61]  ? mem_cgroup_iter+0x4f4/0xf50
[  766.767544][ T7961]  ? oom_killer_disable+0x340/0x340
[  766.772773][ T7961]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[  766.778595][ T7961]  ? lock_acquire+0x1db/0x570
[  766.778624][ T7961]  mem_cgroup_out_of_memory+0x160/0x210
[  766.778639][ T7961]  ? do_raw_spin_unlock+0xa0/0x330
[  766.778657][ T7961]  ? memory_oom_group_write+0x160/0x160
[  766.778672][ T7961]  ? do_raw_spin_trylock+0x270/0x270
[  766.778697][ T7961]  ? _raw_spin_unlock+0x2d/0x50
[  766.809619][ T7961]  try_charge+0x1457/0x1d00
17:47:59 executing program 1:
mknod(&(0x7f0000000180)='./file0\x00', 0x8006, 0x16e8)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0x10, r0, 0x0)
writev(0xffffffffffffffff, &(0x7f00000015c0)=[{&(0x7f0000001680)="e0585a0a76417aac0a91fae3d31ba44e5cc600771e59e093660052c3c2579c0221f8de2fe612d863f9ead05e571a68edf77cb2412f21e78c31a3d8d97be90ac5ccfd1ce850e22eefeacceda9a1f02ac3a236827478bf2bf4a9881d8cbcaf49dd83e7f92574e76abe5ba7240500b62d8d2344eee05fa8870bc0d84a85265f86a61a4361776c572588932a8294df8942c6b2f578ca17680974bbda38ddc3938f5dea20f262bd578bee11c4dac4762b68d9445e7493e4cb7bcaeeb7eaf8a82bd3088d5088f72a0d15b6334a78607f9a714098fed2d64b25c572e91ec19719ba0d20d9f12c35ef839869b1446fdf19b94d86860b4b8c926a054ba6c8fcf742614f7f4673d9670d0440ffed160695318abd0d4954d7595ba177a11764e95b949a0c70acefe93a15bdabe56b22c4e5c93f8d36235e8c270f4cd369a382394b3262881d237c15b5f45be5f4c40b45417cc55131ebb306486cd16c7cb6149b827b59132771c909392b1823e9c602a380ab3089b8e260459684b1c43d7c1fc470d41624dc5b32e589bb5e91131590d1291e71f4a9bf4f0fefe533166dfb6edc6b67168eed626f11e5648f2abd05da82df4f2b3f28ecbb8737c09dd307f1e6c6eb8cd3c2ccbcd1bed10df79d63d7a9d28ee0f7717c48838a06966366f077c28689ad905c30b12dd778aea0ecf07898063aff52015905c9bc6772e00a3fe58ce0a214e2f1f24f4695ae797afd7a123d8a3d55f33c8c56d4a2718f37ac27a243176e98eef20d8cab90c2b498d2b88cd88526503a5c121ee486d9c3b1598cf2c07351146e7c77d88448e3a0e2cb11b31601af9f425417b8868cb03aac96dca173132ad31a5d328a46be7d89e67d760eb1f76e9e20a86fee724028930cac89e918c665d84832abb1c0902ba85d14be284d7d1b8b3d031c580d7315aba2ebc3b7ed6a4d132937c0a7dc385fd21422013ae8177e5c92da3124e5e48aa48f84d44523673f8f9909c210e6e1fc1f2a5c2eae16ebc6a1ba60e511aab11d7994035e3c222ef9ed679e8bbfa9faf75ebbebfa1bf9576613f0570e262af8eee1b814a7cbb175cace8eb0eb79f82b7abefdce1c04c05156cd7cbb3651c4da7979f444ec31fc35", 0x31b}], 0x1)
lstat(&(0x7f0000001640)='./file0\x00', &(0x7f0000000000))

[  766.814145][ T7961]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  766.819699][ T7961]  ? find_held_lock+0x35/0x120
[  766.824465][ T7961]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[  766.829990][ T7961]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  766.836228][ T7961]  ? lock_downgrade+0xbe0/0xbe0
[  766.841055][ T7961]  ? kasan_check_read+0x11/0x20
[  766.845884][ T7961]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  766.851844][ T7961]  ? rcu_read_unlock_special+0x380/0x380
[  766.857460][ T7961]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[  766.862985][ T7961]  __memcg_kmem_charge_memcg+0x7c/0x130
[  766.868507][ T7961]  ? memcg_kmem_put_cache+0xb0/0xb0
[  766.873679][ T7961]  ? lock_release+0xc40/0xc40
[  766.878338][ T7961]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  766.884552][ T7961]  ? check_preemption_disabled+0x48/0x290
[  766.890266][ T7961]  __memcg_kmem_charge+0x136/0x300
[  766.895376][ T7961]  __alloc_pages_nodemask+0x7b8/0xdc0
[  766.900736][ T7961]  ? add_lock_to_list.isra.0+0x450/0x450
[  766.906376][ T7961]  ? __alloc_pages_slowpath+0x2c60/0x2c60
[  766.912073][ T7961]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  766.917514][ T7961]  ? copy_page_range+0x14a6/0x2730
[  766.922605][ T7961]  ? __lock_is_held+0xb6/0x140
[  766.927360][ T7961]  ? copy_page_range+0xa4a/0x2730
[  766.932364][ T7961]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  766.938587][ T7961]  alloc_pages_current+0x107/0x210
[  766.943709][ T7961]  pte_alloc_one+0x1b/0x1a0
[  766.948191][ T7961]  __pte_alloc+0x20/0x310
[  766.952531][ T7961]  copy_page_range+0x1844/0x2730
[  766.957449][ T7961]  ? save_stack+0x45/0xd0
[  766.961756][ T7961]  ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[  766.967553][ T7961]  ? pmd_alloc+0x180/0x180
[  766.971944][ T7961]  ? add_lock_to_list.isra.0+0x450/0x450
[  766.977556][ T7961]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  766.983791][ T7961]  ? copy_process+0x3668/0x8720
[  766.988622][ T7961]  ? find_held_lock+0x35/0x120
[  766.993384][ T7961]  ? copy_process+0x3668/0x8720
[  766.998217][ T7961]  ? lock_acquire+0x1db/0x570
[  767.002873][ T7961]  ? lock_downgrade+0xbe0/0xbe0
[  767.007735][ T7961]  ? kmem_cache_alloc+0x341/0x710
[  767.012739][ T7961]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  767.018439][ T7961]  ? vma_compute_subtree_gap+0x158/0x230
[  767.024059][ T7961]  ? __vma_link_rb+0x279/0x370
[  767.028808][ T7961]  copy_process+0x4291/0x8720
[  767.033488][ T7961]  ? __cleanup_sighand+0x70/0x70
[  767.038412][ T7961]  ? do_wp_page+0x7d7/0x1e80
[  767.042980][ T7961]  ? find_held_lock+0x35/0x120
[  767.047726][ T7961]  ? do_wp_page+0x7d7/0x1e80
[  767.052292][ T7961]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  767.058539][ T7961]  ? kasan_check_read+0x11/0x20
[  767.063390][ T7961]  ? do_raw_spin_trylock+0x270/0x270
[  767.068660][ T7961]  ? __lock_acquire+0x572/0x4a10
[  767.073578][ T7961]  ? finish_mkwrite_fault+0x4f0/0x4f0
[  767.078945][ T7961]  ? mark_held_locks+0x100/0x100
[  767.083862][ T7961]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  767.090082][ T7961]  ? check_preemption_disabled+0x48/0x290
[  767.095785][ T7961]  ? debug_smp_processor_id+0x1c/0x20
[  767.101139][ T7961]  ? add_lock_to_list.isra.0+0x450/0x450
[  767.106757][ T7961]  ? perf_trace_lock+0x750/0x750
[  767.111672][ T7961]  ? __handle_mm_fault+0x955/0x55a0
[  767.116852][ T7961]  ? __might_fault+0x12b/0x1e0
[  767.121607][ T7961]  ? find_held_lock+0x35/0x120
[  767.126363][ T7961]  ? __might_fault+0x12b/0x1e0
[  767.131136][ T7961]  ? lock_acquire+0x1db/0x570
[  767.135793][ T7961]  ? lock_downgrade+0xbe0/0xbe0
[  767.140622][ T7961]  ? lock_release+0xc40/0xc40
[  767.145274][ T7961]  ? trace_hardirqs_off_caller+0x300/0x300
[  767.151063][ T7961]  _do_fork+0x1a9/0x1170
[  767.155291][ T7961]  ? fork_idle+0x1d0/0x1d0
[  767.159694][ T7961]  ? kasan_check_read+0x11/0x20
[  767.164523][ T7961]  ? _copy_to_user+0xc9/0x120
[  767.169193][ T7961]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  767.175410][ T7961]  ? put_timespec64+0x115/0x1b0
[  767.180253][ T7961]  ? nsecs_to_jiffies+0x30/0x30
[  767.185090][ T7961]  ? do_syscall_64+0x8c/0x800
[  767.189743][ T7961]  ? do_syscall_64+0x8c/0x800
[  767.194397][ T7961]  ? lockdep_hardirqs_on+0x415/0x5d0
[  767.199660][ T7961]  ? trace_hardirqs_on+0xbd/0x310
[  767.204660][ T7961]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  767.210901][ T7961]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  767.216946][ T7961]  ? trace_hardirqs_off_caller+0x300/0x300
[  767.222733][ T7961]  __x64_sys_clone+0xbf/0x150
[  767.227395][ T7961]  do_syscall_64+0x1a3/0x800
[  767.231966][ T7961]  ? syscall_return_slowpath+0x5f0/0x5f0
[  767.237579][ T7961]  ? prepare_exit_to_usermode+0x232/0x3b0
[  767.243278][ T7961]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  767.248817][ T7961]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  767.254688][ T7961] RIP: 0033:0x45649a
[  767.258578][ T7961] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00
[  767.278161][ T7961] RSP: 002b:00007ffcc2973600 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[  767.286549][ T7961] RAX: ffffffffffffffda RBX: 00007ffcc2973600 RCX: 000000000045649a
[  767.294498][ T7961] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[  767.302446][ T7961] RBP: 00007ffcc2973640 R08: 0000000000000001 R09: 0000000001f21940
[  767.310397][ T7961] R10: 0000000001f21c10 R11: 0000000000000246 R12: 0000000000000001
[  767.318367][ T7961] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000004
[  767.329705][ T7961] memory: usage 307200kB, limit 307200kB, failcnt 2894
17:48:00 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(0xffffffffffffffff)

