2180.111929][ T477] kworker/dying (477) used greatest stack depth: 17768 bytes left 04:07:36 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x134000}], 0x1, 0x0) pipe(0x0) 04:07:36 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xf1000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:07:36 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) llistxattr(&(0x7f00000002c0)='./bus\x00', &(0x7f0000000300)=""/195, 0xc3) sendto(0xffffffffffffffff, &(0x7f0000000440)="8218e5289d1856f3877f762dc480573f392d9fe8188e1b5c7e2c7d5d2a90de01a8c38d71462633d4c85e6cb0528697d81199480440cb3616aedaca4de514e01604de228a9e9af9aa4a08110a0eac21de3130fa601058ee7db3cd62e462872b0aae6cd38a0a810e0613c892dc252460012ab29a697d0523a4434f652fa31e1cab6b85d53ea6456aa6d3baa7ce6ff0b9e587ce9ba78848c65297c1c7c8ff1077be2134d52662b644c28caceed991e8653f2e2f4da9b9ef9262a7c9", 0xba, 0x20000011, &(0x7f0000000500)=@l2tp6={0xa, 0x0, 0x405d, @private0={0xfc, 0x0, [], 0x1}, 0xff}, 0x80) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0xd3d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:07:36 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x99000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) [ 2181.185549][T26523] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 2181.204109][T26523] CPU: 1 PID: 26523 Comm: syz-executor.4 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2181.214351][T26523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2181.224444][T26523] Call Trace: [ 2181.227709][T26523] dump_stack+0x14a/0x1ce [ 2181.232014][T26523] ? devkmsg_release+0x11c/0x11c [ 2181.236926][T26523] ? show_regs_print_info+0x12/0x12 [ 2181.242102][T26523] ? radix_tree_cpu_dead+0x160/0x160 [ 2181.247387][T26523] ? _raw_spin_lock+0xa1/0x170 [ 2181.252141][T26523] ? _raw_spin_trylock_bh+0x190/0x190 [ 2181.257525][T26523] dump_header+0xdb/0x700 [ 2181.261852][T26523] oom_kill_process+0xd3/0x280 [ 2181.266608][T26523] out_of_memory+0x5b6/0x890 [ 2181.271192][T26523] ? unregister_oom_notifier+0x20/0x20 [ 2181.276640][T26523] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2181.282178][T26523] ? get_page_from_freelist+0x7c0/0x7c0 [ 2181.287721][T26523] ? __zone_watermark_ok+0x91/0x280 [ 2181.292907][T26523] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2181.298251][T26523] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2181.303766][T26523] ? copy_process+0x5a4/0x5110 [ 2181.308497][T26523] ? copy_process+0x5a4/0x5110 [ 2181.313231][T26523] ? kmem_cache_alloc+0x1d5/0x260 [ 2181.318222][T26523] copy_process+0x5f3/0x5110 [ 2181.322782][T26523] ? do_wp_page+0xb1b/0x1530 [ 2181.327342][T26523] ? do_swap_page+0x1560/0x1560 [ 2181.332161][T26523] ? fork_idle+0x290/0x290 [ 2181.336546][T26523] ? memset+0x1f/0x40 [ 2181.340497][T26523] ? handle_mm_fault+0xb16/0x40a0 [ 2181.345492][T26523] _do_fork+0x196/0x920 [ 2181.349617][T26523] ? dup_mm+0x300/0x300 [ 2181.353742][T26523] ? ktime_get_raw+0x130/0x130 [ 2181.358507][T26523] __x64_sys_clone+0x25f/0x2c0 [ 2181.363241][T26523] ? __ia32_sys_vfork+0x110/0x110 [ 2181.368234][T26523] ? __x64_sys_clock_gettime+0x20d/0x260 [ 2181.373835][T26523] ? do_user_addr_fault+0x55c/0x9f0 [ 2181.379014][T26523] do_syscall_64+0xcb/0x150 [ 2181.383489][T26523] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2181.389352][T26523] RIP: 0033:0x45ae5a [ 2181.393216][T26523] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2181.412797][T26523] RSP: 002b:00007ffe517c2b70 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2181.421213][T26523] RAX: ffffffffffffffda RBX: 00007ffe517c2b70 RCX: 000000000045ae5a [ 2181.429156][T26523] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2181.437274][T26523] RBP: 00007ffe517c2bb0 R08: 0000000000000001 R09: 0000000002716940 [ 2181.445214][T26523] R10: 0000000002716c10 R11: 0000000000000246 R12: 0000000000000001 [ 2181.453155][T26523] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffe517c2c00 [ 2181.462211][T26523] Mem-Info: [ 2181.466895][T26523] active_anon:1383560 inactive_anon:17088 isolated_anon:0 [ 2181.466895][T26523] active_file:567 inactive_file:949 isolated_file:27 [ 2181.466895][T26523] unevictable:0 dirty:22 writeback:1 unstable:0 04:07:37 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x135000}], 0x1, 0x0) pipe(0x0) 04:07:37 executing program 1: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) ioctl$FS_IOC_FSGETXATTR(0xffffffffffffffff, 0x801c581f, &(0x7f0000000040)={0x1000, 0x3, 0x3, 0xffffffff, 0x1}) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) sendmsg$NL80211_CMD_SET_STATION(0xffffffffffffffff, &(0x7f0000001440)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000001400)={&(0x7f00000013c0)={0x24, 0x0, 0x20, 0x70bd25, 0x25dfdbfc, {}, [@NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x1}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x40004}, 0x20008800) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) r4 = getpid() sched_setattr(r4, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) process_vm_writev(r4, &(0x7f0000000080)=[{&(0x7f0000000180)=""/219, 0xdb}], 0x1, &(0x7f0000001340)=[{&(0x7f0000000340)=""/4096, 0x1000}, {&(0x7f0000001c80)=""/4096, 0x1000}, {&(0x7f0000002c80)=""/4096, 0x1000}, {&(0x7f0000003c80)=""/4096, 0x1000}, {&(0x7f0000000100)=""/39, 0x27}], 0x5, 0x0) [ 2181.466895][T26523] slab_reclaimable:8418 slab_unreclaimable:79268 [ 2181.466895][T26523] mapped:62940 shmem:17095 pagetables:45035 bounce:0 [ 2181.466895][T26523] free:12816 free_pcp:492 free_cma:0 [ 2181.506020][T26523] Node 0 active_anon:5534240kB inactive_anon:68352kB active_file:3268kB inactive_file:6296kB unevictable:0kB isolated(anon):0kB isolated(file):108kB mapped:254360kB dirty:88kB writeback:4kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 04:07:37 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(0xffffffffffffffff, 0x54a2) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) [ 2181.637447][T26523] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2181.728229][T26523] lowmem_reserve[]: 0 2912 6416 6416 [ 2181.740800][T26523] DMA32 free:26672kB min:8740kB low:11720kB high:14700kB active_anon:2705284kB inactive_anon:8904kB active_file:2676kB inactive_file:2188kB unevictable:0kB writepending:28kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:25120kB pagetables:58280kB bounce:0kB free_pcp:940kB local_pcp:88kB free_cma:0kB [ 2181.773087][T26523] lowmem_reserve[]: 0 0 3504 3504 [ 2181.778392][T26523] Normal free:7136kB min:5592kB low:9180kB high:12768kB active_anon:2828956kB inactive_anon:59448kB active_file:1684kB inactive_file:2104kB unevictable:0kB writepending:64kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30560kB pagetables:121712kB bounce:0kB free_pcp:1228kB local_pcp:696kB free_cma:0kB [ 2181.815713][T26523] lowmem_reserve[]: 0 0 0 0 [ 2181.826399][T26523] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2181.854528][T26523] DMA32: 930*4kB (UMH) 1381*8kB (UMEH) 594*16kB (MEH) 92*32kB (MH) 3*64kB (H) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 27536kB [ 2181.886108][T26523] Normal: 538*4kB (UME) 104*8kB (UME) 83*16kB (UME) 72*32kB (UME) 18*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 7768kB [ 2181.935658][T26523] 18303 total pagecache pages [ 2181.945303][T26523] 0 pages in swap cache [ 2181.955530][T26523] Swap cache stats: add 0, delete 0, find 0/0 [ 2181.967618][T26523] Free swap = 0kB [ 2181.976340][T26523] Total swap = 0kB [ 2181.984972][T26523] 1965979 pages RAM [ 2181.993682][T26523] 0 pages HighMem/MovableOnly [ 2182.003250][T26523] 318830 pages reserved [ 2182.011835][T26523] 0 pages cma reserved [ 2182.018599][T26523] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=19247,uid=0 [ 2182.046902][T26523] Out of memory: Killed process 19247 (syz-executor.0) total-vm:75624kB, anon-rss:16580kB, file-rss:35024kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 2182.068996][ T23] oom_reaper: reaped process 19247 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 04:07:37 executing program 3: socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r2, &(0x7f0000000500), 0x37d, 0x0) ioctl$PPPIOCSMRU(r2, 0x40047452, &(0x7f0000000040)=0x80000001) r3 = socket$inet6(0xa, 0x3, 0x7) r4 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r4, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) ioctl$KDGKBSENT(r4, 0x4b48, &(0x7f0000000340)={0x4, "b5822448d64efa184dbc2c57403f50197c51c971dd152880e41a8df04b97748956cbc8cb50f3b18f4946560ffb6f943cea9fb1ccf946752719f89185de7c8239b7774c79459a47a204e91fe0b37309a28b82b8c5709785f1616f5f4a00ba1c1acdffd9b80dd21d2c24234ca9189394f751f3c53d3963637ee8b878ab5d31492e6e0da0e70d4d4da252a7f42176e8f630d3b623063711c30f99b89b68983a5fc6506b27a163494c4b52e4091893ba8da06b74756a2bbbddd47c8509328e7b1720414e3603ab9b02d45b284aeb8f3a580dbb6ed1af8b9d2acd982f2a8d19019069f1e63161cf8e750b43475d4719a3ff6bf89a668dc5e337ed0c8315ea68139db40de1740e7dc8979500618c6b7ff23592dd611c3e506f7239aa1ef4d55218d1064e8651cf729dcfbc55a88f246a190e733006b660af961f917cab92bf9b5b3fd566a14baca5404d205fa37b35b5ac5aa056a7f923613bd2fa8c6f0596028cfbddfe54dbb798c0720f82303d6a0581f5e16ed745693860ebb5697a8f7ef9f78bc10f914d5dc956c58fbdc673cf7b3b30ac393fd9b531f6989373f32799f199a90e0cbfbb2f3fc8af45f192f4d7eda369d9306065fb80473091c4521d1cfcdb30ae2b30945f84a18775dc043baefeb8f6c700ab07aaec20ce7dff0e30b5a0943882c026c67c36e316c928b8e5e1da2af4379e47653c2e307165dc12752888d1c323"}) recvmmsg(r3, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f0000000500), 0x37d, 0x0) [ 2182.669136][T19268] syz-executor.3 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=0 [ 2182.696254][T19268] CPU: 1 PID: 19268 Comm: syz-executor.3 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2182.706413][T19268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2182.716455][T19268] Call Trace: [ 2182.719735][T19268] dump_stack+0x14a/0x1ce [ 2182.724055][T19268] ? devkmsg_release+0x11c/0x11c [ 2182.729010][T19268] ? show_regs_print_info+0x12/0x12 [ 2182.734284][T19268] ? radix_tree_cpu_dead+0x160/0x160 [ 2182.739558][T19268] ? _raw_spin_lock+0xa1/0x170 [ 2182.744314][T19268] ? _raw_spin_trylock_bh+0x190/0x190 [ 2182.749674][T19268] dump_header+0xdb/0x700 [ 2182.753992][T19268] oom_kill_process+0xd3/0x280 [ 2182.758746][T19268] out_of_memory+0x5b6/0x890 [ 2182.763334][T19268] ? unregister_oom_notifier+0x20/0x20 [ 2182.768780][T19268] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2182.774313][T19268] ? get_page_from_freelist+0x7c0/0x7c0 [ 2182.779847][T19268] ? __zone_watermark_ok+0x91/0x280 [ 2182.785030][T19268] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2182.790412][T19268] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2182.795943][T19268] ? filemap_fault+0x19d0/0x19d0 [ 2182.800866][T19268] alloc_slab_page+0x3a/0x3a0 [ 2182.805528][T19268] new_slab+0x408/0x450 [ 2182.809672][T19268] ? _raw_spin_unlock+0x5/0x20 [ 2182.814430][T19268] ? getname_flags+0xb8/0x610 [ 2182.821434][T19268] ___slab_alloc+0x2e0/0x450 [ 2182.826009][T19268] ? getname_flags+0xb8/0x610 [ 2182.830671][T19268] ? getname_flags+0xb8/0x610 [ 2182.835331][T19268] kmem_cache_alloc+0x23f/0x260 [ 2182.840170][T19268] getname_flags+0xb8/0x610 [ 2182.844662][T19268] do_symlinkat+0x9e/0x420 [ 2182.849069][T19268] ? __fpregs_load_activate+0x2d3/0x390 [ 2182.854604][T19268] ? vfs_symlink+0x30/0x30 [ 2182.859015][T19268] ? do_user_addr_fault+0x521/0x9f0 [ 2182.864204][T19268] do_syscall_64+0xcb/0x150 [ 2182.868694][T19268] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2182.874572][T19268] RIP: 0033:0x45c5b7 [ 2182.878459][T19268] Code: 0f 1f 00 b8 5c 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 6d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 58 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 4d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2182.898051][T19268] RSP: 002b:00007ffcb99f8728 EFLAGS: 00000206 ORIG_RAX: 0000000000000058 [ 2182.906449][T19268] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045c5b7 [ 2182.914412][T19268] RDX: 00007ffcb99f87c7 RSI: 00000000004c236f RDI: 00007ffcb99f87b0 [ 2182.922397][T19268] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000017 [ 2182.930361][T19268] R10: 0000000000000075 R11: 0000000000000206 R12: 0000000000000001 [ 2182.938323][T19268] R13: 00007ffcb99f8760 R14: 0000000000000000 R15: 00007ffcb99f8770 [ 2182.980035][T19268] Mem-Info: [ 2182.988593][T19268] active_anon:1383562 inactive_anon:17088 isolated_anon:0 [ 2182.988593][T19268] active_file:366 inactive_file:440 isolated_file:79 [ 2182.988593][T19268] unevictable:0 dirty:45 writeback:0 unstable:0 [ 2182.988593][T19268] slab_reclaimable:8410 slab_unreclaimable:79307 [ 2182.988593][T19268] mapped:62541 shmem:17095 pagetables:45078 bounce:0 [ 2182.988593][T19268] free:13026 free_pcp:984 free_cma:0 [ 2183.041021][T19268] Node 0 active_anon:5534248kB inactive_anon:68352kB active_file:1360kB inactive_file:1760kB unevictable:0kB isolated(anon):0kB isolated(file):224kB mapped:249664kB dirty:180kB writeback:0kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2183.066759][T19268] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2183.106278][T19268] lowmem_reserve[]: 0 2912 6416 6416 [ 2183.121645][T19268] DMA32 free:29412kB min:16452kB low:19432kB high:22412kB active_anon:2706324kB inactive_anon:8904kB active_file:424kB inactive_file:1072kB unevictable:0kB writepending:36kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:25152kB pagetables:58296kB bounce:0kB free_pcp:100kB local_pcp:0kB free_cma:0kB [ 2183.151829][T19268] lowmem_reserve[]: 0 0 3504 3504 [ 2183.158124][T19268] Normal free:9348kB min:5592kB low:9180kB high:12768kB active_anon:2827900kB inactive_anon:59448kB active_file:1068kB inactive_file:672kB unevictable:0kB writepending:48kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30656kB pagetables:122016kB bounce:0kB free_pcp:580kB local_pcp:268kB free_cma:0kB [ 2183.231593][T19268] lowmem_reserve[]: 0 0 0 0 [ 2183.236126][T19268] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2183.285053][T19268] DMA32: 1174*4kB (UMH) 1445*8kB (UMEH) 623*16kB (UMEH) 95*32kB (UMH) 3*64kB (H) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 29584kB [ 2183.311644][T19268] Normal: 44*4kB (UMEH) 93*8kB (ME) 22*16kB (UME) 191*32kB (UME) 11*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8088kB [ 2183.341573][T19268] 17930 total pagecache pages [ 2183.346258][T19268] 0 pages in swap cache [ 2183.350398][T19268] Swap cache stats: add 0, delete 0, find 0/0 [ 2183.390119][T19268] Free swap = 0kB [ 2183.406220][T19268] Total swap = 0kB [ 2183.412220][T19268] 1965979 pages RAM [ 2183.417881][T19268] 0 pages HighMem/MovableOnly [ 2183.423437][T19268] 318830 pages reserved [ 2183.428317][T19268] 0 pages cma reserved [ 2183.433406][T19268] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=19267,uid=0 [ 2183.448473][T19268] Out of memory: Killed process 19267 (syz-executor.0) total-vm:75360kB, anon-rss:16560kB, file-rss:35480kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 2183.474832][ T23] oom_reaper: reaped process 19267 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 04:07:39 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) sendmsg$TIPC_NL_NET_SET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000300)={&(0x7f0000000440)={0x1d0, 0x0, 0x200, 0x70bd27, 0x25dfdbfb, {}, [@TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x8}]}, @TIPC_NLA_LINK={0x174, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7fffffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x101}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x34f}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x54, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffe01}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x40}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x841}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ff}]}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x14}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7fff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffff}]}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xf4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xf569}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xd1a}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7fffffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x91}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xffff}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x10001}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xfb1}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x2}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}]}]}, 0x1d0}, 0x1, 0x0, 0x0, 0x20004000}, 0x81) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:07:39 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x136000}], 0x1, 0x0) pipe(0x0) 04:07:39 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xf2000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:07:39 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB="9919f00b0002c700d13e8cf400"/23], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) pwrite64(0xffffffffffffffff, &(0x7f00000002c0)="e2", 0x1, 0x8) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:07:39 executing program 1: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xf1000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:07:39 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x9a000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:07:40 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x137000}], 0x1, 0x0) pipe(0x0) [ 2184.559139][ T436] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 2184.571643][ T436] CPU: 1 PID: 436 Comm: syz-executor.2 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2184.581607][ T436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2184.591647][ T436] Call Trace: [ 2184.594917][ T436] dump_stack+0x14a/0x1ce [ 2184.599213][ T436] ? devkmsg_release+0x11c/0x11c [ 2184.604120][ T436] ? show_regs_print_info+0x12/0x12 [ 2184.609384][ T436] ? radix_tree_cpu_dead+0x160/0x160 [ 2184.614638][ T436] ? _raw_spin_lock+0xa1/0x170 [ 2184.619383][ T436] ? _raw_spin_trylock_bh+0x190/0x190 [ 2184.624809][ T436] dump_header+0xdb/0x700 [ 2184.629110][ T436] oom_kill_process+0xd3/0x280 [ 2184.633844][ T436] out_of_memory+0x5b6/0x890 [ 2184.638675][ T436] ? unregister_oom_notifier+0x20/0x20 [ 2184.644105][ T436] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2184.649632][ T436] ? get_page_from_freelist+0x7c0/0x7c0 [ 2184.655145][ T436] ? __zone_watermark_ok+0x91/0x280 [ 2184.660312][ T436] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2184.665652][ T436] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2184.671167][ T436] ? copy_process+0x5a4/0x5110 [ 2184.675900][ T436] ? copy_process+0x5a4/0x5110 [ 2184.680630][ T436] ? kmem_cache_alloc+0x1d5/0x260 [ 2184.685632][ T436] copy_process+0x5f3/0x5110 [ 2184.690192][ T436] ? do_wp_page+0xb1b/0x1530 [ 2184.694762][ T436] ? do_swap_page+0x1560/0x1560 [ 2184.699583][ T436] ? fork_idle+0x290/0x290 [ 2184.703971][ T436] ? memset+0x1f/0x40 [ 2184.707921][ T436] ? handle_mm_fault+0xb16/0x40a0 [ 2184.712912][ T436] _do_fork+0x196/0x920 [ 2184.717037][ T436] ? dup_mm+0x300/0x300 [ 2184.721175][ T436] ? ktime_get_raw+0x130/0x130 [ 2184.725907][ T436] __x64_sys_clone+0x25f/0x2c0 [ 2184.730640][ T436] ? __ia32_sys_vfork+0x110/0x110 [ 2184.735720][ T436] ? __x64_sys_clock_gettime+0x20d/0x260 [ 2184.741331][ T436] ? do_user_addr_fault+0x55c/0x9f0 [ 2184.746511][ T436] do_syscall_64+0xcb/0x150 [ 2184.750987][ T436] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2184.756847][ T436] RIP: 0033:0x45ae5a [ 2184.760721][ T436] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2184.780308][ T436] RSP: 002b:00007fff3f7fad80 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2184.789481][ T436] RAX: ffffffffffffffda RBX: 00007fff3f7fad80 RCX: 000000000045ae5a [ 2184.797425][ T436] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2184.805369][ T436] RBP: 00007fff3f7fadc0 R08: 0000000000000001 R09: 0000000001030940 [ 2184.813331][ T436] R10: 0000000001030c10 R11: 0000000000000246 R12: 0000000000000001 [ 2184.821272][ T436] R13: 0000000000000000 R14: 0000000000000000 R15: 00007fff3f7fae10 [ 2184.831823][ T436] Mem-Info: [ 2184.838638][ T436] active_anon:1385137 inactive_anon:17088 isolated_anon:0 [ 2184.838638][ T436] active_file:454 inactive_file:986 isolated_file:32 [ 2184.838638][ T436] unevictable:0 dirty:2 writeback:0 unstable:0 [ 2184.838638][ T436] slab_reclaimable:8410 slab_unreclaimable:79267 [ 2184.838638][ T436] mapped:62652 shmem:17095 pagetables:45164 bounce:0 [ 2184.838638][ T436] free:11523 free_pcp:144 free_cma:0 04:07:40 executing program 1: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x9a000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) [ 2184.995972][ T436] Node 0 active_anon:5540544kB inactive_anon:68352kB active_file:2128kB inactive_file:2704kB unevictable:0kB isolated(anon):0kB isolated(file):256kB mapped:251396kB dirty:44kB writeback:60kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2185.044212][ T436] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2185.129101][ T436] lowmem_reserve[]: 0 2912 6416 6416 [ 2185.140791][ T436] DMA32 free:22360kB min:8740kB low:11720kB high:14700kB active_anon:2713216kB inactive_anon:8904kB active_file:760kB inactive_file:608kB unevictable:0kB writepending:64kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:25152kB pagetables:58364kB bounce:0kB free_pcp:424kB local_pcp:128kB free_cma:0kB [ 2185.190755][ T436] lowmem_reserve[]: 0 0 3504 3504 [ 2185.196240][ T436] Normal free:10708kB min:13784kB low:17372kB high:20960kB active_anon:2827012kB inactive_anon:59448kB active_file:904kB inactive_file:400kB unevictable:0kB writepending:68kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30688kB pagetables:122088kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2185.226550][ T436] lowmem_reserve[]: 0 0 0 0 [ 2185.231676][ T436] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2185.245682][ T436] DMA32: 192*4kB (UMH) 1119*8kB (UMEH) 627*16kB (UMEH) 103*32kB (UMH) 5*64kB (MH) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 23496kB [ 2185.261195][ T436] Normal: 796*4kB (UME) 88*8kB (UME) 49*16kB (UME) 185*32kB (UME) 9*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 11168kB [ 2185.294156][ T436] 17789 total pagecache pages [ 2185.305208][ T436] 0 pages in swap cache [ 2185.314442][ T436] Swap cache stats: add 0, delete 0, find 0/0 [ 2185.329046][ T436] Free swap = 0kB [ 2185.337395][ T436] Total swap = 0kB [ 2185.341173][ T436] 1965979 pages RAM [ 2185.345052][ T436] 0 pages HighMem/MovableOnly [ 2185.349783][ T436] 318830 pages reserved [ 2185.354011][ T436] 0 pages cma reserved [ 2185.358143][ T436] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=19313,uid=0 [ 2185.372400][ T436] Out of memory: Killed process 19313 (syz-executor.0) total-vm:75624kB, anon-rss:16580kB, file-rss:34968kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 04:07:41 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) r2 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x204001, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/29, 0x1d}, {&(0x7f0000000100)=""/19, 0x13}, {&(0x7f0000000180)=""/105, 0x69}, {&(0x7f0000000200)=""/63, 0x3f}, {&(0x7f0000000340)=""/189, 0xbd}, {&(0x7f0000000240)=""/43, 0x2b}, {&(0x7f0000000400)=""/4096, 0x1000}, {&(0x7f0000001400)=""/237, 0xed}, {&(0x7f0000001500)=""/183, 0xb7}], 0x9, 0x3) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r3, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r4 = socket(0x15, 0x80000, 0x2) getsockopt$inet_opts(r4, 0x0, 0x9, &(0x7f0000001680)=""/70, &(0x7f0000000280)=0x46) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f0000000500), 0x37d, 0x0) 04:07:41 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB="f4d800000000494e91b886c03b395f072e32e4f822d847184e12e9"], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500)}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r3 = accept(0xffffffffffffffff, 0x0, &(0x7f0000000300)) fstat(r3, &(0x7f0000000340)) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:07:41 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x9b000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:07:41 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x138000}], 0x1, 0x0) pipe(0x0) [ 2186.442980][T19333] syz-executor.5 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=1000 [ 2186.472545][T19333] CPU: 1 PID: 19333 Comm: syz-executor.5 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2186.482710][T19333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2186.492755][T19333] Call Trace: [ 2186.496040][T19333] dump_stack+0x14a/0x1ce [ 2186.500352][T19333] ? devkmsg_release+0x11c/0x11c [ 2186.505271][T19333] ? show_regs_print_info+0x12/0x12 [ 2186.510463][T19333] ? radix_tree_cpu_dead+0x160/0x160 [ 2186.515772][T19333] ? _raw_spin_lock+0xa1/0x170 [ 2186.520524][T19333] ? _raw_spin_trylock_bh+0x190/0x190 [ 2186.525885][T19333] dump_header+0xdb/0x700 [ 2186.530204][T19333] oom_kill_process+0xd3/0x280 [ 2186.534959][T19333] out_of_memory+0x5b6/0x890 [ 2186.539537][T19333] ? unregister_oom_notifier+0x20/0x20 [ 2186.544988][T19333] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2186.550524][T19333] ? get_page_from_freelist+0x7c0/0x7c0 [ 2186.556060][T19333] ? __zone_watermark_ok+0x91/0x280 [ 2186.561339][T19333] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2186.566701][T19333] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2186.572234][T19333] alloc_slab_page+0x3a/0x3a0 [ 2186.576897][T19333] new_slab+0x408/0x450 [ 2186.581041][T19333] ? page_fault+0x2f/0x40 [ 2186.585358][T19333] ___slab_alloc+0x2e0/0x450 [ 2186.589941][T19333] ? getname_flags+0x25f/0x610 [ 2186.594695][T19333] ? kmem_cache_free+0xac/0x600 [ 2186.599536][T19333] ? getname_flags+0xb8/0x610 [ 2186.604203][T19333] ? getname_flags+0xb8/0x610 [ 2186.608877][T19333] kmem_cache_alloc+0x23f/0x260 [ 2186.613745][T19333] getname_flags+0xb8/0x610 [ 2186.618239][T19333] do_sys_open+0x33d/0x7d0 [ 2186.622643][T19333] ? file_open_root+0x450/0x450 [ 2186.627483][T19333] ? __x64_sys_clock_gettime+0x20d/0x260 [ 2186.633102][T19333] do_syscall_64+0xcb/0x150 [ 2186.637602][T19333] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2186.643482][T19333] RIP: 0033:0x45c829 [ 2186.647363][T19333] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2186.666953][T19333] RSP: 002b:00007f9080023c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 2186.675439][T19333] RAX: ffffffffffffffda RBX: 00000000004f6780 RCX: 000000000045c829 [ 2186.683400][T19333] RDX: 0000000000000000 RSI: 0000000000141042 RDI: 0000000020000000 [ 2186.691360][T19333] RBP: 000000000078c0e0 R08: 0000000000000000 R09: 0000000000000000 [ 2186.699320][T19333] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2186.707279][T19333] R13: 0000000000000773 R14: 0000000000524fdf R15: 00007f90800246d4 [ 2186.716994][T19333] Mem-Info: [ 2186.721183][T19333] active_anon:1381449 inactive_anon:17088 isolated_anon:0 [ 2186.721183][T19333] active_file:219 inactive_file:199 isolated_file:37 [ 2186.721183][T19333] unevictable:0 dirty:10 writeback:0 unstable:0 [ 2186.721183][T19333] slab_reclaimable:8410 slab_unreclaimable:79292 [ 2186.721183][T19333] mapped:62251 shmem:17095 pagetables:45153 bounce:0 [ 2186.721183][T19333] free:16085 free_pcp:226 free_cma:0 [ 2186.764085][T19333] Node 0 active_anon:5525796kB inactive_anon:68352kB active_file:864kB inactive_file:2096kB unevictable:0kB isolated(anon):0kB isolated(file):148kB mapped:249504kB dirty:40kB writeback:0kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2186.789897][T19333] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2186.816871][T19333] lowmem_reserve[]: 0 2912 6416 6416 [ 2186.825891][T19333] DMA32 free:32952kB min:16452kB low:19432kB high:22412kB active_anon:2703212kB inactive_anon:8904kB active_file:60kB inactive_file:1052kB unevictable:0kB writepending:16kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:25024kB pagetables:58436kB bounce:0kB free_pcp:428kB local_pcp:428kB free_cma:0kB [ 2186.860192][T19333] lowmem_reserve[]: 0 0 3504 3504 [ 2186.866570][T19333] Normal free:13036kB min:5592kB low:9180kB high:12768kB active_anon:2822080kB inactive_anon:59448kB active_file:980kB inactive_file:1204kB unevictable:0kB writepending:24kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30816kB pagetables:122176kB bounce:0kB free_pcp:1552kB local_pcp:372kB free_cma:0kB [ 2186.897596][T19333] lowmem_reserve[]: 0 0 0 0 [ 2186.903119][T19333] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2186.926021][T19333] DMA32: 2094*4kB (UMH) 1377*8kB (UMEH) 632*16kB (UMEH) 100*32kB (UMH) 3*64kB (H) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 33024kB [ 2186.960842][T19333] Normal: 22*4kB (ME) 254*8kB (ME) 117*16kB (ME) 195*32kB (ME) 4*64kB (M) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 10488kB [ 2186.998636][T19333] 18809 total pagecache pages [ 2187.016439][T19333] 0 pages in swap cache [ 2187.020618][T19333] Swap cache stats: add 0, delete 0, find 0/0 [ 2187.035453][T19333] Free swap = 0kB [ 2187.040730][T19333] Total swap = 0kB [ 2187.044698][T19333] 1965979 pages RAM [ 2187.048526][T19333] 0 pages HighMem/MovableOnly [ 2187.053518][T19333] 318830 pages reserved [ 2187.057744][T19333] 0 pages cma reserved 04:07:42 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB="9919f00b0002c700d13e8cf400"/23], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) pwrite64(0xffffffffffffffff, &(0x7f00000002c0)="e2", 0x1, 0x8) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) [ 2187.063083][T19333] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.5,pid=25077,uid=0 [ 2187.078371][T19333] Out of memory: Killed process 25077 (syz-executor.5) total-vm:75228kB, anon-rss:14060kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 04:07:42 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xf3000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:07:42 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r1, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r4 = socket$inet6(0xa, 0x3, 0x7) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f0000000500), 0x37d, 0x0) r6 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r6, &(0x7f0000000500), 0x37d, 0x0) sendmsg$netlink(r0, &(0x7f0000000180)={&(0x7f0000000040)=@proc={0x10, 0x0, 0x25dfdbfb, 0x8000000}, 0xc, &(0x7f0000000080), 0x0, &(0x7f0000000100)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, r3, 0xffffffffffffffff, r5, r6]}}], 0x28, 0x4000}, 0x404085c) recvmmsg(r4, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r7 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r7, &(0x7f0000000500), 0x37d, 0x0) 04:07:43 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB="9919f00b0002c700d13e8cf400"/23], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) pwrite64(0xffffffffffffffff, &(0x7f00000002c0)="e2", 0x1, 0x8) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:07:43 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x9c000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:07:43 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB="9919f00b0002c700d13e8cf400"/23], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) pwrite64(0xffffffffffffffff, &(0x7f00000002c0)="e2", 0x1, 0x8) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) [ 2187.965094][ T436] syz-executor.2 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=0 [ 2187.998982][ T436] CPU: 0 PID: 436 Comm: syz-executor.2 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2188.008968][ T436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2188.019003][ T436] Call Trace: [ 2188.022274][ T436] dump_stack+0x14a/0x1ce [ 2188.026581][ T436] ? devkmsg_release+0x11c/0x11c [ 2188.031499][ T436] ? show_regs_print_info+0x12/0x12 [ 2188.036683][ T436] ? radix_tree_cpu_dead+0x160/0x160 [ 2188.041960][ T436] ? _raw_spin_lock+0xa1/0x170 [ 2188.046708][ T436] ? _raw_spin_trylock_bh+0x190/0x190 [ 2188.052059][ T436] dump_header+0xdb/0x700 [ 2188.056377][ T436] oom_kill_process+0xd3/0x280 [ 2188.061132][ T436] out_of_memory+0x5b6/0x890 [ 2188.065717][ T436] ? unregister_oom_notifier+0x20/0x20 [ 2188.071782][ T436] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2188.077332][ T436] ? get_page_from_freelist+0x7c0/0x7c0 [ 2188.082865][ T436] ? _raw_spin_lock_irqsave+0xfc/0x1e0 [ 2188.088308][ T436] ? __zone_watermark_ok+0x91/0x280 [ 2188.093504][ T436] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2188.098865][ T436] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2188.104396][ T436] ? avc_has_perm_noaudit+0x30c/0x400 [ 2188.109757][ T436] ? avc_denied+0x1c0/0x1c0 [ 2188.114245][ T436] alloc_slab_page+0x3a/0x3a0 [ 2188.118898][ T436] new_slab+0x408/0x450 [ 2188.123169][ T436] ? should_fail+0x18e/0x860 [ 2188.127741][ T436] ? getname_flags+0xb8/0x610 [ 2188.132401][ T436] ___slab_alloc+0x2e0/0x450 [ 2188.136978][ T436] ? handle_mm_fault+0xb16/0x40a0 [ 2188.141980][ T436] ? getname_flags+0xb8/0x610 [ 2188.146631][ T436] ? getname_flags+0xb8/0x610 [ 2188.151298][ T436] kmem_cache_alloc+0x23f/0x260 [ 2188.156221][ T436] getname_flags+0xb8/0x610 [ 2188.160721][ T436] user_path_mountpoint_at+0x22/0x40 [ 2188.165977][ T436] ksys_umount+0x167/0xff0 [ 2188.170362][ T436] ? __down_read+0x240/0x240 [ 2188.174920][ T436] ? ksys_write+0x24c/0x2c0 [ 2188.179390][ T436] ? namespace_unlock+0x4e0/0x4e0 [ 2188.184383][ T436] ? do_user_addr_fault+0x55c/0x9f0 [ 2188.189550][ T436] __x64_sys_umount+0x56/0x60 [ 2188.194201][ T436] do_syscall_64+0xcb/0x150 [ 2188.198674][ T436] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2188.204537][ T436] RIP: 0033:0x45f257 [ 2188.208404][ T436] Code: 64 89 04 25 d0 02 00 00 58 5f ff d0 48 89 c7 e8 8f be ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2188.227976][ T436] RSP: 002b:00007fff3f7f9cd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 2188.236366][ T436] RAX: ffffffffffffffda RBX: 0000000000216430 RCX: 000000000045f257 [ 2188.244490][ T436] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007fff3f7fae10 [ 2188.252446][ T436] RBP: 0000000000001b14 R08: 0000000000000001 R09: 0000000001030940 [ 2188.260388][ T436] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff3f7fae10 [ 2188.268353][ T436] R13: 00007fff3f7fae00 R14: 0000000000000000 R15: 00007fff3f7fae10 04:07:44 executing program 1: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x800000000000000) 04:07:44 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x139000}], 0x1, 0x0) pipe(0x0) [ 2188.491232][ T436] Mem-Info: [ 2188.494489][ T436] active_anon:1384356 inactive_anon:17088 isolated_anon:0 [ 2188.494489][ T436] active_file:580 inactive_file:1434 isolated_file:63 [ 2188.494489][ T436] unevictable:0 dirty:21 writeback:0 unstable:0 [ 2188.494489][ T436] slab_reclaimable:8409 slab_unreclaimable:79316 [ 2188.494489][ T436] mapped:63542 shmem:17095 pagetables:45214 bounce:0 [ 2188.494489][ T436] free:10976 free_pcp:607 free_cma:0 [ 2188.610887][ T436] Node 0 active_anon:5537424kB inactive_anon:68352kB active_file:2780kB inactive_file:2496kB unevictable:0kB isolated(anon):0kB isolated(file):264kB mapped:251968kB dirty:84kB writeback:0kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2188.663537][ T436] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2188.722066][ T436] lowmem_reserve[]: 0 2912 6416 6416 [ 2188.728031][ T436] DMA32 free:23224kB min:4644kB low:7624kB high:10604kB active_anon:2712648kB inactive_anon:8904kB active_file:988kB inactive_file:740kB unevictable:0kB writepending:28kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:25344kB pagetables:58972kB bounce:0kB free_pcp:320kB local_pcp:0kB free_cma:0kB [ 2188.803189][ T436] lowmem_reserve[]: 0 0 3504 3504 [ 2188.808383][ T436] Normal free:12308kB min:9688kB low:13276kB high:16864kB active_anon:2824776kB inactive_anon:59448kB active_file:1500kB inactive_file:1340kB unevictable:0kB writepending:56kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30592kB pagetables:121884kB bounce:0kB free_pcp:48kB local_pcp:16kB free_cma:0kB [ 2188.842032][ T436] lowmem_reserve[]: 0 0 0 0 [ 2188.846693][ T436] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2188.860302][ T436] DMA32: 700*4kB (UMH) 100*8kB (UMEH) 821*16kB (UMEH) 144*32kB (UMH) 16*64kB (UMH) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 22496kB [ 2188.875540][ T436] Normal: 659*4kB (UME) 162*8kB (UME) 119*16kB (UME) 198*32kB (UME) 3*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12364kB [ 2188.890614][ T436] 17637 total pagecache pages [ 2188.895551][ T436] 0 pages in swap cache [ 2188.899864][ T436] Swap cache stats: add 0, delete 0, find 0/0 [ 2188.906180][ T436] Free swap = 0kB [ 2188.910041][ T436] Total swap = 0kB [ 2188.914028][ T436] 1965979 pages RAM [ 2188.917966][ T436] 0 pages HighMem/MovableOnly [ 2188.929805][ T436] 318830 pages reserved [ 2188.934227][ T436] 0 pages cma reserved [ 2188.938408][ T436] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=19401,uid=0 [ 2188.952773][ T436] Out of memory: Killed process 19401 (syz-executor.1) total-vm:75228kB, anon-rss:16556kB, file-rss:35028kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 04:07:44 executing program 0: preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) sendmsg$NFNL_MSG_ACCT_NEW(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000440)=ANY=[@ANYBLOB="7e3f9900000008000540000000010900010073797a31200000000c000676000000000000000608000540000900001aaef10aa6a25eaf56d1ac2d3a39ebf2b60e5676f5665ec5f0e743a19398c18af58a4ed314aaf2b00a696b847a3e3417bc98f739aae64921b87503000000294a995a30066dcacafe0ed9ceb182ae5a341d00e2c68f72b6145b2fb6a59dc9973262dc9e65a527ee2caf9f2cd7fca9d84ae9534e034635b7fa0a8edf6635015be2283fdf1f87448545a0b9fbe8c879d1b76b55103235e88395f98e84fef58d6fe27f5397ee716e25c7d06239b0e34683a3bd4c2594e90b18254bae94a8a71f27e5d0a0b61d329ee90b9e5c84aa83bef6ad30be50c87b56a98f117150d4deb6b65c5925e4cdb549aa72346066b3619b4aaa3accdad9584ca63d5ad7b1d3808c"], 0x3c}, 0x1, 0x0, 0x0, 0x28000800}, 0x20000000) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="ff6d48", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x80000, 0x0, 0x0, 0xffe}, 0x0, &(0x7f0000000140)={0xffc, 0x0, 0x0, 0x0, 0xddb}, 0x0, 0x0) 04:07:45 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xf4000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:07:45 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r0, &(0x7f0000000500), 0x37d, 0x0) ioctl$TIOCL_SETVESABLANK(r0, 0x541c, &(0x7f0000000040)) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r1, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r3, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) 04:07:45 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x9d000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:07:45 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x13a000}], 0x1, 0x0) pipe(0x0) [ 2189.888978][ T405] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2189.909707][ T405] CPU: 0 PID: 405 Comm: syz-fuzzer Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2189.919340][ T405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2189.929382][ T405] Call Trace: [ 2189.932672][ T405] dump_stack+0x14a/0x1ce [ 2189.936996][ T405] ? devkmsg_release+0x11c/0x11c [ 2189.941951][ T405] ? show_regs_print_info+0x12/0x12 [ 2189.947136][ T405] ? radix_tree_cpu_dead+0x160/0x160 [ 2189.952403][ T405] ? _raw_spin_lock+0xa1/0x170 [ 2189.957159][ T405] ? _raw_spin_trylock_bh+0x190/0x190 [ 2189.962516][ T405] dump_header+0xdb/0x700 [ 2189.966833][ T405] oom_kill_process+0xd3/0x280 [ 2189.971580][ T405] out_of_memory+0x5b6/0x890 [ 2189.976156][ T405] ? unregister_oom_notifier+0x20/0x20 [ 2189.981598][ T405] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2189.987117][ T405] ? get_page_from_freelist+0x7c0/0x7c0 [ 2189.992633][ T405] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2189.997990][ T405] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2190.003518][ T405] pagecache_get_page+0x50f/0x880 [ 2190.008514][ T405] ? pipe_write+0x578/0xe40 [ 2190.013006][ T405] filemap_fault+0x1474/0x19d0 [ 2190.017752][ T405] ? generic_file_read_iter+0x20b0/0x20b0 [ 2190.023441][ T405] ? __rcu_read_lock+0x50/0x50 [ 2190.028174][ T405] ? memset+0x1f/0x40 [ 2190.032125][ T405] ext4_filemap_fault+0x7b/0x90 [ 2190.036944][ T405] handle_mm_fault+0x19ac/0x40a0 [ 2190.041850][ T405] ? finish_fault+0x230/0x230 [ 2190.046496][ T405] ? security_file_permission+0x128/0x300 [ 2190.052270][ T405] ? __up_read+0x1b0/0x1b0 [ 2190.056658][ T405] ? vmacache_update+0x9f/0xf0 [ 2190.061402][ T405] do_user_addr_fault+0x48a/0x9f0 [ 2190.066394][ T405] page_fault+0x2f/0x40 [ 2190.070530][ T405] RIP: 0033:0x70a6df [ 2190.074405][ T405] Code: ec 08 48 89 2c 24 48 8d 2c 24 48 8b 4c 24 10 48 8b 51 10 48 8b 59 08 48 8d 79 08 48 83 fa 08 0f 8c 16 01 00 00 48 8b 54 24 18 <88> 13 48 8b 59 08 48 8b 71 10 48 83 fe 01 0f 86 3b 01 00 00 48 89 [ 2190.093976][ T405] RSP: 002b:000000c420427230 EFLAGS: 00010212 [ 2190.100009][ T405] RAX: 000000c431aeb380 RBX: 00007f6eab3e6000 RCX: 000000c420427340 [ 2190.107950][ T405] RDX: 00000000000008f3 RSI: 0000000000000020 RDI: 000000c420427348 [ 2190.116032][ T405] RBP: 000000c420427230 R08: 0000000000000000 R09: 0000000000000000 [ 2190.124064][ T405] R10: 00000000009f1ef2 R11: 0000000000000004 R12: 0000000000000000 [ 2190.132007][ T405] R13: 0000000000000020 R14: 0000000000000013 R15: 0000000000000100 [ 2190.249292][ T405] Mem-Info: [ 2190.252563][ T405] active_anon:1384772 inactive_anon:17088 isolated_anon:0 [ 2190.252563][ T405] active_file:288 inactive_file:308 isolated_file:0 [ 2190.252563][ T405] unevictable:0 dirty:36 writeback:0 unstable:0 [ 2190.252563][ T405] slab_reclaimable:8405 slab_unreclaimable:79370 [ 2190.252563][ T405] mapped:62386 shmem:17095 pagetables:45316 bounce:0 [ 2190.252563][ T405] free:12291 free_pcp:0 free_cma:0 [ 2190.381131][ T405] Node 0 active_anon:5539756kB inactive_anon:68352kB active_file:796kB inactive_file:1072kB unevictable:0kB isolated(anon):0kB isolated(file):72kB mapped:248916kB dirty:144kB writeback:0kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2190.456681][ T405] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2190.517679][ T405] lowmem_reserve[]: 0 2912 6416 6416 [ 2190.530750][ T405] DMA32 free:20856kB min:8740kB low:11720kB high:14700kB active_anon:2715432kB inactive_anon:8904kB active_file:324kB inactive_file:776kB unevictable:0kB writepending:28kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:25472kB pagetables:58836kB bounce:0kB free_pcp:124kB local_pcp:28kB free_cma:0kB [ 2190.563449][ T405] lowmem_reserve[]: 0 0 3504 3504 [ 2190.569035][ T405] Normal free:13200kB min:17880kB low:21468kB high:25056kB active_anon:2824324kB inactive_anon:59448kB active_file:556kB inactive_file:708kB unevictable:0kB writepending:60kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30784kB pagetables:122428kB bounce:0kB free_pcp:52kB local_pcp:0kB free_cma:0kB [ 2190.599195][ T405] lowmem_reserve[]: 0 0 0 0 [ 2190.604285][ T405] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2190.618210][ T405] DMA32: 213*4kB (MH) 105*8kB (UMEH) 850*16kB (UMEH) 168*32kB (UMH) 15*64kB (UMH) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 21756kB [ 2190.633871][ T405] Normal: 1183*4kB (UME) 166*8kB (UME) 47*16kB (UME) 200*32kB (UME) 4*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 13468kB [ 2190.666965][ T405] 17283 total pagecache pages [ 2190.680913][ T405] 0 pages in swap cache [ 2190.685849][ T405] Swap cache stats: add 0, delete 0, find 0/0 [ 2190.693511][ T405] Free swap = 0kB [ 2190.698050][ T405] Total swap = 0kB [ 2190.702420][ T405] 1965979 pages RAM [ 2190.708151][ T405] 0 pages HighMem/MovableOnly [ 2190.714718][ T405] 318830 pages reserved [ 2190.721361][ T405] 0 pages cma reserved [ 2190.726060][ T405] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=19440,uid=0 [ 2190.740777][ T405] Out of memory: Killed process 19440 (syz-executor.0) total-vm:75624kB, anon-rss:16580kB, file-rss:35148kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 2191.200809][T19434] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2191.225282][T19434] CPU: 1 PID: 19434 Comm: syz-executor.4 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2191.235437][T19434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2191.245472][T19434] Call Trace: [ 2191.248830][T19434] dump_stack+0x14a/0x1ce [ 2191.253144][T19434] ? devkmsg_release+0x11c/0x11c [ 2191.258053][T19434] ? show_regs_print_info+0x12/0x12 [ 2191.263221][T19434] ? radix_tree_cpu_dead+0x160/0x160 [ 2191.268560][T19434] ? _raw_spin_lock+0xa1/0x170 [ 2191.273291][T19434] ? _raw_spin_trylock_bh+0x190/0x190 [ 2191.278632][T19434] dump_header+0xdb/0x700 [ 2191.282941][T19434] oom_kill_process+0xd3/0x280 [ 2191.287781][T19434] out_of_memory+0x5b6/0x890 [ 2191.292339][T19434] ? unregister_oom_notifier+0x20/0x20 [ 2191.297768][T19434] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2191.303279][T19434] ? unwind_get_return_address+0x48/0x90 [ 2191.308886][T19434] ? get_page_from_freelist+0x7c0/0x7c0 [ 2191.314417][T19434] ? __zone_watermark_ok+0x91/0x280 [ 2191.319596][T19434] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2191.324949][T19434] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2191.330463][T19434] ? copy_process+0x5a4/0x5110 [ 2191.335195][T19434] ? kmem_cache_alloc+0x1d5/0x260 [ 2191.340187][T19434] copy_process+0x5f3/0x5110 [ 2191.344747][T19434] ? get_mem_cgroup_from_mm+0x27b/0x2c0 [ 2191.350273][T19434] ? _raw_spin_lock+0xa1/0x170 [ 2191.355039][T19434] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2191.360826][T19434] ? fork_idle+0x290/0x290 [ 2191.365224][T19434] ? _raw_spin_unlock+0x5/0x20 [ 2191.369961][T19434] ? handle_mm_fault+0xb16/0x40a0 [ 2191.374953][T19434] _do_fork+0x196/0x920 [ 2191.379224][T19434] ? dup_mm+0x300/0x300 [ 2191.383371][T19434] ? do_mmap+0x9ad/0x1060 [ 2191.387699][T19434] __x64_sys_clone+0x25f/0x2c0 [ 2191.392436][T19434] ? __ia32_sys_vfork+0x110/0x110 [ 2191.397430][T19434] ? do_user_addr_fault+0x55c/0x9f0 [ 2191.402606][T19434] do_syscall_64+0xcb/0x150 [ 2191.407079][T19434] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2191.412943][T19434] RIP: 0033:0x45f1f9 [ 2191.416820][T19434] Code: ff 48 85 f6 0f 84 37 8d fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 0e 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2191.436826][T19434] RSP: 002b:00007ffe517c28c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2191.445216][T19434] RAX: ffffffffffffffda RBX: 00007fa744f39700 RCX: 000000000045f1f9 [ 2191.453157][T19434] RDX: 00007fa744f399d0 RSI: 00007fa744f38db0 RDI: 00000000003d0f00 [ 2191.461098][T19434] RBP: 00007ffe517c2af0 R08: 00007fa744f39700 R09: 00007fa744f39700 [ 2191.469037][T19434] R10: 00007fa744f399d0 R11: 0000000000000202 R12: 0000000000000000 [ 2191.476977][T19434] R13: 00007ffe517c297f R14: 00007fa744f399c0 R15: 000000000078c22c [ 2191.491592][T19434] Mem-Info: [ 2191.495098][T19434] active_anon:1381288 inactive_anon:17088 isolated_anon:0 [ 2191.495098][T19434] active_file:275 inactive_file:369 isolated_file:56 [ 2191.495098][T19434] unevictable:0 dirty:41 writeback:0 unstable:0 [ 2191.495098][T19434] slab_reclaimable:8404 slab_unreclaimable:79385 [ 2191.495098][T19434] mapped:62304 shmem:17095 pagetables:45257 bounce:0 [ 2191.495098][T19434] free:15957 free_pcp:0 free_cma:0 [ 2191.533368][T19434] Node 0 active_anon:5525152kB inactive_anon:68352kB active_file:1200kB inactive_file:1456kB unevictable:0kB isolated(anon):0kB isolated(file):96kB mapped:249216kB dirty:164kB writeback:0kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2191.558298][T19434] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2191.584869][T19434] lowmem_reserve[]: 0 2912 6416 6416 [ 2191.590678][T19434] DMA32 free:34436kB min:20548kB low:23528kB high:26508kB active_anon:2702664kB inactive_anon:8904kB active_file:264kB inactive_file:196kB unevictable:0kB writepending:96kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:25344kB pagetables:58812kB bounce:0kB free_pcp:172kB local_pcp:0kB free_cma:0kB [ 2191.624823][T19434] lowmem_reserve[]: 0 0 3504 3504 [ 2191.630294][T19434] Normal free:13488kB min:13784kB low:17372kB high:20960kB active_anon:2822488kB inactive_anon:59448kB active_file:964kB inactive_file:908kB unevictable:0kB writepending:68kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30688kB pagetables:122216kB bounce:0kB free_pcp:292kB local_pcp:0kB free_cma:0kB [ 2191.660934][T19434] lowmem_reserve[]: 0 0 0 0 [ 2191.670741][T19434] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2191.685713][T19434] DMA32: 1208*4kB (UMH) 1196*8kB (UMEH) 863*16kB (UMEH) 161*32kB (UMH) 10*64kB (UMH) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 34128kB [ 2191.701997][T19434] Normal: 759*4kB (UME) 273*8kB (UME) 108*16kB (UME) 196*32kB (ME) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 13220kB [ 2191.717828][T19434] 17651 total pagecache pages [ 2191.722974][T19434] 0 pages in swap cache [ 2191.727452][T19434] Swap cache stats: add 0, delete 0, find 0/0 [ 2191.733947][T19434] Free swap = 0kB [ 2191.737992][T19434] Total swap = 0kB [ 2191.751734][T19434] 1965979 pages RAM [ 2191.755942][T19434] 0 pages HighMem/MovableOnly [ 2191.760973][T19434] 318830 pages reserved [ 2191.765480][T19434] 0 pages cma reserved [ 2191.769872][T19434] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.3,pid=18753,uid=0 [ 2191.784411][T19434] Out of memory: Killed process 18753 (syz-executor.3) total-vm:75756kB, anon-rss:14052kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000 [ 2191.806496][ T23] oom_reaper: reaped process 18753 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 04:07:47 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xf5000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:07:47 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x13b000}], 0x1, 0x0) pipe(0x0) 04:07:47 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x9e000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:07:47 executing program 1: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xf3000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:07:47 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r0 = socket(0x11, 0x800000003, 0x0) bind(r0, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r0, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000240)={@mcast1, @empty, @local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20c000a6, r1}) sendmsg$NL80211_CMD_LEAVE_MESH(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x50, 0x0, 0x2, 0x70bd25, 0x25dfdbfc, {}, [@NL80211_ATTR_IFINDEX={0x8}, @NL80211_ATTR_IFINDEX={0x8}, @NL80211_ATTR_IFINDEX={0x8}, @NL80211_ATTR_IFINDEX={0x8}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x3, 0xffffffffffffffff}}, @NL80211_ATTR_WIPHY={0x8}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r1}]}, 0x50}, 0x1, 0x0, 0x0, 0x801}, 0x48051) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) connect$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r3, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) 04:07:47 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) sched_setattr(0x0, &(0x7f0000000080)={0xffffffffffffff6e, 0x2, 0x1, 0x0, 0x3}, 0x0) ioctl$EXT4_IOC_MIGRATE(r4, 0x6609) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/partitions\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:07:48 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x13c000}], 0x1, 0x0) pipe(0x0) 04:07:48 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x9f000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:07:48 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r0, &(0x7f0000000500), 0x37d, 0x0) ioctl$TIOCL_SETVESABLANK(r0, 0x541c, &(0x7f0000000040)) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r1, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r3, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) 04:07:48 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xf6000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:07:49 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000040)={0x8, 0x2, 0x200, 0x8706, 0x3ff}, 0x14) r2 = socket$inet6(0xa, 0x3, 0x7) syz_open_dev$char_usb(0xc, 0xb4, 0x5) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) 04:07:49 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) sendmsg$TIPC_NL_NAME_TABLE_GET(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000400)={0x14, 0x0, 0xc46dfc707e1df77d}, 0x14}}, 0x0) sendmsg$TIPC_NL_MON_PEER_GET(r2, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x60, 0x0, 0x800, 0x70bd29, 0x25dfdbfd, {}, [@TIPC_NLA_MEDIA={0x40, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffff8af2}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}]}]}, @TIPC_NLA_MEDIA={0xc, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x8080}, 0x4c080) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) [ 2193.722863][ T400] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2193.734259][ T400] CPU: 0 PID: 400 Comm: syz-fuzzer Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2193.743882][ T400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2193.753929][ T400] Call Trace: [ 2193.757389][ T400] dump_stack+0x14a/0x1ce [ 2193.761717][ T400] ? devkmsg_release+0x11c/0x11c [ 2193.766644][ T400] ? show_regs_print_info+0x12/0x12 [ 2193.771837][ T400] ? radix_tree_cpu_dead+0x160/0x160 [ 2193.777117][ T400] ? _raw_spin_lock+0xa1/0x170 [ 2193.781868][ T400] ? _raw_spin_trylock_bh+0x190/0x190 [ 2193.787216][ T400] dump_header+0xdb/0x700 [ 2193.791542][ T400] oom_kill_process+0xd3/0x280 [ 2193.796277][ T400] out_of_memory+0x5b6/0x890 [ 2193.800838][ T400] ? unregister_oom_notifier+0x20/0x20 [ 2193.806267][ T400] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2193.811786][ T400] ? get_page_from_freelist+0x7c0/0x7c0 [ 2193.818004][ T400] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2193.823358][ T400] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2193.828886][ T400] pagecache_get_page+0x50f/0x880 [ 2193.833884][ T400] ? is_mmconf_reserved+0x410/0x410 [ 2193.839050][ T400] filemap_fault+0x1474/0x19d0 [ 2193.843784][ T400] ? generic_file_read_iter+0x20b0/0x20b0 [ 2193.849482][ T400] ? ___preempt_schedule+0x16/0x20 [ 2193.854563][ T400] ext4_filemap_fault+0x7b/0x90 [ 2193.859381][ T400] handle_mm_fault+0x2837/0x40a0 [ 2193.864289][ T400] ? finish_fault+0x230/0x230 [ 2193.868934][ T400] ? preempt_schedule_irq+0xe7/0x140 [ 2193.874188][ T400] ? preempt_schedule_notrace+0x130/0x130 [ 2193.879877][ T400] ? __up_read+0x1b0/0x1b0 [ 2193.884282][ T400] ? vmacache_find+0x205/0x4b0 [ 2193.889029][ T400] do_user_addr_fault+0x48a/0x9f0 [ 2193.894022][ T400] page_fault+0x2f/0x40 [ 2193.898147][ T400] RIP: 0033:0x44911b [ 2193.902013][ T400] Code: 89 0c 24 e8 b7 5c fc ff 48 8b 44 24 58 48 89 04 24 48 8b 44 24 60 48 89 44 24 08 48 8b 44 24 28 48 89 44 24 10 48 8b 54 24 50 <48> 8b 02 ff d0 48 8b 44 24 78 48 89 04 24 e8 e2 5a fc ff 48 8b 44 [ 2193.921601][ T400] RSP: 002b:000000c420038f60 EFLAGS: 00010202 [ 2193.927647][ T400] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 2193.935588][ T400] RDX: 00000000009c3060 RSI: 00000000007f8760 RDI: 000000c42f425600 [ 2193.943530][ T400] RBP: 000000c420038f58 R08: 0000000000000000 R09: 0000000000000003 [ 2193.951483][ T400] R10: 0000020cb7b91a2e R11: 0000000000000001 R12: 000001ff4a8252fd [ 2193.959435][ T400] R13: 0000000000000001 R14: 0000000000000200 R15: 0000000000000100 [ 2193.969006][ T400] Mem-Info: [ 2193.973494][ T400] active_anon:1382317 inactive_anon:17088 isolated_anon:0 [ 2193.973494][ T400] active_file:827 inactive_file:781 isolated_file:32 [ 2193.973494][ T400] unevictable:0 dirty:39 writeback:0 unstable:0 [ 2193.973494][ T400] slab_reclaimable:8404 slab_unreclaimable:79693 [ 2193.973494][ T400] mapped:63300 shmem:17095 pagetables:45461 bounce:0 [ 2193.973494][ T400] free:13218 free_pcp:44 free_cma:0 [ 2194.053075][ T400] Node 0 active_anon:5530068kB inactive_anon:68352kB active_file:2816kB inactive_file:2964kB unevictable:0kB isolated(anon):0kB isolated(file):244kB mapped:252600kB dirty:156kB writeback:0kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2194.090772][ T400] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2194.134229][ T400] lowmem_reserve[]: 0 2912 6416 6416 [ 2194.139784][ T400] DMA32 free:29064kB min:20548kB low:23528kB high:26508kB active_anon:2704412kB inactive_anon:8904kB active_file:1048kB inactive_file:780kB unevictable:0kB writepending:36kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:25536kB pagetables:59304kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2194.171152][ T400] lowmem_reserve[]: 0 0 3504 3504 [ 2194.203134][ T400] Normal free:8132kB min:9688kB low:13276kB high:16864kB active_anon:2826720kB inactive_anon:59448kB active_file:1444kB inactive_file:480kB unevictable:0kB writepending:124kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30912kB pagetables:122544kB bounce:0kB free_pcp:120kB local_pcp:120kB free_cma:0kB [ 2194.290277][ T400] lowmem_reserve[]: 0 0 0 0 [ 2194.300681][ T400] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2194.330695][ T400] DMA32: 218*4kB (UMH) 1037*8kB (UMEH) 871*16kB (UMEH) 199*32kB (UMH) 15*64kB (UMH) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 30560kB [ 2194.360830][ T400] Normal: 519*4kB (UME) 89*8kB (UME) 23*16kB (ME) 177*32kB (UME) 7*64kB (M) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9268kB [ 2194.382438][ T400] 17526 total pagecache pages [ 2194.393604][ T400] 0 pages in swap cache [ 2194.398182][ T400] Swap cache stats: add 0, delete 0, find 0/0 [ 2194.404821][ T400] Free swap = 0kB [ 2194.409083][ T400] Total swap = 0kB [ 2194.421252][ T400] 1965979 pages RAM [ 2194.430167][ T400] 0 pages HighMem/MovableOnly [ 2194.440281][ T400] 318830 pages reserved [ 2194.444930][ T400] 0 pages cma reserved [ 2194.449505][ T400] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=9695,uid=0 [ 2194.480879][ T400] Out of memory: Killed process 9695 (syz-executor.0) total-vm:75756kB, anon-rss:13968kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000 04:07:50 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x13d000}], 0x1, 0x0) pipe(0x0) 04:07:50 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff}) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r1, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) ioctl$sock_SIOCGIFVLAN_GET_VLAN_REALDEV_NAME_CMD(r1, 0x8982, &(0x7f0000000040)={0x8, 'ip6gretap0\x00', {'vcan0\x00'}, 0x3}) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) 04:07:50 executing program 0: r0 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000300)='IPVS\x00') sendmsg$IPVS_CMD_GET_CONFIG(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r0, 0x4, 0x70bd25, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x81}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x8001) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:07:50 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x8002, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r0, &(0x7f0000000500), 0x37d, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x4000000000400202) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r1, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r3, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) 04:07:50 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xf7000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:07:50 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0xa0000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) [ 2195.129579][T19552] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2195.186293][T19552] CPU: 1 PID: 19552 Comm: syz-executor.5 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2195.196457][T19552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2195.206503][T19552] Call Trace: [ 2195.209788][T19552] dump_stack+0x14a/0x1ce [ 2195.214113][T19552] ? devkmsg_release+0x11c/0x11c [ 2195.219046][T19552] ? show_regs_print_info+0x12/0x12 [ 2195.224238][T19552] ? radix_tree_cpu_dead+0x160/0x160 [ 2195.229515][T19552] ? _raw_spin_lock+0xa1/0x170 [ 2195.234271][T19552] ? _raw_spin_trylock_bh+0x190/0x190 [ 2195.239658][T19552] dump_header+0xdb/0x700 [ 2195.243981][T19552] oom_kill_process+0xd3/0x280 [ 2195.248740][T19552] out_of_memory+0x5b6/0x890 [ 2195.253331][T19552] ? unregister_oom_notifier+0x20/0x20 [ 2195.258789][T19552] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2195.264341][T19552] ? get_page_from_freelist+0x7c0/0x7c0 [ 2195.269891][T19552] ? __zone_watermark_ok+0x91/0x280 [ 2195.275097][T19552] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2195.280468][T19552] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2195.286006][T19552] ? copy_process+0x5a4/0x5110 [ 2195.290764][T19552] ? copy_process+0x5a4/0x5110 [ 2195.295524][T19552] ? kmem_cache_alloc+0x1d5/0x260 [ 2195.300540][T19552] copy_process+0x5f3/0x5110 [ 2195.305127][T19552] ? fork_idle+0x290/0x290 [ 2195.309537][T19552] _do_fork+0x196/0x920 [ 2195.313684][T19552] ? slab_free_freelist_hook+0xd0/0x150 [ 2195.319219][T19552] ? dup_mm+0x300/0x300 [ 2195.323366][T19552] ? ktime_get_raw+0x130/0x130 [ 2195.328119][T19552] __x64_sys_clone+0x25f/0x2c0 [ 2195.332886][T19552] ? __ia32_sys_vfork+0x110/0x110 [ 2195.337902][T19552] ? __x64_sys_clock_gettime+0x20d/0x260 [ 2195.343528][T19552] do_syscall_64+0xcb/0x150 [ 2195.348038][T19552] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2195.353921][T19552] RIP: 0033:0x45c829 [ 2195.357808][T19552] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2195.377400][T19552] RSP: 002b:00007f9080065c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2195.385802][T19552] RAX: ffffffffffffffda RBX: 00000000004da840 RCX: 000000000045c829 [ 2195.393763][T19552] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 2195.401721][T19552] RBP: 000000000078bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 2195.409681][T19552] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2195.417669][T19552] R13: 0000000000000076 R14: 00000000004c311e R15: 00007f90800666d4 [ 2195.495798][T19552] Mem-Info: [ 2195.498990][T19552] active_anon:1383799 inactive_anon:17088 isolated_anon:0 [ 2195.498990][T19552] active_file:225 inactive_file:848 isolated_file:32 [ 2195.498990][T19552] unevictable:0 dirty:3 writeback:0 unstable:0 [ 2195.498990][T19552] slab_reclaimable:8413 slab_unreclaimable:79454 [ 2195.498990][T19552] mapped:62675 shmem:17095 pagetables:45486 bounce:0 [ 2195.498990][T19552] free:11795 free_pcp:641 free_cma:0 [ 2195.541021][T19552] Node 0 active_anon:5535280kB inactive_anon:68352kB active_file:1024kB inactive_file:3580kB unevictable:0kB isolated(anon):0kB isolated(file):140kB mapped:250764kB dirty:24kB writeback:0kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2195.594124][T19552] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2195.736815][T19552] lowmem_reserve[]: 0 2912 6416 6416 [ 2195.747789][T19552] DMA32 free:22620kB min:8740kB low:11720kB high:14700kB active_anon:2708500kB inactive_anon:8904kB active_file:1772kB inactive_file:3220kB unevictable:0kB writepending:16kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:25504kB pagetables:59280kB bounce:0kB free_pcp:280kB local_pcp:164kB free_cma:0kB [ 2195.777905][T19552] lowmem_reserve[]: 0 0 3504 3504 [ 2195.783398][T19552] Normal free:8348kB min:9688kB low:13276kB high:16864kB active_anon:2826340kB inactive_anon:59448kB active_file:968kB inactive_file:800kB unevictable:0kB writepending:8kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30976kB pagetables:122664kB bounce:0kB free_pcp:244kB local_pcp:168kB free_cma:0kB [ 2195.813448][T19552] lowmem_reserve[]: 0 0 0 0 [ 2195.818450][T19552] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2195.845735][T19552] DMA32: 82*4kB (UH) 120*8kB (UMEH) 889*16kB (UMEH) 224*32kB (UMH) 14*64kB (UMH) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 23704kB [ 2195.912045][T19552] Normal: 833*4kB (UME) 75*8kB (UME) 22*16kB (UME) 173*32kB (UME) 2*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9948kB [ 2195.926655][T19552] 18680 total pagecache pages [ 2195.931986][T19552] 0 pages in swap cache [ 2195.936779][T19552] Swap cache stats: add 0, delete 0, find 0/0 [ 2195.950548][T19552] Free swap = 0kB [ 2195.954296][T19552] Total swap = 0kB [ 2195.958023][T19552] 1965979 pages RAM [ 2195.989561][T19552] 0 pages HighMem/MovableOnly [ 2196.007295][T19552] 318830 pages reserved [ 2196.018720][T19552] 0 pages cma reserved [ 2196.050542][T19552] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=19521,uid=0 [ 2196.088323][T19552] Out of memory: Killed process 19521 (syz-executor.0) total-vm:75624kB, anon-rss:16580kB, file-rss:35024kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 04:07:51 executing program 1: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x100000000000000) 04:07:51 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x13e000}], 0x1, 0x0) pipe(0x0) 04:07:51 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xf8000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:07:51 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="b7a608db18760df49b04e98077d2563c13520c65", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:07:51 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r2, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(r1, &(0x7f0000000500), 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r4 = socket$inet6(0xa, 0x3, 0x7) getresuid(&(0x7f0000000040), &(0x7f0000000100), &(0x7f0000000180)) recvmmsg(r4, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) preadv(r0, &(0x7f0000000080)=[{&(0x7f0000001340)=""/185, 0xbd}, {&(0x7f0000001c80)=""/4102, 0x101b}], 0x2, 0x0) [ 2196.649129][T19570] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2196.680683][T19570] CPU: 0 PID: 19570 Comm: syz-executor.5 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2196.691197][T19570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2196.701258][T19570] Call Trace: [ 2196.704547][T19570] dump_stack+0x14a/0x1ce [ 2196.708868][T19570] ? devkmsg_release+0x11c/0x11c [ 