17:48:00 executing program 1:
mknod(&(0x7f0000000180)='./file0\x00', 0x8006, 0x16e8)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0x10, r0, 0x0)
writev(0xffffffffffffffff, &(0x7f00000015c0)=[{&(0x7f0000001680)="e0585a0a76417aac0a91fae3d31ba44e5cc600771e59e093660052c3c2579c0221f8de2fe612d863f9ead05e571a68edf77cb2412f21e78c31a3d8d97be90ac5ccfd1ce850e22eefeacceda9a1f02ac3a236827478bf2bf4a9881d8cbcaf49dd83e7f92574e76abe5ba7240500b62d8d2344eee05fa8870bc0d84a85265f86a61a4361776c572588932a8294df8942c6b2f578ca17680974bbda38ddc3938f5dea20f262bd578bee11c4dac4762b68d9445e7493e4cb7bcaeeb7eaf8a82bd3088d5088f72a0d15b6334a78607f9a714098fed2d64b25c572e91ec19719ba0d20d9f12c35ef839869b1446fdf19b94d86860b4b8c926a054ba6c8fcf742614f7f4673d9670d0440ffed160695318abd0d4954d7595ba177a11764e95b949a0c70acefe93a15bdabe56b22c4e5c93f8d36235e8c270f4cd369a382394b3262881d237c15b5f45be5f4c40b45417cc55131ebb306486cd16c7cb6149b827b59132771c909392b1823e9c602a380ab3089b8e260459684b1c43d7c1fc470d41624dc5b32e589bb5e91131590d1291e71f4a9bf4f0fefe533166dfb6edc6b67168eed626f11e5648f2abd05da82df4f2b3f28ecbb8737c09dd307f1e6c6eb8cd3c2ccbcd1bed10df79d63d7a9d28ee0f7717c48838a06966366f077c28689ad905c30b12dd778aea0ecf07898063aff52015905c9bc6772e00a3fe58ce0a214e2f1f24f4695ae797afd7a123d8a3d55f33c8c56d4a2718f37ac27a243176e98eef20d8cab90c2b498d2b88cd88526503a5c121ee486d9c3b1598cf2c07351146e7c77d88448e3a0e2cb11b31601af9f425417b8868cb03aac96dca173132ad31a5d328a46be7d89e67d760eb1f76e9e20a86fee724028930cac89e918c665d84832abb1c0902ba85d14be284d7d1b8b3d031c580d7315aba2ebc3b7ed6a4d132937c0a7dc385fd21422013ae8177e5c92da3124e5e48aa48f84d44523673f8f9909c210e6e1fc1f2a5c2eae16ebc6a1ba60e511aab11d7994035e3c222ef9ed679e8bbfa9faf75ebbebfa1bf9576613f0570e262af8eee1b814a7cbb175cace8eb0eb79f82b7abefdce1c04c05156cd7cbb3651c4da7979f444ec31fc35336928fcc9dddecbcc7ea5eee0711ba49608092e8b0c5f81dbe7790bbcd74d6f9fe15e5b36044b1a765c5c1a0bd1629f8d0a62f503822410da4ea62e72d9af0e4410efc19b8a91ed99b57bab83f3a70844b59027a78761a01a1f018895dbf70d8c09aa91555fd7ac56e53ef118abcefd8fa5657e55093de79f787cc6b8406299b07e", 0x39d}], 0x1)
lstat(&(0x7f0000001640)='./file0\x00', &(0x7f0000000000))

17:48:00 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1279, 0x0)

17:48:00 executing program 2:

17:48:00 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6100, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

[  767.369644][ T7961] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
17:48:00 executing program 2:
mknod(&(0x7f0000000180)='./file0\x00', 0x8006, 0x16e8)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0x10, r0, 0x0)
writev(0xffffffffffffffff, &(0x7f00000015c0)=[{&(0x7f0000001680)="e0585a0a76417aac0a91fae3d31ba44e5cc600771e59e093660052c3c2579c0221f8de2fe612d863f9ead05e571a68edf77cb2412f21e78c31a3d8d97be90ac5ccfd1ce850e22eefeacceda9a1f02ac3a236827478bf2bf4a9881d8cbcaf49dd83e7f92574e76abe5ba7240500b62d8d2344eee05fa8870bc0d84a85265f86a61a4361776c572588932a8294df8942c6b2f578ca17680974bbda38ddc3938f5dea20f262bd578bee11c4dac4762b68d9445e7493e4cb7bcaeeb7eaf8a82bd3088d5088f72a0d15b6334a78607f9a714098fed2d64b25c572e91ec19719ba0d20d9f12c35ef839869b1446fdf19b94d86860b4b8c926a054ba6c8fcf742614f7f4673d9670d0440ffed160695318abd0d4954d7595ba177a11764e95b949a0c70acefe93a15bdabe56b22c4e5c93f8d36235e8c270f4cd369a382394b3262881d237c15b5f45be5f4c40b45417cc55131ebb306486cd16c7cb6149b827b59132771c909392b1823e9c602a380ab3089b8e260459684b1c43d7c1fc470d41624dc5b32e589bb5e91131590d1291e71f4a9bf4f0fefe533166dfb6edc6b67168eed626f11e5648f2abd05da82df4f2b3f28ecbb8737c09dd307f1e6c6eb8cd3c2ccbcd1bed10df79d63d7a9d28ee0f7717c48838a06966366f077c28689ad905c30b12dd778aea0ecf07898063aff52015905c9bc6772e00a3fe58ce0a214e2f1f24f4695ae797afd7a123d8a3d55f33c8c56d4a2718f37ac27a243176e98eef20d8cab90c2b498d2b88cd88526503a5c121ee486d9c3b1598cf2c07351146e7c77d88448e3a0e2cb11b31601af9f425417b8868cb03aac96dca173132ad31a5d328a46be7d89e67d760eb1f76e9e20a86fee724028930cac89e918c665d84832abb1c0902ba85d14be284d7d1b8b3d031c580d7315aba2ebc3b7ed6a4d132937c0a7dc385fd21422013ae8177e5c92da3124e5e48aa48f84d44523673f8f9909c210e6e1fc1f2a5c2eae16ebc6a1ba60e511aab11d7994035e3c222ef9ed679e8bbfa9faf75ebbebfa1bf9576613f0570e262af8eee1b814a7cbb175cace8eb0eb79f82b7abefdce1c04c05156cd7cbb3651c4da7979f444ec31fc35336928fcc9dddecbcc7ea5eee0711ba49608092e", 0x32f}], 0x1)
lstat(&(0x7f0000001640)='./file0\x00', &(0x7f0000000000))

[  767.446135][ T7961] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  767.473132][ T7961] Memory cgroup stats for /syz4: cache:120KB rss:224420KB rss_huge:182272KB shmem:168KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:16KB active_anon:224548KB inactive_file:0KB active_file:4KB unevictable:0KB
17:48:00 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7800, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:00 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x127a, 0x0)