2196.713796][T19570] ? show_regs_print_info+0x12/0x12 [ 2196.718981][T19570] ? radix_tree_cpu_dead+0x160/0x160 [ 2196.724326][T19570] ? _raw_spin_lock+0xa1/0x170 [ 2196.729060][T19570] ? _raw_spin_trylock_bh+0x190/0x190 [ 2196.734403][T19570] dump_header+0xdb/0x700 [ 2196.738707][T19570] oom_kill_process+0xd3/0x280 [ 2196.743445][T19570] out_of_memory+0x5b6/0x890 [ 2196.748051][T19570] ? unregister_oom_notifier+0x20/0x20 [ 2196.753483][T19570] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2196.759000][T19570] ? unwind_get_return_address+0x48/0x90 [ 2196.764620][T19570] ? get_page_from_freelist+0x7c0/0x7c0 [ 2196.770135][T19570] ? __zone_watermark_ok+0x91/0x280 [ 2196.775307][T19570] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2196.780659][T19570] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2196.786190][T19570] ? copy_process+0x5a4/0x5110 [ 2196.790926][T19570] ? copy_process+0x5a4/0x5110 [ 2196.795661][T19570] ? kmem_cache_alloc+0x1d5/0x260 [ 2196.800674][T19570] copy_process+0x5f3/0x5110 [ 2196.805239][T19570] ? get_mem_cgroup_from_mm+0x27b/0x2c0 [ 2196.810755][T19570] ? _raw_spin_lock+0xa1/0x170 [ 2196.815490][T19570] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2196.821265][T19570] ? fork_idle+0x290/0x290 [ 2196.825673][T19570] ? _raw_spin_unlock+0x5/0x20 [ 2196.830408][T19570] ? handle_mm_fault+0xb16/0x40a0 [ 2196.835488][T19570] _do_fork+0x196/0x920 [ 2196.839630][T19570] ? dup_mm+0x300/0x300 [ 2196.843770][T19570] ? do_mmap+0x9ad/0x1060 [ 2196.848070][T19570] __x64_sys_clone+0x25f/0x2c0 [ 2196.852804][T19570] ? __ia32_sys_vfork+0x110/0x110 [ 2196.857809][T19570] ? do_user_addr_fault+0x55c/0x9f0 [ 2196.862976][T19570] do_syscall_64+0xcb/0x150 [ 2196.867464][T19570] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2196.873328][T19570] RIP: 0033:0x45f1f9 [ 2196.877198][T19570] Code: ff 48 85 f6 0f 84 37 8d fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 0e 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2196.896783][T19570] RSP: 002b:00007ffce0d0df68 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2196.905185][T19570] RAX: ffffffffffffffda RBX: 00007f9080045700 RCX: 000000000045f1f9 [ 2196.913139][T19570] RDX: 00007f90800459d0 RSI: 00007f9080044db0 RDI: 00000000003d0f00 [ 2196.921088][T19570] RBP: 00007ffce0d0e190 R08: 00007f9080045700 R09: 00007f9080045700 [ 2196.929045][T19570] R10: 00007f90800459d0 R11: 0000000000000202 R12: 0000000000000000 [ 2196.936988][T19570] R13: 00007ffce0d0e01f R14: 00007f90800459c0 R15: 000000000078c04c [ 2196.957440][T19570] Mem-Info: [ 2196.964738][T19570] active_anon:1383832 inactive_anon:17088 isolated_anon:0 [ 2196.964738][T19570] active_file:298 inactive_file:298 isolated_file:61 [ 2196.964738][T19570] unevictable:0 dirty:19 writeback:0 unstable:0 [ 2196.964738][T19570] slab_reclaimable:8413 slab_unreclaimable:79334 [ 2196.964738][T19570] mapped:62464 shmem:17095 pagetables:45456 bounce:0 [ 2196.964738][T19570] free:12868 free_pcp:149 free_cma:0 [ 2197.003497][T19570] Node 0 active_anon:5535348kB inactive_anon:68352kB active_file:1224kB inactive_file:1112kB unevictable:0kB isolated(anon):0kB isolated(file):132kB mapped:249752kB dirty:112kB writeback:0kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2197.029222][T19570] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2197.084410][T19570] lowmem_reserve[]: 0 2912 6416 6416 [ 2197.089755][T19570] DMA32 free:28484kB min:16932kB low:19912kB high:22892kB active_anon:2708100kB inactive_anon:8904kB active_file:424kB inactive_file:836kB unevictable:0kB writepending:40kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:25376kB pagetables:59240kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2197.140501][T19570] lowmem_reserve[]: 0 0 3504 3504 [ 2197.147934][T19570] Normal free:14796kB min:9688kB low:13276kB high:16864kB active_anon:2819688kB inactive_anon:59448kB active_file:800kB inactive_file:1284kB unevictable:0kB writepending:72kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:31008kB pagetables:122604kB bounce:0kB free_pcp:892kB local_pcp:200kB free_cma:0kB [ 2197.178756][T19570] lowmem_reserve[]: 0 0 0 0 [ 2197.183412][T19570] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB 04:07:52 executing program 0: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xae000}], 0x1, 0x0) pipe(0x0) [ 2197.239141][T19570] DMA32: 2000*4kB (UMH) 730*8kB (UMEH) 889*16kB (UMEH) 228*32kB (UMH) 12*64kB (UMH) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 36256kB [ 2197.305382][T19570] Normal: 475*4kB (MEH) 371*8kB (MEH) 117*16kB (MEH) 173*32kB (MEH) 3*64kB (H) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12468kB [ 2197.354368][T19570] 19293 total pagecache pages [ 2197.372326][T19570] 0 pages in swap cache [ 2197.387376][T19570] Swap cache stats: add 0, delete 0, find 0/0 [ 2197.407930][T19570] Free swap = 0kB [ 2197.421478][T19570] Total swap = 0kB [ 2197.433807][T19570] 1965979 pages RAM [ 2197.447411][T19570] 0 pages HighMem/MovableOnly [ 2197.463073][T19570] 318830 pages reserved [ 2197.477050][T19570] 0 pages cma reserved [ 2197.492562][T19570] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=19569,uid=0 04:07:53 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0xa1000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:07:53 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x13f000}], 0x1, 0x0) pipe(0x0) 04:07:53 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xf9000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) [ 2198.132576][ T436] syz-executor.2 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=0 [ 2198.145237][ T436] CPU: 1 PID: 436 Comm: syz-executor.2 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2198.155212][ T436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2198.165244][ T436] Call Trace: [ 2198.168524][ T436] dump_stack+0x14a/0x1ce [ 2198.172828][ T436] ? devkmsg_release+0x11c/0x11c [ 2198.177738][ T436] ? show_regs_print_info+0x12/0x12 [ 2198.182921][ T436] ? radix_tree_cpu_dead+0x160/0x160 [ 2198.188196][ T436] ? _raw_spin_lock+0xa1/0x170 [ 2198.192932][ T436] ? _raw_spin_trylock_bh+0x190/0x190 [ 2198.198274][ T436] dump_header+0xdb/0x700 [ 2198.202574][ T436] oom_kill_process+0xd3/0x280 [ 2198.207307][ T436] out_of_memory+0x5b6/0x890 [ 2198.211868][ T436] ? unregister_oom_notifier+0x20/0x20 [ 2198.217296][ T436] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2198.222837][ T436] ? get_page_from_freelist+0x7c0/0x7c0 [ 2198.228368][ T436] ? __zone_watermark_ok+0x91/0x280 [ 2198.233575][ T436] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2198.238928][ T436] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2198.244451][ T436] ? __d_instantiate+0x3c6/0x700 [ 2198.249362][ T436] alloc_slab_page+0x3a/0x3a0 [ 2198.254025][ T436] ? memset+0x1f/0x40 [ 2198.257984][ T436] new_slab+0x408/0x450 [ 2198.262133][ T436] ___slab_alloc+0x2e0/0x450 [ 2198.266714][ T436] ? getname_flags+0xb8/0x610 [ 2198.271369][ T436] ? getname_flags+0xb8/0x610 [ 2198.276019][ T436] kmem_cache_alloc+0x23f/0x260 [ 2198.280857][ T436] getname_flags+0xb8/0x610 [ 2198.285330][ T436] do_sys_open+0x33d/0x7d0 [ 2198.289717][ T436] ? do_mkdirat+0x2ae/0x310 [ 2198.294189][ T436] ? file_open_root+0x450/0x450 [ 2198.299110][ T436] ? do_user_addr_fault+0x55c/0x9f0 [ 2198.304277][ T436] do_syscall_64+0xcb/0x150 [ 2198.308763][ T436] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2198.314624][ T436] RIP: 0033:0x416600 [ 2198.318493][ T436] Code: 05 48 3d 01 f0 ff ff 0f 83 2d 19 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 3d 8d 1e 89 00 00 75 14 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff [ 2198.338066][ T436] RSP: 002b:00007fff3f7fadc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 2198.346533][ T436] RAX: ffffffffffffffda RBX: 0000000000218ac1 RCX: 0000000000416600 [ 2198.354476][ T436] RDX: 00007fff3f7fae5a RSI: 0000000000000002 RDI: 00007fff3f7fae50 [ 2198.362417][ T436] RBP: 0000000000001b26 R08: 0000000000000000 R09: 000000000000000a [ 2198.370376][ T436] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000000 [ 2198.378334][ T436] R13: 00007fff3f7fae00 R14: 0000000000218543 R15: 00007fff3f7fae10 [ 2198.388779][ T436] Mem-Info: [ 2198.411067][ T436] active_anon:1379755 inactive_anon:17088 isolated_anon:0 [ 2198.411067][ T436] active_file:409 inactive_file:994 isolated_file:0 [ 2198.411067][ T436] unevictable:0 dirty:0 writeback:0 unstable:0 04:07:54 executing program 0: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x33000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:07:54 executing program 1: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0xffefff7f) [ 2198.411067][ T436] slab_reclaimable:8429 slab_unreclaimable:79260 [ 2198.411067][ T436] mapped:62796 shmem:17095 pagetables:45481 bounce:0 [ 2198.411067][ T436] free:16301 free_pcp:244 free_cma:0 [ 2198.576720][ T436] Node 0 active_anon:5519020kB inactive_anon:68352kB active_file:3204kB inactive_file:4676kB unevictable:0kB isolated(anon):0kB isolated(file):412kB mapped:255284kB dirty:0kB writeback:0kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2198.650352][ T436] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2198.776635][ T436] lowmem_reserve[]: 0 2912 6416 6416 [ 2198.782611][ T436] DMA32 free:33076kB min:16932kB low:19912kB high:22892kB active_anon:2699344kB inactive_anon:8904kB active_file:1112kB inactive_file:1360kB unevictable:0kB writepending:0kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:25568kB pagetables:59320kB bounce:0kB free_pcp:1304kB local_pcp:704kB free_cma:0kB [ 2198.816196][ T436] lowmem_reserve[]: 0 0 3504 3504 [ 2198.821369][ T436] Normal free:16216kB min:13784kB low:17372kB high:20960kB active_anon:2819472kB inactive_anon:59448kB active_file:1116kB inactive_file:1104kB unevictable:0kB writepending:0kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30688kB pagetables:122604kB bounce:0kB free_pcp:20kB local_pcp:20kB free_cma:0kB [ 2198.851223][ T436] lowmem_reserve[]: 0 0 0 0 [ 2198.855806][ T436] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2198.869243][ T436] DMA32: 1541*4kB (UMH) 928*8kB (UMEH) 884*16kB (UMEH) 217*32kB (UMH) 4*64kB (UH) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 35060kB [ 2198.884231][ T436] Normal: 1248*4kB (UME) 441*8kB (UME) 139*16kB (UME) 188*32kB (UM) 3*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16952kB [ 2198.898679][ T436] 17858 total pagecache pages [ 2198.908877][ T436] 0 pages in swap cache [ 2198.913230][ T436] Swap cache stats: add 0, delete 0, find 0/0 [ 2198.919287][ T436] Free swap = 0kB [ 2198.923125][ T436] Total swap = 0kB [ 2198.926831][ T436] 1965979 pages RAM [ 2198.945342][ T436] 0 pages HighMem/MovableOnly [ 2198.950115][ T436] 318830 pages reserved [ 2198.954380][ T436] 0 pages cma reserved [ 2198.958551][ T436] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=19556,uid=0 [ 2198.975885][ T436] Out of memory: Killed process 19556 (syz-executor.0) total-vm:75756kB, anon-rss:16596kB, file-rss:34740kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 2198.999959][ T23] oom_reaper: reaped process 19556 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 04:07:54 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) pipe2(&(0x7f0000000040), 0x4800) dup(0xffffffffffffffff) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(r2, 0x0, 0x400e881) r3 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r3, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) 04:07:54 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0xa2000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:07:55 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x140000}], 0x1, 0x0) pipe(0x0) 04:07:55 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xfa000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:07:55 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x4000000000008d}, 0x0) r0 = add_key$keyring(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000340)={'syz', 0x0}, 0x0, 0x0, 0x0) keyctl$search(0xa, 0x0, &(0x7f0000000180)='rxrpc_s\x00', &(0x7f0000000280)={'syz', 0x0}, r0) keyctl$KEYCTL_PKEY_SIGN(0x1b, &(0x7f0000000040)={r0, 0x27, 0xff}, 0x0, &(0x7f0000000080)="80d275ee717565d2c8c3994d4c381cb32881bfd58195c77537a0926f4074ab96090c2235b03339", &(0x7f0000000180)=""/255) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) 04:07:55 executing program 1: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0xc0080020) 04:07:55 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) setxattr$security_ima(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='security.ima\x00', &(0x7f0000000100)=@sha1={0x1, "c5ab4e9f30ff642d984333330bfd272511323222"}, 0x15, 0x3) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) sendmsg$IPVS_CMD_SET_CONFIG(r1, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x50, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e20}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x4b}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x6ef}, @IPVS_DEST_ATTR_INACT_CONNS={0x8}, @IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e24}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x4008802}, 0x4000054) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) 04:07:55 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0xa3000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:07:56 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x141000}], 0x1, 0x0) pipe(0x0) 04:07:56 executing program 0: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0xa2000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:07:56 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xfb000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:07:56 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc, 0x0, 0x0, 0x0, 0x0, 0xc00}, 0x0, 0x0) 04:07:57 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0xa4000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:07:57 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000180)="e07c140070a0edb4181223badfa325309ca223f00300550abde64174ac77d589692d56d39b5fdbb1390856872f33fc5efa0f9be4e67f107b90f73443143c93429cd080d525f2c34939f680de49fc043c66b18e3194ccc2253437eeaf2e24b87d302a497c8b9ee9c33c8a6ad74a89faa7ac0283404be476b1a9c2243e0cb4ad1376d8df1a6ada80656dad8e210717e624e64cd15d27cc1a680a12421be08f4413d3b84a2f0accbbbf7ce398173e9d6013b84b0e31e182daf561eb47c2cda450acf2c5c2790dd11d1f660e17e475fb7b0e2a0c8ee4f2079ad6aca33826ed93333c07b7975933e3b279bb9a590ea1a324f59c80f09caa3c503331fbb62956a6b5ee46699e14594c", 0x106) epoll_ctl$EPOLL_CTL_DEL(r2, 0x2, r3) r4 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r4, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f0000000500), 0x37d, 0x0) 04:07:57 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x142000}], 0x1, 0x0) pipe(0x0) 04:07:57 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r1, &(0x7f0000000500), 0x37d, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0x9) ioctl$MON_IOCG_STATS(r1, 0x80089203, &(0x7f0000000040)) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$EXT4_IOC_SETFLAGS(r2, 0x40086602, &(0x7f00000001c0)=0x80000) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) getsockopt$ARPT_SO_GET_INFO(r3, 0x0, 0x60, &(0x7f00000000c0)={'filter\x00'}, &(0x7f0000000180)=0x44) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) 04:07:57 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x29000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:07:57 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xfc000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:07:58 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) accept(r1, 0x0, &(0x7f0000000040)) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r3, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) 04:07:58 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x143000}], 0x1, 0x0) pipe(0x0) 04:07:58 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x28000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) [ 2202.940190][ T439] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 2202.961828][ T439] CPU: 0 PID: 439 Comm: syz-executor.1 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2202.971816][ T439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2202.981889][ T439] Call Trace: [ 2202.985200][ T439] dump_stack+0x14a/0x1ce [ 2202.989525][ T439] ? devkmsg_release+0x11c/0x11c [ 2202.994454][ T439] ? show_regs_print_info+0x12/0x12 [ 2202.999641][ T439] ? radix_tree_cpu_dead+0x160/0x160 [ 2203.004913][ T439] ? _raw_spin_lock+0xa1/0x170 [ 2203.009663][ T439] ? _raw_spin_trylock_bh+0x190/0x190 [ 2203.015024][ T439] dump_header+0xdb/0x700 [ 2203.019343][ T439] oom_kill_process+0xd3/0x280 [ 2203.024096][ T439] out_of_memory+0x5b6/0x890 [ 2203.028670][ T439] ? unregister_oom_notifier+0x20/0x20 [ 2203.034119][ T439] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2203.039653][ T439] ? get_page_from_freelist+0x7c0/0x7c0 [ 2203.045186][ T439] ? __zone_watermark_ok+0x91/0x280 [ 2203.050402][ T439] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2203.055765][ T439] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2203.061391][ T439] ? __kasan_kmalloc+0x12c/0x1c0 [ 2203.066320][ T439] ? kmem_cache_alloc+0x1d5/0x260 [ 2203.071333][ T439] ? _raw_spin_lock+0xa1/0x170 [ 2203.076082][ T439] pte_alloc_one+0x1b/0xb0 [ 2203.080486][ T439] __pte_alloc+0x1d/0x1d0 [ 2203.084812][ T439] copy_page_range+0x1452/0x1710 [ 2203.089740][ T439] ? print_bad_pte+0x650/0x650 [ 2203.094488][ T439] ? init_admin_reserve+0xc0/0xc0 [ 2203.099482][ T439] ? vma_gap_callbacks_rotate+0x203/0x210 [ 2203.105171][ T439] dup_mmap+0x870/0xc00 [ 2203.109301][ T439] ? __delayed_free_task+0x20/0x20 [ 2203.114381][ T439] ? mm_init+0x5c6/0x720 [ 2203.118592][ T439] dup_mm+0x98/0x300 [ 2203.122459][ T439] copy_process+0x2052/0x5110 [ 2203.127107][ T439] ? fork_idle+0x290/0x290 [ 2203.131498][ T439] ? memset+0x1f/0x40 [ 2203.135449][ T439] ? handle_mm_fault+0xb16/0x40a0 [ 2203.140445][ T439] _do_fork+0x196/0x920 [ 2203.144571][ T439] ? dup_mm+0x300/0x300 [ 2203.148703][ T439] ? ktime_get_raw+0x130/0x130 [ 2203.153437][ T439] __x64_sys_clone+0x25f/0x2c0 [ 2203.158184][ T439] ? __ia32_sys_vfork+0x110/0x110 [ 2203.163178][ T439] ? __x64_sys_clock_gettime+0x20d/0x260 [ 2203.168797][ T439] ? do_user_addr_fault+0x55c/0x9f0 [ 2203.173967][ T439] do_syscall_64+0xcb/0x150 [ 2203.178459][ T439] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2203.184324][ T439] RIP: 0033:0x45ae5a [ 2203.188191][ T439] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2203.207772][ T439] RSP: 002b:00007ffead41c500 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2203.216171][ T439] RAX: ffffffffffffffda RBX: 00007ffead41c500 RCX: 000000000045ae5a [ 2203.224114][ T439] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2203.232057][ T439] RBP: 00007ffead41c540 R08: 0000000000000001 R09: 0000000002b2c940 [ 2203.239999][ T439] R10: 0000000002b2cc10 R11: 0000000000000246 R12: 0000000000000001 [ 2203.247941][ T439] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffead41c590 [ 2203.264464][ T439] Mem-Info: [ 2203.267994][ T439] active_anon:1381500 inactive_anon:17088 isolated_anon:0 [ 2203.267994][ T439] active_file:259 inactive_file:281 isolated_file:0 [ 2203.267994][ T439] unevictable:0 dirty:33 writeback:0 unstable:0 [ 2203.267994][ T439] slab_reclaimable:8429 slab_unreclaimable:79455 [ 2203.267994][ T439] mapped:62399 shmem:17095 pagetables:45724 bounce:0 [ 2203.267994][ T439] free:14889 free_pcp:42 free_cma:0 [ 2203.306610][ T439] Node 0 active_anon:5525904kB inactive_anon:68352kB active_file:1260kB inactive_file:3052kB unevictable:0kB isolated(anon):0kB isolated(file):156kB mapped:250992kB dirty:132kB writeback:0kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 04:07:59 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r1, &(0x7f0000000500), 0x37d, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0x9) ioctl$MON_IOCG_STATS(r1, 0x80089203, &(0x7f0000000040)) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$EXT4_IOC_SETFLAGS(r2, 0x40086602, &(0x7f00000001c0)=0x80000) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) getsockopt$ARPT_SO_GET_INFO(r3, 0x0, 0x60, &(0x7f00000000c0)={'filter\x00'}, &(0x7f0000000180)=0x44) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) 04:07:59 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0xa5000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) [ 2203.332057][ T439] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2203.382477][ T439] lowmem_reserve[]: 0 2912 6416 6416 [ 2203.435438][ T439] DMA32 free:26344kB min:4644kB low:7624kB high:10604kB active_anon:2704832kB inactive_anon:8904kB active_file:440kB inactive_file:3828kB unevictable:0kB writepending:28kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:25568kB pagetables:59548kB bounce:0kB free_pcp:576kB local_pcp:276kB free_cma:0kB [ 2203.481922][ T439] lowmem_reserve[]: 0 0 3504 3504 [ 2203.486989][ T439] Normal free:10156kB min:5592kB low:9180kB high:12768kB active_anon:2820572kB inactive_anon:59448kB active_file:1244kB inactive_file:3200kB unevictable:0kB writepending:108kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30880kB pagetables:123244kB bounce:0kB free_pcp:1768kB local_pcp:1416kB free_cma:0kB [ 2203.517803][ T439] lowmem_reserve[]: 0 0 0 0 [ 2203.522646][ T439] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2203.539730][ T439] DMA32: 66*4kB (MEH) 566*8kB (UMEH) 866*16kB (UMEH) 209*32kB (MH) 5*64kB (UMH) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 25784kB [ 2203.554748][ T439] Normal: 90*4kB (ME) 245*8kB (UME) 43*16kB (UME) 198*32kB (UM) 3*64kB (M) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9536kB [ 2203.569085][ T439] 19584 total pagecache pages [ 2203.574895][ T439] 0 pages in swap cache [ 2203.579658][ T439] Swap cache stats: add 0, delete 0, find 0/0 [ 2203.592671][ T439] Free swap = 0kB [ 2203.596397][ T439] Total swap = 0kB [ 2203.609934][ T439] 1965979 pages RAM [ 2203.613747][ T439] 0 pages HighMem/MovableOnly [ 2203.618482][ T439] 318830 pages reserved [ 2203.623602][ T439] 0 pages cma reserved 04:07:59 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x144000}], 0x1, 0x0) pipe(0x0) [ 2203.627673][ T439] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=19697,uid=0 [ 2203.642226][ T439] Out of memory: Killed process 19697 (syz-executor.1) total-vm:75228kB, anon-rss:16556kB, file-rss:35032kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 04:08:00 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xfd000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:08:00 executing program 0: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x27000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:08:00 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='cpuset\x00') preadv(r3, &(0x7f0000000040), 0x1000000000000292, 0x4000) 04:08:00 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0xa6000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:08:00 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0xa5000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:08:00 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x145000}], 0x1, 0x0) pipe(0x0) 04:08:00 executing program 0: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x27000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:08:01 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x146000}], 0x1, 0x0) pipe(0x0) 04:08:01 executing program 1: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0xc000000) 04:08:01 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0xa7000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:08:01 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xfe000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:08:01 executing program 3: connect$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) ioctl$TIOCGWINSZ(0xffffffffffffffff, 0x5413, &(0x7f0000000040)) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r1, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r3, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) r5 = add_key$keyring(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000340)={'syz', 0x0}, 0x0, 0x0, 0x0) keyctl$search(0xa, 0x0, &(0x7f0000000180)='rxrpc_s\x00', &(0x7f0000000280)={'syz', 0x0}, r5) keyctl$read(0xb, r5, &(0x7f0000000180)=""/209, 0xd1) 04:08:01 executing program 0: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x1f000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:08:02 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x147000}], 0x1, 0x0) pipe(0x0) 04:08:02 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x1d000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:08:02 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0xa8000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:08:02 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x4000000000008d}, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) unshare(0x6000400) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x400002200006007, 0x0) r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x1) prctl$PR_MCE_KILL(0x21, 0x1, 0x2) pipe(&(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf64(r2, &(0x7f0000000000)=ANY=[], 0xfffffd88) write$FUSE_OPEN(r2, &(0x7f0000000040)={0x20, 0xfffffffffffffff5, 0x4, {0x0, 0x6}}, 0x20) ioctl$LOOP_GET_STATUS64(r1, 0x4c00, &(0x7f0000004040)) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYPTR64=&(0x7f0000000540)=ANY=[@ANYPTR64=&(0x7f00000004c0)=ANY=[@ANYPTR64, @ANYRES64, @ANYRESHEX=r0, @ANYRESDEC=0x0, @ANYRES32], @ANYRES16=r2, @ANYRES64=r2, @ANYRESOCT=r0, @ANYPTR64], @ANYRES32=0x0, @ANYBLOB="000000003550000008001b00000000008e470b510c0bc0d592"], 0x3}}, 0x0) init_module(&(0x7f0000000200)='vboxnev1#vmnet1cgr\xd3\xe4p]eth0\x00', 0x1b, &(0x7f00000003c0)='vboxjet1\x00\xda\xac&\x1apD|\xc6#ht\xa2n@\xe4|\xaeFq[{\x966\xcf7\xbb\xed,\xd0\xef\xfeB\x8d\xb0\x96\x92\xad\xbe\xb1\x7f;m\xdar\x1crr6\xeb`\x0e\xa4\xe3\xea\x81jo\xe4-;\xb3@\xfd\x1eO\xd8\x9c\xd0\xe2\xc0$c\xec3\x93\xdd\xcb\x9c\xd2\xf5rn\xb1\x8f\xf4\xdbm]\x02\xce\x99:\x13PH\x11\xee\xf2\x04+\x12\x13F\xf5\xb4\xbc\xc6\xc14\r9g\xd7\xa3/*\xc5\\z\xd7\xf7\x069\x0f\xcc\'{\xbcO/\xaa\x8e\xd6\x82\xcb\xc5\xac\xa7\x0f\x15\xd6\x04A\xa5IM\x88\xf0\x9f;\x95\xa5_\xf6\xd1\xb6<\xae3\x04\xad\xdd\xf2\xf6\x02\xd8Y\x97\x13*\t\x1a\xdc\xbff\xc4\xcd\xcc\xaa\xf2\x8a\x85\x02P\x99\xbd\xdeJE\x90\xcb\xd2\x83+\x9f8\x10\xd5\xad\xc88\xe3\x10o\x1d\x84\xfa') syz_genetlink_get_family_id$smc(&(0x7f0000000100)='SMC_PNETID\x00') sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) socket$inet6(0xa, 0x2, 0x4) pipe(&(0x7f0000000140)={0xffffffffffffffff}) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000180)="aae8", 0x2}], 0x1, 0x8) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c0000005200000125bd7000fcdbdf250a0810030006000000000000"], 0x1c}, 0x1, 0x0, 0x0, 0x24004844}, 0x404c4) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) 04:08:02 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xff000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:08:03 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141242, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$IP_VS_SO_SET_ZERO(r2, 0x0, 0x48f, &(0x7f0000000040)={0x59, @broadcast, 0x4e21, 0x0, 'fo\x00', 0x17, 0x0, 0x3f}, 0x2c) sendmsg$IPVS_CMD_SET_INFO(r1, 0x0, 0x188339be32e271c9) r3 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r3, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, 0xffffffffffffffff) getsockopt$inet_mreq(r4, 0x0, 0x0, &(0x7f0000000100)={@initdev}, &(0x7f0000000180)=0x8) syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00') [ 2207.637990][T19878] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2207.709601][T19878] CPU: 0 PID: 19878 Comm: syz-executor.3 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2207.719769][T19878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2207.729813][T19878] Call Trace: [ 2207.733099][T19878] dump_stack+0x14a/0x1ce [ 2207.737403][T19878] ? devkmsg_release+0x11c/0x11c [ 2207.742310][T19878] ? show_regs_print_info+0x12/0x12 [ 2207.747477][T19878] ? radix_tree_cpu_dead+0x160/0x160 [ 2207.752732][T19878] ? _raw_spin_lock+0xa1/0x170 [ 2207.757478][T19878] ? _raw_spin_trylock_bh+0x190/0x190 [ 2207.762838][T19878] dump_header+0xdb/0x700 [ 2207.767157][T19878] oom_kill_process+0xd3/0x280 [ 2207.771891][T19878] out_of_memory+0x5b6/0x890 [ 2207.776543][T19878] ? unregister_oom_notifier+0x20/0x20 [ 2207.781974][T19878] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2207.787490][T19878] ? unwind_get_return_address+0x48/0x90 [ 2207.793270][T19878] ? get_page_from_freelist+0x7c0/0x7c0 [ 2207.798791][T19878] ? __zone_watermark_ok+0x91/0x280 [ 2207.803962][T19878] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2207.809305][T19878] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2207.814818][T19878] ? copy_process+0x5a4/0x5110 [ 2207.819552][T19878] ? copy_process+0x5a4/0x5110 [ 2207.824287][T19878] ? kmem_cache_alloc+0x1d5/0x260 [ 2207.829280][T19878] copy_process+0x5f3/0x5110 [ 2207.833843][T19878] ? get_mem_cgroup_from_mm+0x27b/0x2c0 [ 2207.839358][T19878] ? _raw_spin_lock+0xa1/0x170 [ 2207.844091][T19878] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2207.849865][T19878] ? fork_idle+0x290/0x290 [ 2207.854273][T19878] ? _raw_spin_unlock+0x5/0x20 [ 2207.859005][T19878] ? handle_mm_fault+0xb16/0x40a0 [ 2207.863996][T19878] _do_fork+0x196/0x920 [ 2207.868119][T19878] ? dup_mm+0x300/0x300 [ 2207.872255][T19878] ? do_mmap+0x9ad/0x1060 [ 2207.876561][T19878] __x64_sys_clone+0x25f/0x2c0 [ 2207.881293][T19878] ? __ia32_sys_vfork+0x110/0x110 [ 2207.886288][T19878] ? do_user_addr_fault+0x55c/0x9f0 [ 2207.891453][T19878] do_syscall_64+0xcb/0x150 [ 2207.895925][T19878] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2207.902219][T19878] RIP: 0033:0x45f1f9 [ 2207.906103][T19878] Code: ff 48 85 f6 0f 84 37 8d fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 0e 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2207.926022][T19878] RSP: 002b:00007ffcb99f8438 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2207.934419][T19878] RAX: ffffffffffffffda RBX: 00007f77fb327700 RCX: 000000000045f1f9 [ 2207.942361][T19878] RDX: 00007f77fb3279d0 RSI: 00007f77fb326db0 RDI: 00000000003d0f00 [ 2207.950302][T19878] RBP: 00007ffcb99f8660 R08: 00007f77fb327700 R09: 00007f77fb327700 [ 2207.958261][T19878] R10: 00007f77fb3279d0 R11: 0000000000000202 R12: 0000000000000000 [ 2207.966212][T19878] R13: 00007ffcb99f84ef R14: 00007f77fb3279c0 R15: 000000000078bf0c [ 2208.244720][T19878] Mem-Info: [ 2208.248106][T19878] active_anon:1379040 inactive_anon:17088 isolated_anon:0 [ 2208.248106][T19878] active_file:266 inactive_file:439 isolated_file:38 [ 2208.248106][T19878] unevictable:0 dirty:12 writeback:0 unstable:0 [ 2208.248106][T19878] slab_reclaimable:8460 slab_unreclaimable:79224 [ 2208.248106][T19878] mapped:62416 shmem:17095 pagetables:45877 bounce:0 [ 2208.248106][T19878] free:16710 free_pcp:158 free_cma:0 [ 2208.299076][T19878] Node 0 active_anon:5516160kB inactive_anon:68352kB active_file:964kB inactive_file:1628kB unevictable:0kB isolated(anon):0kB isolated(file):228kB mapped:249664kB dirty:48kB writeback:0kB shmem:68380kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2208.352198][T19878] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2208.383248][T19878] lowmem_reserve[]: 0 2912 6416 6416 [ 2208.395044][T19878] DMA32 free:35384kB min:20548kB low:23528kB high:26508kB active_anon:2696412kB inactive_anon:8904kB active_file:1148kB inactive_file:1548kB unevictable:0kB writepending:36kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:25920kB pagetables:59736kB bounce:0kB free_pcp:1056kB local_pcp:392kB free_cma:0kB [ 2208.476232][T19878] lowmem_reserve[]: 0 0 3504 3504 [ 2208.481657][T19878] Normal free:15488kB min:17880kB low:21468kB high:25056kB active_anon:2819748kB inactive_anon:59448kB active_file:248kB inactive_file:304kB unevictable:0kB writepending:12kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30944kB pagetables:123772kB bounce:0kB free_pcp:56kB local_pcp:20kB free_cma:0kB [ 2208.512521][T19878] lowmem_reserve[]: 0 0 0 0 [ 2208.517734][T19878] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2208.531923][T19878] DMA32: 1820*4kB (MH) 1206*8kB (UMEH) 838*16kB (UMEH) 159*32kB (MH) 3*64kB (H) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 35744kB [ 2208.547477][T19878] Normal: 1466*4kB (UME) 257*8kB (UME) 148*16kB (UME) 181*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16080kB [ 2208.562283][T19878] 17703 total pagecache pages [ 2208.567491][T19878] 0 pages in swap cache [ 2208.574884][T19878] Swap cache stats: add 0, delete 0, find 0/0 [ 2208.581623][T19878] Free swap = 0kB [ 2208.585939][T19878] Total swap = 0kB [ 2208.590436][T19878] 1965979 pages RAM [ 2208.594884][T19878] 0 pages HighMem/MovableOnly [ 2208.601253][T19878] 318830 pages reserved [ 2208.605921][T19878] 0 pages cma reserved [ 2208.611041][T19878] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.4,pid=27770,uid=0 [ 2208.626359][T19878] Out of memory: Killed process 27770 (syz-executor.4) total-vm:75228kB, anon-rss:13972kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 04:08:03 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x148000}], 0x1, 0x0) pipe(0x0) 04:08:04 executing program 1: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x1200) 04:08:04 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0xa9000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:08:04 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x100000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:08:04 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f00000001c0)=0x5) connect$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) sendmsg$NFT_MSG_GETGEN(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x14, 0x10, 0xa, 0x600, 0x0, 0x0, {0x3, 0x0, 0x8}, ["", "", ""]}, 0x14}}, 0x40804) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) 04:08:04 executing program 0: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0xe00) 04:08:05 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x149000}], 0x1, 0x0) pipe(0x0) 04:08:05 executing program 1: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x6b000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:08:05 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0xaa000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:08:05 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x101000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:08:05 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000040)={0x10000, 0xde}, 0xc) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) 04:08:05 executing program 0: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0xa00) 04:08:06 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x14a000}], 0x1, 0x0) pipe(0x0) 04:08:06 executing program 1: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x64000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:08:06 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0xab000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:08:06 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x102000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:08:06 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc, 0x0, 0x300}, 0x0, 0x0) 04:08:06 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x14b000}], 0x1, 0x0) pipe(0x0) 04:08:06 executing program 1: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x61000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) [ 2211.622325][T19990] syz-executor.5 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2211.663458][T19990] CPU: 0 PID: 19990 Comm: syz-executor.5 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2211.673623][T19990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2211.683668][T19990] Call Trace: [ 2211.686954][T19990] dump_stack+0x14a/0x1ce [ 2211.691278][T19990] ? devkmsg_release+0x11c/0x11c [ 2211.696205][T19990] ? show_regs_print_info+0x12/0x12 [ 2211.701391][T19990] ? radix_tree_cpu_dead+0x160/0x160 [ 2211.706661][T19990] ? _raw_spin_lock+0xa1/0x170 [ 2211.711410][T19990] ? _raw_spin_trylock_bh+0x190/0x190 [ 2211.716784][T19990] dump_header+0xdb/0x700 [ 2211.721108][T19990] oom_kill_process+0xd3/0x280 [ 2211.725898][T19990] out_of_memory+0x5b6/0x890 [ 2211.730481][T19990] ? unregister_oom_notifier+0x20/0x20 [ 2211.735934][T19990] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2211.741476][T19990] ? get_page_from_freelist+0x7c0/0x7c0 [ 2211.747009][T19990] ? __schedule+0x920/0xef0 [ 2211.751510][T19990] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2211.756868][T19990] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2211.762409][T19990] ? wp_page_copy+0x7e/0x1120 [ 2211.767072][T19990] wp_page_copy+0x1fe/0x1120 [ 2211.771647][T19990] ? futex_exit_release+0xc0/0xc0 [ 2211.776659][T19990] ? add_mm_rss_vec+0x270/0x270 [ 2211.781495][T19990] do_wp_page+0x68b/0x1530 [ 2211.785917][T19990] ? do_swap_page+0x1560/0x1560 [ 2211.790757][T19990] handle_mm_fault+0x1354/0x40a0 [ 2211.795668][T19990] ? finish_fault+0x230/0x230 [ 2211.800322][T19990] ? preempt_schedule_irq+0xe7/0x140 [ 2211.805578][T19990] ? preempt_schedule_notrace+0x130/0x130 [ 2211.811372][T19990] ? put_timespec64+0x109/0x150 [ 2211.816218][T19990] ? __up_read+0x1b0/0x1b0 [ 2211.820606][T19990] ? vmacache_update+0x9f/0xf0 [ 2211.825453][T19990] do_user_addr_fault+0x48a/0x9f0 [ 2211.830452][T19990] page_fault+0x2f/0x40 [ 2211.834592][T19990] RIP: 0033:0x40b177 [ 2211.838459][T19990] Code: eb 18 90 45 31 c0 31 c9 ba 80 00 00 00 48 89 de bf ca 00 00 00 e8 a9 16 05 00 8b 03 85 c0 74 e3 48 89 ef c7 45 08 00 00 00 00 84 9f ff ff 4c 89 e7 e8 dc 8b ff ff eb e1 66 2e 0f 1f 84 00 00 [ 2211.858314][T19990] RSP: 002b:00007f9080044d00 EFLAGS: 00010202 [ 2211.864351][T19990] RAX: 0000000000000001 RBX: 000000000078c048 RCX: 000000000045c829 [ 2211.872294][T19990] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000078c040 [ 2211.880238][T19990] RBP: 000000000078c040 R08: 0000000000000000 R09: 0000000000000000 [ 2211.888181][T19990] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078c04c [ 2211.896125][T19990] R13: 00007ffce0d0e01f R14: 00007f90800459c0 R15: 000000000078c04c [ 2211.911821][T19990] Mem-Info: [ 2211.915525][T19990] active_anon:1381209 inactive_anon:17089 isolated_anon:0 [ 2211.915525][T19990] active_file:409 inactive_file:430 isolated_file:33 [ 2211.915525][T19990] unevictable:0 dirty:41 writeback:0 unstable:0 [ 2211.915525][T19990] slab_reclaimable:8471 slab_unreclaimable:79416 [ 2211.915525][T19990] mapped:62795 shmem:17097 pagetables:46149 bounce:0 [ 2211.915525][T19990] free:13802 free_pcp:225 free_cma:0 [ 2211.954621][T19990] Node 0 active_anon:5524836kB inactive_anon:68356kB active_file:1536kB inactive_file:1516kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:250780kB dirty:164kB writeback:0kB shmem:68388kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2211.980431][T19990] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2212.007969][T19990] lowmem_reserve[]: 0 2912 6416 6416 [ 2212.014350][T19990] DMA32 free:32448kB min:20548kB low:23528kB high:26508kB active_anon:2696852kB inactive_anon:8904kB active_file:1284kB inactive_file:1344kB unevictable:0kB writepending:128kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:26272kB pagetables:60672kB bounce:0kB free_pcp:476kB local_pcp:68kB free_cma:0kB [ 2212.045414][T19990] lowmem_reserve[]: 0 0 3504 3504 [ 2212.118950][T19990] Normal free:13000kB min:24744kB low:28332kB high:31920kB active_anon:2821768kB inactive_anon:59452kB active_file:152kB inactive_file:36kB unevictable:0kB writepending:40kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30816kB pagetables:123924kB bounce:0kB free_pcp:1284kB local_pcp:20kB free_cma:0kB [ 2212.150844][T19990] lowmem_reserve[]: 0 0 0 0 [ 2212.184935][T19990] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2212.231138][T19990] DMA32: 2653*4kB (MEH) 1412*8kB (UMEH) 849*16kB (UMEH) 114*32kB (UMH) 4*64kB (MH) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 39524kB [ 2212.253972][T19990] Normal: 1125*4kB (UME) 126*8kB (UME) 132*16kB (UME) 180*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 13380kB [ 2212.311280][T19990] 19538 total pagecache pages [ 2212.326046][T19990] 0 pages in swap cache [ 2212.342794][T19990] Swap cache stats: add 0, delete 0, find 0/0 04:08:08 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="b7a66c", @ANYBLOB], 0x2}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc, 0xfdffffff00000000}, 0x0, 0x0) [ 2212.364560][T19990] Free swap = 0kB [ 2212.379404][T19990] Total swap = 0kB [ 2212.392816][T19990] 1965979 pages RAM [ 2212.405096][T19990] 0 pages HighMem/MovableOnly 04:08:08 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x14c000}], 0x1, 0x0) pipe(0x0) 04:08:08 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0xac000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) [ 2212.429536][T19990] 318830 pages reserved [ 2212.448945][T19990] 0 pages cma reserved [ 2212.459299][T19990] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=19992,uid=0 04:08:08 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) r0 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r1 = open(&(0x7f0000000040)='./file0\x00', 0x143042, 0x1b8) connect$inet(r1, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r2, &(0x7f0000000080)=[{&(0x7f00000000c0)="dd1ceb07ad261d937f62bb323d4f4205000000000000002eedfd350f11105ec7", 0x20}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r3, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000180)=""/140, 0x8c}, {&(0x7f0000000340)=""/194, 0xc2}, {&(0x7f0000000440)=""/178, 0xb2}], 0x3}, 0x1}], 0x1, 0x20, 0x0) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') r4 = openat$cgroup_subtree(r0, &(0x7f0000000000)='cgroup.subtree_control\x00', 0x2, 0x0) preadv(r4, &(0x7f0000000500), 0x0, 0x0) 04:08:08 executing program 0: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0xd) 04:08:08 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x103000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:08:08 executing program 1 (fault-call:16 fault-nth:0): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) [ 2213.345624][T20043] FAULT_INJECTION: forcing a failure. [ 2213.345624][T20043] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2213.359280][T20043] CPU: 1 PID: 20043 Comm: syz-executor.1 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2213.369425][T20043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2213.379467][T20043] Call Trace: [ 2213.382742][T20043] dump_stack+0x14a/0x1ce [ 2213.387073][T20043] ? devkmsg_release+0x11c/0x11c [ 2213.391992][T20043] ? switch_mm_irqs_off+0x329/0xa10 [ 2213.397173][T20043] ? show_regs_print_info+0x12/0x12 [ 2213.402345][T20043] ? switch_mm+0x100/0x100 [ 2213.406743][T20043] should_fail+0x6fb/0x860 [ 2213.411137][T20043] ? setup_fault_attr+0x3d0/0x3d0 [ 2213.416139][T20043] ? __schedule+0x920/0xef0 [ 2213.420631][T20043] __alloc_pages_nodemask+0x1ee/0x7c0 [ 2213.425986][T20043] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2213.431651][T20043] ? _raw_spin_lock_irqsave+0xfc/0x1e0 [ 2213.437088][T20043] ? _raw_spin_lock+0x170/0x170 [ 2213.441964][T20043] ? alarm_timer_nsleep_restart+0x270/0x270 [ 2213.447845][T20043] ? __fget+0x37c/0x3c0 [ 2213.452001][T20043] ? check_memory_region+0x70/0x2f0 [ 2213.457182][T20043] __get_free_pages+0xa/0x30 [ 2213.461763][T20043] __pollwait+0x228/0x400 [ 2213.466074][T20043] ? poll_initwait+0x150/0x150 [ 2213.470811][T20043] ? poll_initwait+0x150/0x150 [ 2213.475644][T20043] n_tty_poll+0xb4/0x790 [ 2213.479860][T20043] ? proc_reg_write+0x350/0x350 [ 2213.484688][T20043] ? n_tty_set_termios+0x10c0/0x10c0 [ 2213.489948][T20043] tty_poll+0x109/0x200 [ 2213.494093][T20043] ? tty_read+0x310/0x310 [ 2213.498489][T20043] do_select+0xcd6/0x1830 [ 2213.502800][T20043] ? core_sys_select+0x970/0x970 [ 2213.507735][T20043] ? poll_initwait+0x150/0x150 [ 2213.512480][T20043] ? __ia32_compat_sys_ppoll_time64+0x3a0/0x3a0 [ 2213.518712][T20043] ? __ia32_compat_sys_ppoll_time64+0x3a0/0x3a0 [ 2213.524950][T20043] ? __ia32_compat_sys_ppoll_time64+0x3a0/0x3a0 [ 2213.531181][T20043] ? __ia32_compat_sys_ppoll_time64+0x3a0/0x3a0 [ 2213.537424][T20043] ? __ia32_compat_sys_ppoll_time64+0x3a0/0x3a0 [ 2213.543741][T20043] ? __ia32_compat_sys_ppoll_time64+0x3a0/0x3a0 [ 2213.549972][T20043] ? __ia32_compat_sys_ppoll_time64+0x3a0/0x3a0 [ 2213.556211][T20043] ? __ia32_compat_sys_ppoll_time64+0x3a0/0x3a0 [ 2213.562433][T20043] ? kstrtouint_from_user+0x22d/0x2b0 [ 2213.567784][T20043] ? kstrtol_from_user+0x320/0x320 [ 2213.576880][T20043] ? __rcu_read_lock+0x50/0x50 [ 2213.581625][T20043] ? check_stack_object+0x5a/0x90 [ 2213.586643][T20043] core_sys_select+0x690/0x970 [ 2213.591400][T20043] ? poll_select_set_timeout+0x150/0x150 [ 2213.597019][T20043] ? sigprocmask+0x290/0x290 [ 2213.601591][T20043] ? security_file_permission+0x128/0x300 [ 2213.607294][T20043] __se_sys_pselect6+0x382/0x440 [ 2213.612223][T20043] ? fput_many+0x42/0x1a0 [ 2213.616533][T20043] ? ksys_write+0x25d/0x2c0 [ 2213.621032][T20043] ? __x64_sys_pselect6+0xf0/0xf0 [ 2213.626055][T20043] ? __ia32_sys_read+0x80/0x80 [ 2213.630808][T20043] ? __x64_sys_pselect6+0x1d/0xf0 [ 2213.635820][T20043] do_syscall_64+0xcb/0x150 [ 2213.640340][T20043] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2213.646221][T20043] RIP: 0033:0x45c829 [ 2213.650087][T20043] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2213.669665][T20043] RSP: 002b:00007f5714136c78 EFLAGS: 00000246 ORIG_RAX: 000000000000010e [ 2213.678057][T20043] RAX: ffffffffffffffda RBX: 00000000004fa2c0 RCX: 000000000045c829 [ 2213.686013][T20043] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000040 [ 2213.693967][T20043] RBP: 000000000078c0e0 R08: 0000000000000000 R09: 0000000000000000 [ 2213.701913][T20043] R10: 0000000020000140 R11: 0000000000000246 R12: 000000000000000c [ 2213.709867][T20043] R13: 0000000000000860 R14: 00000000004cb1fb R15: 00007f57141376d4 [ 2213.897951][ T404] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2213.949574][ T404] CPU: 0 PID: 404 Comm: syz-fuzzer Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2213.959224][ T404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2213.969266][ T404] Call Trace: [ 2213.972545][ T404] dump_stack+0x14a/0x1ce [ 2213.976863][ T404] ? devkmsg_release+0x11c/0x11c [ 2213.981782][ T404] ? show_regs_print_info+0x12/0x12 [ 2213.986952][ T404] ? radix_tree_cpu_dead+0x160/0x160 [ 2213.992211][ T404] ? _raw_spin_lock+0xa1/0x170 [ 2213.996959][ T404] ? _raw_spin_trylock_bh+0x190/0x190 [ 2214.002302][ T404] dump_header+0xdb/0x700 [ 2214.006612][ T404] oom_kill_process+0xd3/0x280 [ 2214.011348][ T404] out_of_memory+0x5b6/0x890 [ 2214.015907][ T404] ? unregister_oom_notifier+0x20/0x20 [ 2214.021336][ T404] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2214.026869][ T404] ? get_page_from_freelist+0x7c0/0x7c0 [ 2214.032387][ T404] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2214.037745][ T404] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2214.043261][ T404] pagecache_get_page+0x50f/0x880 [ 2214.048257][ T404] filemap_fault+0x1474/0x19d0 [ 2214.052993][ T404] ? generic_file_read_iter+0x20b0/0x20b0 [ 2214.058680][ T404] ? __vfs_read+0x5c3/0x710 [ 2214.063154][ T404] ext4_filemap_fault+0x7b/0x90 [ 2214.067975][ T404] handle_mm_fault+0x2837/0x40a0 [ 2214.072883][ T404] ? finish_fault+0x230/0x230 [ 2214.077530][ T404] ? __up_read+0x1b0/0x1b0 [ 2214.081916][ T404] ? vmacache_find+0x47a/0x4b0 [ 2214.086651][ T404] do_user_addr_fault+0x48a/0x9f0 [ 2214.091655][ T404] page_fault+0x2f/0x40 [ 2214.095780][ T404] RIP: 0033:0x7a7a6c [ 2214.099659][ T404] Code: Bad RIP value. [ 2214.103724][ T404] RSP: 002b:000000c430ed1b00 EFLAGS: 00010202 [ 2214.109763][ T404] RAX: 0000000000000000 RBX: 000000c430ed1c58 RCX: 0000000000000000 [ 2214.117703][ T404] RDX: 0000000000000002 RSI: 000000c420070240 RDI: 000000c430ed1bf8 [ 2214.125646][ T404] RBP: 000000c430ed1c60 R08: 000000c420070240 R09: 000000c430ed1c58 [ 2214.133602][ T404] R10: 0000000000000000 R11: 0000000000000002 R12: 0000000000000000 [ 2214.141653][ T404] R13: 000000c430ed1bf8 R14: 000000c430ed1bf8 R15: 0000000000000000 [ 2214.277778][ T404] Mem-Info: [ 2214.282150][ T404] active_anon:1378996 inactive_anon:17089 isolated_anon:0 [ 2214.282150][ T404] active_file:349 inactive_file:435 isolated_file:97 [ 2214.282150][ T404] unevictable:0 dirty:13 writeback:8 unstable:0 [ 2214.282150][ T404] slab_reclaimable:8491 slab_unreclaimable:79035 [ 2214.282150][ T404] mapped:62727 shmem:17097 pagetables:46205 bounce:0 [ 2214.282150][ T404] free:15434 free_pcp:934 free_cma:0 [ 2214.320872][ T404] Node 0 active_anon:5515884kB inactive_anon:68356kB active_file:1396kB inactive_file:1940kB unevictable:0kB isolated(anon):0kB isolated(file):100kB mapped:250808kB dirty:52kB writeback:32kB shmem:68388kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2214.345770][ T404] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2214.372036][ T404] lowmem_reserve[]: 0 2912 6416 6416 [ 2214.377642][ T404] DMA32 free:38568kB min:8740kB low:11720kB high:14700kB active_anon:2690868kB inactive_anon:8904kB active_file:1316kB inactive_file:1988kB unevictable:0kB writepending:132kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:26496kB pagetables:60836kB bounce:0kB free_pcp:1244kB local_pcp:372kB free_cma:0kB [ 2214.419210][ T404] lowmem_reserve[]: 0 0 3504 3504 [ 2214.424286][ T404] Normal free:7768kB min:5592kB low:9180kB high:12768kB active_anon:2825408kB inactive_anon:59452kB active_file:720kB inactive_file:888kB unevictable:0kB writepending:52kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30784kB pagetables:123984kB bounce:0kB free_pcp:1912kB local_pcp:496kB free_cma:0kB [ 2214.454185][ T404] lowmem_reserve[]: 0 0 0 0 [ 2214.458685][ T404] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2214.473076][ T404] DMA32: 2445*4kB (UMEH) 1326*8kB (UMEH) 816*16kB (UMEH) 128*32kB (UMEH) 7*64kB (UH) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 38116kB [ 2214.489325][ T404] Normal: 230*4kB (UME) 155*8kB (UME) 85*16kB (UME) 138*32kB (UME) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 7936kB [ 2214.519306][ T404] 18418 total pagecache pages [ 2214.525921][ T404] 0 pages in swap cache [ 2214.580696][ T404] Swap cache stats: add 0, delete 0, find 0/0 [ 2214.586800][ T404] Free swap = 0kB [ 2214.593544][ T404] Total swap = 0kB [ 2214.602981][ T404] 1965979 pages RAM [ 2214.619033][ T404] 0 pages HighMem/MovableOnly [ 2214.623747][ T404] 318830 pages reserved [ 2214.627899][ T404] 0 pages cma reserved [ 2214.637477][ T404] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.5,pid=27662,uid=0 04:08:10 executing program 0 (fault-call:17 fault-nth:0): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:08:10 executing program 1 (fault-call:16 fault-nth:1): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:08:10 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x14d000}], 0x1, 0x0) pipe(0x0) [ 2214.711004][ T404] Out of memory: Killed process 27662 (syz-executor.5) total-vm:75228kB, anon-rss:13936kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 [ 2214.744318][ T23] oom_reaper: reaped process 27662 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 04:08:10 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='trusted.overlay.nlink\x00', &(0x7f0000000100)={'U+', 0x7}, 0x16, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) 04:08:10 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0xad000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:08:10 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x104000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) [ 2215.076147][T20078] FAULT_INJECTION: forcing a failure. [ 2215.076147][T20078] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2215.089375][T20078] CPU: 1 PID: 20078 Comm: syz-executor.0 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2215.099525][T20078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2215.109553][T20078] Call Trace: [ 2215.112821][T20078] dump_stack+0x14a/0x1ce [ 2215.117123][T20078] ? devkmsg_release+0x11c/0x11c [ 2215.122032][T20078] ? is_bpf_text_address+0x290/0x2b0 [ 2215.127288][T20078] ? show_regs_print_info+0x12/0x12 [ 2215.132458][T20078] ? unwind_get_return_address+0x48/0x90 [ 2215.138080][T20078] should_fail+0x6fb/0x860 [ 2215.142471][T20078] ? setup_fault_attr+0x3d0/0x3d0 [ 2215.147467][T20078] __alloc_pages_nodemask+0x1ee/0x7c0 [ 2215.152813][T20078] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2215.158330][T20078] ? _raw_spin_lock_irqsave+0xfc/0x1e0 [ 2215.163761][T20078] ? _raw_spin_lock+0x170/0x170 [ 2215.168583][T20078] ? alarm_timer_nsleep_restart+0x270/0x270 [ 2215.174445][T20078] ? __fget+0x37c/0x3c0 [ 2215.178568][T20078] ? _raw_spin_lock+0x170/0x170 [ 2215.183408][T20078] __get_free_pages+0xa/0x30 [ 2215.187972][T20078] __pollwait+0x228/0x400 [ 2215.192274][T20078] ? poll_initwait+0x150/0x150 [ 2215.197024][T20078] ? poll_initwait+0x150/0x150 [ 2215.202021][T20078] n_tty_poll+0xb4/0x790 [ 2215.206237][T20078] ? proc_reg_write+0x350/0x350 [ 2215.211059][T20078] ? n_tty_set_termios+0x10c0/0x10c0 [ 2215.216314][T20078] tty_poll+0x109/0x200 [ 2215.220440][T20078] ? tty_read+0x310/0x310 [ 2215.224740][T20078] do_select+0xcd6/0x1830 [ 2215.229046][T20078] ? core_sys_select+0x970/0x970 [ 2215.233957][T20078] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2215.239995][T20078] ? poll_initwait+0x150/0x150 [ 2215.244734][T20078] ? __ia32_compat_sys_ppoll_time64+0x3a0/0x3a0 [ 2215.250974][T20078] ? __ia32_compat_sys_ppoll_time64+0x3a0/0x3a0 [ 2215.257195][T20078] ? __ia32_compat_sys_ppoll_time64+0x3a0/0x3a0 [ 2215.263418][T20078] ? __ia32_compat_sys_ppoll_time64+0x3a0/0x3a0 [ 2215.269661][T20078] ? __ia32_compat_sys_ppoll_time64+0x3a0/0x3a0 [ 2215.275874][T20078] ? __ia32_compat_sys_ppoll_time64+0x3a0/0x3a0 [ 2215.282085][T20078] ? __ia32_compat_sys_ppoll_time64+0x3a0/0x3a0 [ 2215.288299][T20078] ? __ia32_compat_sys_ppoll_time64+0x3a0/0x3a0 [ 2215.294527][T20078] ? kstrtouint_from_user+0x22d/0x2b0 [ 2215.299869][T20078] ? kstrtol_from_user+0x320/0x320 [ 2215.304952][T20078] ? __rcu_read_lock+0x50/0x50 [ 2215.309689][T20078] ? __kasan_slab_free+0x1f2/0x230 [ 2215.314773][T20078] ? check_stack_object+0x5a/0x90 [ 2215.319768][T20078] core_sys_select+0x690/0x970 [ 2215.324505][T20078] ? poll_select_set_timeout+0x150/0x150 [ 2215.330111][T20078] ? sigprocmask+0x290/0x290 [ 2215.334673][T20078] ? security_file_permission+0x128/0x300 [ 2215.340365][T20078] __se_sys_pselect6+0x382/0x440 [ 2215.345273][T20078] ? fput_many+0x42/0x1a0 [ 2215.349581][T20078] ? ksys_write+0x25d/0x2c0 [ 2215.354055][T20078] ? __x64_sys_pselect6+0xf0/0xf0 [ 2215.359060][T20078] ? __ia32_sys_read+0x80/0x80 [ 2215.363794][T20078] ? __x64_sys_pselect6+0x1d/0xf0 [ 2215.368788][T20078] do_syscall_64+0xcb/0x150 [ 2215.373264][T20078] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2215.379132][T20078] RIP: 0033:0x45c829 [ 2215.383001][T20078] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2215.402582][T20078] RSP: 002b:00007f78ac971c78 EFLAGS: 00000246 ORIG_RAX: 000000000000010e [ 2215.410967][T20078] RAX: ffffffffffffffda RBX: 00000000004fa2c0 RCX: 000000000045c829 [ 2215.418925][T20078] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000040 [ 2215.426881][T20078] RBP: 000000000078c180 R08: 0000000000000000 R09: 0000000000000000 [ 2215.434844][T20078] R10: 0000000020000140 R11: 0000000000000246 R12: 000000000000000c [ 2215.442792][T20078] R13: 0000000000000860 R14: 00000000004cb1fb R15: 00007f78ac9726d4 [ 2215.609664][T20080] FAULT_INJECTION: forcing a failure. [ 2215.609664][T20080] name fail_futex, interval 1, probability 0, space 0, times 1 [ 2215.622600][T20080] CPU: 1 PID: 20080 Comm: syz-executor.1 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2215.632741][T20080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2215.642862][T20080] Call Trace: [ 2215.646143][T20080] dump_stack+0x14a/0x1ce [ 2215.650452][T20080] ? devkmsg_release+0x11c/0x11c [ 2215.655407][T20080] ? show_regs_print_info+0x12/0x12 [ 2215.660591][T20080] should_fail+0x6fb/0x860 [ 2215.664997][T20080] ? setup_fault_attr+0x3d0/0x3d0 [ 2215.669993][T20080] get_futex_key+0x1c7/0xe10 [ 2215.674556][T20080] ? futex_wait_restart+0x250/0x250 [ 2215.679729][T20080] futex_wake+0x148/0x9f0 [ 2215.684029][T20080] ? call_rcu+0x10/0x10 [ 2215.688153][T20080] ? futex_wait+0x8b0/0x8b0 [ 2215.692626][T20080] ? put_task_stack+0x202/0x230 [ 2215.697446][T20080] ? finish_task_switch+0x352/0x4c0 [ 2215.702615][T20080] do_futex+0x2390/0x3e30 [ 2215.706917][T20080] ? _raw_spin_unlock+0x5/0x20 [ 2215.711653][T20080] ? try_to_take_rt_mutex+0x555/0x630 [ 2215.716993][T20080] ? futex_exit_release+0xc0/0xc0 [ 2215.721988][T20080] ? _raw_spin_lock_irqsave+0xfc/0x1e0 [ 2215.727415][T20080] ? _raw_spin_lock+0x170/0x170 [ 2215.732239][T20080] ? cputime_adjust+0x34/0x2b0 [ 2215.736974][T20080] ? rt_mutex_unlock+0xba/0x230 [ 2215.745795][T20080] ? cputime_adjust+0x2b0/0x2b0 [ 2215.750616][T20080] ? rt_mutex_trylock+0x110/0x110 [ 2215.755626][T20080] ? prepare_exit_to_usermode+0x207/0x2e0 [ 2215.761313][T20080] ? futex_cleanup+0x11a/0xec0 [ 2215.766062][T20080] ? _raw_spin_lock_irq+0xa2/0x180 [ 2215.771142][T20080] ? futex_exec_release+0xc0/0xc0 [ 2215.776136][T20080] ? uprobe_free_utask+0xab/0x570 [ 2215.781130][T20080] mm_release+0x135/0x250 [ 2215.785431][T20080] do_exit+0x5f1/0x2710 [ 2215.789560][T20080] ? slab_free_freelist_hook+0xd0/0x150 [ 2215.795162][T20080] ? mm_update_next_owner+0x600/0x600 [ 2215.800507][T20080] ? _raw_spin_lock_irq+0xa2/0x180 [ 2215.805587][T20080] ? _raw_spin_lock_irq+0xa2/0x180 [ 2215.810672][T20080] ? _raw_spin_lock_irqsave+0x1e0/0x1e0 [ 2215.816186][T20080] do_group_exit+0x155/0x2b0 [ 2215.820751][T20080] get_signal+0x13ec/0x1f00 [ 2215.825228][T20080] ? ptrace_notify+0x340/0x340 [ 2215.829976][T20080] ? sigprocmask+0x290/0x290 [ 2215.834535][T20080] do_signal+0x95/0x5d0 [ 2215.838667][T20080] ? __se_sys_pselect6+0x39b/0x440 [ 2215.843749][T20080] ? fput_many+0x42/0x1a0 [ 2215.848050][T20080] ? signal_fault+0x1f0/0x1f0 [ 2215.852698][T20080] ? ksys_write+0x25d/0x2c0 [ 2215.857199][T20080] ? __x64_sys_pselect6+0x1d/0xf0 [ 2215.862197][T20080] prepare_exit_to_usermode+0x207/0x2e0 [ 2215.867714][T20080] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2215.873577][T20080] RIP: 0033:0x45c829 [ 2215.877460][T20080] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2215.897034][T20080] RSP: 002b:00007f5714115c78 EFLAGS: 00000246 ORIG_RAX: 000000000000010e [ 2215.905412][T20080] RAX: fffffffffffffdfe RBX: 00000000004fa2c0 RCX: 000000000045c829 [ 2215.913375][T20080] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000040 [ 2215.921319][T20080] RBP: 000000000078c180 R08: 0000000000000000 R09: 0000000000000000 [ 2215.929277][T20080] R10: 0000000020000140 R11: 0000000000000246 R12: 000000000000000b [ 2215.938276][T20080] R13: 0000000000000860 R14: 00000000004cb1fb R15: 00007f57141166d4 04:08:11 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:08:11 executing program 0 (fault-call:17 fault-nth:1): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:08:11 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x14e000}], 0x1, 0x0) pipe(0x0) [ 2216.371490][T20070] syz-executor.4 invoked oom-killer: gfp_mask=0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x1000000), order=0, oom_score_adj=1000 [ 2216.399079][T20070] CPU: 0 PID: 20070 Comm: syz-executor.4 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2216.409280][T20070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2216.419321][T20070] Call Trace: [ 2216.422605][T20070] dump_stack+0x14a/0x1ce [ 2216.426927][T20070] ? devkmsg_release+0x11c/0x11c [ 2216.431839][T20070] ? show_regs_print_info+0x12/0x12 [ 2216.437007][T20070] ? radix_tree_cpu_dead+0x160/0x160 [ 2216.442281][T20070] ? _raw_spin_lock+0xa1/0x170 [ 2216.447014][T20070] ? _raw_spin_trylock_bh+0x190/0x190 [ 2216.452357][T20070] dump_header+0xdb/0x700 [ 2216.456680][T20070] oom_kill_process+0xd3/0x280 [ 2216.461417][T20070] out_of_memory+0x5b6/0x890 [ 2216.465981][T20070] ? unregister_oom_notifier+0x20/0x20 [ 2216.471434][T20070] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2216.476954][T20070] ? get_page_from_freelist+0x7c0/0x7c0 [ 2216.482474][T20070] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2216.487834][T20070] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2216.493354][T20070] handle_mm_fault+0x1689/0x40a0 [ 2216.498263][T20070] ? finish_fault+0x230/0x230 [ 2216.502912][T20070] ? do_mmap+0x9ad/0x1060 [ 2216.507226][T20070] ? up_read+0x10/0x10 [ 2216.511266][T20070] ? __up_read+0x1b0/0x1b0 [ 2216.515656][T20070] ? vmacache_update+0x9f/0xf0 [ 2216.520411][T20070] do_user_addr_fault+0x48a/0x9f0 [ 2216.525418][T20070] page_fault+0x2f/0x40 [ 2216.529545][T20070] RIP: 0033:0x41407f [ 2216.533413][T20070] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 2216.553007][T20070] RSP: 002b:00007ffe517c2910 EFLAGS: 00010206 [ 2216.559044][T20070] RAX: 00007fa744f19000 RBX: 0000000000020000 RCX: 000000000045c87a [ 2216.566990][T20070] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 2216.574931][T20070] RBP: 00007ffe517c29f0 R08: ffffffffffffffff R09: 0000000000000000 [ 2216.582962][T20070] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe517c2af0 [ 2216.590903][T20070] R13: 00007fa744f39700 R14: 0000000000000818 R15: 000000000078c22c [ 2216.627986][T20070] Mem-Info: [ 2216.639693][T20070] active_anon:1382094 inactive_anon:17090 isolated_anon:0 [ 2216.639693][T20070] active_file:347 inactive_file:335 isolated_file:0 [ 2216.639693][T20070] unevictable:0 dirty:27 writeback:0 unstable:0 [ 2216.639693][T20070] slab_reclaimable:8501 slab_unreclaimable:79417 [ 2216.639693][T20070] mapped:62601 shmem:17097 pagetables:46246 bounce:0 [ 2216.639693][T20070] free:12578 free_pcp:65 free_cma:0 [ 2216.678191][T20070] Node 0 active_anon:5528376kB inactive_anon:68360kB active_file:1388kB inactive_file:1340kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:250404kB dirty:108kB writeback:0kB shmem:68388kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2216.710144][T20070] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2216.747633][T20070] lowmem_reserve[]: 0 2912 6416 6416 [ 2216.753441][T20070] DMA32 free:31388kB min:20548kB low:23528kB high:26508kB active_anon:2695940kB inactive_anon:8908kB active_file:1732kB inactive_file:1188kB unevictable:0kB writepending:76kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:26656kB pagetables:61000kB bounce:0kB free_pcp:308kB local_pcp:20kB free_cma:0kB [ 2216.784146][T20070] lowmem_reserve[]: 0 0 3504 3504 [ 2216.796712][T20070] Normal free:4044kB min:5592kB low:9180kB high:12768kB active_anon:2832340kB inactive_anon:59452kB active_file:304kB inactive_file:680kB unevictable:0kB writepending:12kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30816kB pagetables:123984kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB [ 2216.844413][T20070] lowmem_reserve[]: 0 0 0 0 [ 2216.849179][T20070] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2216.899101][T20070] DMA32: 643*4kB (UMH) 1371*8kB (UMEH) 944*16kB (UMH) 66*32kB (MH) 3*64kB (H) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 31076kB [ 2216.921133][T20070] Normal: 230*4kB (UME) 55*8kB (UME) 19*16kB (UME) 84*32kB (UME) 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4416kB [ 2216.944615][T20070] 17615 total pagecache pages [ 2216.949659][T20070] 0 pages in swap cache [ 2216.953998][T20070] Swap cache stats: add 0, delete 0, find 0/0 [ 2216.976811][T20070] Free swap = 0kB [ 2217.131925][T20070] Total swap = 0kB [ 2217.138411][T20070] 1965979 pages RAM [ 2217.145698][T20070] 0 pages HighMem/MovableOnly [ 2217.175689][T20070] 318830 pages reserved [ 2217.180469][T20070] 0 pages cma reserved [ 2217.184972][T20070] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=20086,uid=0 [ 2217.199870][T20070] Out of memory: Killed process 20100 (syz-executor.1) total-vm:75360kB, anon-rss:14624kB, file-rss:35416kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 2217.218463][T20099] FAULT_INJECTION: forcing a failure. [ 2217.218463][T20099] name fail_futex, interval 1, probability 0, space 0, times 0 [ 2217.231277][T20099] CPU: 1 PID: 20099 Comm: syz-executor.0 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2217.234109][ T23] oom_reaper: reaped process 20100 (syz-executor.1), now anon-rss:0kB, file-rss:35024kB, shmem-rss:0kB [ 2217.241413][T20099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2217.241416][T20099] Call Trace: [ 2217.241435][T20099] dump_stack+0x14a/0x1ce [ 2217.241444][T20099] ? devkmsg_release+0x11c/0x11c [ 2217.241450][T20099] ? show_regs_print_info+0x12/0x12 [ 2217.241458][T20099] ? ctx_sched_in+0x434/0x510 [ 2217.241467][T20099] should_fail+0x6fb/0x860 [ 2217.241474][T20099] ? setup_fault_attr+0x3d0/0x3d0 [ 2217.241482][T20099] ? unwind_next_frame+0x1688/0x2230 [ 2217.241490][T20099] get_futex_key+0x1c7/0xe10 [ 2217.241498][T20099] ? futex_wait_restart+0x250/0x250 [ 2217.241505][T20099] ? arch_stack_walk+0xb5/0x120 [ 2217.241512][T20099] futex_wake+0x148/0x9f0 [ 2217.241520][T20099] ? futex_wait+0x8b0/0x8b0 [ 2217.241525][T20099] ? arch_stack_walk+0xb5/0x120 [ 2217.241546][T20099] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 2217.336286][T20099] ? unwind_next_frame+0x1688/0x2230 [ 2217.341561][T20099] ? unwind_next_frame+0x1688/0x2230 [ 2217.346831][T20099] ? stack_trace_save+0x123/0x1f0 [ 2217.351837][T20099] do_futex+0x2390/0x3e30 [ 2217.356143][T20099] ? __rcu_read_lock+0x50/0x50 [ 2217.360885][T20099] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 2217.366854][T20099] ? is_bpf_text_address+0x290/0x2b0 [ 2217.372141][T20099] ? stack_trace_save+0x1f0/0x1f0 [ 2217.377142][T20099] ? futex_exit_release+0xc0/0xc0 [ 2217.382141][T20099] ? _raw_spin_lock_irqsave+0xfc/0x1e0 [ 2217.387574][T20099] ? arch_stack_walk+0xd8/0x120 [ 2217.392402][T20099] ? _raw_spin_lock+0x170/0x170 [ 2217.397227][T20099] ? stack_trace_save+0x123/0x1f0 [ 2217.402225][T20099] ? cputime_adjust+0x34/0x2b0 [ 2217.407050][T20099] ? rt_mutex_unlock+0xba/0x230 [ 2217.411876][T20099] ? cputime_adjust+0x2b0/0x2b0 [ 2217.416700][T20099] ? rt_mutex_trylock+0x110/0x110 [ 2217.421701][T20099] ? prepare_exit_to_usermode+0x207/0x2e0 [ 2217.427530][T20099] ? futex_cleanup+0x11a/0xec0 [ 2217.432278][T20099] ? _raw_spin_lock_irq+0xa2/0x180 [ 2217.437372][T20099] ? futex_exec_release+0xc0/0xc0 [ 2217.442500][T20099] ? uprobe_free_utask+0xab/0x570 [ 2217.447503][T20099] mm_release+0x135/0x250 [ 2217.451815][T20099] do_exit+0x5f1/0x2710 [ 2217.456056][T20099] ? slab_free_freelist_hook+0xd0/0x150 [ 2217.461599][T20099] ? mm_update_next_owner+0x600/0x600 [ 2217.466951][T20099] ? _raw_spin_lock_irq+0xa2/0x180 [ 2217.473173][T20099] ? _raw_spin_lock_irq+0xa2/0x180 [ 2217.478272][T20099] ? _raw_spin_lock_irqsave+0x1e0/0x1e0 [ 2217.484158][T20099] do_group_exit+0x155/0x2b0 [ 2217.488844][T20099] get_signal+0x13ec/0x1f00 [ 2217.493333][T20099] ? ptrace_notify+0x340/0x340 [ 2217.498070][T20099] ? sigprocmask+0x290/0x290 [ 2217.502720][T20099] do_signal+0x95/0x5d0 [ 2217.506860][T20099] ? __se_sys_pselect6+0x39b/0x440 [ 2217.512034][T20099] ? fput_many+0x42/0x1a0 [ 2217.516338][T20099] ? signal_fault+0x1f0/0x1f0 [ 2217.520997][T20099] ? ksys_write+0x25d/0x2c0 [ 2217.525486][T20099] ? do_user_addr_fault+0x521/0x9f0 [ 2217.530664][T20099] ? __x64_sys_pselect6+0x1d/0xf0 [ 2217.535667][T20099] prepare_exit_to_usermode+0x207/0x2e0 [ 2217.541196][T20099] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2217.547061][T20099] RIP: 0033:0x45c829 [ 2217.550927][T20099] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2217.570506][T20099] RSP: 002b:00007f78ac992c78 EFLAGS: 00000246 ORIG_RAX: 000000000000010e [ 2217.578895][T20099] RAX: fffffffffffffdfe RBX: 00000000004fa2c0 RCX: 000000000045c829 [ 2217.586969][T20099] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000040 [ 2217.595013][T20099] RBP: 000000000078c0e0 R08: 0000000000000000 R09: 0000000000000000 [ 2217.603049][T20099] R10: 0000000020000140 R11: 0000000000000246 R12: 000000000000000c [ 2217.611004][T20099] R13: 0000000000000860 R14: 00000000004cb1fb R15: 00007f78ac9936d4 04:08:13 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:08:13 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0xae000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:08:13 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x14f000}], 0x1, 0x0) pipe(0x0) 04:08:13 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x3, 0x10000000}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:08:13 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x105000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:08:13 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) ioctl$ASHMEM_GET_NAME(r3, 0x81007702, &(0x7f0000000180)=""/120) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) [ 2218.453177][T20131] syz-executor.4 invoked oom-killer: gfp_mask=0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x1000000), order=0, oom_score_adj=1000 [ 2218.496492][T20131] CPU: 0 PID: 20131 Comm: syz-executor.4 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2218.506764][T20131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2218.516800][T20131] Call Trace: [ 2218.520069][T20131] dump_stack+0x14a/0x1ce [ 2218.524372][T20131] ? devkmsg_release+0x11c/0x11c [ 2218.529283][T20131] ? show_regs_print_info+0x12/0x12 [ 2218.534470][T20131] ? radix_tree_cpu_dead+0x160/0x160 [ 2218.539725][T20131] ? _raw_spin_lock+0xa1/0x170 [ 2218.544459][T20131] ? _raw_spin_trylock_bh+0x190/0x190 [ 2218.549802][T20131] dump_header+0xdb/0x700 [ 2218.554120][T20131] oom_kill_process+0xd3/0x280 [ 2218.558857][T20131] out_of_memory+0x5b6/0x890 [ 2218.563420][T20131] ? unregister_oom_notifier+0x20/0x20 [ 2218.568851][T20131] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2218.574385][T20131] ? get_page_from_freelist+0x7c0/0x7c0 [ 2218.579904][T20131] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2218.585248][T20131] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2218.590764][T20131] ? __perf_event_task_sched_out+0xfe4/0x1110 [ 2218.596817][T20131] ? __perf_event_task_sched_in+0x4f7/0x560 [ 2218.602690][T20131] wp_page_copy+0x1cb/0x1120 [ 2218.607253][T20131] ? add_mm_rss_vec+0x270/0x270 [ 2218.612076][T20131] ? __schedule+0x920/0xef0 [ 2218.616547][T20131] ? vm_normal_page+0x1c9/0x1d0 [ 2218.621385][T20131] do_wp_page+0x4c1/0x1530 [ 2218.625772][T20131] ? _raw_spin_lock+0xa1/0x170 [ 2218.630507][T20131] ? do_swap_page+0x1560/0x1560 [ 2218.635328][T20131] ? preempt_schedule+0x110/0x130 [ 2218.640520][T20131] handle_mm_fault+0x1354/0x40a0 [ 2218.645430][T20131] ? finish_fault+0x230/0x230 [ 2218.650083][T20131] ? __up_read+0x1b0/0x1b0 [ 2218.654485][T20131] ? vmacache_find+0x205/0x4b0 [ 2218.659220][T20131] do_user_addr_fault+0x48a/0x9f0 [ 2218.664231][T20131] page_fault+0x2f/0x40 [ 2218.668384][T20131] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 2218.674943][T20131] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 2218.694518][T20131] RSP: 0018:ffff888099147888 EFLAGS: 00010206 [ 2218.700555][T20131] RAX: ffffffff81f71b01 RBX: 000000002005f500 RCX: 0000000000000500 [ 2218.708500][T20131] RDX: 0000000000001000 RSI: ffff88802b98cb00 RDI: 000000002005f000 [ 2218.716444][T20131] RBP: ffff888099147da8 R08: dffffc0000000000 R09: ffffed1005731a00 [ 2218.724403][T20131] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffffffff000 [ 2218.732347][T20131] R13: 0000000000001000 R14: ffff88802b98c000 R15: 000000002005e500 [ 2218.740298][T20131] ? copyout+0x21/0xb0 [ 2218.744355][T20131] copyout+0x8e/0xb0 [ 2218.748224][T20131] copy_page_to_iter+0x393/0xbd0 [ 2218.753138][T20131] pipe_to_user+0xa3/0x130 [ 2218.757526][T20131] __splice_from_pipe+0x2d3/0x870 [ 2218.762523][T20131] ? user_page_pipe_buf_steal+0xc0/0xc0 [ 2218.768059][T20131] do_vmsplice+0x252/0xee0 [ 2218.772449][T20131] ? avc_ss_reset+0x3a0/0x3a0 [ 2218.777099][T20131] ? write_pipe_buf+0x1d0/0x1d0 [ 2218.781922][T20131] ? __rcu_read_lock+0x50/0x50 [ 2218.786656][T20131] ? check_stack_object+0x5a/0x90 [ 2218.791653][T20131] ? _copy_from_user+0xa4/0xe0 [ 2218.796388][T20131] ? rw_copy_check_uvector+0x2b3/0x310 [ 2218.801844][T20131] ? import_iovec+0x1c2/0x380 [ 2218.806505][T20131] ? dup_iter+0x110/0x110 [ 2218.810806][T20131] ? do_vfs_ioctl+0x780/0x1750 [ 2218.815541][T20131] __se_sys_vmsplice+0x1fb/0x300 [ 2218.820451][T20131] ? __x64_sys_vmsplice+0xa0/0xa0 [ 2218.825446][T20131] ? put_timespec64+0x109/0x150 [ 2218.830283][T20131] ? __x64_sys_clock_gettime+0x20d/0x260 [ 2218.835886][T20131] ? __ia32_sys_clock_settime+0x2a0/0x2a0 [ 2218.841576][T20131] do_syscall_64+0xcb/0x150 [ 2218.846051][T20131] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2218.851928][T20131] RIP: 0033:0x45c829 [ 2218.855795][T20131] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2218.875371][T20131] RSP: 002b:00007fa744f9bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 2218.883754][T20131] RAX: ffffffffffffffda RBX: 0000000000509d00 RCX: 000000000045c829 [ 2218.891698][T20131] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 2218.899645][T20131] RBP: 000000000078c040 R08: 0000000000000000 R09: 0000000000000000 [ 2218.913591][T20131] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2218.921534][T20131] R13: 0000000000000c49 R14: 00000000004ce70e R15: 00007fa744f9c6d4 [ 2218.995694][T20131] Mem-Info: [ 2219.031865][T20131] active_anon:1384217 inactive_anon:17090 isolated_anon:0 [ 2219.031865][T20131] active_file:621 inactive_file:726 isolated_file:64 [ 2219.031865][T20131] unevictable:0 dirty:8 writeback:0 unstable:0 [ 2219.031865][T20131] slab_reclaimable:8505 slab_unreclaimable:79587 [ 2219.031865][T20131] mapped:63103 shmem:17097 pagetables:46313 bounce:0 [ 2219.031865][T20131] free:9539 free_pcp:133 free_cma:0 [ 2219.080547][T20131] Node 0 active_anon:5520268kB inactive_anon:68360kB active_file:2264kB inactive_file:2636kB unevictable:0kB isolated(anon):0kB isolated(file):372kB mapped:252112kB dirty:32kB writeback:0kB shmem:68388kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2219.107043][T20131] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2219.168676][T20131] lowmem_reserve[]: 0 2912 6416 6416 [ 2219.174012][T20131] DMA32 free:29140kB min:8740kB low:11720kB high:14700kB active_anon:2692712kB inactive_anon:8908kB active_file:2472kB inactive_file:2624kB unevictable:0kB writepending:44kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:26464kB pagetables:61048kB bounce:0kB free_pcp:2184kB local_pcp:1352kB free_cma:0kB [ 2219.238780][T20131] lowmem_reserve[]: 0 0 3504 3504 [ 2219.244579][T20131] Normal free:5492kB min:5592kB low:9180kB high:12768kB active_anon:2827544kB inactive_anon:59452kB active_file:356kB inactive_file:1792kB unevictable:0kB writepending:32kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30720kB pagetables:123976kB bounce:0kB free_pcp:1632kB local_pcp:456kB free_cma:0kB [ 2219.310967][T20131] lowmem_reserve[]: 0 0 0 0 [ 2219.338655][T20131] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2219.385749][T20131] DMA32: 1416*4kB (UMH) 857*8kB (UMEH) 903*16kB (UMH) 51*32kB (UMH) 3*64kB (H) 2*128kB (UH) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 29048kB [ 2219.426151][T20131] Normal: 466*4kB (UME) 117*8kB (UME) 94*16kB (UME) 110*32kB (UME) 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 7888kB 04:08:15 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x150000}], 0x1, 0x0) pipe(0x0) 04:08:15 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x8, 0x10000000}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) [ 2219.478645][T20131] 18986 total pagecache pages [ 2219.483344][T20131] 0 pages in swap cache [ 2219.487492][T20131] Swap cache stats: add 0, delete 0, find 0/0 [ 2219.513264][T20131] Free swap = 0kB 04:08:15 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x7, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) [ 2219.526053][T20131] Total swap = 0kB [ 2219.537777][T20131] 1965979 pages RAM [ 2219.548245][T20131] 0 pages HighMem/MovableOnly [ 2219.553331][T20131] 318830 pages reserved [ 2219.557760][T20131] 0 pages cma reserved [ 2219.562097][T20131] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=20138,uid=0 [ 2219.577537][T20131] Out of memory: Killed process 20138 (syz-executor.0) total-vm:75360kB, anon-rss:15660kB, file-rss:35008kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 04:08:15 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x106000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) [ 2219.905171][T20159] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2219.991107][T20159] CPU: 1 PID: 20159 Comm: syz-executor.1 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2220.001269][T20159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2220.011316][T20159] Call Trace: [ 2220.014598][T20159] dump_stack+0x14a/0x1ce [ 2220.018916][T20159] ? devkmsg_release+0x11c/0x11c [ 2220.023845][T20159] ? show_regs_print_info+0x12/0x12 [ 2220.029033][T20159] ? radix_tree_cpu_dead+0x160/0x160 [ 2220.034301][T20159] ? _raw_spin_lock+0xa1/0x170 [ 2220.039050][T20159] ? _raw_spin_trylock_bh+0x190/0x190 [ 2220.044415][T20159] dump_header+0xdb/0x700 [ 2220.048730][T20159] oom_kill_process+0xd3/0x280 [ 2220.053475][T20159] out_of_memory+0x5b6/0x890 [ 2220.058050][T20159] ? unregister_oom_notifier+0x20/0x20 [ 2220.063490][T20159] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2220.069021][T20159] ? get_page_from_freelist+0x7c0/0x7c0 [ 2220.074560][T20159] ? __zone_watermark_ok+0x91/0x280 [ 2220.079751][T20159] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2220.085107][T20159] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2220.090627][T20159] ? copy_process+0x5a4/0x5110 [ 2220.095360][T20159] ? copy_process+0x5a4/0x5110 [ 2220.100094][T20159] ? kmem_cache_alloc+0x1d5/0x260 [ 2220.105089][T20159] copy_process+0x5f3/0x5110 [ 2220.109675][T20159] ? get_mem_cgroup_from_mm+0x27b/0x2c0 [ 2220.115205][T20159] ? _raw_spin_lock+0xa1/0x170 [ 2220.119937][T20159] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2220.125711][T20159] ? fork_idle+0x290/0x290 [ 2220.130097][T20159] ? _raw_spin_unlock+0x5/0x20 [ 2220.134836][T20159] ? handle_mm_fault+0xb16/0x40a0 [ 2220.139843][T20159] _do_fork+0x196/0x920 [ 2220.143970][T20159] ? dup_mm+0x300/0x300 [ 2220.148096][T20159] __x64_sys_clone+0x25f/0x2c0 [ 2220.152843][T20159] ? __ia32_sys_vfork+0x110/0x110 [ 2220.157847][T20159] ? do_user_addr_fault+0x55c/0x9f0 [ 2220.163014][T20159] do_syscall_64+0xcb/0x150 [ 2220.167488][T20159] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2220.173441][T20159] RIP: 0033:0x45f1f9 [ 2220.177307][T20159] Code: ff 48 85 f6 0f 84 37 8d fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 0e 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2220.196885][T20159] RSP: 002b:00007ffead41c258 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2220.205281][T20159] RAX: ffffffffffffffda RBX: 00007f571419a700 RCX: 000000000045f1f9 [ 2220.213240][T20159] RDX: 00007f571419a9d0 RSI: 00007f5714199db0 RDI: 00000000003d0f00 [ 2220.221185][T20159] RBP: 00007ffead41c480 R08: 00007f571419a700 R09: 00007f571419a700 [ 2220.229127][T20159] R10: 00007f571419a9d0 R11: 0000000000000202 R12: 0000000000000000 [ 2220.237071][T20159] R13: 00007ffead41c30f R14: 00007f571419a9c0 R15: 000000000078bf0c [ 2220.253247][T20159] Mem-Info: [ 2220.256859][T20159] active_anon:1381014 inactive_anon:17090 isolated_anon:0 [ 2220.256859][T20159] active_file:347 inactive_file:362 isolated_file:44 [ 2220.256859][T20159] unevictable:0 dirty:29 writeback:0 unstable:0 [ 2220.256859][T20159] slab_reclaimable:8509 slab_unreclaimable:79427 [ 2220.256859][T20159] mapped:62625 shmem:17097 pagetables:46306 bounce:0 [ 2220.256859][T20159] free:13763 free_pcp:87 free_cma:0 [ 2220.295422][T20159] Node 0 active_anon:5524056kB inactive_anon:68360kB active_file:1284kB inactive_file:1268kB unevictable:0kB isolated(anon):0kB isolated(file):48kB mapped:250200kB dirty:116kB writeback:0kB shmem:68388kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2220.320538][T20159] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2220.370386][T20159] lowmem_reserve[]: 0 2912 6416 6416 [ 2220.385098][T20159] DMA32 free:31856kB min:4644kB low:7624kB high:10604kB active_anon:2694616kB inactive_anon:8904kB active_file:1188kB inactive_file:352kB unevictable:0kB writepending:68kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:26592kB pagetables:61224kB bounce:0kB free_pcp:1764kB local_pcp:1252kB free_cma:0kB [ 2220.414779][T20159] lowmem_reserve[]: 0 0 3504 3504 [ 2220.419893][T20159] Normal free:7292kB min:9688kB low:13276kB high:16864kB active_anon:2829340kB inactive_anon:59456kB active_file:352kB inactive_file:100kB unevictable:0kB writepending:48kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30912kB pagetables:124000kB bounce:0kB free_pcp:240kB local_pcp:228kB free_cma:0kB [ 2220.451200][T20159] lowmem_reserve[]: 0 0 0 0 [ 2220.460707][T20159] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2220.474198][T20159] DMA32: 777*4kB (MH) 1439*8kB (UMEH) 923*16kB (UMH) 55*32kB (UMH) 3*64kB (H) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 31468kB [ 2220.489457][T20159] Normal: 400*4kB (UME) 105*8kB (UME) 34*16kB (UME) 133*32kB (UME) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 7240kB [ 2220.503426][T20159] 17901 total pagecache pages [ 2220.508512][T20159] 0 pages in swap cache [ 2220.512921][T20159] Swap cache stats: add 0, delete 0, find 0/0 [ 2220.519071][T20159] Free swap = 0kB [ 2220.538566][T20159] Total swap = 0kB [ 2220.542316][T20159] 1965979 pages RAM [ 2220.546116][T20159] 0 pages HighMem/MovableOnly [ 2220.555500][T20159] 318830 pages reserved [ 2220.561447][T20159] 0 pages cma reserved [ 2220.565515][T20159] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=20162,uid=0 [ 2220.618581][T20159] Out of memory: Killed process 20162 (syz-executor.0) total-vm:75492kB, anon-rss:16568kB, file-rss:35688kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 2220.669202][ T23] oom_reaper: reaped process 20162 (syz-executor.0), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB [ 2221.082246][ T406] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2221.128511][ T406] CPU: 0 PID: 406 Comm: syz-fuzzer Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2221.138150][ T406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2221.148182][ T406] Call Trace: [ 2221.151450][ T406] dump_stack+0x14a/0x1ce [ 2221.155756][ T406] ? devkmsg_release+0x11c/0x11c [ 2221.161277][ T406] ? show_regs_print_info+0x12/0x12 [ 2221.166467][ T406] ? radix_tree_cpu_dead+0x160/0x160 [ 2221.171736][ T406] ? _raw_spin_lock+0xa1/0x170 [ 2221.176469][ T406] ? _raw_spin_trylock_bh+0x190/0x190 [ 2221.181829][ T406] dump_header+0xdb/0x700 [ 2221.187012][ T406] oom_kill_process+0xd3/0x280 [ 2221.191764][ T406] out_of_memory+0x5b6/0x890 [ 2221.196347][ T406] ? unregister_oom_notifier+0x20/0x20 [ 2221.201781][ T406] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2221.207303][ T406] ? get_page_from_freelist+0x7c0/0x7c0 [ 2221.212820][ T406] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2221.218160][ T406] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2221.223674][ T406] pagecache_get_page+0x50f/0x880 [ 2221.228669][ T406] filemap_fault+0x1474/0x19d0 [ 2221.233404][ T406] ? generic_file_read_iter+0x20b0/0x20b0 [ 2221.239103][ T406] ? mm_trace_rss_stat+0x41/0x1a0 [ 2221.244097][ T406] ext4_filemap_fault+0x7b/0x90 [ 2221.248931][ T406] handle_mm_fault+0x2837/0x40a0 [ 2221.253858][ T406] ? finish_fault+0x230/0x230 [ 2221.258513][ T406] ? __up_read+0x1b0/0x1b0 [ 2221.262911][ T406] ? vmacache_find+0x205/0x4b0 [ 2221.267649][ T406] do_user_addr_fault+0x48a/0x9f0 [ 2221.272647][ T406] page_fault+0x2f/0x40 [ 2221.276773][ T406] RIP: 0033:0x736030 [ 2221.280649][ T406] Code: Bad RIP value. [ 2221.284682][ T406] RSP: 002b:000000c420427778 EFLAGS: 00010202 [ 2221.290715][ T406] RAX: 000000c42009a240 RBX: 000000000075e409 RCX: 000000c431ac0180 [ 2221.298658][ T406] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 000000c420085830 [ 2221.306601][ T406] RBP: 000000c4204277b8 R08: 000000c420085800 R09: 0000000000000009 [ 2221.314546][ T406] R10: 000000c42002a070 R11: 0000000000000004 R12: 0000000000000000 [ 2221.322501][ T406] R13: 0000000000000020 R14: 0000000000000013 R15: 0000000000000100 [ 2221.358509][ T406] Mem-Info: [ 2221.362039][ T406] active_anon:1380938 inactive_anon:17090 isolated_anon:0 [ 2221.362039][ T406] active_file:469 inactive_file:383 isolated_file:64 [ 2221.362039][ T406] unevictable:0 dirty:44 writeback:0 unstable:0 [ 2221.362039][ T406] slab_reclaimable:8509 slab_unreclaimable:79448 [ 2221.362039][ T406] mapped:62791 shmem:17097 pagetables:46299 bounce:0 [ 2221.362039][ T406] free:13535 free_pcp:290 free_cma:0 [ 2221.400793][ T406] Node 0 active_anon:5523752kB inactive_anon:68360kB active_file:1876kB inactive_file:1532kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:251064kB dirty:176kB writeback:0kB shmem:68388kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2221.426124][ T406] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2221.456099][ T406] lowmem_reserve[]: 0 2912 6416 6416 [ 2221.462056][ T406] DMA32 free:31072kB min:16452kB low:19432kB high:22412kB active_anon:2694104kB inactive_anon:8904kB active_file:1752kB inactive_file:1332kB unevictable:0kB writepending:96kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:26496kB pagetables:61216kB bounce:0kB free_pcp:1120kB local_pcp:0kB free_cma:0kB [ 2221.492409][ T406] lowmem_reserve[]: 0 0 3504 3504 [ 2221.498031][ T406] Normal free:7164kB min:5592kB low:9180kB high:12768kB active_anon:2829648kB inactive_anon:59456kB active_file:124kB inactive_file:196kB unevictable:0kB writepending:80kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30848kB pagetables:123980kB bounce:0kB free_pcp:76kB local_pcp:0kB free_cma:0kB [ 2221.528633][ T406] lowmem_reserve[]: 0 0 0 0 [ 2221.539712][ T406] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2221.602114][ T406] DMA32: 1111*4kB (UMH) 1552*8kB (UMEH) 934*16kB (UMH) 57*32kB (UMH) 3*64kB (H) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 33948kB [ 2221.638458][ T406] Normal: 197*4kB (UME) 88*8kB (UME) 96*16kB (UME) 137*32kB (ME) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 7412kB [ 2221.658453][ T406] 17446 total pagecache pages [ 2221.663233][ T406] 0 pages in swap cache [ 2221.667372][ T406] Swap cache stats: add 0, delete 0, find 0/0 [ 2221.675356][ T406] Free swap = 0kB [ 2221.688452][ T406] Total swap = 0kB [ 2221.692181][ T406] 1965979 pages RAM [ 2221.713890][ T406] 0 pages HighMem/MovableOnly [ 2221.728452][ T406] 318830 pages reserved [ 2221.732619][ T406] 0 pages cma reserved [ 2221.736724][ T406] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=20176,uid=0 04:08:17 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x151000}], 0x1, 0x0) pipe(0x0) [ 2221.756791][ T406] Out of memory: Killed process 20176 (syz-executor.1) total-vm:75492kB, anon-rss:16536kB, file-rss:34772kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 2221.779215][ T23] oom_reaper: reaped process 20176 (syz-executor.1), now anon-rss:0kB, file-rss:34752kB, shmem-rss:0kB 04:08:17 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x8, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:08:17 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0xaf000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:08:17 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0)={0xc, 0x10000000}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:08:17 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) 04:08:18 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x107000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) [ 2222.626483][T20208] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2222.639483][T20208] CPU: 0 PID: 20208 Comm: syz-executor.5 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2222.649630][T20208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2222.659681][T20208] Call Trace: [ 2222.662965][T20208] dump_stack+0x14a/0x1ce [ 2222.667292][T20208] ? devkmsg_release+0x11c/0x11c [ 2222.672215][T20208] ? show_regs_print_info+0x12/0x12 [ 2222.677400][T20208] ? radix_tree_cpu_dead+0x160/0x160 [ 2222.682671][T20208] ? _raw_spin_lock+0xa1/0x170 [ 2222.687424][T20208] ? _raw_spin_trylock_bh+0x190/0x190 [ 2222.692873][T20208] dump_header+0xdb/0x700 [ 2222.697188][T20208] oom_kill_process+0xd3/0x280 [ 2222.701922][T20208] out_of_memory+0x5b6/0x890 [ 2222.706484][T20208] ? unregister_oom_notifier+0x20/0x20 [ 2222.711923][T20208] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2222.717444][T20208] ? unwind_get_return_address+0x48/0x90 [ 2222.723052][T20208] ? get_page_from_freelist+0x7c0/0x7c0 [ 2222.728596][T20208] ? __zone_watermark_ok+0x91/0x280 [ 2222.734292][T20208] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2222.739635][T20208] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2222.745162][T20208] ? copy_process+0x5a4/0x5110 [ 2222.749893][T20208] ? copy_process+0x5a4/0x5110 [ 2222.754623][T20208] ? kmem_cache_alloc+0x1d5/0x260 [ 2222.759616][T20208] copy_process+0x5f3/0x5110 [ 2222.764178][T20208] ? get_mem_cgroup_from_mm+0x27b/0x2c0 [ 2222.769689][T20208] ? _raw_spin_lock+0xa1/0x170 [ 2222.774424][T20208] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2222.780196][T20208] ? fork_idle+0x290/0x290 [ 2222.784677][T20208] ? _raw_spin_unlock+0x5/0x20 [ 2222.789411][T20208] ? handle_mm_fault+0xb16/0x40a0 [ 2222.794402][T20208] _do_fork+0x196/0x920 [ 2222.798525][T20208] ? dup_mm+0x300/0x300 [ 2222.802659][T20208] ? do_mmap+0x9ad/0x1060 [ 2222.806969][T20208] __x64_sys_clone+0x25f/0x2c0 [ 2222.811699][T20208] ? __ia32_sys_vfork+0x110/0x110 [ 2222.816693][T20208] ? do_user_addr_fault+0x55c/0x9f0 [ 2222.821861][T20208] do_syscall_64+0xcb/0x150 [ 2222.826335][T20208] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2222.832207][T20208] RIP: 0033:0x45f1f9 [ 2222.836072][T20208] Code: ff 48 85 f6 0f 84 37 8d fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 0e 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2222.855656][T20208] RSP: 002b:00007ffce0d0df68 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2222.864122][T20208] RAX: ffffffffffffffda RBX: 00007f9080066700 RCX: 000000000045f1f9 [ 2222.872084][T20208] RDX: 00007f90800669d0 RSI: 00007f9080065db0 RDI: 00000000003d0f00 [ 2222.880111][T20208] RBP: 00007ffce0d0e190 R08: 00007f9080066700 R09: 00007f9080066700 [ 2222.888051][T20208] R10: 00007f90800669d0 R11: 0000000000000202 R12: 0000000000000000 [ 2222.895994][T20208] R13: 00007ffce0d0e01f R14: 00007f90800669c0 R15: 000000000078bfac [ 2222.967336][T20208] Mem-Info: [ 2222.971764][T20208] active_anon:1383579 inactive_anon:17090 isolated_anon:0 [ 2222.971764][T20208] active_file:318 inactive_file:302 isolated_file:64 [ 2222.971764][T20208] unevictable:0 dirty:12 writeback:0 unstable:0 [ 2222.971764][T20208] slab_reclaimable:8509 slab_unreclaimable:79871 [ 2222.971764][T20208] mapped:62569 shmem:17097 pagetables:46356 bounce:0 [ 2222.971764][T20208] free:10371 free_pcp:427 free_cma:0 [ 2223.012296][T20208] Node 0 active_anon:5534316kB inactive_anon:68360kB active_file:1272kB inactive_file:1308kB unevictable:0kB isolated(anon):0kB isolated(file):172kB mapped:250176kB dirty:48kB writeback:0kB shmem:68388kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2223.037476][T20208] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2223.064791][T20208] lowmem_reserve[]: 0 2912 6416 6416 [ 2223.109071][T20208] DMA32 free:18164kB min:4644kB low:7624kB high:10604kB active_anon:2706512kB inactive_anon:8908kB active_file:924kB inactive_file:1012kB unevictable:0kB writepending:208kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:26560kB pagetables:61232kB bounce:0kB free_pcp:936kB local_pcp:620kB free_cma:0kB [ 2223.174416][T20208] lowmem_reserve[]: 0 0 3504 3504 [ 2223.184360][T20208] Normal free:8212kB min:13784kB low:17372kB high:20960kB active_anon:2827836kB inactive_anon:59452kB active_file:440kB inactive_file:316kB unevictable:0kB writepending:12kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30752kB pagetables:124196kB bounce:0kB free_pcp:360kB local_pcp:132kB free_cma:0kB [ 2223.254120][T20208] lowmem_reserve[]: 0 0 0 0 [ 2223.264819][T20208] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2223.292808][T20208] DMA32: 354*4kB (UMH) 378*8kB (UMEH) 866*16kB (UMH) 11*32kB (UMH) 5*64kB (UH) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 19096kB [ 2223.329509][T20208] Normal: 399*4kB (UME) 75*8kB (UME) 92*16kB (UME) 156*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8660kB [ 2223.364622][T20208] 17591 total pagecache pages [ 2223.375055][T20208] 0 pages in swap cache [ 2223.383184][T20208] Swap cache stats: add 0, delete 0, find 0/0 [ 2223.389427][T20208] Free swap = 0kB [ 2223.396630][T20208] Total swap = 0kB [ 2223.400661][T20208] 1965979 pages RAM [ 2223.404653][T20208] 0 pages HighMem/MovableOnly [ 2223.409558][T20208] 318830 pages reserved [ 2223.414402][T20208] 0 pages cma reserved [ 2223.418770][T20208] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=20203,uid=0 [ 2223.433193][T20208] Out of memory: Killed process 20203 (syz-executor.0) total-vm:75624kB, anon-rss:16580kB, file-rss:35352kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 04:08:19 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x9, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:08:19 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x10, 0x10000000}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:08:19 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0xb0000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:08:19 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x152000}], 0x1, 0x0) pipe(0x0) [ 2224.078803][T21213] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 2224.091486][T21213] CPU: 0 PID: 21213 Comm: syz-executor.0 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2224.101630][T21213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2224.111682][T21213] Call Trace: [ 2224.114962][T21213] dump_stack+0x14a/0x1ce [ 2224.119279][T21213] ? devkmsg_release+0x11c/0x11c [ 2224.124203][T21213] ? show_regs_print_info+0x12/0x12 [ 2224.129387][T21213] ? radix_tree_cpu_dead+0x160/0x160 [ 2224.134658][T21213] ? _raw_spin_lock+0xa1/0x170 [ 2224.139416][T21213] ? _raw_spin_trylock_bh+0x190/0x190 [ 2224.144784][T21213] dump_header+0xdb/0x700 [ 2224.149102][T21213] oom_kill_process+0xd3/0x280 [ 2224.153852][T21213] out_of_memory+0x5b6/0x890 [ 2224.158429][T21213] ? unregister_oom_notifier+0x20/0x20 [ 2224.163887][T21213] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2224.169426][T21213] ? get_page_from_freelist+0x7c0/0x7c0 [ 2224.174960][T21213] ? __zone_watermark_ok+0x91/0x280 [ 2224.180154][T21213] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2224.185518][T21213] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2224.191057][T21213] ? copy_process+0x5a4/0x5110 [ 2224.195812][T21213] ? kmem_cache_alloc+0x1d5/0x260 [ 2224.200824][T21213] copy_process+0x5f3/0x5110 [ 2224.205407][T21213] ? do_wp_page+0xb1b/0x1530 [ 2224.209989][T21213] ? do_swap_page+0x1560/0x1560 [ 2224.214843][T21213] ? fork_idle+0x290/0x290 [ 2224.219251][T21213] ? handle_mm_fault+0xb16/0x40a0 [ 2224.224265][T21213] _do_fork+0x196/0x920 [ 2224.228407][T21213] ? dup_mm+0x300/0x300 [ 2224.232551][T21213] ? ktime_get_raw+0x130/0x130 [ 2224.237300][T21213] __x64_sys_clone+0x25f/0x2c0 [ 2224.242056][T21213] ? __ia32_sys_vfork+0x110/0x110 [ 2224.247071][T21213] ? __x64_sys_clock_gettime+0x20d/0x260 [ 2224.252710][T21213] ? do_user_addr_fault+0x55c/0x9f0 [ 2224.257896][T21213] do_syscall_64+0xcb/0x150 [ 2224.262389][T21213] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2224.268269][T21213] RIP: 0033:0x45ae5a [ 2224.272149][T21213] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2224.292343][T21213] RSP: 002b:00007ffe37bf0330 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2224.301162][T21213] RAX: ffffffffffffffda RBX: 00007ffe37bf0330 RCX: 000000000045ae5a [ 2224.309105][T21213] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2224.317392][T21213] RBP: 00007ffe37bf0370 R08: 0000000000000001 R09: 00000000012aa940 [ 2224.325335][T21213] R10: 00000000012aac10 R11: 0000000000000246 R12: 0000000000000001 [ 2224.333276][T21213] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffe37bf03c0 [ 2224.458261][T21213] Mem-Info: [ 2224.461839][T21213] active_anon:1383724 inactive_anon:17090 isolated_anon:0 [ 2224.461839][T21213] active_file:107 inactive_file:100 isolated_file:14 [ 2224.461839][T21213] unevictable:0 dirty:4 writeback:21 unstable:0 [ 2224.461839][T21213] slab_reclaimable:8513 slab_unreclaimable:79728 [ 2224.461839][T21213] mapped:62181 shmem:17097 pagetables:46408 bounce:0 [ 2224.461839][T21213] free:10827 free_pcp:429 free_cma:0 [ 2224.500982][T21213] Node 0 active_anon:5534896kB inactive_anon:68360kB active_file:428kB inactive_file:284kB unevictable:0kB isolated(anon):0kB isolated(file):56kB mapped:248724kB dirty:16kB writeback:84kB shmem:68388kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2224.527810][T21213] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2224.559045][T21213] lowmem_reserve[]: 0 2912 6416 6416 [ 2224.565046][T21213] DMA32 free:24000kB min:12836kB low:15816kB high:18796kB active_anon:2702004kB inactive_anon:8904kB active_file:592kB inactive_file:440kB unevictable:0kB writepending:80kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:26784kB pagetables:61384kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2224.604171][T21213] lowmem_reserve[]: 0 0 3504 3504 [ 2224.611263][T21213] Normal free:3908kB min:5592kB low:9180kB high:12768kB active_anon:2832408kB inactive_anon:59456kB active_file:292kB inactive_file:360kB unevictable:0kB writepending:20kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30784kB pagetables:124248kB bounce:0kB free_pcp:48kB local_pcp:0kB free_cma:0kB [ 2224.647905][T21213] lowmem_reserve[]: 0 0 0 0 [ 2224.653002][T21213] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2224.667073][T21213] DMA32: 363*4kB (UMH) 1047*8kB (UMEH) 862*16kB (UMH) 16*32kB (UMH) 5*64kB (UH) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 24580kB [ 2224.683310][T21213] Normal: 156*4kB (UME) 54*8kB (UME) 19*16kB (UME) 99*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4528kB [ 2224.697833][T21213] 17269 total pagecache pages [ 2224.708073][T21213] 0 pages in swap cache [ 2224.713676][T21213] Swap cache stats: add 0, delete 0, find 0/0 [ 2224.720372][T21213] Free swap = 0kB [ 2224.724665][T21213] Total swap = 0kB [ 2224.729339][T21213] 1965979 pages RAM [ 2224.734185][T21213] 0 pages HighMem/MovableOnly [ 2224.740053][T21213] 318830 pages reserved [ 2224.745103][T21213] 0 pages cma reserved [ 2224.749800][T21213] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.5,pid=24155,uid=0 [ 2224.781459][T21213] Out of memory: Killed process 24155 (syz-executor.5) total-vm:75360kB, anon-rss:13932kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 04:08:22 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x153000}], 0x1, 0x0) pipe(0x0) 04:08:22 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x300, 0x10000000}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:08:22 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0xa, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:08:22 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x108000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:08:22 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) fstatfs(0xffffffffffffffff, &(0x7f0000000040)=""/95) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') r1 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r1, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) r2 = dup3(r1, r0, 0x0) dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r3 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r3, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r5 = socket$inet6(0xa, 0x1, 0x5) recvmmsg(r5, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r6 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r6, &(0x7f0000000500), 0x37d, 0x0) [ 2227.274316][T20238] syz-executor.4 invoked oom-killer: gfp_mask=0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x1000000), order=0, oom_score_adj=1000 [ 2227.287620][T20238] CPU: 1 PID: 20238 Comm: syz-executor.4 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2227.297853][T20238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2227.308009][T20238] Call Trace: [ 2227.311282][T20238] dump_stack+0x14a/0x1ce [ 2227.315581][T20238] ? devkmsg_release+0x11c/0x11c [ 2227.320498][T20238] ? show_regs_print_info+0x12/0x12 [ 2227.325665][T20238] ? radix_tree_cpu_dead+0x160/0x160 [ 2227.330919][T20238] ? _raw_spin_lock+0xa1/0x170 [ 2227.335662][T20238] ? _raw_spin_trylock_bh+0x190/0x190 [ 2227.341004][T20238] dump_header+0xdb/0x700 [ 2227.345303][T20238] oom_kill_process+0xd3/0x280 [ 2227.350036][T20238] out_of_memory+0x5b6/0x890 [ 2227.354604][T20238] ? unregister_oom_notifier+0x20/0x20 [ 2227.360053][T20238] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2227.365579][T20238] ? get_page_from_freelist+0x7c0/0x7c0 [ 2227.371106][T20238] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2227.376446][T20238] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2227.381970][T20238] handle_mm_fault+0x1689/0x40a0 [ 2227.386877][T20238] ? finish_fault+0x230/0x230 [ 2227.391534][T20238] ? do_mmap+0x9ad/0x1060 [ 2227.395841][T20238] ? up_read+0x10/0x10 [ 2227.399877][T20238] ? __up_read+0x1b0/0x1b0 [ 2227.404262][T20238] ? vmacache_update+0x9f/0xf0 [ 2227.408999][T20238] do_user_addr_fault+0x48a/0x9f0 [ 2227.413997][T20238] page_fault+0x2f/0x40 [ 2227.418129][T20238] RIP: 0033:0x41407f [ 2227.421999][T20238] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 2227.441575][T20238] RSP: 002b:00007ffe517c2910 EFLAGS: 00010206 [ 2227.447611][T20238] RAX: 00007fa744f19000 RBX: 0000000000020000 RCX: 000000000045c87a [ 2227.455553][T20238] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 2227.463494][T20238] RBP: 00007ffe517c29f0 R08: ffffffffffffffff R09: 0000000000000000 [ 2227.471435][T20238] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe517c2af0 [ 2227.479380][T20238] R13: 00007fa744f39700 R14: 0000000000000818 R15: 000000000078c22c [ 2227.492025][T20238] Mem-Info: [ 2227.507688][T20238] active_anon:1383838 inactive_anon:17090 isolated_anon:0 [ 2227.507688][T20238] active_file:509 inactive_file:526 isolated_file:62 [ 2227.507688][T20238] unevictable:0 dirty:0 writeback:0 unstable:0 [ 2227.507688][T20238] slab_reclaimable:8516 slab_unreclaimable:79656 [ 2227.507688][T20238] mapped:63104 shmem:17097 pagetables:46413 bounce:0 [ 2227.507688][T20238] free:10100 free_pcp:31 free_cma:0 [ 2227.575546][T20238] Node 0 active_anon:5535692kB inactive_anon:68360kB active_file:1676kB inactive_file:1856kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:251708kB dirty:0kB writeback:0kB shmem:68388kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2227.603672][T20238] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2227.631223][T20238] lowmem_reserve[]: 0 2912 6416 6416 [ 2227.637029][T20238] DMA32 free:21572kB min:8740kB low:11720kB high:14700kB active_anon:2702188kB inactive_anon:8908kB active_file:1984kB inactive_file:1572kB unevictable:0kB writepending:0kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:27136kB pagetables:61508kB bounce:0kB free_pcp:392kB local_pcp:128kB free_cma:0kB [ 2227.770048][T20238] lowmem_reserve[]: 0 0 3504 3504 [ 2227.775256][T20238] Normal free:4156kB min:5592kB low:9180kB high:12768kB active_anon:2833412kB inactive_anon:59452kB active_file:28kB inactive_file:4kB unevictable:0kB writepending:0kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30752kB pagetables:124144kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2227.815728][T20238] lowmem_reserve[]: 0 0 0 0 [ 2227.820474][T20238] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2227.851133][T20238] DMA32: 324*4kB (UM) 52*8kB (UMEH) 34*16kB (UMH) 20*32kB (UMH) 15*64kB (UMH) 22*128kB (UMH) 15*256kB (UMH) 9*512kB (UM) 4*1024kB (M) 1*2048kB (U) 0*4096kB = 21264kB [ 2227.891953][T20238] Normal: 129*4kB (UME) 59*8kB (UME) 20*16kB (UME) 89*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4156kB [ 2227.905478][T20238] 17383 total pagecache pages [ 2227.910344][T20238] 0 pages in swap cache [ 2227.915713][T20238] Swap cache stats: add 0, delete 0, find 0/0 [ 2227.927955][T20238] Free swap = 0kB [ 2227.931760][T20238] Total swap = 0kB [ 2227.935458][T20238] 1965979 pages RAM [ 2227.952285][T20238] 0 pages HighMem/MovableOnly [ 2227.956961][T20238] 318830 pages reserved [ 2227.975054][T20238] 0 pages cma reserved [ 2227.979158][T20238] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=20267,uid=0 [ 2227.993312][T20238] Out of memory: Killed process 20267 (syz-executor.0) total-vm:75624kB, anon-rss:16544kB, file-rss:35088kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 2228.014276][ T23] oom_reaper: reaped process 20267 (syz-executor.0), now anon-rss:0kB, file-rss:34732kB, shmem-rss:0kB 04:08:23 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x154000}], 0x1, 0x0) pipe(0x0) 04:08:23 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0xb, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:08:23 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0xb1000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:08:23 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0)={0xc00, 0x10000000}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) [ 2228.607367][T20303] syz-executor.4 invoked oom-killer: gfp_mask=0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x1000000), order=0, oom_score_adj=1000 [ 2228.674540][T20303] CPU: 1 PID: 20303 Comm: syz-executor.4 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2228.684696][T20303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2228.694743][T20303] Call Trace: [ 2228.698094][T20303] dump_stack+0x14a/0x1ce [ 2228.702407][T20303] ? devkmsg_release+0x11c/0x11c [ 2228.707320][T20303] ? show_regs_print_info+0x12/0x12 [ 2228.712485][T20303] ? radix_tree_cpu_dead+0x160/0x160 [ 2228.717739][T20303] ? _raw_spin_lock+0xa1/0x170 [ 2228.722473][T20303] ? _raw_spin_trylock_bh+0x190/0x190 [ 2228.727812][T20303] dump_header+0xdb/0x700 [ 2228.732109][T20303] oom_kill_process+0xd3/0x280 [ 2228.736841][T20303] out_of_memory+0x5b6/0x890 [ 2228.741409][T20303] ? unregister_oom_notifier+0x20/0x20 [ 2228.746840][T20303] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2228.752358][T20303] ? get_page_from_freelist+0x7c0/0x7c0 [ 2228.757874][T20303] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2228.763214][T20303] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2228.768728][T20303] handle_mm_fault+0x1689/0x40a0 [ 2228.773641][T20303] ? finish_fault+0x230/0x230 [ 2228.778300][T20303] ? find_vma+0xc7/0x150 [ 2228.782522][T20303] ? find_vma+0x130/0x150 [ 2228.786819][T20303] ? vmacache_update+0x9f/0xf0 [ 2228.791550][T20303] do_user_addr_fault+0x48a/0x9f0 [ 2228.796544][T20303] page_fault+0x2f/0x40 [ 2228.800679][T20303] RIP: 0033:0x41407f [ 2228.804556][T20303] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 2228.824129][T20303] RSP: 002b:00007ffe517c2910 EFLAGS: 00010206 [ 2228.830174][T20303] RAX: 00007fa744f5b000 RBX: 0000000000020000 RCX: 000000000045c87a [ 2228.838115][T20303] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 2228.846056][T20303] RBP: 00007ffe517c29f0 R08: ffffffffffffffff R09: 0000000000000000 [ 2228.855048][T20303] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe517c2af0 [ 2228.862987][T20303] R13: 00007fa744f7b700 R14: 0000000000000818 R15: 000000000078c0ec [ 2228.928869][T20303] Mem-Info: [ 2228.941179][T20303] active_anon:1382232 inactive_anon:17090 isolated_anon:0 [ 2228.941179][T20303] active_file:474 inactive_file:500 isolated_file:82 [ 2228.941179][T20303] unevictable:0 dirty:5 writeback:13 unstable:0 [ 2228.941179][T20303] slab_reclaimable:8516 slab_unreclaimable:79867 [ 2228.941179][T20303] mapped:62974 shmem:17097 pagetables:46417 bounce:0 [ 2228.941179][T20303] free:11096 free_pcp:419 free_cma:0 [ 2228.995776][T20303] Node 0 active_anon:5528928kB inactive_anon:68360kB active_file:1864kB inactive_file:1536kB unevictable:0kB isolated(anon):0kB isolated(file):188kB mapped:251196kB dirty:20kB writeback:52kB shmem:68388kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2229.083659][T20303] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2229.156511][T20303] lowmem_reserve[]: 0 2912 6416 6416 [ 2229.171172][T20303] DMA32 free:27300kB min:12836kB low:15816kB high:18796kB active_anon:2695788kB inactive_anon:8908kB active_file:1084kB inactive_file:1416kB unevictable:0kB writepending:76kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:27008kB pagetables:61468kB bounce:0kB free_pcp:400kB local_pcp:232kB free_cma:0kB [ 2229.267843][T20303] lowmem_reserve[]: 0 0 3504 3504 [ 2229.273117][T20303] Normal free:4152kB min:5592kB low:9180kB high:12768kB active_anon:2833404kB inactive_anon:59452kB active_file:24kB inactive_file:12kB unevictable:0kB writepending:4kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30784kB pagetables:124096kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2229.328713][T20303] lowmem_reserve[]: 0 0 0 0 [ 2229.333539][T20303] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2229.347277][T20303] DMA32: 503*4kB (UME) 167*8kB (UMEH) 69*16kB (UMEH) 31*32kB (UMH) 36*64kB (UMH) 24*128kB (UMH) 15*256kB (UMH) 12*512kB (UM) 4*1024kB (M) 1*2048kB (U) 0*4096kB = 26948kB [ 2229.366504][T20303] Normal: 142*4kB (UME) 60*8kB (UME) 20*16kB (UME) 88*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4184kB [ 2229.391647][T20303] 17891 total pagecache pages [ 2229.396761][T20303] 0 pages in swap cache [ 2229.425127][T20303] Swap cache stats: add 0, delete 0, find 0/0 [ 2229.471573][T20303] Free swap = 0kB [ 2229.475490][T20303] Total swap = 0kB [ 2229.479457][T20303] 1965979 pages RAM [ 2229.483464][T20303] 0 pages HighMem/MovableOnly [ 2229.488342][T20303] 318830 pages reserved [ 2229.492730][T20303] 0 pages cma reserved [ 2229.497142][T20303] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=20316,uid=0 [ 2229.511841][T20303] Out of memory: Killed process 20316 (syz-executor.0) total-vm:75492kB, anon-rss:16568kB, file-rss:35212kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 04:08:25 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x1000000, 0x10000000}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:08:25 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x155000}], 0x1, 0x0) pipe(0x0) 04:08:25 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0xd, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:08:25 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x109000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:08:25 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0xb2000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) [ 2230.929337][T20280] modprobe invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=0 [ 2230.940144][T20280] CPU: 0 PID: 20280 Comm: modprobe Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2230.949773][T20280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2230.959822][T20280] Call Trace: [ 2230.963109][T20280] dump_stack+0x14a/0x1ce [ 2230.967431][T20280] ? devkmsg_release+0x11c/0x11c [ 2230.972376][T20280] ? show_regs_print_info+0x12/0x12 04:08:26 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x156000}], 0x1, 0x0) pipe(0x0) [ 2230.977566][T20280] ? radix_tree_cpu_dead+0x160/0x160 [ 2230.982845][T20280] ? _raw_spin_lock+0xa1/0x170 [ 2230.987602][T20280] ? _raw_spin_trylock_bh+0x190/0x190 [ 2230.992966][T20280] dump_header+0xdb/0x700 [ 2230.997285][T20280] oom_kill_process+0xd3/0x280 [ 2231.002041][T20280] out_of_memory+0x5b6/0x890 [ 2231.006621][T20280] ? unregister_oom_notifier+0x20/0x20 [ 2231.012072][T20280] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2231.017610][T20280] ? get_page_from_freelist+0x7c0/0x7c0 [ 2231.023148][T20280] ? __zone_watermark_ok+0x91/0x280 [ 2231.028334][T20280] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2231.033704][T20280] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2231.039280][T20280] ? ext4_handle_dirty_dirblock+0x6e0/0x6e0 [ 2231.045158][T20280] alloc_slab_page+0x3a/0x3a0 [ 2231.049825][T20280] new_slab+0x408/0x450 [ 2231.053970][T20280] ? should_fail+0x18e/0x860 [ 2231.058547][T20280] ? getname_flags+0xb8/0x610 [ 2231.063235][T20280] ___slab_alloc+0x2e0/0x450 [ 2231.067811][T20280] ? getname_flags+0xb8/0x610 [ 2231.072472][T20280] ? getname_flags+0xb8/0x610 [ 2231.077167][T20280] kmem_cache_alloc+0x23f/0x260 [ 2231.082013][T20280] getname_flags+0xb8/0x610 [ 2231.086507][T20280] user_path_at_empty+0x28/0x50 [ 2231.091379][T20280] vfs_statx+0x121/0x220 [ 2231.095623][T20280] ? vfs_statx_fd+0xb0/0xb0 [ 2231.100206][T20280] ? atime_needs_update+0x378/0x570 [ 2231.105390][T20280] __se_sys_newfstatat+0xd1/0x7b0 [ 2231.110401][T20280] ? __x64_sys_newfstatat+0xa0/0xa0 [ 2231.115586][T20280] ? security_file_permission+0x1e9/0x300 [ 2231.121290][T20280] ? iterate_dir+0x264/0x510 [ 2231.125867][T20280] ? __se_sys_getdents+0x3d4/0x540 [ 2231.130958][T20280] ? switch_fpu_return+0x10/0x10 [ 2231.135887][T20280] do_syscall_64+0xcb/0x150 [ 2231.140380][T20280] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2231.146257][T20280] RIP: 0033:0x7f1926b0244b [ 2231.150665][T20280] Code: Bad RIP value. [ 2231.154717][T20280] RSP: 002b:00007ffed7eb7e88 EFLAGS: 00000246 ORIG_RAX: 0000000000000106 [ 2231.163111][T20280] RAX: ffffffffffffffda RBX: 000055ebfbdd6223 RCX: 00007f1926b0244b [ 2231.171068][T20280] RDX: 00007ffed7eb7fe0 RSI: 000055ebfbdd6223 RDI: 0000000000000000 [ 2231.179052][T20280] RBP: 000055ebfb621eb9 R08: 0000000000000000 R09: 0000000000008040 [ 2231.187016][T20280] R10: 0000000000000000 R11: 0000000000000246 R12: 000055ebfbdd61e0 [ 2231.194979][T20280] R13: 000055ebfbdd6210 R14: 000055ebfb829078 R15: 0005a1ac222d8bf8 [ 2231.203286][T20280] Mem-Info: [ 2231.206412][T20280] active_anon:1384316 inactive_anon:17090 isolated_anon:0 [ 2231.206412][T20280] active_file:42 inactive_file:170 isolated_file:0 [ 2231.206412][T20280] unevictable:0 dirty:1 writeback:0 unstable:0 [ 2231.206412][T20280] slab_reclaimable:8521 slab_unreclaimable:79817 [ 2231.206412][T20280] mapped:62088 shmem:17097 pagetables:46393 bounce:0 [ 2231.206412][T20280] free:10312 free_pcp:270 free_cma:0 [ 2231.245237][T20280] Node 0 active_anon:5537264kB inactive_anon:68360kB active_file:1492kB inactive_file:1988kB unevictable:0kB isolated(anon):0kB isolated(file):240kB mapped:251132kB dirty:4kB writeback:0kB shmem:68388kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2231.271335][T20280] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2231.297757][T20280] lowmem_reserve[]: 0 2912 6416 6416 [ 2231.303067][T20280] DMA32 free:20220kB min:4644kB low:7624kB high:10604kB active_anon:2703820kB inactive_anon:8908kB active_file:560kB inactive_file:600kB unevictable:0kB writepending:4kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:26688kB pagetables:61476kB bounce:0kB free_pcp:1416kB local_pcp:32kB free_cma:0kB [ 2231.332389][T20280] lowmem_reserve[]: 0 0 3504 3504 [ 2231.337425][T20280] Normal free:4308kB min:5592kB low:9180kB high:12768kB active_anon:2833444kB inactive_anon:59452kB active_file:16kB inactive_file:0kB unevictable:0kB writepending:0kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30752kB pagetables:124096kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 2231.367468][T20280] lowmem_reserve[]: 0 0 0 0 [ 2231.375562][T20280] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2231.390122][T20280] DMA32: 471*4kB (UME) 124*8kB (UMEH) 27*16kB (UMH) 45*32kB (UMH) 17*64kB (UMH) 4*128kB (UH) 11*256kB (MH) 12*512kB (UM) 5*1024kB (UM) 0*2048kB 0*4096kB = 20428kB [ 2231.457699][T20280] Normal: 149*4kB (UE) 60*8kB (UE) 19*16kB (UMEH) 59*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 3268kB [ 2231.479205][T20280] 17612 total pagecache pages [ 2231.483895][T20280] 0 pages in swap cache [ 2231.488262][T20280] Swap cache stats: add 0, delete 0, find 0/0 [ 2231.494325][T20280] Free swap = 0kB [ 2231.498241][T20280] Total swap = 0kB [ 2231.502028][T20280] 1965979 pages RAM [ 2231.505827][T20280] 0 pages HighMem/MovableOnly [ 2231.510732][T20280] 318830 pages reserved [ 2231.514889][T20280] 0 pages cma reserved [ 2231.519163][T20280] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=20352,uid=0 [ 2231.533457][T20280] Out of memory: Killed process 20352 (syz-executor.0) total-vm:75624kB, anon-rss:16580kB, file-rss:34840kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 04:08:27 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x10, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:08:27 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x3, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) 04:08:27 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x3000000, 0x10000000}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) [ 2232.131400][T20386] syz-executor.2 invoked oom-killer: gfp_mask=0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x1000000), order=0, oom_score_adj=1000 [ 2232.157651][T20386] CPU: 0 PID: 20386 Comm: syz-executor.2 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2232.167994][T20386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2232.178029][T20386] Call Trace: [ 2232.181300][T20386] dump_stack+0x14a/0x1ce [ 2232.185619][T20386] ? devkmsg_release+0x11c/0x11c [ 2232.190528][T20386] ? show_regs_print_info+0x12/0x12 [ 2232.195716][T20386] ? radix_tree_cpu_dead+0x160/0x160 [ 2232.201058][T20386] ? _raw_spin_lock+0xa1/0x170 [ 2232.205796][T20386] ? _raw_spin_trylock_bh+0x190/0x190 [ 2232.211159][T20386] dump_header+0xdb/0x700 [ 2232.215463][T20386] oom_kill_process+0xd3/0x280 [ 2232.220200][T20386] out_of_memory+0x5b6/0x890 [ 2232.224762][T20386] ? unregister_oom_notifier+0x20/0x20 [ 2232.230197][T20386] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2232.235739][T20386] ? get_page_from_freelist+0x7c0/0x7c0 [ 2232.241439][T20386] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2232.246793][T20386] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2232.252315][T20386] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 2232.258006][T20386] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2232.263783][T20386] ? __lru_cache_add+0x1a1/0x1f0 [ 2232.268692][T20386] wp_page_copy+0x1cb/0x1120 [ 2232.273268][T20386] ? add_mm_rss_vec+0x270/0x270 [ 2232.278090][T20386] ? vm_normal_page+0x1c9/0x1d0 [ 2232.282913][T20386] do_wp_page+0x4c1/0x1530 [ 2232.287303][T20386] ? _raw_spin_lock+0xa1/0x170 [ 2232.292039][T20386] ? do_swap_page+0x1560/0x1560 [ 2232.296862][T20386] ? mm_trace_rss_stat+0x4b/0x1a0 [ 2232.301860][T20386] handle_mm_fault+0x1354/0x40a0 [ 2232.306771][T20386] ? finish_fault+0x230/0x230 [ 2232.311421][T20386] ? __up_read+0x1b0/0x1b0 [ 2232.315808][T20386] ? vmacache_find+0x205/0x4b0 [ 2232.320546][T20386] do_user_addr_fault+0x48a/0x9f0 [ 2232.325544][T20386] page_fault+0x2f/0x40 [ 2232.329675][T20386] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 2232.336248][T20386] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 2232.355825][T20386] RSP: 0018:ffff8880143cf888 EFLAGS: 00010206 [ 2232.361863][T20386] RAX: ffffffff81f71b01 RBX: 00000000200c7500 RCX: 0000000000000500 [ 2232.369806][T20386] RDX: 0000000000001000 RSI: ffff888012715b00 RDI: 00000000200c7000 [ 2232.377749][T20386] RBP: ffff8880143cfda8 R08: dffffc0000000000 R09: ffffed10024e2c00 [ 2232.385707][T20386] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffffffff000 [ 2232.393660][T20386] R13: 0000000000001000 R14: ffff888012715000 R15: 00000000200c6500 [ 2232.401621][T20386] ? copyout+0x21/0xb0 [ 2232.405692][T20386] copyout+0x8e/0xb0 [ 2232.409575][T20386] copy_page_to_iter+0x393/0xbd0 [ 2232.414517][T20386] pipe_to_user+0xa3/0x130 [ 2232.418914][T20386] __splice_from_pipe+0x2d3/0x870 [ 2232.423913][T20386] ? user_page_pipe_buf_steal+0xc0/0xc0 [ 2232.429431][T20386] do_vmsplice+0x252/0xee0 [ 2232.433820][T20386] ? avc_ss_reset+0x3a0/0x3a0 [ 2232.438470][T20386] ? write_pipe_buf+0x1d0/0x1d0 [ 2232.443307][T20386] ? __rcu_read_lock+0x50/0x50 [ 2232.448043][T20386] ? check_stack_object+0x5a/0x90 [ 2232.453045][T20386] ? _copy_from_user+0xa4/0xe0 [ 2232.457781][T20386] ? rw_copy_check_uvector+0x2b3/0x310 [ 2232.463213][T20386] ? import_iovec+0x1c2/0x380 [ 2232.469109][T20386] ? dup_iter+0x110/0x110 [ 2232.473409][T20386] ? do_vfs_ioctl+0x780/0x1750 [ 2232.478143][T20386] __se_sys_vmsplice+0x1fb/0x300 [ 2232.483053][T20386] ? __x64_sys_vmsplice+0xa0/0xa0 [ 2232.488221][T20386] ? put_timespec64+0x109/0x150 [ 2232.493133][T20386] ? __x64_sys_clock_gettime+0x20d/0x260 [ 2232.498735][T20386] ? __ia32_sys_clock_settime+0x2a0/0x2a0 [ 2232.504423][T20386] do_syscall_64+0xcb/0x150 [ 2232.509083][T20386] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2232.514943][T20386] RIP: 0033:0x45c829 [ 2232.518809][T20386] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2232.538385][T20386] RSP: 002b:00007f70f56e6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 2232.546764][T20386] RAX: ffffffffffffffda RBX: 0000000000509d00 RCX: 000000000045c829 [ 2232.554717][T20386] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000003 [ 2232.562658][T20386] RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 2232.570728][T20386] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2232.578677][T20386] R13: 0000000000000c49 R14: 00000000004ce70e R15: 00007f70f56e76d4 [ 2232.628805][T20386] Mem-Info: [ 2232.647606][T20386] active_anon:1382597 inactive_anon:17090 isolated_anon:0 [ 2232.647606][T20386] active_file:396 inactive_file:405 isolated_file:60 [ 2232.647606][T20386] unevictable:0 dirty:59 writeback:1 unstable:0 [ 2232.647606][T20386] slab_reclaimable:8520 slab_unreclaimable:80148 [ 2232.647606][T20386] mapped:62855 shmem:17097 pagetables:46485 bounce:0 [ 2232.647606][T20386] free:10766 free_pcp:250 free_cma:0 [ 2232.687588][T20386] Node 0 active_anon:5530388kB inactive_anon:68360kB active_file:1588kB inactive_file:1620kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:251348kB dirty:236kB writeback:4kB shmem:68388kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2232.721832][T20386] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2232.756256][T20386] lowmem_reserve[]: 0 2912 6416 6416 [ 2232.762336][T20386] DMA32 free:20364kB min:8740kB low:11720kB high:14700kB active_anon:2700276kB inactive_anon:8908kB active_file:924kB inactive_file:1400kB unevictable:0kB writepending:236kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:27360kB pagetables:61848kB bounce:0kB free_pcp:832kB local_pcp:504kB free_cma:0kB [ 2232.792837][T20386] lowmem_reserve[]: 0 0 3504 3504 [ 2232.798950][T20386] Normal free:7088kB min:9688kB low:13276kB high:16864kB active_anon:2830620kB inactive_anon:59452kB active_file:212kB inactive_file:4kB unevictable:0kB writepending:4kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30720kB pagetables:124092kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2232.828831][T20386] lowmem_reserve[]: 0 0 0 0 [ 2232.834174][T20386] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2232.847991][T20386] DMA32: 5*4kB (UE) 27*8kB (UEH) 20*16kB (UMH) 15*32kB (UMH) 59*64kB (UMH) 17*128kB (UMH) 13*256kB (MH) 11*512kB (M) 4*1024kB (UM) 0*2048kB 0*4096kB = 20044kB [ 2232.864370][T20386] Normal: 394*4kB (UME) 165*8kB (UME) 32*16kB (UME) 115*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 7088kB [ 2232.919333][T20386] 17492 total pagecache pages [ 2232.924441][T20386] 0 pages in swap cache [ 2232.928942][T20386] Swap cache stats: add 0, delete 0, find 0/0 [ 2232.935483][T20386] Free swap = 0kB [ 2232.947589][T20386] Total swap = 0kB [ 2232.951631][T20386] 1965979 pages RAM [ 2232.955715][T20386] 0 pages HighMem/MovableOnly [ 2232.961593][T20386] 318830 pages reserved [ 2232.974431][T20386] 0 pages cma reserved [ 2232.983527][T20386] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.3,pid=30417,uid=0 [ 2232.999726][T20386] Out of memory: Killed process 30417 (syz-executor.3) total-vm:75756kB, anon-rss:13824kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000 04:08:28 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x157000}], 0x1, 0x0) pipe(0x0) 04:08:28 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x12, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:08:28 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x10a000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:08:28 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x8000000, 0x10000000}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) [ 2233.630011][T20402] systemd-udevd invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=0 [ 2233.648312][T20402] CPU: 1 PID: 20402 Comm: systemd-udevd Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2233.658363][T20402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2233.668593][T20402] Call Trace: [ 2233.671864][T20402] dump_stack+0x14a/0x1ce [ 2233.676170][T20402] ? devkmsg_release+0x11c/0x11c [ 2233.681087][T20402] ? show_regs_print_info+0x12/0x12 [ 2233.686303][T20402] ? radix_tree_cpu_dead+0x160/0x160 [ 2233.691560][T20402] ? _raw_spin_lock+0xa1/0x170 [ 2233.696300][T20402] ? _raw_spin_trylock_bh+0x190/0x190 [ 2233.701653][T20402] dump_header+0xdb/0x700 [ 2233.705955][T20402] oom_kill_process+0xd3/0x280 [ 2233.710707][T20402] out_of_memory+0x5b6/0x890 [ 2233.715285][T20402] ? unregister_oom_notifier+0x20/0x20 [ 2233.720730][T20402] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2233.726267][T20402] ? get_page_from_freelist+0x7c0/0x7c0 [ 2233.731786][T20402] ? __zone_watermark_ok+0x91/0x280 [ 2233.736957][T20402] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2233.742734][T20402] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2233.748247][T20402] ? __seccomp_filter+0xa3f/0x1740 [ 2233.753339][T20402] ? __secure_computing+0x250/0x250 [ 2233.758507][T20402] alloc_slab_page+0x3a/0x3a0 [ 2233.763156][T20402] new_slab+0x408/0x450 [ 2233.767280][T20402] ? blkdev_iopoll+0xf0/0xf0 [ 2233.771840][T20402] ___slab_alloc+0x2e0/0x450 [ 2233.776403][T20402] ? getname_flags+0xb8/0x610 [ 2233.781050][T20402] ? getname_flags+0xb8/0x610 [ 2233.785711][T20402] kmem_cache_alloc+0x23f/0x260 [ 2233.790540][T20402] getname_flags+0xb8/0x610 [ 2233.795028][T20402] do_sys_open+0x33d/0x7d0 [ 2233.799422][T20402] ? file_open_root+0x450/0x450 [ 2233.804252][T20402] ? security_file_ioctl+0xad/0xc0 [ 2233.809336][T20402] do_syscall_64+0xcb/0x150 [ 2233.813825][T20402] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2233.819717][T20402] RIP: 0033:0x7f4f26555840 [ 2233.824107][T20402] Code: 73 01 c3 48 8b 0d 68 77 20 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 bb 20 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 1e f6 ff ff 48 89 04 24 [ 2233.843682][T20402] RSP: 002b:00007ffe75cbdad8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 2233.852162][T20402] RAX: ffffffffffffffda RBX: 0000000000000700 RCX: 00007f4f26555840 [ 2233.860105][T20402] RDX: 0000000000000000 RSI: 0000000000080000 RDI: 00007ffe75cbdae0 [ 2233.868058][T20402] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000012 [ 2233.875999][T20402] R10: 0000000000000064 R11: 0000000000000246 R12: 00007ffe75cbeb20 [ 2233.884201][T20402] R13: 0000000000000000 R14: 0000000000000000 R15: 000000000000000f [ 2233.893229][T20402] Mem-Info: [ 2233.896569][T20402] active_anon:1381344 inactive_anon:17090 isolated_anon:0 [ 2233.896569][T20402] active_file:196 inactive_file:245 isolated_file:31 [ 2233.896569][T20402] unevictable:0 dirty:75 writeback:0 unstable:0 [ 2233.896569][T20402] slab_reclaimable:8520 slab_unreclaimable:79932 [ 2233.896569][T20402] mapped:62410 shmem:17097 pagetables:46422 bounce:0 [ 2233.896569][T20402] free:12768 free_pcp:11 free_cma:0 [ 2233.934735][T20402] Node 0 active_anon:5525376kB inactive_anon:68360kB active_file:784kB inactive_file:980kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:249640kB dirty:300kB writeback:0kB shmem:68388kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2233.959266][T20402] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2233.985951][T20402] lowmem_reserve[]: 0 2912 6416 6416 [ 2233.991528][T20402] DMA32 free:24236kB min:12836kB low:15816kB high:18796kB active_anon:2699708kB inactive_anon:8908kB active_file:956kB inactive_file:512kB unevictable:0kB writepending:272kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:27072kB pagetables:61628kB bounce:0kB free_pcp:108kB local_pcp:44kB free_cma:0kB [ 2234.032533][T20402] lowmem_reserve[]: 0 0 3504 3504 [ 2234.037795][T20402] Normal free:10932kB min:13784kB low:17372kB high:20960kB active_anon:2825456kB inactive_anon:59452kB active_file:600kB inactive_file:752kB unevictable:0kB writepending:28kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30880kB pagetables:124060kB bounce:0kB free_pcp:152kB local_pcp:4kB free_cma:0kB [ 2234.067867][T20402] lowmem_reserve[]: 0 0 0 0 [ 2234.072659][T20402] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2234.090069][T20402] DMA32: 400*4kB (UME) 78*8kB (UMEH) 31*16kB (UMH) 84*32kB (UMH) 64*64kB (UMH) 16*128kB (MH) 13*256kB (MH) 11*512kB (M) 4*1024kB (UM) 0*2048kB 0*4096kB = 24608kB [ 2234.106629][T20402] Normal: 371*4kB (UME) 244*8kB (UME) 77*16kB (UME) 188*32kB (M) 3*64kB (M) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 10876kB [ 2234.121163][T20402] 17550 total pagecache pages [ 2234.126101][T20402] 0 pages in swap cache [ 2234.130526][T20402] Swap cache stats: add 0, delete 0, find 0/0 [ 2234.136837][T20402] Free swap = 0kB [ 2234.184341][T20402] Total swap = 0kB [ 2234.193061][T20402] 1965979 pages RAM [ 2234.207436][T20402] 0 pages HighMem/MovableOnly [ 2234.212225][T20402] 318830 pages reserved [ 2234.216371][T20402] 0 pages cma reserved [ 2234.227445][T20402] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.2,pid=7537,uid=0 [ 2234.241492][T20402] Out of memory: Killed process 7537 (syz-executor.2) total-vm:75228kB, anon-rss:13816kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000 [ 2234.263813][ T23] oom_reaper: reaped process 7537 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 04:08:30 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x13, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:08:30 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0)={0xc000000, 0x10000000}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:08:30 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x158000}], 0x1, 0x0) pipe(0x0) [ 2235.279071][ T405] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2235.299926][ T405] CPU: 0 PID: 405 Comm: syz-fuzzer Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2235.309560][ T405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2235.319607][ T405] Call Trace: [ 2235.322890][ T405] dump_stack+0x14a/0x1ce [ 2235.327205][ T405] ? devkmsg_release+0x11c/0x11c [ 2235.332126][ T405] ? show_regs_print_info+0x12/0x12 [ 2235.337291][ T405] ? radix_tree_cpu_dead+0x160/0x160 [ 2235.342817][ T405] ? _raw_spin_lock+0xa1/0x170 [ 2235.347568][ T405] ? _raw_spin_trylock_bh+0x190/0x190 [ 2235.352917][ T405] dump_header+0xdb/0x700 [ 2235.357217][ T405] oom_kill_process+0xd3/0x280 [ 2235.361958][ T405] out_of_memory+0x5b6/0x890 [ 2235.366518][ T405] ? unregister_oom_notifier+0x20/0x20 [ 2235.371956][ T405] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2235.377473][ T405] ? get_page_from_freelist+0x7c0/0x7c0 [ 2235.382988][ T405] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2235.388329][ T405] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2235.393852][ T405] pagecache_get_page+0x50f/0x880 [ 2235.398860][ T405] filemap_fault+0x1474/0x19d0 [ 2235.403624][ T405] ? generic_file_read_iter+0x20b0/0x20b0 [ 2235.409327][ T405] ? memset+0x1f/0x40 [ 2235.413293][ T405] ext4_filemap_fault+0x7b/0x90 [ 2235.418136][ T405] handle_mm_fault+0x2837/0x40a0 [ 2235.423073][ T405] ? finish_fault+0x230/0x230 [ 2235.427727][ T405] ? __up_read+0x1b0/0x1b0 [ 2235.432288][ T405] ? vmacache_find+0x47a/0x4b0 [ 2235.437025][ T405] do_user_addr_fault+0x48a/0x9f0 [ 2235.442022][ T405] page_fault+0x2f/0x40 [ 2235.446146][ T405] RIP: 0033:0x4478ba [ 2235.450011][ T405] Code: 50 48 8b 54 24 20 48 89 d3 48 29 ca 48 89 d1 48 c1 ea 0c 48 8d 14 92 48 c1 e2 02 48 03 50 48 48 81 e1 ff 0f 00 00 48 c1 e9 08 <8b> 32 48 83 f9 10 0f 83 ec 00 00 00 0f b6 4c 0a 04 01 f1 48 8b 50 [ 2235.469676][ T405] RSP: 002b:000000c42016ff50 EFLAGS: 00010207 [ 2235.475797][ T405] RAX: 0000000000c990a0 RBX: 000000000077daf0 RCX: 000000000000000a [ 2235.483739][ T405] RDX: 0000000000a3a830 RSI: 0000000000000006 RDI: 0000000000432b01 [ 2235.491706][ T405] RBP: 000000c42016ff60 R08: 000000c430ca5680 R09: 0000000000000000 [ 2235.499653][ T405] R10: 0000000000000002 R11: 0000000000000030 R12: 000000c43084b750 [ 2235.507604][ T405] R13: 000000c43084b780 R14: 000000c42e16f020 R15: 0000000000000001 [ 2235.524968][ T405] Mem-Info: [ 2235.535306][ T405] active_anon:1381788 inactive_anon:17090 isolated_anon:0 [ 2235.535306][ T405] active_file:627 inactive_file:541 isolated_file:87 [ 2235.535306][ T405] unevictable:0 dirty:44 writeback:25 unstable:0 [ 2235.535306][ T405] slab_reclaimable:8523 slab_unreclaimable:80190 [ 2235.535306][ T405] mapped:63249 shmem:17097 pagetables:46453 bounce:0 [ 2235.535306][ T405] free:11234 free_pcp:90 free_cma:0 [ 2235.593709][ T405] Node 0 active_anon:5527152kB inactive_anon:68360kB active_file:2224kB inactive_file:1188kB unevictable:0kB isolated(anon):0kB isolated(file):348kB mapped:251696kB dirty:176kB writeback:100kB shmem:68388kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2235.619035][ T405] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2235.645400][ T405] lowmem_reserve[]: 0 2912 6416 6416 [ 2235.651028][ T405] DMA32 free:20116kB min:8740kB low:11720kB high:14700kB active_anon:2702920kB inactive_anon:8908kB active_file:524kB inactive_file:480kB unevictable:0kB writepending:132kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:26848kB pagetables:61848kB bounce:0kB free_pcp:60kB local_pcp:0kB free_cma:0kB [ 2235.689212][ T405] lowmem_reserve[]: 0 0 3504 3504 [ 2235.694516][ T405] Normal free:9244kB min:9688kB low:13276kB high:16864kB active_anon:2823452kB inactive_anon:59452kB active_file:2544kB inactive_file:1456kB unevictable:0kB writepending:144kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30816kB pagetables:123964kB bounce:0kB free_pcp:828kB local_pcp:128kB free_cma:0kB [ 2235.740664][ T405] lowmem_reserve[]: 0 0 0 0 [ 2235.745353][ T405] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2235.764543][ T405] DMA32: 157*4kB (UME) 74*8kB (UMEH) 28*16kB (UMH) 34*32kB (UMH) 58*64kB (UMH) 16*128kB (UMH) 13*256kB (UMH) 11*512kB (UM) 3*1024kB (UM) 0*2048kB 0*4096kB = 20548kB [ 2235.783027][ T405] Normal: 120*4kB (ME) 172*8kB (UME) 304*16kB (UME) 89*32kB (M) 4*64kB (M) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9824kB [ 2235.797138][ T405] 18138 total pagecache pages [ 2235.802139][ T405] 0 pages in swap cache [ 2235.806886][ T405] Swap cache stats: add 0, delete 0, find 0/0 [ 2235.813219][ T405] Free swap = 0kB [ 2235.825580][ T405] Total swap = 0kB [ 2235.829504][ T405] 1965979 pages RAM [ 2235.844513][ T405] 0 pages HighMem/MovableOnly [ 2235.854953][ T405] 318830 pages reserved [ 2235.869819][ T405] 0 pages cma reserved [ 2235.877574][ T405] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=20427,uid=0 [ 2235.896424][ T405] Out of memory: Killed process 20427 (syz-executor.0) total-vm:75624kB, anon-rss:16580kB, file-rss:35296kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 2236.132899][ T428] syz-executor.5 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2236.164472][ T428] CPU: 0 PID: 428 Comm: syz-executor.5 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2236.174813][ T428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2236.184966][ T428] Call Trace: [ 2236.188259][ T428] dump_stack+0x14a/0x1ce [ 2236.192585][ T428] ? devkmsg_release+0x11c/0x11c [ 2236.197518][ T428] ? show_regs_print_info+0x12/0x12 [ 2236.202706][ T428] ? radix_tree_cpu_dead+0x160/0x160 [ 2236.207970][ T428] ? _raw_spin_lock+0xa1/0x170 [ 2236.212709][ T428] ? _raw_spin_trylock_bh+0x190/0x190 [ 2236.218058][ T428] dump_header+0xdb/0x700 [ 2236.222366][ T428] oom_kill_process+0xd3/0x280 [ 2236.227110][ T428] out_of_memory+0x5b6/0x890 [ 2236.231679][ T428] ? unregister_oom_notifier+0x20/0x20 [ 2236.237142][ T428] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2236.242695][ T428] ? get_page_from_freelist+0x7c0/0x7c0 [ 2236.248250][ T428] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2236.253600][ T428] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2236.259147][ T428] ? switch_mm_irqs_off+0x509/0xa10 [ 2236.264344][ T428] ? switch_mm+0x100/0x100 [ 2236.268738][ T428] wp_page_copy+0x1fe/0x1120 [ 2236.273352][ T428] ? __schedule+0x920/0xef0 [ 2236.277950][ T428] ? add_mm_rss_vec+0x270/0x270 [ 2236.282780][ T428] do_wp_page+0x68b/0x1530 [ 2236.287188][ T428] ? do_swap_page+0x1560/0x1560 [ 2236.292044][ T428] ? __perf_event_task_sched_out+0xfe4/0x1110 [ 2236.298086][ T428] handle_mm_fault+0x1354/0x40a0 [ 2236.303117][ T428] ? finish_fault+0x230/0x230 [ 2236.307783][ T428] ? __up_read+0x1b0/0x1b0 [ 2236.312177][ T428] ? vmacache_update+0x9f/0xf0 [ 2236.316928][ T428] do_user_addr_fault+0x48a/0x9f0 [ 2236.321943][ T428] page_fault+0x2f/0x40 [ 2236.326075][ T428] RIP: 0033:0x432ddc [ 2236.329948][ T428] Code: 83 c0 17 41 55 41 54 55 53 48 89 c5 48 83 e5 f0 48 89 fb 48 81 ec 98 00 00 00 48 83 f8 20 b8 20 00 00 00 48 0f 42 e8 48 85 ff <48> 89 74 24 08 0f 84 3a 08 00 00 48 3b 2d 8a 43 87 00 77 70 89 ef [ 2236.349616][ T428] RSP: 002b:00007ffce0d0cfd0 EFLAGS: 00010202 [ 2236.355686][ T428] RAX: 0000000000000020 RBX: 0000000000741620 RCX: 000000000045bbf4 [ 2236.363637][ T428] RDX: 00007ffce0d0d0c0 RSI: 0000000000008030 RDI: 0000000000741620 [ 2236.371590][ T428] RBP: 0000000000008040 R08: 0000000000000001 R09: 0000000002972940 [ 2236.379545][ T428] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffce0d0e2a0 [ 2236.387500][ T428] R13: 00007ffce0d0e290 R14: 0000000000000000 R15: 00007ffce0d0e2a0 [ 2236.423332][ T428] Mem-Info: [ 2236.427000][ T428] active_anon:1378371 inactive_anon:17090 isolated_anon:0 [ 2236.427000][ T428] active_file:473 inactive_file:809 isolated_file:65 [ 2236.427000][ T428] unevictable:0 dirty:27 writeback:0 unstable:0 [ 2236.427000][ T428] slab_reclaimable:8523 slab_unreclaimable:80207 [ 2236.427000][ T428] mapped:63107 shmem:17097 pagetables:46398 bounce:0 [ 2236.427000][ T428] free:14818 free_pcp:244 free_cma:0 [ 2236.473402][ T428] Node 0 active_anon:5503884kB inactive_anon:68360kB active_file:1100kB inactive_file:3304kB unevictable:0kB isolated(anon):0kB isolated(file):364kB mapped:251828kB dirty:108kB writeback:0kB shmem:68388kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2236.498076][ T428] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2236.556323][ T428] lowmem_reserve[]: 0 2912 6416 6416 [ 2236.561979][ T428] DMA32 free:26176kB min:8740kB low:11720kB high:14700kB active_anon:2694916kB inactive_anon:8908kB active_file:432kB inactive_file:648kB unevictable:0kB writepending:24kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:26560kB pagetables:61644kB bounce:0kB free_pcp:2752kB local_pcp:1392kB free_cma:0kB [ 2236.612350][ T428] lowmem_reserve[]: 0 0 3504 3504 [ 2236.623459][ T428] Normal free:23828kB min:21976kB low:25564kB high:29152kB active_anon:2809356kB inactive_anon:59452kB active_file:1160kB inactive_file:2624kB unevictable:0kB writepending:88kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30720kB pagetables:123948kB bounce:0kB free_pcp:500kB local_pcp:156kB free_cma:0kB 04:08:31 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x159000}], 0x1, 0x0) pipe(0x0) 04:08:32 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0xb3000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:08:32 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x10000000, 0x10000000}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:08:32 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x10b000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:08:32 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x14, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:08:32 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r1, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r4 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r4, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000040)='net/ip_mr_cache\x00') pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r6, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r7 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r7, &(0x7f0000000500), 0x37d, 0x0) ppoll(&(0x7f0000000080)=[{0xffffffffffffffff, 0x400}, {r3}, {r6, 0x10}, {r7, 0x244}, {r0, 0xa2}], 0x5, &(0x7f0000000100), &(0x7f0000000180)={[0x3]}, 0x8) preadv(r5, &(0x7f0000000500), 0x37d, 0x0) [ 2236.767261][ T428] lowmem_reserve[]: 0 0 0 0 [ 2236.771947][ T428] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2236.807239][ T428] DMA32: 457*4kB (UME) 329*8kB (UMEH) 147*16kB (UMH) 72*32kB (UMH) 60*64kB (UMH) 16*128kB (UMH) 13*256kB (UMH) 11*512kB (UM) 3*1024kB (UM) 0*2048kB 0*4096kB = 27036kB [ 2236.824505][ T428] Normal: 465*4kB (UMEH) 598*8kB (UME) 620*16kB (UME) 227*32kB (UM) 3*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 24020kB [ 2236.864113][ T428] 17895 total pagecache pages [ 2236.872438][ T428] 0 pages in swap cache [ 2236.876762][ T428] Swap cache stats: add 0, delete 0, find 0/0 [ 2236.883524][ T428] Free swap = 0kB [ 2236.887837][ T428] Total swap = 0kB [ 2236.892537][ T428] 1965979 pages RAM [ 2236.896478][ T428] 0 pages HighMem/MovableOnly [ 2236.902825][ T428] 318830 pages reserved [ 2236.907065][ T428] 0 pages cma reserved [ 2236.912998][ T428] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=10858,uid=0 [ 2236.927999][ T428] Out of memory: Killed process 10858 (syz-executor.0) total-vm:75756kB, anon-rss:13788kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000 [ 2237.224292][T20491] ================================================================== [ 2237.232711][T20491] BUG: KASAN: out-of-bounds in unwind_next_frame+0x194/0x2230 [ 2237.240603][T20491] Read of size 8 at addr ffff888152aa6780 by task syz-executor.3/20491 [ 2237.249196][T20491] [ 2237.251534][T20491] CPU: 0 PID: 20491 Comm: syz-executor.3 Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2237.261883][T20491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2237.272022][T20491] Call Trace: [ 2237.275724][T20491] dump_stack+0x14a/0x1ce [ 2237.280048][T20491] ? show_regs_print_info+0x12/0x12 [ 2237.285245][T20491] ? printk+0xd2/0x114 [ 2237.289473][T20491] print_address_description+0x93/0x620 [ 2237.295026][T20491] ? preempt_schedule+0x110/0x130 [ 2237.300230][T20491] ? schedule_preempt_disabled+0x20/0x20 [ 2237.308902][T20491] __kasan_report+0x16d/0x1e0 [ 2237.313588][T20491] ? unwind_next_frame+0x194/0x2230 [ 2237.319042][T20491] ? memset+0x12/0x40 [ 2237.323202][T20491] kasan_report+0x34/0x60 [ 2237.327562][T20491] unwind_next_frame+0x194/0x2230 [ 2237.332593][T20491] ? preempt_schedule_irq+0xc8/0x140 [ 2237.337879][T20491] ? memset+0x12/0x40 [ 2237.341865][T20491] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 2237.347852][T20491] ? unwind_next_frame+0x2230/0x2230 [ 2237.353139][T20491] ? retint_kernel+0x1b/0x1b [ 2237.357740][T20491] ? __schedule+0x918/0xef0 [ 2237.362253][T20491] ? in_sched_functions+0x9/0x40 [ 2237.367199][T20491] ? stack_trace_consume_entry_nosched+0x189/0x260 [ 2237.373706][T20491] ? stack_trace_save_tsk+0x490/0x490 [ 2237.379083][T20491] arch_stack_walk+0xf4/0x120 [ 2237.383883][T20491] ? memset+0x12/0x40 [ 2237.387868][T20491] stack_trace_save_tsk+0x2e7/0x490 [ 2237.393197][T20491] ? stack_trace_consume_entry+0x230/0x230 [ 2237.399005][T20491] ? _raw_spin_lock+0xa1/0x170 [ 2237.403884][T20491] ? __mutex_lock_interruptible_slowpath+0x10/0x10 [ 2237.410620][T20491] ? __ptrace_may_access+0x2b4/0x530 [ 2237.415999][T20491] ? kmem_cache_alloc_trace+0xc3/0x280 [ 2237.421480][T20491] proc_pid_stack+0x12f/0x1f0 [ 2237.426317][T20491] proc_single_show+0xd3/0x130 [ 2237.431093][T20491] seq_read+0x4aa/0xd30 [ 2237.435278][T20491] do_iter_read+0x43b/0x550 [ 2237.439790][T20491] do_preadv+0x213/0x350 [ 2237.444039][T20491] ? do_writev+0x5b0/0x5b0 [ 2237.448590][T20491] do_syscall_64+0xcb/0x150 [ 2237.453104][T20491] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2237.459087][T20491] RIP: 0033:0x45c829 [ 2237.462984][T20491] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2237.482876][T20491] RSP: 002b:00007f77fb2c3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 2237.491285][T20491] RAX: ffffffffffffffda RBX: 00000000004fa1c0 RCX: 000000000045c829 [ 2237.499269][T20491] RDX: 000000000000037d RSI: 0000000020000500 RDI: 000000000000000c [ 2237.507250][T20491] RBP: 000000000078c0e0 R08: 0000000000000000 R09: 0000000000000000 [ 2237.515395][T20491] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2237.523458][T20491] R13: 000000000000085c R14: 00000000004cb1c7 R15: 00007f77fb2c46d4 [ 2237.531686][T20491] [ 2237.534013][T20491] The buggy address belongs to the page: [ 2237.539756][T20491] page:ffffea00054aa980 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 2237.548946][T20491] flags: 0x8000000000000000() [ 2237.553625][T20491] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 2237.562210][T20491] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 2237.570932][T20491] page dumped because: kasan: bad access detected [ 2237.577337][T20491] [ 2237.579870][T20491] Memory state around the buggy address: [ 2237.585501][T20491] ffff888152aa6680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2237.588578][ T403] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2237.593560][T20491] ffff888152aa6700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2237.593567][T20491] >ffff888152aa6780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2237.593570][T20491] ^ [ 2237.593576][T20491] ffff888152aa6800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2237.593581][T20491] ffff888152aa6880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 2237.593589][T20491] ================================================================== [ 2237.623312][ T403] CPU: 1 PID: 403 Comm: syz-fuzzer Not tainted 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2237.624923][T20491] Disabling lock debugging due to kernel taint [ 2237.632979][ T403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2237.675540][ T403] Call Trace: [ 2237.678968][ T403] dump_stack+0x14a/0x1ce [ 2237.683571][ T403] ? devkmsg_release+0x11c/0x11c [ 2237.688529][ T403] ? show_regs_print_info+0x12/0x12 [ 2237.693747][ T403] ? radix_tree_cpu_dead+0x160/0x160 [ 2237.699335][ T403] ? _raw_spin_lock+0xa1/0x170 [ 2237.704109][ T403] ? _raw_spin_trylock_bh+0x190/0x190 [ 2237.709501][ T403] dump_header+0xdb/0x700 [ 2237.714057][ T403] oom_kill_process+0xd3/0x280 [ 2237.718913][ T403] out_of_memory+0x5b6/0x890 [ 2237.723505][ T403] ? unregister_oom_notifier+0x20/0x20 [ 2237.729197][ T403] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2237.734837][ T403] ? get_page_from_freelist+0x7c0/0x7c0 [ 2237.740487][ T403] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2237.746007][ T403] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2237.751637][ T403] pagecache_get_page+0x50f/0x880 [ 2237.756823][ T403] filemap_fault+0x1474/0x19d0 [ 2237.761663][ T403] ? generic_file_read_iter+0x20b0/0x20b0 [ 2237.767428][ T403] ext4_filemap_fault+0x7b/0x90 [ 2237.772265][ T403] handle_mm_fault+0x2837/0x40a0 [ 2237.777258][ T403] ? finish_fault+0x230/0x230 [ 2237.781921][ T403] ? __up_read+0x1b0/0x1b0 [ 2237.786341][ T403] ? vmacache_find+0x2d2/0x4b0 [ 2237.791086][ T403] do_user_addr_fault+0x48a/0x9f0 [ 2237.796093][ T403] page_fault+0x2f/0x40 [ 2237.800279][ T403] RIP: 0033:0x7a7cdc [ 2237.804157][ T403] Code: ff ff 31 d2 48 8b 5c 24 68 eb 76 48 89 54 24 40 48 8d 5c d1 60 31 f6 48 87 33 48 89 74 24 38 48 c1 e2 04 48 8d 3d a4 00 c4 00 <4c> 8b 44 17 08 48 8b 14 17 48 89 54 24 10 4c 89 44 24 18 48 8d 15 [ 2237.823919][ T403] RSP: 002b:000000c437d25b00 EFLAGS: 00010246 [ 2237.829970][ T403] RAX: 000000c42cd4e9f0 RBX: 000000c4200cc480 RCX: 000000c4200cc420 [ 2237.837928][ T403] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000013e7d80 [ 2237.845948][ T403] RBP: 000000c437d25c60 R08: a0c374cc195f5945 R09: 00000000000000a0 [ 2237.853950][ T403] R10: 0000000000000001 R11: 000000c42edee820 R12: 0000000000000011 [ 2237.862035][ T403] R13: 0000000000000011 R14: 0000000000000032 R15: 0000000000000002 [ 2238.023204][ T403] Mem-Info: [ 2238.026790][ T403] active_anon:1381330 inactive_anon:17089 isolated_anon:0 [ 2238.026790][ T403] active_file:581 inactive_file:590 isolated_file:32 [ 2238.026790][ T403] unevictable:0 dirty:6 writeback:0 unstable:0 [ 2238.026790][ T403] slab_reclaimable:8523 slab_unreclaimable:80092 [ 2238.026790][ T403] mapped:63222 shmem:17097 pagetables:46516 bounce:0 [ 2238.026790][ T403] free:11601 free_pcp:0 free_cma:0 [ 2238.065929][ T403] Node 0 active_anon:5525320kB inactive_anon:68356kB active_file:2204kB inactive_file:2128kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:252788kB dirty:24kB writeback:0kB shmem:68388kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2238.121434][ T403] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2238.183718][ T403] lowmem_reserve[]: 0 2912 6416 6416 [ 2238.220570][ T403] DMA32 free:24540kB min:4644kB low:7624kB high:10604kB active_anon:2697852kB inactive_anon:8904kB active_file:812kB inactive_file:828kB unevictable:0kB writepending:48kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:27008kB pagetables:61556kB bounce:0kB free_pcp:1444kB local_pcp:1368kB free_cma:0kB [ 2238.303620][ T403] lowmem_reserve[]: 0 0 3504 3504 [ 2238.311472][ T403] Normal free:21016kB min:17880kB low:21468kB high:25056kB active_anon:2810996kB inactive_anon:59456kB active_file:1784kB inactive_file:1108kB unevictable:0kB writepending:56kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30880kB pagetables:124464kB bounce:0kB free_pcp:1956kB local_pcp:592kB free_cma:0kB [ 2238.346604][ T403] lowmem_reserve[]: 0 0 0 0 04:08:34 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x15a000}], 0x1, 0x0) pipe(0x0) [ 2238.534498][ T403] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2238.589880][ T403] DMA32: 532*4kB (UME) 225*8kB (UMEH) 66*16kB (UMH) 49*32kB (UMH) 43*64kB (UMH) 15*128kB (MH) 12*256kB (MH) 9*512kB (M) 3*1024kB (UM) 0*2048kB 0*4096kB = 21976kB [ 2238.606728][ T403] Normal: 92*4kB (UMEH) 634*8kB (UMEH) 306*16kB (UMEH) 223*32kB (UMH) 2*64kB (MH) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 17600kB [ 2238.622167][ T403] 19529 total pagecache pages 04:08:34 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x15, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) [ 2238.680201][ T403] 0 pages in swap cache [ 2238.685308][ T403] Swap cache stats: add 0, delete 0, find 0/0 04:08:34 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x10c000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:08:34 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0)={0xfdffffff, 0x10000000}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) [ 2238.732560][ T403] Free swap = 0kB [ 2238.736563][ T403] Total swap = 0kB [ 2238.740545][ T403] 1965979 pages RAM [ 2238.744870][ T403] 0 pages HighMem/MovableOnly [ 2238.749853][ T403] 318830 pages reserved [ 2238.754130][ T403] 0 pages cma reserved [ 2238.758422][ T403] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=20465,uid=0 04:08:34 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0xb4000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:08:34 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r3, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') ioctl$USBDEVFS_RELEASE_PORT(r2, 0x80045519, &(0x7f0000000040)=0x4) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) [ 2239.222508][T20522] syz-executor.4 invoked oom-killer: gfp_mask=0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x1000000), order=0, oom_score_adj=1000 [ 2239.249813][T20522] CPU: 1 PID: 20522 Comm: syz-executor.4 Tainted: G B 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2239.262561][T20522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2239.272763][T20522] Call Trace: [ 2239.276060][T20522] dump_stack+0x14a/0x1ce [ 2239.280391][T20522] ? devkmsg_release+0x11c/0x11c [ 2239.285383][T20522] ? show_regs_print_info+0x12/0x12 [ 2239.290581][T20522] ? radix_tree_cpu_dead+0x160/0x160 [ 2239.295871][T20522] ? _raw_spin_lock+0xa1/0x170 [ 2239.300632][T20522] ? _raw_spin_trylock_bh+0x190/0x190 [ 2239.306163][T20522] dump_header+0xdb/0x700 [ 2239.310491][T20522] oom_kill_process+0xd3/0x280 [ 2239.315245][T20522] out_of_memory+0x5b6/0x890 [ 2239.320035][T20522] ? unregister_oom_notifier+0x20/0x20 [ 2239.325493][T20522] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2239.331094][T20522] ? get_page_from_freelist+0x7c0/0x7c0 [ 2239.336672][T20522] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2239.342031][T20522] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2239.347708][T20522] handle_mm_fault+0x1689/0x40a0 [ 2239.352763][T20522] ? finish_fault+0x230/0x230 [ 2239.357422][T20522] ? do_mmap+0x9ad/0x1060 [ 2239.361735][T20522] ? up_read+0x10/0x10 [ 2239.365787][T20522] ? __up_read+0x1b0/0x1b0 [ 2239.370181][T20522] ? vmacache_update+0x9f/0xf0 [ 2239.374925][T20522] do_user_addr_fault+0x48a/0x9f0 [ 2239.379928][T20522] page_fault+0x2f/0x40 [ 2239.384105][T20522] RIP: 0033:0x41407f [ 2239.387983][T20522] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 2239.408452][T20522] RSP: 002b:00007ffe517c2910 EFLAGS: 00010206 [ 2239.414552][T20522] RAX: 00007fa744f7c000 RBX: 0000000000020000 RCX: 000000000045c87a [ 2239.422517][T20522] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 2239.430475][T20522] RBP: 00007ffe517c29f0 R08: ffffffffffffffff R09: 0000000000000000 [ 2239.438649][T20522] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe517c2af0 [ 2239.446641][T20522] R13: 00007fa744f9c700 R14: 0000000000000c49 R15: 000000000078c04c [ 2239.470209][T20522] Mem-Info: [ 2239.473686][T20522] active_anon:1382118 inactive_anon:17090 isolated_anon:0 [ 2239.473686][T20522] active_file:456 inactive_file:515 isolated_file:86 [ 2239.473686][T20522] unevictable:0 dirty:21 writeback:20 unstable:0 [ 2239.473686][T20522] slab_reclaimable:8521 slab_unreclaimable:80189 [ 2239.473686][T20522] mapped:62918 shmem:17097 pagetables:46581 bounce:0 [ 2239.473686][T20522] free:10824 free_pcp:159 free_cma:0 [ 2239.519790][T20522] Node 0 active_anon:5528472kB inactive_anon:68360kB active_file:1536kB inactive_file:1888kB unevictable:0kB isolated(anon):0kB isolated(file):240kB mapped:251572kB dirty:84kB writeback:80kB shmem:68388kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2239.545041][T20522] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2239.571901][T20522] lowmem_reserve[]: 0 2912 6416 6416 [ 2239.577633][T20522] DMA32 free:18288kB min:4644kB low:7624kB high:10604kB active_anon:2705092kB inactive_anon:8904kB active_file:316kB inactive_file:312kB unevictable:0kB writepending:96kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:27232kB pagetables:61632kB bounce:0kB free_pcp:16kB local_pcp:0kB free_cma:0kB [ 2239.717032][T20522] lowmem_reserve[]: 0 0 3504 3504 [ 2239.734545][T20522] Normal free:10112kB min:9688kB low:13276kB high:16864kB active_anon:2822372kB inactive_anon:59456kB active_file:1516kB inactive_file:1552kB unevictable:0kB writepending:268kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30784kB pagetables:124692kB bounce:0kB free_pcp:1420kB local_pcp:0kB free_cma:0kB [ 2239.764858][T20522] lowmem_reserve[]: 0 0 0 0 [ 2239.769512][T20522] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2239.782942][T20522] DMA32: 214*4kB (UME) 91*8kB (UMEH) 51*16kB (UMH) 28*32kB (UMH) 43*64kB (UMH) 24*128kB (UMH) 11*256kB (UMH) 8*512kB (UM) 3*1024kB (UM) 0*2048kB 0*4096kB = 19104kB [ 2239.799620][T20522] Normal: 983*4kB (UMEH) 285*8kB (UME) 62*16kB (UME) 103*32kB (UM) 1*64kB (M) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 10564kB [ 2239.836985][T20522] 17952 total pagecache pages [ 2239.841869][T20522] 0 pages in swap cache [ 2239.846016][T20522] Swap cache stats: add 0, delete 0, find 0/0 [ 2239.866991][T20522] Free swap = 0kB [ 2239.870887][T20522] Total swap = 0kB [ 2239.874945][T20522] 1965979 pages RAM [ 2239.883165][T20522] 0 pages HighMem/MovableOnly [ 2239.888506][T20522] 318830 pages reserved [ 2239.893191][T20522] 0 pages cma reserved [ 2239.897798][T20522] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=20511,uid=0 [ 2239.912317][T20522] Out of memory: Killed process 20535 (syz-executor.1) total-vm:75624kB, anon-rss:16584kB, file-rss:35492kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 2239.934133][ T23] oom_reaper: reaped process 20535 (syz-executor.1), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB 04:08:35 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x16, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:08:35 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0)={0xfffffffd, 0x10000000}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:08:35 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x15b000}], 0x1, 0x0) pipe(0x0) [ 2240.348944][T20522] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2240.376286][T20522] CPU: 1 PID: 20522 Comm: syz-executor.4 Tainted: G B 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2240.388122][T20522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2240.398177][T20522] Call Trace: [ 2240.401473][T20522] dump_stack+0x14a/0x1ce [ 2240.405803][T20522] ? devkmsg_release+0x11c/0x11c [ 2240.410738][T20522] ? show_regs_print_info+0x12/0x12 [ 2240.415953][T20522] ? radix_tree_cpu_dead+0x160/0x160 [ 2240.421432][T20522] ? _raw_spin_lock+0xa1/0x170 [ 2240.426300][T20522] ? _raw_spin_trylock_bh+0x190/0x190 [ 2240.431681][T20522] dump_header+0xdb/0x700 [ 2240.436176][T20522] oom_kill_process+0xd3/0x280 [ 2240.440962][T20522] out_of_memory+0x5b6/0x890 [ 2240.445724][T20522] ? unregister_oom_notifier+0x20/0x20 [ 2240.451180][T20522] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2240.456744][T20522] ? get_page_from_freelist+0x7c0/0x7c0 [ 2240.462422][T20522] ? __zone_watermark_ok+0x91/0x280 [ 2240.467776][T20522] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2240.473175][T20522] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2240.478708][T20522] ? copy_process+0x5a4/0x5110 [ 2240.483513][T20522] ? kmem_cache_alloc+0x1d5/0x260 [ 2240.488544][T20522] copy_process+0x5f3/0x5110 [ 2240.493128][T20522] ? get_mem_cgroup_from_mm+0x27b/0x2c0 [ 2240.498785][T20522] ? _raw_spin_lock+0xa1/0x170 [ 2240.503545][T20522] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 2240.510098][T20522] ? fork_idle+0x290/0x290 [ 2240.514498][T20522] ? _raw_spin_unlock+0x5/0x20 [ 2240.519248][T20522] ? handle_mm_fault+0xb16/0x40a0 [ 2240.524256][T20522] _do_fork+0x196/0x920 [ 2240.528394][T20522] ? dup_mm+0x300/0x300 [ 2240.532573][T20522] ? do_mmap+0x9ad/0x1060 [ 2240.536939][T20522] __x64_sys_clone+0x25f/0x2c0 [ 2240.541689][T20522] ? __ia32_sys_vfork+0x110/0x110 [ 2240.546830][T20522] ? do_user_addr_fault+0x55c/0x9f0 [ 2240.552270][T20522] do_syscall_64+0xcb/0x150 [ 2240.556766][T20522] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2240.562644][T20522] RIP: 0033:0x45f1f9 [ 2240.566519][T20522] Code: ff 48 85 f6 0f 84 37 8d fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 0e 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2240.586276][T20522] RSP: 002b:00007ffe517c28c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2240.594665][T20522] RAX: ffffffffffffffda RBX: 00007fa744f7b700 RCX: 000000000045f1f9 [ 2240.602618][T20522] RDX: 00007fa744f7b9d0 RSI: 00007fa744f7adb0 RDI: 00000000003d0f00 [ 2240.610700][T20522] RBP: 00007ffe517c2af0 R08: 00007fa744f7b700 R09: 00007fa744f7b700 [ 2240.618697][T20522] R10: 00007fa744f7b9d0 R11: 0000000000000202 R12: 0000000000000000 [ 2240.626825][T20522] R13: 00007ffe517c297f R14: 00007fa744f7b9c0 R15: 000000000078c0ec [ 2240.722981][T20522] Mem-Info: [ 2240.726538][T20522] active_anon:1381585 inactive_anon:17090 isolated_anon:0 [ 2240.726538][T20522] active_file:246 inactive_file:270 isolated_file:32 [ 2240.726538][T20522] unevictable:0 dirty:14 writeback:9 unstable:0 [ 2240.726538][T20522] slab_reclaimable:8524 slab_unreclaimable:80097 [ 2240.726538][T20522] mapped:62613 shmem:17097 pagetables:46530 bounce:0 [ 2240.726538][T20522] free:11791 free_pcp:0 free_cma:0 [ 2240.766165][T20522] Node 0 active_anon:5526340kB inactive_anon:68360kB active_file:984kB inactive_file:960kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:250152kB dirty:56kB writeback:36kB shmem:68388kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2240.795138][T20522] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2240.822387][T20522] lowmem_reserve[]: 0 2912 6416 6416 [ 2240.847277][T20522] DMA32 free:17644kB min:4644kB low:7624kB high:10604kB active_anon:2706232kB inactive_anon:8904kB active_file:512kB inactive_file:336kB unevictable:0kB writepending:36kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:27040kB pagetables:61640kB bounce:0kB free_pcp:80kB local_pcp:0kB free_cma:0kB [ 2240.917115][T20522] lowmem_reserve[]: 0 0 3504 3504 [ 2240.922774][T20522] Normal free:10448kB min:13784kB low:17372kB high:20960kB active_anon:2823640kB inactive_anon:59456kB active_file:740kB inactive_file:612kB unevictable:0kB writepending:32kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:31136kB pagetables:124780kB bounce:0kB free_pcp:116kB local_pcp:0kB free_cma:0kB [ 2240.958036][T20522] lowmem_reserve[]: 0 0 0 0 [ 2240.997072][T20522] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2241.027686][T20522] DMA32: 179*4kB (UME) 95*8kB (UMEH) 44*16kB (UEH) 21*32kB (UMEH) 28*64kB (MEH) 24*128kB (UMEH) 11*256kB (MEH) 8*512kB (ME) 3*1024kB (ME) 0*2048kB 0*4096kB = 17700kB [ 2241.045055][T20522] Normal: 180*4kB (UE) 51*8kB (UME) 182*16kB (UME) 159*32kB (M) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9128kB [ 2241.060407][T20522] 17582 total pagecache pages [ 2241.065863][T20522] 0 pages in swap cache [ 2241.070805][T20522] Swap cache stats: add 0, delete 0, find 0/0 [ 2241.077613][T20522] Free swap = 0kB [ 2241.082080][T20522] Total swap = 0kB [ 2241.093107][T20522] 1965979 pages RAM [ 2241.101561][T20522] 0 pages HighMem/MovableOnly [ 2241.113640][T20522] 318830 pages reserved [ 2241.122782][T20522] 0 pages cma reserved [ 2241.132982][T20522] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=20536,uid=0 [ 2241.161246][T20522] Out of memory: Killed process 20536 (syz-executor.0) total-vm:75624kB, anon-rss:16580kB, file-rss:35000kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 04:08:37 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x17, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:08:37 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x1000000000000, 0x10000000}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:08:37 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0xb5000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:08:37 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x15c000}], 0x1, 0x0) pipe(0x0) 04:08:37 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x10d000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) [ 2241.925411][ T436] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 2241.969471][ T436] CPU: 0 PID: 436 Comm: syz-executor.2 Tainted: G B 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2241.981248][ T436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2241.991301][ T436] Call Trace: [ 2241.994617][ T436] dump_stack+0x14a/0x1ce [ 2241.998950][ T436] ? devkmsg_release+0x11c/0x11c [ 2242.003887][ T436] ? show_regs_print_info+0x12/0x12 [ 2242.009179][ T436] ? radix_tree_cpu_dead+0x160/0x160 [ 2242.014459][ T436] ? _raw_spin_lock+0xa1/0x170 [ 2242.019221][ T436] ? _raw_spin_trylock_bh+0x190/0x190 [ 2242.024588][ T436] dump_header+0xdb/0x700 [ 2242.029116][ T436] oom_kill_process+0xd3/0x280 [ 2242.033882][ T436] out_of_memory+0x5b6/0x890 [ 2242.038515][ T436] ? unregister_oom_notifier+0x20/0x20 [ 2242.043978][ T436] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2242.050053][ T436] ? get_page_from_freelist+0x7c0/0x7c0 [ 2242.055596][ T436] ? __zone_watermark_ok+0x91/0x280 [ 2242.060836][ T436] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2242.066210][ T436] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2242.071883][ T436] ? copy_process+0x5a4/0x5110 [ 2242.076878][ T436] ? copy_process+0x5a4/0x5110 [ 2242.081640][ T436] ? kmem_cache_alloc+0x1d5/0x260 [ 2242.086940][ T436] copy_process+0x5f3/0x5110 [ 2242.091533][ T436] ? do_wp_page+0xb1b/0x1530 [ 