[  767.603295][ T7961] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor4,pid=28103,uid=0
[  767.668517][ T7961] Memory cgroup out of memory: Kill process 28103 (syz-executor4) score 1106 or sacrifice child
[  767.711078][ T7961] Killed process 28103 (syz-executor4) total-vm:70532kB, anon-rss:2196kB, file-rss:33740kB, shmem-rss:0kB
[  767.856934][ T7622] syz-executor4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000
[  767.901040][ T7622] CPU: 1 PID: 7622 Comm: syz-executor4 Not tainted 5.0.0-rc1-next-20190108 #7
[  767.909927][ T7622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  767.919975][ T7622] Call Trace:
[  767.923273][ T7622]  dump_stack+0x1db/0x2d0
[  767.927623][ T7622]  ? dump_stack_print_info.cold+0x20/0x20
[  767.933343][ T7622]  ? check_preemption_disabled+0x48/0x290
[  767.939074][ T7622]  dump_header+0x1e6/0x116c
[  767.943578][ T7622]  ? add_lock_to_list.isra.0+0x450/0x450
[  767.949205][ T7622]  ? perf_trace_lock+0x750/0x750
[  767.954138][ T7622]  ? print_usage_bug+0xd0/0xd0
[  767.958907][ T7622]  ? pagefault_out_of_memory+0x1a1/0x1a1
[  767.964577][ T7622]  ? ___ratelimit+0x37c/0x686
[  767.969265][ T7622]  ? mark_held_locks+0xb1/0x100
[  767.974127][ T7622]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  767.979934][ T7622]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  767.985751][ T7622]  ? lockdep_hardirqs_on+0x415/0x5d0
[  767.991039][ T7622]  ? trace_hardirqs_on+0xbd/0x310
[  767.996061][ T7622]  ? kasan_check_read+0x11/0x20
[  768.000915][ T7622]  ? ___ratelimit+0x37c/0x686
[  768.005603][ T7622]  ? trace_hardirqs_off_caller+0x300/0x300
[  768.011420][ T7622]  ? do_raw_spin_trylock+0x270/0x270
[  768.016704][ T7622]  ? trace_hardirqs_on_caller+0x310/0x310
[  768.022424][ T7622]  ? lock_acquire+0x1db/0x570
[  768.027110][ T7622]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  768.032920][ T7622]  ? ___ratelimit+0xac/0x686
[  768.037509][ T7622]  ? idr_get_free+0xee0/0xee0
[  768.042202][ T7622]  ? lockdep_hardirqs_on+0x415/0x5d0
[  768.047505][ T7622]  oom_kill_process.cold+0x10/0x9ca
[  768.052704][ T7622]  ? cgroup_procs_next+0x70/0x70
[  768.057646][ T7622]  ? _raw_spin_unlock_irq+0x5e/0x90
[  768.062849][ T7622]  ? oom_badness+0xa50/0xa50
[  768.067448][ T7622]  ? oom_evaluate_task+0x540/0x540
[  768.072563][ T7622]  ? mem_cgroup_iter_break+0x30/0x30
[  768.077848][ T7622]  ? mutex_trylock+0x2d0/0x2d0
[  768.082620][ T7622]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  768.088896][ T7622]  ? rcu_read_unlock_special+0x380/0x380
[  768.094564][ T7622]  out_of_memory+0x885/0x1420
[  768.099245][ T7622]  ? mem_cgroup_iter+0x4f4/0xf50
[  768.104191][ T7622]  ? oom_killer_disable+0x340/0x340
[  768.109389][ T7622]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[  768.115195][ T7622]  ? lock_acquire+0x1db/0x570
[  768.119882][ T7622]  mem_cgroup_out_of_memory+0x160/0x210
[  768.125429][ T7622]  ? do_raw_spin_unlock+0xa0/0x330
[  768.130545][ T7622]  ? memory_oom_group_write+0x160/0x160
[  768.136115][ T7622]  ? do_raw_spin_trylock+0x270/0x270
[  768.141417][ T7622]  ? _raw_spin_unlock+0x2d/0x50
[  768.146272][ T7622]  try_charge+0x1457/0x1d00
[  768.150791][ T7622]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  768.156366][ T7622]  ? find_held_lock+0x35/0x120
[  768.161133][ T7622]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[  768.166710][ T7622]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  768.172955][ T7622]  ? lock_downgrade+0xbe0/0xbe0
[  768.177804][ T7622]  ? kasan_check_read+0x11/0x20
[  768.182658][ T7622]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  768.188640][ T7622]  ? rcu_read_unlock_special+0x380/0x380
[  768.194281][ T7622]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[  768.199847][ T7622]  __memcg_kmem_charge_memcg+0x7c/0x130
[  768.205395][ T7622]  ? memcg_kmem_put_cache+0xb0/0xb0
[  768.210593][ T7622]  ? lock_release+0xc40/0xc40
[  768.215298][ T7622]  __memcg_kmem_charge+0x136/0x300
[  768.220435][ T7622]  __alloc_pages_nodemask+0x7b8/0xdc0
[  768.225821][ T7622]  ? __alloc_pages_slowpath+0x2c60/0x2c60
[  768.231536][ T7622]  ? rcu_pm_notify+0xd0/0xd0
[  768.236139][ T7622]  ? rcu_read_lock_sched_held+0x110/0x130
[  768.241860][ T7622]  ? kmem_cache_alloc_node+0x347/0x710
[  768.247342][ T7622]  copy_process+0x847/0x8720
[  768.251940][ T7622]  ? print_usage_bug+0xd0/0xd0
[  768.256721][ T7622]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  768.262973][ T7622]  ? check_preemption_disabled+0x48/0x290
[  768.268733][ T7622]  ? __lock_acquire+0x572/0x4a10
[  768.273679][ T7622]  ? mark_held_locks+0x100/0x100
[  768.278633][ T7622]  ? __cleanup_sighand+0x70/0x70
[  768.283576][ T7622]  ? mark_held_locks+0x100/0x100
[  768.288514][ T7622]  ? find_held_lock+0x35/0x120
[  768.293276][ T7622]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  768.299495][ T7622]  ? check_preemption_disabled+0x48/0x290
[  768.305349][ T7622]  ? debug_smp_processor_id+0x1c/0x20
[  768.310699][ T7622]  ? perf_trace_lock_acquire+0x138/0x7d0
[  768.316318][ T7622]  ? delayacct_end+0xc9/0x100
[  768.320972][ T7622]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  768.327189][ T7622]  ? add_lock_to_list.isra.0+0x450/0x450
[  768.332802][ T7622]  ? perf_trace_lock+0x750/0x750
[  768.337747][ T7622]  ? perf_trace_lock_acquire+0x138/0x7d0
[  768.343380][ T7622]  ? add_lock_to_list.isra.0+0x450/0x450
[  768.349005][ T7622]  ? find_held_lock+0x35/0x120
[  768.353750][ T7622]  ? print_usage_bug+0xd0/0xd0
[  768.358492][ T7622]  ? psi_memstall_leave+0x1f8/0x280
[  768.363665][ T7622]  ? find_held_lock+0x35/0x120
[  768.368433][ T7622]  ? __lock_acquire+0x572/0x4a10
[  768.373374][ T7622]  ? _raw_spin_unlock_irq+0x28/0x90
[  768.378604][ T7622]  ? _raw_spin_unlock_irq+0x28/0x90
[  768.383779][ T7622]  ? lockdep_hardirqs_on+0x415/0x5d0
[  768.389048][ T7622]  ? trace_hardirqs_on+0xbd/0x310
[  768.394052][ T7622]  ? mark_held_locks+0x100/0x100
[  768.399092][ T7622]  ? check_preemption_disabled+0x48/0x290
[  768.404806][ T7622]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  768.411041][ T7622]  ? check_preemption_disabled+0x48/0x290
[  768.416756][ T7622]  ? debug_smp_processor_id+0x1c/0x20
[  768.422118][ T7622]  ? perf_trace_lock_acquire+0x138/0x7d0
[  768.427731][ T7622]  ? add_lock_to_list.isra.0+0x450/0x450
[  768.433350][ T7622]  ? perf_trace_lock+0x750/0x750
[  768.438401][ T7622]  ? lockdep_hardirqs_on+0x415/0x5d0
[  768.443685][ T7622]  ? try_to_free_pages+0xb70/0xb70
[  768.448774][ T7622]  ? percpu_ref_put_many+0x129/0x270
[  768.454041][ T7622]  ? blkcg_maybe_throttle_current+0x75e/0x13c0
[  768.460169][ T7622]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  768.466390][ T7622]  _do_fork+0x1a9/0x1170
[  768.470614][ T7622]  ? fork_idle+0x1d0/0x1d0
[  768.475013][ T7622]  ? trace_hardirqs_off+0xb8/0x310
[  768.480098][ T7622]  ? get_mctgt_type_thp.isra.0+0x4c0/0x4c0
[  768.485878][ T7622]  ? prepare_exit_to_usermode+0x32e/0x3b0
[  768.491576][ T7622]  ? do_syscall_64+0x8c/0x800
[  768.496248][ T7622]  ? do_syscall_64+0x8c/0x800
[  768.500919][ T7622]  ? lockdep_hardirqs_on+0x415/0x5d0
[  768.506192][ T7622]  ? trace_hardirqs_on+0xbd/0x310
[  768.511200][ T7622]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  768.517240][ T7622]  ? trace_hardirqs_off_caller+0x300/0x300
[  768.523025][ T7622]  __x64_sys_clone+0xbf/0x150
[  768.527682][ T7622]  do_syscall_64+0x1a3/0x800
[  768.532251][ T7622]  ? syscall_return_slowpath+0x5f0/0x5f0
[  768.537861][ T7622]  ? prepare_exit_to_usermode+0x232/0x3b0
[  768.543556][ T7622]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  768.549082][ T7622]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  768.554949][ T7622] RIP: 0033:0x45a899
[  768.558857][ T7622] Code: ff 48 85 f6 0f 84 97 8d fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 6e 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75
[  768.578439][ T7622] RSP: 002b:00007ffcc2973378 EFLAGS: 00000202 ORIG_RAX: 0000000000000038
[  768.586824][ T7622] RAX: ffffffffffffffda RBX: 00007f20e9828700 RCX: 000000000045a899
[  768.594783][ T7622] RDX: 00007f20e98289d0 RSI: 00007f20e9827db0 RDI: 00000000003d0f00
[  768.602757][ T7622] RBP: 00007ffcc2973580 R08: 00007f20e9828700 R09: 00007f20e9828700
[  768.610704][ T7622] R10: 00007f20e98289d0 R11: 0000000000000202 R12: 0000000000000000
[  768.618666][ T7622] R13: 00007ffcc297342f R14: 00007f20e98289c0 R15: 000000000073bfac
[  768.632223][ T7622] memory: usage 307124kB, limit 307200kB, failcnt 2903
[  768.639449][ T7622] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  768.647467][ T7622] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  768.654533][ T7622] Memory cgroup stats for /syz4: cache:120KB rss:224484KB rss_huge:182272KB shmem:168KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:16KB active_anon:224532KB inactive_file:4KB active_file:0KB unevictable:0KB
[  768.678988][ T7622] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor4,pid=28690,uid=0
17:48:01 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000]}, 0x2c8)

17:48:01 executing program 1:
mknod(&(0x7f0000000180)='./file0\x00', 0x8006, 0x16e8)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0x10, r0, 0x0)
writev(0xffffffffffffffff, &(0x7f00000015c0)=[{&(0x7f0000001680)="e0585a0a76417aac0a91fae3d31ba44e5cc600771e59e093660052c3c2579c0221f8de2fe612d863f9ead05e571a68edf77cb2412f21e78c31a3d8d97be90ac5ccfd1ce850e22eefeacceda9a1f02ac3a236827478bf2bf4a9881d8cbcaf49dd83e7f92574e76abe5ba7240500b62d8d2344eee05fa8870bc0d84a85265f86a61a4361776c572588932a8294df8942c6b2f578ca17680974bbda38ddc3938f5dea20f262bd578bee11c4dac4762b68d9445e7493e4cb7bcaeeb7eaf8a82bd3088d5088f72a0d15b6334a78607f9a714098fed2d64b25c572e91ec19719ba0d20d9f12c35ef839869b1446fdf19b94d86860b4b8c926a054ba6c8fcf742614f7f4673d9670d0440ffed160695318abd0d4954d7595ba177a11764e95b949a0c70acefe93a15bdabe56b22c4e5c93f8d36235e8c270f4cd369a382394b3262881d237c15b5f45be5f4c40b45417cc55131ebb306486cd16c7cb6149b827b59132771c909392b1823e9c602a380ab3089b8e260459684b1c43d7c1fc470d41624dc5b32e589bb5e91131590d1291e71f4a9bf4f0fefe533166dfb6edc6b67168eed626f11e5648f2abd05da82df4f2b3f28ecbb8737c09dd307f1e6c6eb8cd3c2ccbcd1bed10df79d63d7a9d28ee0f7717c48838a06966366f077c28689ad905c30b12dd778aea0ecf07898063aff52015905c9bc6772e00a3fe58ce0a214e2f1f24f4695ae797afd7a123d8a3d55f33c8c56d4a2718f37ac27a243176e98eef20d8cab90c2b498d2b88cd88526503a5c121ee486d9c3b1598cf2c07351146e7c77d88448e3a0e2cb11b31601af9f425417b8868cb03aac96dca173132ad31a5d328a46be7d89e67d760eb1f76e9e20a86fee724028930cac89e918c665d84832abb1c0902ba85d14be284d7d1b8b3d031c580d7315aba2ebc3b7ed6a4d132937c0a7dc385fd21422013ae8177e5c92da3124e5e48aa48f84d44523673f8f9909c210e6e1fc1f2a5c2eae16ebc6a1ba60e511aab11d7994035e3c222ef9ed679e8bbfa9faf75ebbebfa1bf9576613f0570e262af8eee1b814a7cbb175cace8eb0eb79f82b7abefdce1c04c05156cd7cbb3651c4da7979f444ec31fc35336928fcc9dddecbcc7ea5", 0x326}], 0x1)
lstat(&(0x7f0000001640)='./file0\x00', &(0x7f0000000000))

17:48:01 executing program 2:
mknod(&(0x7f0000000180)='./file0\x00', 0x8006, 0x16e8)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0x10, r0, 0x0)
writev(0xffffffffffffffff, &(0x7f00000015c0)=[{&(0x7f0000001680)="e0585a0a76417aac0a91fae3d31ba44e5cc600771e59e093660052c3c2579c0221f8de2fe612d863f9ead05e571a68edf77cb2412f21e78c31a3d8d97be90ac5ccfd1ce850e22eefeacceda9a1f02ac3a236827478bf2bf4a9881d8cbcaf49dd83e7f92574e76abe5ba7240500b62d8d2344eee05fa8870bc0d84a85265f86a61a4361776c572588932a8294df8942c6b2f578ca17680974bbda38ddc3938f5dea20f262bd578bee11c4dac4762b68d9445e7493e4cb7bcaeeb7eaf8a82bd3088d5088f72a0d15b6334a78607f9a714098fed2d64b25c572e91ec19719ba0d20d9f12c35ef839869b1446fdf19b94d86860b4b8c926a054ba6c8fcf742614f7f4673d9670d0440ffed160695318abd0d4954d7595ba177a11764e95b949a0c70acefe93a15bdabe56b22c4e5c93f8d36235e8c270f4cd369a382394b3262881d237c15b5f45be5f4c40b45417cc55131ebb306486cd16c7cb6149b827b59132771c909392b1823e9c602a380ab3089b8e260459684b1c43d7c1fc470d41624dc5b32e589bb5e91131590d1291e71f4a9bf4f0fefe533166dfb6edc6b67168eed626f11e5648f2abd05da82df4f2b3f28ecbb8737c09dd307f1e6c6eb8cd3c2ccbcd1bed10df79d63d7a9d28ee0f7717c48838a06966366f077c28689ad905c30b12dd778aea0ecf07898063aff52015905c9bc6772e00a3fe58ce0a214e2f1f24f4695ae797afd7a123d8a3d55f33c8c56d4a2718f37ac27a243176e98eef20d8cab90c2b498d2b88cd88526503a5c121ee486d9c3b1598cf2c07351146e7c77d88448e3a0e2cb11b31601af9f425417b8868cb03aac96dca173132ad31a5d328a46be7d89e67d760eb1f76e9e20a86fee724028930cac89e918c665d84832abb1c0902ba85d14be284d7d1b8b3d031c580d7315aba2ebc3b7ed6a4d132937c0a7dc385fd21422013ae8177e5c92da3124e5e48aa48f84d44523673f8f9909c210e6e1fc1f2a5c2eae16ebc6a1ba60e511aab11d7994035e3c222ef9ed679e8bbfa9faf75ebbebfa1bf9576613f0570e262af8eee1b814a7cbb175cace8eb0eb79f82b7abefdce1c04c05156cd7cbb3651c4da7979f444ec31fc35336928fcc9dddecbcc", 0x324}], 0x1)
lstat(&(0x7f0000001640)='./file0\x00', &(0x7f0000000000))

17:48:01 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x127b, 0x0)

17:48:01 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80fe, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:01 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(0xffffffffffffffff)