2242.096158][ T436] ? do_swap_page+0x1560/0x1560 [ 2242.101092][ T436] ? fork_idle+0x290/0x290 [ 2242.105663][ T436] ? handle_mm_fault+0xb16/0x40a0 [ 2242.110682][ T436] _do_fork+0x196/0x920 [ 2242.115195][ T436] ? dup_mm+0x300/0x300 [ 2242.119349][ T436] ? ktime_get_raw+0x130/0x130 [ 2242.124326][ T436] __x64_sys_clone+0x25f/0x2c0 [ 2242.129086][ T436] ? __ia32_sys_vfork+0x110/0x110 [ 2242.134195][ T436] ? __x64_sys_clock_gettime+0x20d/0x260 [ 2242.139826][ T436] ? do_user_addr_fault+0x55c/0x9f0 [ 2242.145024][ T436] do_syscall_64+0xcb/0x150 [ 2242.149526][ T436] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2242.155548][ T436] RIP: 0033:0x45ae5a [ 2242.159441][ T436] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2242.179131][ T436] RSP: 002b:00007fff3f7fad80 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2242.187714][ T436] RAX: ffffffffffffffda RBX: 00007fff3f7fad80 RCX: 000000000045ae5a [ 2242.195684][ T436] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2242.203654][ T436] RBP: 00007fff3f7fadc0 R08: 0000000000000001 R09: 0000000001030940 [ 2242.211803][ T436] R10: 0000000001030c10 R11: 0000000000000246 R12: 0000000000000001 [ 2242.219774][ T436] R13: 0000000000000000 R14: 0000000000000000 R15: 00007fff3f7fae10 [ 2242.308302][ T436] Mem-Info: [ 2242.311725][ T436] active_anon:1381842 inactive_anon:17090 isolated_anon:0 [ 2242.311725][ T436] active_file:540 inactive_file:495 isolated_file:64 [ 2242.311725][ T436] unevictable:0 dirty:6 writeback:0 unstable:0 [ 2242.311725][ T436] slab_reclaimable:8521 slab_unreclaimable:79882 [ 2242.311725][ T436] mapped:62986 shmem:17097 pagetables:46530 bounce:0 [ 2242.311725][ T436] free:11634 free_pcp:0 free_cma:0 [ 2242.351119][ T436] Node 0 active_anon:5527368kB inactive_anon:68360kB active_file:2232kB inactive_file:2276kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:251944kB dirty:24kB writeback:0kB shmem:68388kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2242.376957][ T436] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2242.436287][ T436] lowmem_reserve[]: 0 2912 6416 6416 [ 2242.449293][ T436] DMA32 free:21532kB min:4644kB low:7624kB high:10604kB active_anon:2700520kB inactive_anon:8904kB active_file:388kB inactive_file:372kB unevictable:0kB writepending:12kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:26848kB pagetables:61540kB bounce:0kB free_pcp:1576kB local_pcp:84kB free_cma:0kB [ 2242.486763][ T436] lowmem_reserve[]: 0 0 3504 3504 [ 2242.491954][ T436] Normal free:17612kB min:5592kB low:9180kB high:12768kB active_anon:2814236kB inactive_anon:59456kB active_file:1676kB inactive_file:2084kB unevictable:0kB writepending:12kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30784kB pagetables:124580kB bounce:0kB free_pcp:852kB local_pcp:68kB free_cma:0kB 04:08:38 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x100000000000000, 0x10000000}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:08:38 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x18, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) [ 2242.534603][ T436] lowmem_reserve[]: 0 0 0 0 [ 2242.539439][ T436] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB 04:08:38 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(0xffffffffffffffff, 0x10e, 0x5, &(0x7f0000000180)=0xfffeffff, 0x4) ioctl$EVIOCGMASK(r0, 0x80104592, &(0x7f00000001c0)={0x6, 0x51, &(0x7f0000000100)="d81a51421540a72652870806d5a4e7cf57585f88ded54f3a014d7b19e713e5"}) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x3ff, 0x444400) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) ioctl$sock_TIOCINQ(r2, 0x541b, &(0x7f0000000080)) [ 2242.581285][ T436] DMA32: 1297*4kB (UME) 339*8kB (UMEH) 107*16kB (UMH) 77*32kB (UMEH) 52*64kB (UMEH) 23*128kB (MEH) 9*256kB (MEH) 8*512kB (ME) 3*1024kB (ME) 0*2048kB 0*4096kB = 27820kB [ 2242.607907][ T436] Normal: 51*4kB (EH) 210*8kB (UMEH) 308*16kB (UMEH) 167*32kB (UMH) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12156kB [ 2242.676756][ T436] 19679 total pagecache pages [ 2242.681826][ T436] 0 pages in swap cache [ 2242.686138][ T436] Swap cache stats: add 0, delete 0, find 0/0 [ 2242.736747][ T436] Free swap = 0kB [ 2242.740779][ T436] Total swap = 0kB [ 2242.744492][ T436] 1965979 pages RAM [ 2242.766743][ T436] 0 pages HighMem/MovableOnly [ 2242.771578][ T436] 318830 pages reserved [ 2242.775829][ T436] 0 pages cma reserved [ 2242.787628][ T436] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=20602,uid=0 [ 2242.816764][ T436] Out of memory: Killed process 20602 (syz-executor.0) total-vm:75624kB, anon-rss:16580kB, file-rss:35452kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 2242.853265][ T23] oom_reaper: reaped process 20602 (syz-executor.0), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 2243.068952][T20608] syz-executor.4 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=1000 [ 2243.081850][T20608] CPU: 1 PID: 20608 Comm: syz-executor.4 Tainted: G B 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2243.093668][T20608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2243.103807][T20608] Call Trace: [ 2243.107107][T20608] dump_stack+0x14a/0x1ce [ 2243.111444][T20608] ? devkmsg_release+0x11c/0x11c [ 2243.116387][T20608] ? show_regs_print_info+0x12/0x12 [ 2243.121741][T20608] ? radix_tree_cpu_dead+0x160/0x160 [ 2243.127232][T20608] ? _raw_spin_lock+0xa1/0x170 [ 2243.132182][T20608] ? _raw_spin_trylock_bh+0x190/0x190 [ 2243.137559][T20608] dump_header+0xdb/0x700 [ 2243.141910][T20608] oom_kill_process+0xd3/0x280 [ 2243.146683][T20608] out_of_memory+0x5b6/0x890 [ 2243.151285][T20608] ? unregister_oom_notifier+0x20/0x20 [ 2243.156746][T20608] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2243.162666][T20608] ? get_page_from_freelist+0x7c0/0x7c0 [ 2243.168223][T20608] ? __zone_watermark_ok+0x91/0x280 [ 2243.173583][T20608] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2243.179096][T20608] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2243.184788][T20608] alloc_slab_page+0x3a/0x3a0 [ 2243.189479][T20608] ? mutex_lock+0xa6/0x110 [ 2243.193926][T20608] new_slab+0x408/0x450 [ 2243.198091][T20608] ? __fd_install+0x113/0x260 [ 2243.202895][T20608] ? getname_flags+0xb8/0x610 [ 2243.207806][T20608] ___slab_alloc+0x2e0/0x450 [ 2243.212404][T20608] ? selinux_file_ioctl+0x73b/0x990 [ 2243.217741][T20608] ? getname_flags+0xb8/0x610 [ 2243.222556][T20608] ? getname_flags+0xb8/0x610 [ 2243.227381][T20608] kmem_cache_alloc+0x23f/0x260 [ 2243.232232][T20608] getname_flags+0xb8/0x610 [ 2243.236878][T20608] do_sys_open+0x33d/0x7d0 [ 2243.241384][T20608] ? file_open_root+0x450/0x450 [ 2243.246386][T20608] ? __x64_sys_clock_gettime+0x20d/0x260 [ 2243.252031][T20608] do_syscall_64+0xcb/0x150 [ 2243.256649][T20608] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2243.262549][T20608] RIP: 0033:0x45c829 [ 2243.266445][T20608] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2243.286564][T20608] RSP: 002b:00007fa744f7ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 2243.295122][T20608] RAX: ffffffffffffffda RBX: 00000000004f88c0 RCX: 000000000045c829 [ 2243.303228][T20608] RDX: 0000000000000000 RSI: 0000000020000100 RDI: ffffffffffffff9c [ 2243.311276][T20608] RBP: 000000000078c0e0 R08: 0000000000000000 R09: 0000000000000000 [ 2243.319276][T20608] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2243.327237][T20608] R13: 00000000000007f8 R14: 00000000004cab3c R15: 00007fa744f7b6d4 [ 2243.360290][T20608] Mem-Info: [ 2243.363741][T20608] active_anon:1376422 inactive_anon:17090 isolated_anon:0 [ 2243.363741][T20608] active_file:257 inactive_file:330 isolated_file:66 [ 2243.363741][T20608] unevictable:0 dirty:45 writeback:4 unstable:0 [ 2243.363741][T20608] slab_reclaimable:8529 slab_unreclaimable:79917 [ 2243.363741][T20608] mapped:62590 shmem:17097 pagetables:46543 bounce:0 [ 2243.363741][T20608] free:17548 free_pcp:132 free_cma:0 [ 2243.403459][T20608] Node 0 active_anon:5505788kB inactive_anon:68360kB active_file:896kB inactive_file:1420kB unevictable:0kB isolated(anon):0kB isolated(file):180kB mapped:250360kB dirty:180kB writeback:16kB shmem:68388kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2243.429640][T20608] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2243.508322][T20608] lowmem_reserve[]: 0 2912 6416 6416 [ 2243.515384][T20608] DMA32 free:35656kB min:4644kB low:7624kB high:10604kB active_anon:2689544kB inactive_anon:8904kB active_file:124kB inactive_file:68kB unevictable:0kB writepending:32kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:27040kB pagetables:61508kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2243.546119][T20608] lowmem_reserve[]: 0 0 3504 3504 [ 2243.552096][T20608] Normal free:8756kB min:5592kB low:9180kB high:12768kB active_anon:2820872kB inactive_anon:59456kB active_file:868kB inactive_file:4096kB unevictable:0kB writepending:168kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30784kB pagetables:124668kB bounce:0kB free_pcp:964kB local_pcp:468kB free_cma:0kB [ 2243.674261][T20608] lowmem_reserve[]: 0 0 0 0 04:08:39 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x300000000000000, 0x10000000}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) [ 2243.707767][T20608] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2243.837630][T20608] DMA32: 623*4kB (UME) 355*8kB (UMEH) 208*16kB (UMH) 160*32kB (UMH) 76*64kB (MH) 22*128kB (MH) 9*256kB (UMH) 7*512kB (UM) 2*1024kB (M) 0*2048kB 0*4096kB = 29396kB [ 2243.880500][T20608] Normal: 45*4kB (UE) 100*8kB (UME) 211*16kB (UMEH) 238*32kB (UMH) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 11972kB [ 2243.986516][T20608] 20053 total pagecache pages [ 2243.992758][T20608] 0 pages in swap cache [ 2243.999236][T20608] Swap cache stats: add 0, delete 0, find 0/0 [ 2244.006210][T20608] Free swap = 0kB [ 2244.025992][T20608] Total swap = 0kB [ 2244.035209][T20608] 1965979 pages RAM [ 2244.043592][T20608] 0 pages HighMem/MovableOnly [ 2244.049147][T20608] 318830 pages reserved [ 2244.053935][T20608] 0 pages cma reserved [ 2244.059517][T20608] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.3,pid=10554,uid=0 04:08:39 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0xb6000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) [ 2244.075068][T20608] Out of memory: Killed process 10554 (syz-executor.3) total-vm:75360kB, anon-rss:13744kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000 [ 2244.110114][ T23] oom_reaper: reaped process 10554 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 04:08:40 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x10e000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) 04:08:40 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) r0 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') r1 = dup3(r0, 0xffffffffffffffff, 0x80000) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) fcntl$setown(r1, 0x8, r2) r3 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r4 = open(&(0x7f00000000c0)='./file0\x00', 0x141042, 0x0) connect$inet(r4, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r6 = socket$inet6(0xa, 0x3, 0x7) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0x9c, 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="37f2ae27", @ANYRES64=0x0, @ANYBLOB="00634040030000000000000000000000000000000000000001000000000000000000000058000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a646600000000", @ANYRES32, @ANYBLOB="00000000000000000000000085616466000000000800000000000000020000000000000013000000000000008561646600000000060000000000000000000000000000000700000000000000"], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB="000000000000000018000000000000003800000000000000"], @ANYBLOB="1163484001000000000000000000000000000000000000000100000000000000000000003e8ee5c462e991031800000000000000", @ANYPTR=&(0x7f0000000200)=ANY=[@ANYBLOB="852a646600000000", @ANYRES32=r3, @ANYBLOB="0000000000000000000000008561646600000000030000000000000001000000000000003b00000000000000852a6277000000000100"/68], @ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB="000000000000000018000000000000003800000000000000"], @ANYBLOB="4010000000000000"], 0x1000, 0x0, &(0x7f0000000400)="37481c343beec85c36edc6bce6718eea08b9ece8ebaf21f26be0dd6c8266e982a5c3a37b957bca0955f63b9ce55dc3e59cbc4765aef56a87d5679af1adb222fe6bf4639eb095a97ac0e9d0d0d26f6498ab2e842a7a4b7396aa3f853c30b13ffc150eac7b1ae09ea364ed918cc72f89dd2a0a5660812a8191d4a745bddbc9e974d2addf6081e1d40ea35f9f1bcbc0a87c6059f8917e2bb1ff484516f6a25a0806ab96fee1ea9fdc538a66cd1ae5013464b9ac0bb0790fafa675dba2eebd5339b818649c978da28e15fcdd1a7972bb8a20a28aa143a9387839caec7497f291202c10794e5f4ba10097ecef5fd0637eead461ce0ad8ecb03bb705ef1a68e91a37907d7fccca09d76790f3b5a8dd08e3c543f5f1a458464e93471da682c6f2433a06471df72977ec795d984f8ccaf981c91d474c41cd08235f7348b64231f9bb37d5a715860d5c0ae082131967a6d571808f2af31485620cc280187dadbc5e9d4db189abef9bd74bf4ce19c7039b6356ae4a3d8c5cee0185fd41a1713dd37cd5e10b58e330bdcca25c2750d6d9af325ba4e62b5155c72daa1c5e2418308538907496e1b4eedbbea3d01c9da16644dd03df34e797f726782efe4d861221d73b28a800ad5222cd9744cc94c28b9ed321bba0ef0b234b704aa7445f1e8be30a031d412d7b7f5e8e96da2b6504356cb3a6efb0e977730cd1811cb753624298e0b2ee6126cdaf98ba54af6c9c41e0701d08fd6c0956f5e902fa94999b392498c4c5084721b4d566c69914111419ff217adf2da33bb30d330e16776e38dc86ba983c1ea5391625444c1d71e3a18025f2972883d8a101f50b117000449151ed7740185483b7d7472850742a69f86dde3a932ded88566a7593da4af83e5faef63386014cd9530de108f26acb8f5338dc0e233140bb7dc8a048deb3362a328feac78762545a0fda8fef065dd624dd48f4e802f59c281fc565de6927313a7a5c22dd96f51cfff4429313110616d2623a179fe806c506d30b04b3a3f818d6a13b07497a9c0a30739ceb84cd511fb5e7bebda6afcbac99a1867311dcba48da73aa1b2b0e0eaef65b807655f7715e6f42b92f5d7de1e6531bd3d96012c90356e178e3cf2e7142b6846df38c77a588aa9678539e0b805028eaab551810fe114edb018e96140cff5ab4b5016d7eb0170f5b283b571e1627f3070820fd30fd5928e9919b8ddbb260135520cdc015e9d7903846f9ca7f24dd9778a97c9f6f9e0772879fefa52cd768f3d073629f0bc7c456d6af3bc12c07ca6a21a04faf1015c93fd7097a0e07df691663924eada5e994b93e4cf7919cf8e2e48503ef1551121f573c5af5b047a0434eb1cab400b5b51b0053415fbd40eda4663d819f821597045873d478eb1cbee7d05eb63bc17f465540267715b77cd541f15cc4f2b2b1776e7ddaffee43df3f3f437a56754fd0808a647714115f0912ede2ddf3789ccd256fabf655da0698a68ae6016df5a7f7569697196d16b6f0e91231c2a8b963d61ee9e7c8215c5ea228c17da46909e4afea297652106d423d03bce8d227c1d3ee9b676a719dc11b090c774dc1b7a1db51e069f569c901b996d91e6a6a4b0ad0baa98272c95cdebe90886bfe4c4e0f433884b01c8b86c16a845a7ba4a6dea770b58335fd325c6ad3fd4bad048046e49ccc81f96ac0fdfb12378bb70a17589e601ea52d250a2bc338a9f17c9abccc2b3f897c7b18c41b9589de342999b8275e8f4baef37baf4975e5bf8dc7f8741e8991ece126579050e39b1c5c7a6498ffff1a74b57188cf113e9c19d03050ccecb4f80f889b4bc6cee8f1387c675e08df35de7602bb05c09af2a7552511e22570068aa3e4f7d2e50df4c30d5eac5df1052099a00f2c37d320b79053fb1a85cead2c86b5f6d4d1a586c70b294ec16303177ae69ff7c59d216e3c7c50ebf91769497cb9444c0baa24a1fa3efdef6093209a17b3a555374b6d4c982f2ad990a3d85dd88175425318eb1dfae93ee0b155aaa1661f424ad28b1d191dd57783b53059a84b2620cc9290256db388ea253fb50ca144159925aae2fc5b8bd7c4989e0d2be519b34af536666b04f6435c8689f443396c9ade91ee02b7b4c0c2614728f90d1bc669561005c92bea0aa1ed8af7e898c3cd99a7b520fe610b5eeb7b8573ddf7e7aca404096fb0d5c7a2db95fcb5b554bc01050b2fdfd8a6bc7f30917bca1929bce0eb9392020e4620583295f98c4f63c4f21c21a83c6aa75ef91082f52e0b142dc69fe0f64f53afe8d8336695ec764ac160defe2374aed194c9a74a68913bb978674b67295c3cb133cd468e3dced60be1e54adeb4f701fffea893e488d6610016420e0a3ced50b9840388193c0b524c91c1afa05f2a1c3a487b9c11ff5d55bfb485160a6cc1259c8a5b5ad9346c87571b7b39c18836042ee689bd946272006cad7d95f6031a13abfe1522b1e302085836b6d35dcd6800c24ac286cbc785d543537ca51e8ead7a89791f451cddebced8b48c7bec8b0d372695be08ed9b8e782f7c5f9a1ba020e0fb5d1d967632908b369648ca4a322e7adb98ff4bcc119771827ffb8b828647a4f43b455d65bb158340874c2c9a860db157bb0617c05cf2006eec56defd47ffccba8afa156dfc59c60a13483b55517f1f64ed85f20497e5b962feb970669a6e3a7db9860223b2c79a1bee57de4d222f1dd7a3da226ba020f447126b892ed686dd0ff3c2b5f190e5c76620afe21d3673c0717015578433c2da00791876a57431d0a30153a5ebd262616d3a9a250ecf09e293d907ac46d24cd6d0d4d5c086cd325aa5292587acf5f5939b836123eb2d4e8860432d3ffb4186da6630b82c16b1e6541dbd3400677d1d3077a973beeff01aca94a64f96c8d10d457624daad477f1c33a5da1da82d2c509b1a7392f9bfc5821c3c8635e22e153fbb704f4992c080989a7ed2dc5bd25606daabee1ada1c7189ff59b5fda7a58db5229e07f0a23c9f50389c625df4a2b7448ac33c86fd931d4561d71976759be0da51aeb6b84c44c40254e607c81aeeb94c3a756404c4a0467314f6fce9187dedccf057fbd9ea704f30753e2fd6701cf8f083b93a2e8c316a402e3c080344aa209bfaf52dc090d86d8a22a949a47cec70aa0c9b61571699192302646da89e0d7d0e1cd9d485024e6a0cbb16611f96ea14a957b7b61fb3747ece31594ebc0a0f8256f5aadd916b5fd87d080d64cc477c0794d36c28df588b40cd209c995a4500c5d2dde4fdbf7e2ab015b755f00028ca35596561f25d9c357e834a1a2f97b20ba02dbc49970988fcdad92d1a51a9e6c5311e98f22723a65f29805ae44059a823582b492d27943869c9ec127878fa1a84915b8dd72b82dd2e4ad676cd5a6b4a8f312f730723d6a29db4fe40bff5b0eda72b6b11e7f681027e733edeece652952b852bceba71ef864be7ea67503c5a4fd393710d78a32874717e018831444796cc0ef95e700f182bd33137fbb8361e714104e7a50e3d6915e2578def102e3ba813d22a0c0b55d2bdb10853a1bceb6fcc50d517290a30b3d2247e88e35ff0838b360a08f169233f4d89fb5cde251c03ae9af54abd165ac0afa2d398ef7922bb507b3ee1944c849e84cdbd107121f03e461862263f177e22ce4d3493a9905c9c47fb160b2a3a36b2e46968d929743fb644a70034c840aabaf4b54b6339714891a4274c0b84c8aa533a57457d9e181941c0254188a2f2a1e68329839480b8c80fc3ec91d7d2b1b2d8ca5c4a7d7c51eb039877e0cc49e7991c966820d03ac7f4d7df02e7e7dc6131884182160dbcb0c84225eb3160d7bdd44b0cf7d4e7441d4de400dc88b5101469456413c1b79deb8f38e94e1198bc9af70dac4919920f152fabb9511c56955cc68aaddae4ac74f6d9482a62600c9f710f1a7203241c4a9da603edb91cc66e25e41b242155f3c6123561a083278ec22b97af70b8ca2998e72961aecf36ef3febd7ea981d2cf641381d9ea8c1254b7df6a39b389ef0bf75deca8e4cc3277f00149c8070385aefa90ab0f2865ba56ec3e059ea2762389a33773049c5c7fef6dea6d11619cc3353709e3d900dacbb1f77ada802df7a25651a37725f4185f71e6c9fb21f11343f3be971b9f0daf945f739c40f4f0d49e09598abe99d0f39a49c15e1f0211870414deb8c70da9d10207fd90385d7e86a0371f2fd0970657d177a8efe510db5d6e4e75fbc1767689138158d3b974673afea3885f856d9c81a7d85a0e07199ab6048595204c51c53e4bc2e3e8bddc8082118c2985a496e73b08e2ec61160966559ee8b6d87f8f5d6802a2a3e124d588ca223de250a5acc2dae7c85fed144c383a2efc5e2ce059aa3b3b6dcfe7d54edccf0ab1b067074c6b27aeb3256d2c8604c40f2917b604e96de21db508931c76ea5efc03d4e9a8e3b29916496d7e61fa67422bf17bf507bdfe4bb12bc0d386681b8ec6523cc92598e0b4c8d506bfc4b2dcf9c8b96870a76b978a4ac3735ebc1806d45c8e8cb450d00ebf1046f316f77f3b876230909d8612d440f6d6cddc09ce4d763d37bbf331d1502e91ca5488356bf2f2ee8a18a0b3fca96a706b96d2fe5d536386a64a028ccdb54fa680ac73f1362a3be2c668970fcef50a8e7c76c39fc0701cb31822146dca41e3acb988f6f141f4b1f2ed573619d6e5aa51065ec9b5d6c8e3a4132a8ba6bf8d15e363b3ea757b16c4d5ac1c9b443431a3e473920f5dff10d9c35feda117abeebbf094b38c40702c7b19c1f12dfb89f2912878ba366ec3a64705d3c2f21643b50fbe74a756e4ceb90fae3875083fb2ebf501f26c26f95905e3e4c57fee8b129ae1baa52a7e422ff9fe5e2a65bea31024f31980a470e9884cbc05b01755298c27c9f24ac4bd26c32b9c73472f27b38945c915fc8508a5a9e56f11057803a2127f543064b13afd6b5b10bb74319fcc32bc1bd089352f085353a559403d8fd6b81508dc57259204ef60a767453d55918a6d499f2a1ced68e21ab8354c411720e0b28f445fda95d5b157743191c0e922079b43fb9a59b1447fd8a4e9021d27dd202ec711f9f643ea812437221a1efc022d48a0974c376d5edcb605685dfb91f8e0b5e98c4e71a918f8b5255f68703a02dcda3a8ee47d7158d1023df73357a5b4e2c4fb7414e9c04fd529452fccac428163abc7b25265cc2c7d98eb3d80892aa5029dd3cd61ef8063219334e042e26038254dd64f7a9cffbd1efef4a01e917d0b0e37d3a64efdd0f6fe5c5be51d762c3e977e458efaddd134111217a04820d80b76126c12736ae7030cec01508cfa7fb1a06e207ff138479308fa2162e84d6738acf774f0e74909e1e55d1c5ec1c0d4fb6e326fcc4fb5e1ba1bc3bd25e3f99e35a0498d909231145ca4797cf8c5e9d73a0531b966122bd454233794bbed8502ca72362d0e40228f1d4772b72f01a2d124768a9f32b8dce4914df4badd7c1c9bb9b76cff2133b038938918a8dbd0f50b60edfb4456030211699905683d817cddf444c086f407db6ec35d92f52b4e69717caa8d1601d2de9f9718b8cd585a5852f21e899f2b664cdb4743326e874a1bdd5ee6a682476f614d8f83fb5684cdf40a0c26e14e6b02f6dd7fd98a08c6913c8cf70daf505c60856c94ad35522fa81f9c6ff3973cca3651c29fed10c0401550609af76b245e7eaa544018f0c0d6d06b75925c9218d59a6f8a778cf7585bd8a6e0776da01105955822922e9152dc7626ea61133824aa910cdca4e5a83704551bbd178b795f7a159ad6ce32139a7260c99be9a959622e275d194"}) recvmmsg(r6, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r7 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r7, &(0x7f0000000500), 0x37d, 0x0) 04:08:40 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x19, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:08:40 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x800000000000000, 0x10000000}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:08:40 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x15d000}], 0x1, 0x0) pipe(0x0) 04:08:40 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x1a, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) [ 2245.292184][T20652] syz-executor.5 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2245.303903][T20652] CPU: 1 PID: 20652 Comm: syz-executor.5 Tainted: G B 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2245.315580][T20652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2245.325634][T20652] Call Trace: [ 2245.328918][T20652] dump_stack+0x14a/0x1ce [ 2245.333302][T20652] ? devkmsg_release+0x11c/0x11c [ 2245.338258][T20652] ? show_regs_print_info+0x12/0x12 [ 2245.343454][T20652] ? radix_tree_cpu_dead+0x160/0x160 [ 2245.348731][T20652] ? _raw_spin_lock+0xa1/0x170 [ 2245.353485][T20652] ? _raw_spin_trylock_bh+0x190/0x190 [ 2245.358978][T20652] dump_header+0xdb/0x700 [ 2245.363392][T20652] oom_kill_process+0xd3/0x280 [ 2245.368200][T20652] out_of_memory+0x5b6/0x890 [ 2245.372777][T20652] ? unregister_oom_notifier+0x20/0x20 [ 2245.378219][T20652] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2245.383839][T20652] ? get_page_from_freelist+0x7c0/0x7c0 [ 2245.389424][T20652] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2245.395945][T20652] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2245.401476][T20652] pagecache_get_page+0x50f/0x880 [ 2245.406484][T20652] ? preempt_schedule_notrace+0x130/0x130 [ 2245.412189][T20652] ? block_page_mkwrite+0x226/0x250 [ 2245.417466][T20652] filemap_fault+0x1474/0x19d0 [ 2245.422348][T20652] ? generic_file_read_iter+0x20b0/0x20b0 [ 2245.428100][T20652] ? __rcu_read_lock+0x50/0x50 [ 2245.432853][T20652] ? __perf_event_task_sched_out+0xfe4/0x1110 [ 2245.439036][T20652] ext4_filemap_fault+0x7b/0x90 [ 2245.443926][T20652] handle_mm_fault+0x19ac/0x40a0 [ 2245.448867][T20652] ? finish_fault+0x230/0x230 [ 2245.453581][T20652] ? __up_read+0x1b0/0x1b0 [ 2245.458042][T20652] ? vmacache_find+0x205/0x4b0 [ 2245.462803][T20652] do_user_addr_fault+0x48a/0x9f0 [ 2245.467857][T20652] page_fault+0x2f/0x40 [ 2245.471993][T20652] RIP: 0033:0x40eece [ 2245.475871][T20652] Code: 00 00 00 48 89 ea 48 89 de 0f 85 dd 00 00 00 e8 58 2e 00 00 8b 05 42 91 35 00 48 8b 15 bb 37 89 00 83 c0 01 89 05 32 91 35 00 <89> 02 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f c3 90 4c 89 e8 48 [ 2245.495591][T20652] RSP: 002b:00007ffce0d0e060 EFLAGS: 00010206 [ 2245.501694][T20652] RAX: 000000000000000a RBX: 0000001b2e122724 RCX: 0000001b2f120000 [ 2245.509884][T20652] RDX: 0000001b2e120000 RSI: 0000000000000fc2 RDI: ffffffff37056fc2 [ 2245.517927][T20652] RBP: 0000001b2e122728 R08: 0000000037056fc2 R09: 0000000037056fc6 [ 2245.525888][T20652] R10: 00007ffce0d0e180 R11: 0000000000000246 R12: 0000001b2e12272c [ 2245.534142][T20652] R13: 000000000078c900 R14: 000000000078bf00 R15: 000000000078bfac [ 2245.702928][T20652] Mem-Info: [ 2245.710404][T20652] active_anon:1381913 inactive_anon:17090 isolated_anon:0 [ 2245.710404][T20652] active_file:264 inactive_file:266 isolated_file:16 [ 2245.710404][T20652] unevictable:0 dirty:3 writeback:0 unstable:0 [ 2245.710404][T20652] slab_reclaimable:8533 slab_unreclaimable:79936 [ 2245.710404][T20652] mapped:62575 shmem:17097 pagetables:46680 bounce:0 [ 2245.710404][T20652] free:11488 free_pcp:222 free_cma:0 [ 2245.776160][T20652] Node 0 active_anon:5527652kB inactive_anon:68360kB active_file:488kB inactive_file:552kB unevictable:0kB isolated(anon):0kB isolated(file):64kB mapped:249400kB dirty:12kB writeback:0kB shmem:68388kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2245.829313][T20652] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2245.857244][T20652] lowmem_reserve[]: 0 2912 6416 6416 [ 2245.863503][T20652] DMA32 free:23400kB min:12836kB low:15816kB high:18796kB active_anon:2700576kB inactive_anon:8908kB active_file:200kB inactive_file:368kB unevictable:0kB writepending:0kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:27392kB pagetables:61852kB bounce:0kB free_pcp:80kB local_pcp:72kB free_cma:0kB [ 2245.894452][T20652] lowmem_reserve[]: 0 0 3504 3504 [ 2245.900619][T20652] Normal free:8160kB min:9688kB low:13276kB high:16864kB active_anon:2826880kB inactive_anon:59452kB active_file:856kB inactive_file:836kB unevictable:0kB writepending:8kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30816kB pagetables:124868kB bounce:0kB free_pcp:460kB local_pcp:208kB free_cma:0kB [ 2245.931197][T20652] lowmem_reserve[]: 0 0 0 0 [ 2245.936378][T20652] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2245.958840][T20652] DMA32: 245*4kB (UME) 111*8kB (UMEH) 84*16kB (UMH) 201*32kB (UMH) 73*64kB (MH) 21*128kB (UMH) 8*256kB (UMH) 6*512kB (UM) 2*1024kB (UM) 0*2048kB 0*4096kB = 24172kB [ 2245.975814][T20652] Normal: 213*4kB (UME) 189*8kB (UME) 48*16kB (UME) 139*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 7580kB [ 2245.990130][T20652] 17212 total pagecache pages [ 2245.999098][T20652] 0 pages in swap cache [ 2246.005206][T20652] Swap cache stats: add 0, delete 0, find 0/0 [ 2246.026480][T20652] Free swap = 0kB 04:08:41 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x15e000}], 0x1, 0x0) pipe(0x0) [ 2246.030221][T20652] Total swap = 0kB [ 2246.033936][T20652] 1965979 pages RAM [ 2246.046486][T20652] 0 pages HighMem/MovableOnly [ 2246.051503][T20652] 318830 pages reserved [ 2246.072751][T20652] 0 pages cma reserved [ 2246.117785][T20652] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=20628,uid=0 [ 2246.189078][T20652] Out of memory: Killed process 20628 (syz-executor.0) total-vm:75492kB, anon-rss:16568kB, file-rss:34928kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 2246.254424][ T23] oom_reaper: reaped process 20628 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2246.389693][T20699] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2246.418348][T20699] CPU: 0 PID: 20699 Comm: syz-executor.4 Tainted: G B 5.4.35-syzkaller-00685-gab5026515199 #0 [ 2246.430100][T20699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2246.440156][T20699] Call Trace: [ 2246.443456][T20699] dump_stack+0x14a/0x1ce [ 2246.447790][T20699] ? devkmsg_release+0x11c/0x11c [ 2246.452730][T20699] ? show_regs_print_info+0x12/0x12 [ 2246.458043][T20699] ? radix_tree_cpu_dead+0x160/0x160 [ 2246.463327][T20699] ? _raw_spin_lock+0xa1/0x170 [ 2246.468187][T20699] ? _raw_spin_trylock_bh+0x190/0x190 [ 2246.473567][T20699] dump_header+0xdb/0x700 [ 2246.477901][T20699] oom_kill_process+0xd3/0x280 [ 2246.482662][T20699] out_of_memory+0x5b6/0x890 [ 2246.487254][T20699] ? unregister_oom_notifier+0x20/0x20 [ 2246.492713][T20699] __alloc_pages_slowpath+0x16c2/0x1e50 [ 2246.498260][T20699] ? get_page_from_freelist+0x7c0/0x7c0 [ 2246.503793][T20699] ? __zone_watermark_ok+0x91/0x280 [ 2246.508971][T20699] __alloc_pages_nodemask+0x5cb/0x7c0 [ 2246.514324][T20699] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 2246.520478][T20699] ? copy_process+0x5a4/0x5110 [ 2246.525221][T20699] ? copy_process+0x5a4/0x5110 [ 2246.529963][T20699] ? kmem_cache_alloc+0x1d5/0x260 [ 2246.534960][T20699] copy_process+0x5f3/0x5110 [ 2246.539532][T20699] ? fork_idle+0x290/0x290 [ 2246.543924][T20699] _do_fork+0x196/0x920 [ 2246.548076][T20699] ? slab_free_freelist_hook+0xd0/0x150 [ 2246.553609][T20699] ? dup_mm+0x300/0x300 [ 2246.557748][T20699] ? ktime_get_raw+0x130/0x130 [ 2246.562489][T20699] __x64_sys_clone+0x25f/0x2c0 [ 2246.567247][T20699] ? __ia32_sys_vfork+0x110/0x110 [ 2246.572248][T20699] ? __x64_sys_clock_gettime+0x20d/0x260 [ 2246.577855][T20699] do_syscall_64+0xcb/0x150 [ 2246.582332][T20699] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2246.588194][T20699] RIP: 0033:0x45c829 [ 2246.592060][T20699] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2246.611634][T20699] RSP: 002b:00007fa744f59c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2246.620018][T20699] RAX: ffffffffffffffda RBX: 00000000004da840 RCX: 000000000045c829 [ 2246.627959][T20699] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000200183 [ 2246.635901][T20699] RBP: 000000000078c180 R08: ffffffffffffffff R09: 0000000000000000 [ 2246.643842][T20699] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2246.652133][T20699] R13: 0000000000000076 R14: 00000000004c311e R15: 00007fa744f5a6d4 [ 2246.673238][T20699] Mem-Info: [ 2246.696464][T20699] active_anon:1379520 inactive_anon:17090 isolated_anon:0 [ 2246.696464][T20699] active_file:430 inactive_file:1036 isolated_file:85 [ 2246.696464][T20699] unevictable:0 dirty:26 writeback:0 unstable:0 [ 2246.696464][T20699] slab_reclaimable:8533 slab_unreclaimable:79897 [ 2246.696464][T20699] mapped:63157 shmem:17097 pagetables:46652 bounce:0 [ 2246.696464][T20699] free:13256 free_pcp:144 free_cma:0 [ 2246.756257][T20699] Node 0 active_anon:5518080kB inactive_anon:68360kB active_file:2104kB inactive_file:5192kB unevictable:0kB isolated(anon):0kB isolated(file):340kB mapped:253928kB dirty:104kB writeback:0kB shmem:68388kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2246.781507][T20699] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2246.876448][T20699] lowmem_reserve[]: 0 2912 6416 6416 [ 2246.881817][T20699] DMA32 free:24088kB min:4644kB low:7624kB high:10604kB active_anon:2696196kB inactive_anon:8908kB active_file:956kB inactive_file:756kB unevictable:0kB writepending:24kB present:3129332kB managed:2983764kB mlocked:0kB kernel_stack:27264kB pagetables:61844kB bounce:0kB free_pcp:1428kB local_pcp:1372kB free_cma:0kB [ 2246.983893][T20699] lowmem_reserve[]: 0 0 3504 3504 [ 2246.989735][T20699] Normal free:15540kB min:9688kB low:13276kB high:16864kB active_anon:2810796kB inactive_anon:59452kB active_file:2164kB inactive_file:6216kB unevictable:0kB writepending:80kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30816kB pagetables:124764kB bounce:0kB free_pcp:588kB local_pcp:244kB free_cma:0kB [ 2247.021709][T20699] lowmem_reserve[]: 0 0 0 0 [ 2247.027167][T20699] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 2247.045815][T20699] DMA32: 1001*4kB (UME) 426*8kB (UMEH) 121*16kB (UMH) 102*32kB (UMH) 74*64kB (UMH) 19*128kB (MH) 7*256kB (UMH) 5*512kB (UM) 1*1024kB (M) 0*2048kB 0*4096kB = 25156kB [ 2247.066492][T20699] Normal: 44*4kB (E) 160*8kB (UMEH) 376*16kB (UMEH) 200*32kB (UMH) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 13872kB 04:08:42 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) connect$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}, 0x1}], 0x1, 0x20, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r2, &(0x7f0000000500), 0x37d, 0x0) 04:08:42 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x1b, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:08:42 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0)={0xc00000000000000, 0x10000000}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0) 04:08:42 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x10f000}], 0x1, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x3000000}, 0x0, 0x0, 0x0, 0x0) [ 2247.081316][T20699] 19458 total pagecache pages [ 2247.086925][T20699] 0 pages in swap cache [ 2247.096957][T20699] Swap cache stats: add 0, delete 0, find 0/0 [ 2247.103892][T20699] Free swap = 0kB [ 2247.109869][T20699] Total swap = 0kB [ 2247.115606][T20699] 1965979 pages RAM [ 2247.120896][T20699] 0 pages HighMem/MovableOnly [ 2247.127631][T20699] 318830 pages reserved [ 2247.133529][T20699] 0 pages cma reserved [ 2247.137974][T20699] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=20697,uid=0 [ 2247.155320][T20699] Out of memory: Killed process 20697 (syz-executor.1) total-vm:75756kB, anon-rss:16600kB, file-rss:35488kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 04:08:42 executing program 2: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x15f000}], 0x1, 0x0) pipe(0x0) [ 2247.191003][ T23] oom_reaper: reaped process 20697 (syz-executor.1), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 04:08:42 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0xc, 0x0}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x4000000000003bb, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0xb7000}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4050, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/keys\x00', 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, &(0x7f0000000140)={0xffc}, 0x0, 0x0)