[  768.697991][ T7622] Memory cgroup out of memory: Kill process 28690 (syz-executor4) score 1106 or sacrifice child
[  768.708870][ T7622] Killed process 28690 (syz-executor4) total-vm:70532kB, anon-rss:2196kB, file-rss:33740kB, shmem-rss:0kB
17:48:01 executing program 1:
r0 = syz_open_pts(0xffffffffffffffff, 0x0)
fcntl$lock(r0, 0x400000009, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x101000000})
read(r0, &(0x7f0000000100)=""/67, 0x43)
flock(r0, 0x2)
mknod(&(0x7f0000000000)='./file0\x00', 0x8007, 0x16eb)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0x10, r1, 0x0)
flock(r0, 0x2)
flock(r0, 0x2)
select(0x40, &(0x7f0000000040)={0x0, 0x1, 0x7f1aa098, 0x4, 0xf98, 0x0, 0x4000000, 0x1f}, 0x0, &(0x7f0000000180)={0x20, 0x27780000, 0x80000000, 0xd94, 0x0, 0x3f, 0x20, 0x5}, &(0x7f00000001c0)={0x1, 0x89c2})

17:48:01 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa005, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:01 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x127c, 0x0)

17:48:01 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0fe, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:01 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x2c8)

17:48:01 executing program 2:
mknod(&(0x7f0000000180)='./file0\x00', 0x8006, 0x16e8)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0x10, r0, 0x0)
writev(0xffffffffffffffff, &(0x7f00000015c0)=[{&(0x7f0000001680)="e0585a0a76417aac0a91fae3d31ba44e5cc600771e59e093660052c3c2579c0221f8de2fe612d863f9ead05e571a68edf77cb2412f21e78c31a3d8d97be90ac5ccfd1ce850e22eefeacceda9a1f02ac3a236827478bf2bf4a9881d8cbcaf49dd83e7f92574e76abe5ba7240500b62d8d2344eee05fa8870bc0d84a85265f86a61a4361776c572588932a8294df8942c6b2f578ca17680974bbda38ddc3938f5dea20f262bd578bee11c4dac4762b68d9445e7493e4cb7bcaeeb7eaf8a82bd3088d5088f72a0d15b6334a78607f9a714098fed2d64b25c572e91ec19719ba0d20d9f12c35ef839869b1446fdf19b94d86860b4b8c926a054ba6c8fcf742614f7f4673d9670d0440ffed160695318abd0d4954d7595ba177a11764e95b949a0c70acefe93a15bdabe56b22c4e5c93f8d36235e8c270f4cd369a382394b3262881d237c15b5f45be5f4c40b45417cc55131ebb306486cd16c7cb6149b827b59132771c909392b1823e9c602a380ab3089b8e260459684b1c43d7c1fc470d41624dc5b32e589bb5e91131590d1291e71f4a9bf4f0fefe533166dfb6edc6b67168eed626f11e5648f2abd05da82df4f2b3f28ecbb8737c09dd307f1e6c6eb8cd3c2ccbcd1bed10df79d63d7a9d28ee0f7717c48838a06966366f077c28689ad905c30b12dd778aea0ecf07898063aff52015905c9bc6772e00a3fe58ce0a214e2f1f24f4695ae797afd7a123d8a3d55f33c8c56d4a2718f37ac27a243176e98eef20d8cab90c2b498d2b88cd88526503a5c121ee486d9c3b1598cf2c07351146e7c77d88448e3a0e2cb11b31601af9f425417b8868cb03aac96dca173132ad31a5d328a46be7d89e67d760eb1f76e9e20a86fee724028930cac89e918c665d84832abb1c0902ba85d14be284d7d1b8b3d031c580d7315aba2ebc3b7ed6a4d132937c0a7dc385fd21422013ae8177e5c92da3124e5e48aa48f84d44523673f8f9909c210e6e1fc1f2a5c2eae16ebc6a1ba60e511aab11d7994035e3c222ef9ed679e8bbfa9faf75ebbebfa1bf9576613f0570e262af8eee1b814a7cbb175cace8eb0eb79f82b7abefdce1c04c05156cd7cbb3651c4da7979f444ec31fc35336928fcc9dddecbcc7ea5eee0711ba49608092e8b0c5f81dbe779", 0x336}], 0x1)
lstat(&(0x7f0000001640)='./file0\x00', &(0x7f0000000000))

17:48:01 executing program 1:
mknod(&(0x7f0000000180)='./file0\x00', 0x8006, 0x16e8)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0x10, r0, 0x0)
writev(0xffffffffffffffff, &(0x7f00000015c0)=[{&(0x7f0000001680)="e0585a0a76417aac0a91fae3d31ba44e5cc600771e59e093660052c3c2579c0221f8de2fe612d863f9ead05e571a68edf77cb2412f21e78c31a3d8d97be90ac5ccfd1ce850e22eefeacceda9a1f02ac3a236827478bf2bf4a9881d8cbcaf49dd83e7f92574e76abe5ba7240500b62d8d2344eee05fa8870bc0d84a85265f86a61a4361776c572588932a8294df8942c6b2f578ca17680974bbda38ddc3938f5dea20f262bd578bee11c4dac4762b68d9445e7493e4cb7bcaeeb7eaf8a82bd3088d5088f72a0d15b6334a78607f9a714098fed2d64b25c572e91ec19719ba0d20d9f12c35ef839869b1446fdf19b94d86860b4b8c926a054ba6c8fcf742614f7f4673d9670d0440ffed160695318abd0d4954d7595ba177a11764e95b949a0c70acefe93a15bdabe56b22c4e5c93f8d36235e8c270f4cd369a382394b3262881d237c15b5f45be5f4c40b45417cc55131ebb306486cd16c7cb6149b827b59132771c909392b1823e9c602a380ab3089b8e260459684b1c43d7c1fc470d41624dc5b32e589bb5e91131590d1291e71f4a9bf4f0fefe533166dfb6edc6b67168eed626f11e5648f2abd05da82df4f2b3f28ecbb8737c09dd307f1e6c6eb8cd3c2ccbcd1bed10df79d63d7a9d28ee0f7717c48838a06966366f077c28689ad905c30b12dd778aea0ecf07898063aff52015905c9bc6772e00a3fe58ce0a214e2f1f24f4695ae797afd7a123d8a3d55f33c8c56d4a2718f37ac27a243176e98eef20d8cab90c2b498d2b88cd88526503a5c121ee486d9c3b1598cf2c07351146e7c77d88448e3a0e2cb11b31601af9f425417b8868cb03aac96dca173132ad31a5d328a46be7d89e67d760eb1f76e9e20a86fee724028930cac89e918c665d84832abb1c0902ba85d14be284d7d1b8b3d031c580d7315aba2ebc3b7ed6a4d132937c0a7dc385fd21422013ae8177e5c92da3124e5e48aa48f84d44523673f8f9909c210e6e1fc1f2a5c2eae16ebc6a1ba60e511aab11d7994035e3c222ef9ed679e8bbfa9faf75ebbebfa1bf9576613f0570e262af8eee1b814a7cbb175cace8eb0eb79f82b7abefdce1c04c05156cd7cbb3651c4da", 0x313}], 0x1)
lstat(&(0x7f0000001640)='./file0\x00', &(0x7f0000000000))

17:48:01 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x127d, 0x0)

17:48:01 executing program 2:
mknod(&(0x7f0000000180)='./file0\x00', 0x8006, 0x16e8)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0x10, r0, 0x0)
writev(0xffffffffffffffff, &(0x7f00000015c0)=[{&(0x7f0000001680)="e0585a0a76417aac0a91fae3d31ba44e5cc600771e59e093660052c3c2579c0221f8de2fe612d863f9ead05e571a68edf77cb2412f21e78c31a3d8d97be90ac5ccfd1ce850e22eefeacceda9a1f02ac3a236827478bf2bf4a9881d8cbcaf49dd83e7f92574e76abe5ba7240500b62d8d2344eee05fa8870bc0d84a85265f86a61a4361776c572588932a8294df8942c6b2f578ca17680974bbda38ddc3938f5dea20f262bd578bee11c4dac4762b68d9445e7493e4cb7bcaeeb7eaf8a82bd3088d5088f72a0d15b6334a78607f9a714098fed2d64b25c572e91ec19719ba0d20d9f12c35ef839869b1446fdf19b94d86860b4b8c926a054ba6c8fcf742614f7f4673d9670d0440ffed160695318abd0d4954d7595ba177a11764e95b949a0c70acefe93a15bdabe56b22c4e5c93f8d36235e8c270f4cd369a382394b3262881d237c15b5f45be5f4c40b45417cc55131ebb306486cd16c7cb6149b827b59132771c909392b1823e9c602a380ab3089b8e260459684b1c43d7c1fc470d41624dc5b32e589bb5e91131590d1291e71f4a9bf4f0fefe533166dfb6edc6b67168eed626f11e5648f2abd05da82df4f2b3f28ecbb8737c09dd307f1e6c6eb8cd3c2ccbcd1bed10df79d63d7a9d28ee0f7717c48838a06966366f077c28689ad905c30b12dd778aea0ecf07898063aff52015905c9bc6772e00a3fe58ce0a214e2f1f24f4695ae797afd7a123d8a3d55f33c8c56d4a2718f37ac27a243176e98eef20d8cab90c2b498d2b88cd88526503a5c121ee486d9c3b1598cf2c07351146e7c77d88448e3a0e2cb11b31601af9f425417b8868cb03aac96dca173132ad31a5d328a46be7d89e67d760eb1f76e9e20a86fee724028930cac89e918c665d84832abb1c0902ba85d14be284d7d1b8b3d031c580d7315aba2ebc3b7ed6a4d132937c0a7dc385fd21422013ae8177e5c92da3124e5e48aa48f84d44523673f8f9909c210e6e1fc1f2a5c2eae16ebc6a1ba60e511aab11d7994035e3c222ef9ed679e8bbfa9faf75ebbebfa1bf9576613f0570e262af8eee1b814a7cbb175cace8eb0eb79f82b7abefdce1c04c05156cd7cbb3651c4da7979f444ec31fc35336928fcc9dddecbcc7ea5eee0711ba49608092e8b0c5f81dbe7790bbcd74d6f9fe15e5b", 0x33f}], 0x1)
lstat(&(0x7f0000001640)='./file0\x00', &(0x7f0000000000))

17:48:01 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc805, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:01 executing program 1:
mknod(&(0x7f0000000180)='./file0\x00', 0x8006, 0x16e8)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0x10, r0, 0x0)
writev(0xffffffffffffffff, &(0x7f00000015c0)=[{&(0x7f0000001680)="e0585a0a76417aac0a91fae3d31ba44e5cc600771e59e093660052c3c2579c0221f8de2fe612d863f9ead05e571a68edf77cb2412f21e78c31a3d8d97be90ac5ccfd1ce850e22eefeacceda9a1f02ac3a236827478bf2bf4a9881d8cbcaf49dd83e7f92574e76abe5ba7240500b62d8d2344eee05fa8870bc0d84a85265f86a61a4361776c572588932a8294df8942c6b2f578ca17680974bbda38ddc3938f5dea20f262bd578bee11c4dac4762b68d9445e7493e4cb7bcaeeb7eaf8a82bd3088d5088f72a0d15b6334a78607f9a714098fed2d64b25c572e91ec19719ba0d20d9f12c35ef839869b1446fdf19b94d86860b4b8c926a054ba6c8fcf742614f7f4673d9670d0440ffed160695318abd0d4954d7595ba177a11764e95b949a0c70acefe93a15bdabe56b22c4e5c93f8d36235e8c270f4cd369a382394b3262881d237c15b5f45be5f4c40b45417cc55131ebb306486cd16c7cb6149b827b59132771c909392b1823e9c602a380ab3089b8e260459684b1c43d7c1fc470d41624dc5b32e589bb5e91131590d1291e71f4a9bf4f0fefe533166dfb6edc6b67168eed626f11e5648f2abd05da82df4f2b3f28ecbb8737c09dd307f1e6c6eb8cd3c2ccbcd1bed10df79d63d7a9d28ee0f7717c48838a06966366f077c28689ad905c30b12dd778aea0ecf07898063aff52015905c9bc6772e00a3fe58ce0a214e2f1f24f4695ae797afd7a123d8a3d55f33c8c56d4a2718f37ac27a243176e98eef20d8cab90c2b498d2b88cd88526503a5c121ee486d9c3b1598cf2c07351146e7c77d88448e3a0e2cb11b31601af9f425417b8868cb03aac96dca173132ad31a5d328a46be7d89e67d760eb1f76e9e20a86fee724028930cac89e918c665d84832abb1c0902ba85d14be284d7d1b8b3d031c580d7315aba2ebc3b7ed6a4d132937c0a7dc385fd21422013ae8177e5c92da3124e5e48aa48f84d44523673f8f9909c210e6e1fc1f2a5c2eae16ebc6a1ba60e511aab11d7994035e3c222ef9ed679e8bbfa9faf75ebbebfa1bf9576613f0570e262af8eee1b814a7cbb175cace8eb0eb79f82b7abefdce1c04c05156cd7cbb3651c4da7979f4", 0x316}], 0x1)
lstat(&(0x7f0000001640)='./file0\x00', &(0x7f0000000000))

17:48:02 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(0xffffffffffffffff)

17:48:02 executing program 2:
mknod(&(0x7f0000000180)='./file0\x00', 0x8006, 0x16e8)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0x10, r0, 0x0)
writev(0xffffffffffffffff, &(0x7f00000015c0)=[{&(0x7f0000001680)="e0585a0a76417aac0a91fae3d31ba44e5cc600771e59e093660052c3c2579c0221f8de2fe612d863f9ead05e571a68edf77cb2412f21e78c31a3d8d97be90ac5ccfd1ce850e22eefeacceda9a1f02ac3a236827478bf2bf4a9881d8cbcaf49dd83e7f92574e76abe5ba7240500b62d8d2344eee05fa8870bc0d84a85265f86a61a4361776c572588932a8294df8942c6b2f578ca17680974bbda38ddc3938f5dea20f262bd578bee11c4dac4762b68d9445e7493e4cb7bcaeeb7eaf8a82bd3088d5088f72a0d15b6334a78607f9a714098fed2d64b25c572e91ec19719ba0d20d9f12c35ef839869b1446fdf19b94d86860b4b8c926a054ba6c8fcf742614f7f4673d9670d0440ffed160695318abd0d4954d7595ba177a11764e95b949a0c70acefe93a15bdabe56b22c4e5c93f8d36235e8c270f4cd369a382394b3262881d237c15b5f45be5f4c40b45417cc55131ebb306486cd16c7cb6149b827b59132771c909392b1823e9c602a380ab3089b8e260459684b1c43d7c1fc470d41624dc5b32e589bb5e91131590d1291e71f4a9bf4f0fefe533166dfb6edc6b67168eed626f11e5648f2abd05da82df4f2b3f28ecbb8737c09dd307f1e6c6eb8cd3c2ccbcd1bed10df79d63d7a9d28ee0f7717c48838a06966366f077c28689ad905c30b12dd778aea0ecf07898063aff52015905c9bc6772e00a3fe58ce0a214e2f1f24f4695ae797afd7a123d8a3d55f33c8c56d4a2718f37ac27a243176e98eef20d8cab90c2b498d2b88cd88526503a5c121ee486d9c3b1598cf2c07351146e7c77d88448e3a0e2cb11b31601af9f425417b8868cb03aac96dca173132ad31a5d328a46be7d89e67d760eb1f76e9e20a86fee724028930cac89e918c665d84832abb1c0902ba85d14be284d7d1b8b3d031c580d7315aba2ebc3b7ed6a4d132937c0a7dc385fd21422013ae8177e5c92da3124e5e48aa48f84d44523673f8f9909c210e6e1fc1f2a5c2eae16ebc6a1ba60e511aab11d7994035e3c222ef9ed679e8bbfa9faf75ebbebfa1bf9576613f0570e262af8eee1b814a7cbb175cace8eb0eb79f82b7abefdce1c04c05156cd7cbb3651c4da7979f444ec31fc35336928fcc9dddecbcc7ea5eee071", 0x329}], 0x1)
lstat(&(0x7f0000001640)='./file0\x00', &(0x7f0000000000))

17:48:02 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x127e, 0x0)

17:48:02 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe803, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:02 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x2c8)

17:48:02 executing program 1:
mknod(&(0x7f0000000180)='./file0\x00', 0x8006, 0x16e8)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0x10, r0, 0x0)
writev(0xffffffffffffffff, &(0x7f00000015c0)=[{&(0x7f0000001680)="e0585a0a76417aac0a91fae3d31ba44e5cc600771e59e093660052c3c2579c0221f8de2fe612d863f9ead05e571a68edf77cb2412f21e78c31a3d8d97be90ac5ccfd1ce850e22eefeacceda9a1f02ac3a236827478bf2bf4a9881d8cbcaf49dd83e7f92574e76abe5ba7240500b62d8d2344eee05fa8870bc0d84a85265f86a61a4361776c572588932a8294df8942c6b2f578ca17680974bbda38ddc3938f5dea20f262bd578bee11c4dac4762b68d9445e7493e4cb7bcaeeb7eaf8a82bd3088d5088f72a0d15b6334a78607f9a714098fed2d64b25c572e91ec19719ba0d20d9f12c35ef839869b1446fdf19b94d86860b4b8c926a054ba6c8fcf742614f7f4673d9670d0440ffed160695318abd0d4954d7595ba177a11764e95b949a0c70acefe93a15bdabe56b22c4e5c93f8d36235e8c270f4cd369a382394b3262881d237c15b5f45be5f4c40b45417cc55131ebb306486cd16c7cb6149b827b59132771c909392b1823e9c602a380ab3089b8e260459684b1c43d7c1fc470d41624dc5b32e589bb5e91131590d1291e71f4a9bf4f0fefe533166dfb6edc6b67168eed626f11e5648f2abd05da82df4f2b3f28ecbb8737c09dd307f1e6c6eb8cd3c2ccbcd1bed10df79d63d7a9d28ee0f7717c48838a06966366f077c28689ad905c30b12dd778aea0ecf07898063aff52015905c9bc6772e00a3fe58ce0a214e2f1f24f4695ae797afd7a123d8a3d55f33c8c56d4a2718f37ac27a243176e98eef20d8cab90c2b498d2b88cd88526503a5c121ee486d9c3b1598cf2c07351146e7c77d88448e3a0e2cb11b31601af9f425417b8868cb03aac96dca173132ad31a5d328a46be7d89e67d760eb1f76e9e20a86fee724028930cac89e918c665d84832abb1c0902ba85d14be284d7d1b8b3d031c580d7315aba2ebc3b7ed6a4d132937c0a7dc385fd21422013ae8177e5c92da3124e5e48aa48f84d44523673f8f9909c210e6e1fc1f2a5c2eae16ebc6a1ba60e511aab11d7994035e3c222ef9ed679e8bbf", 0x2e1}], 0x1)
lstat(&(0x7f0000001640)='./file0\x00', &(0x7f0000000000))

17:48:02 executing program 2:
mknod(&(0x7f0000000180)='./file0\x00', 0x8006, 0x16e8)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0x10, r0, 0x0)
writev(0xffffffffffffffff, &(0x7f00000015c0)=[{&(0x7f0000001680)="e0585a0a76417aac0a91fae3d31ba44e5cc600771e59e093660052c3c2579c0221f8de2fe612d863f9ead05e571a68edf77cb2412f21e78c31a3d8d97be90ac5ccfd1ce850e22eefeacceda9a1f02ac3a236827478bf2bf4a9881d8cbcaf49dd83e7f92574e76abe5ba7240500b62d8d2344eee05fa8870bc0d84a85265f86a61a4361776c572588932a8294df8942c6b2f578ca17680974bbda38ddc3938f5dea20f262bd578bee11c4dac4762b68d9445e7493e4cb7bcaeeb7eaf8a82bd3088d5088f72a0d15b6334a78607f9a714098fed2d64b25c572e91ec19719ba0d20d9f12c35ef839869b1446fdf19b94d86860b4b8c926a054ba6c8fcf742614f7f4673d9670d0440ffed160695318abd0d4954d7595ba177a11764e95b949a0c70acefe93a15bdabe56b22c4e5c93f8d36235e8c270f4cd369a382394b3262881d237c15b5f45be5f4c40b45417cc55131ebb306486cd16c7cb6149b827b59132771c909392b1823e9c602a380ab3089b8e260459684b1c43d7c1fc470d41624dc5b32e589bb5e91131590d1291e71f4a9bf4f0fefe533166dfb6edc6b67168eed626f11e5648f2abd05da82df4f2b3f28ecbb8737c09dd307f1e6c6eb8cd3c2ccbcd1bed10df79d63d7a9d28ee0f7717c48838a06966366f077c28689ad905c30b12dd778aea0ecf07898063aff52015905c9bc6772e00a3fe58ce0a214e2f1f24f4695ae797afd7a123d8a3d55f33c8c56d4a2718f37ac27a243176e98eef20d8cab90c2b498d2b88cd88526503a5c121ee486d9c3b1598cf2c07351146e7c77d88448e3a0e2cb11b31601af9f425417b8868cb03aac96dca173132ad31a5d328a46be7d89e67d760eb1f76e9e20a86fee724028930cac89e918c665d84832abb1c0902ba85d14be284d7d1b8b3d031c580d7315aba2ebc3b7ed6a4d132937c0a7dc385fd21422013ae8177e5c92da3124e5e48aa48f84d44523673f8f9909c210e6e1fc1f2a5c2eae16ebc6a1ba60e511aab11d7994035e3c222ef9ed679e8bbfa9faf75ebbebfa1bf9576613f0570e262af8eee1b814a7cbb175cace8eb0eb79f82b7abefdce1c04c05156cd7cbb3651c4", 0x312}], 0x1)
lstat(&(0x7f0000001640)='./file0\x00', &(0x7f0000000000))

17:48:02 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x127f, 0x0)

17:48:02 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf401, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:02 executing program 1:
mknod(&(0x7f0000000180)='./file0\x00', 0x8006, 0x16e8)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0x10, r0, 0x0)
writev(0xffffffffffffffff, &(0x7f00000015c0)=[{&(0x7f0000001680)="e0585a0a76417aac0a91fae3d31ba44e5cc600771e59e093660052c3c2579c0221f8de2fe612d863f9ead05e571a68edf77cb2412f21e78c31a3d8d97be90ac5ccfd1ce850e22eefeacceda9a1f02ac3a236827478bf2bf4a9881d8cbcaf49dd83e7f92574e76abe5ba7240500b62d8d2344eee05fa8870bc0d84a85265f86a61a4361776c572588932a8294df8942c6b2f578ca17680974bbda38ddc3938f5dea20f262bd578bee11c4dac4762b68d9445e7493e4cb7bcaeeb7eaf8a82bd3088d5088f72a0d15b6334a78607f9a714098fed2d64b25c572e91ec19719ba0d20d9f12c35ef839869b1446fdf19b94d86860b4b8c926a054ba6c8fcf742614f7f4673d9670d0440ffed160695318abd0d4954d7595ba177a11764e95b949a0c70acefe93a15bdabe56b22c4e5c93f8d36235e8c270f4cd369a382394b3262881d237c15b5f45be5f4c40b45417cc55131ebb306486cd16c7cb6149b827b59132771c909392b1823e9c602a380ab3089b8e260459684b1c43d7c1fc470d41624dc5b32e589bb5e91131590d1291e71f4a9bf4f0fefe533166dfb6edc6b67168eed626f11e5648f2abd05da82df4f2b3f28ecbb8737c09dd307f1e6c6eb8cd3c2ccbcd1bed10df79d63d7a9d28ee0f7717c48838a06966366f077c28689ad905c30b12dd778aea0ecf07898063aff52015905c9bc6772e00a3fe58ce0a214e2f1f24f4695ae797afd7a123d8a3d55f33c8c56d4a2718f37ac27a243176e98eef20d8cab90c2b498d2b88cd88526503a5c121ee486d9c3b1598cf2c07351146e7c77d88448e3a0e2cb11b31601af9f425417b8868cb03aac96dca173132ad31a5d328a46be7d89e67d760eb1f76e9e20a86fee724028930cac89e918c665d84832abb1c0902ba85d14be284d7d1b8b3d031c580d7315aba2ebc3b7ed6a4d132937c0a7dc385fd21422013ae8177e5c92da3124e5e48aa48f84d44523673f8f9909c210e6e1fc1f2a5c2eae16ebc6a1ba60e511aab11d7994035e3c222ef9ed679e8bbfa9faf75ebbebfa1bf9576613f0570e262af8eee1b814a7cbb175cace8eb0eb79f82b7abefdce1c04c05156cd7cbb3651c4da7979f444ec31fc35336928fcc9dddecbcc7ea5eee0711ba49608092e8b0c5f81dbe7790bbcd74d6f9fe15e5b36044b1a765c5c1a0bd1629f8d0a62f503822410da4ea62e72d9af0e4410efc19b8a91ed99b57bab83f3a70844b59027a78761a01a1f018895dbf70d8c09aa91555fd7ac56e53ef118abcefd8fa5657e55", 0x390}], 0x1)
lstat(&(0x7f0000001640)='./file0\x00', &(0x7f0000000000))

17:48:02 executing program 2:
mknod(&(0x7f0000000180)='./file0\x00', 0x8006, 0x16e8)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0x10, r0, 0x0)
writev(0xffffffffffffffff, &(0x7f00000015c0)=[{&(0x7f0000001680)="e0585a0a76417aac0a91fae3d31ba44e5cc600771e59e093660052c3c2579c0221f8de2fe612d863f9ead05e571a68edf77cb2412f21e78c31a3d8d97be90ac5ccfd1ce850e22eefeacceda9a1f02ac3a236827478bf2bf4a9881d8cbcaf49dd83e7f92574e76abe5ba7240500b62d8d2344eee05fa8870bc0d84a85265f86a61a4361776c572588932a8294df8942c6b2f578ca17680974bbda38ddc3938f5dea20f262bd578bee11c4dac4762b68d9445e7493e4cb7bcaeeb7eaf8a82bd3088d5088f72a0d15b6334a78607f9a714098fed2d64b25c572e91ec19719ba0d20d9f12c35ef839869b1446fdf19b94d86860b4b8c926a054ba6c8fcf742614f7f4673d9670d0440ffed160695318abd0d4954d7595ba177a11764e95b949a0c70acefe93a15bdabe56b22c4e5c93f8d36235e8c270f4cd369a382394b3262881d237c15b5f45be5f4c40b45417cc55131ebb306486cd16c7cb6149b827b59132771c909392b1823e9c602a380ab3089b8e260459684b1c43d7c1fc470d41624dc5b32e589bb5e91131590d1291e71f4a9bf4f0fefe533166dfb6edc6b67168eed626f11e5648f2abd05da82df4f2b3f28ecbb8737c09dd307f1e6c6eb8cd3c2ccbcd1bed10df79d63d7a9d28ee0f7717c48838a06966366f077c28689ad905c30b12dd778aea0ecf07898063aff52015905c9bc6772e00a3fe58ce0a214e2f1f24f4695ae797afd7a123d8a3d55f33c8c56d4a2718f37ac27a243176e98eef20d8cab90c2b498d2b88cd88526503a5c121ee486d9c3b1598cf2c07351146e7c77d88448e3a0e2cb11b31601af9f425417b8868cb03aac96dca173132ad31a5d328a46be7d89e67d760eb1f76e9e20a86fee724028930cac89e918c665d84832abb1c0902ba85d14be284d7d1b8b3d031c580d7315aba2ebc3b7ed6a4d132937c0a7dc385fd21422013ae8177e5c92da3124e5e48aa48f84d44523673f8f9909c210e6e1fc1f2a5c2eae16ebc6a1ba60e511aab11d7994035e3c222ef9ed679e8bbfa9faf75ebbebfa1bf9576613f0570e262af8eee1b814a7cbb175cace8eb0eb79f82b7abefdce1c04c05156cd7cbb3651c4da7979f444ec31fc35336928fcc9dddecbcc7ea5eee0711ba49608092e8b0c5f81dbe7790bbcd74d6f9fe15e5b36044b1a765c5c1a0bd1629f8d0a62f503822410da4ea62e72d9af0e4410efc19b8a91ed99b57bab83f3a70844b59027a78761a01a1f018895dbf70d8c09aa91555fd7ac56e53ef118abce", 0x38a}], 0x1)
lstat(&(0x7f0000001640)='./file0\x00', &(0x7f0000000000))

17:48:02 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x2c8)

17:48:02 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfc00, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:02 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c00, 0x0)

17:48:02 executing program 1:
mknod(&(0x7f0000000180)='./file0\x00', 0x8006, 0x16e8)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0x10, r0, 0x0)
writev(0xffffffffffffffff, &(0x7f00000015c0)=[{&(0x7f0000001680)="e0585a0a76417aac0a91fae3d31ba44e5cc600771e59e093660052c3c2579c0221f8de2fe612d863f9ead05e571a68edf77cb2412f21e78c31a3d8d97be90ac5ccfd1ce850e22eefeacceda9a1f02ac3a236827478bf2bf4a9881d8cbcaf49dd83e7f92574e76abe5ba7240500b62d8d2344eee05fa8870bc0d84a85265f86a61a4361776c572588932a8294df8942c6b2f578ca17680974bbda38ddc3938f5dea20f262bd578bee11c4dac4762b68d9445e7493e4cb7bcaeeb7eaf8a82bd3088d5088f72a0d15b6334a78607f9a714098fed2d64b25c572e91ec19719ba0d20d9f12c35ef839869b1446fdf19b94d86860b4b8c926a054ba6c8fcf742614f7f4673d9670d0440ffed160695318abd0d4954d7595ba177a11764e95b949a0c70acefe93a15bdabe56b22c4e5c93f8d36235e8c270f4cd369a382394b3262881d237c15b5f45be5f4c40b45417cc55131ebb306486cd16c7cb6149b827b59132771c909392b1823e9c602a380ab3089b8e260459684b1c43d7c1fc470d41624dc5b32e589bb5e91131590d1291e71f4a9bf4f0fefe533166dfb6edc6b67168eed626f11e5648f2abd05da82df4f2b3f28ecbb8737c09dd307f1e6c6eb8cd3c2ccbcd1bed10df79d63d7a9d28ee0f7717c48838a06966366f077c28689ad905c30b12dd778aea0ecf07898063aff52015905c9bc6772e00a3fe58ce0a214e2f1f24f4695ae797afd7a123d8a3d55f33c8c56d4a2718f37ac27a243176e98eef20d8cab90c2b498d2b88cd88526503a5c121ee486d9c3b1598cf2c07351146e7c77d88448e3a0e2cb11b31601af9f425417b8868cb03aac96dca173132ad31a5d328a46be7d89e67d760eb1f76e9e20a86fee724028930cac89e918c665d84832abb1c0902ba85d14be284d7d1b8b3d031c580d7315aba2ebc3b7ed6a4d132937c0a7dc385fd21422013ae8177e5c92da3124e5e48aa48f84d44523673f8f9909c210e6e1fc1f2a5c2eae16ebc6a1ba60e511aab11d7994035e3c222ef9ed679e8bbfa9faf75ebbebfa1bf9576613f0570e262af8eee1b814a7cbb175cace8eb0eb79f82b7abefdce1c04c05156cd7cbb3651c4da7979f444ec31fc35336928fcc9dddecbcc7ea5eee0", 0x328}], 0x1)
lstat(&(0x7f0000001640)='./file0\x00', &(0x7f0000000000))

17:48:02 executing program 2:
mknod(&(0x7f0000000180)='./file0\x00', 0x8006, 0x16e8)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0x10, r0, 0x0)
writev(0xffffffffffffffff, &(0x7f00000015c0)=[{&(0x7f0000001680)="e0585a0a76417aac0a91fae3d31ba44e5cc600771e59e093660052c3c2579c0221f8de2fe612d863f9ead05e571a68edf77cb2412f21e78c31a3d8d97be90ac5ccfd1ce850e22eefeacceda9a1f02ac3a236827478bf2bf4a9881d8cbcaf49dd83e7f92574e76abe5ba7240500b62d8d2344eee05fa8870bc0d84a85265f86a61a4361776c572588932a8294df8942c6b2f578ca17680974bbda38ddc3938f5dea20f262bd578bee11c4dac4762b68d9445e7493e4cb7bcaeeb7eaf8a82bd3088d5088f72a0d15b6334a78607f9a714098fed2d64b25c572e91ec19719ba0d20d9f12c35ef839869b1446fdf19b94d86860b4b8c926a054ba6c8fcf742614f7f4673d9670d0440ffed160695318abd0d4954d7595ba177a11764e95b949a0c70acefe93a15bdabe56b22c4e5c93f8d36235e8c270f4cd369a382394b3262881d237c15b5f45be5f4c40b45417cc55131ebb306486cd16c7cb6149b827b59132771c909392b1823e9c602a380ab3089b8e260459684b1c43d7c1fc470d41624dc5b32e589bb5e91131590d1291e71f4a9bf4f0fefe533166dfb6edc6b67168eed626f11e5648f2abd05da82df4f2b3f28ecbb8737c09dd307f1e6c6eb8cd3c2ccbcd1bed10df79d63d7a9d28ee0f7717c48838a06966366f077c28689ad905c30b12dd778aea0ecf07898063aff52015905c9bc6772e00a3fe58ce0a214e2f1f24f4695ae797afd7a123d8a3d55f33c8c56d4a2718f37ac27a243176e98eef20d8cab90c2b498d2b88cd88526503a5c121ee486d9c3b1598cf2c07351146e7c77d88448e3a0e2cb11b31601af9f425417b8868cb03aac96dca173132ad31a5d328a46be7d89e67d760eb1f76e9e20a86fee724028930cac89e918c665d84832abb1c0902ba85d14be284d7d1b8b3d031c580d7315aba2ebc3b7ed6a4d132937c0a7dc385fd21422013ae8177e5c92da3124e5e48aa48f84d44523673f8f9909c210e6e1fc1f2a5c2eae16ebc6a1ba60e511aab11d7994035e3c222ef9ed679e8bbfa9faf75ebbebfa1bf9576613f0570e262af8eee1b814a7cbb175cace8eb0eb79f82b7abefdce1c04c05156cd7cbb3651c4da7979f444ec31fc35336928fcc9dddecbcc7ea5eee0711ba49608092e8b0c5f81dbe7790bbcd74d6f9fe15e5b36044b1a765c5c1a0bd1629f8d0a62f503822410da4ea62e72d9af0e4410efc19b8a91ed99b57bab83f3a70844b59027a78761a01a1f018895dbf70d8c09aa91555fd7ac56e53ef118abcefd8fa5657e55093de79f78", 0x395}], 0x1)
lstat(&(0x7f0000001640)='./file0\x00', &(0x7f0000000000))

17:48:02 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5]}, 0x2c8)

17:48:02 executing program 3:
mknod(&(0x7f0000000180)='./file0\x00', 0x8006, 0x16e8)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0x10, r0, 0x0)
writev(0xffffffffffffffff, &(0x7f00000015c0)=[{&(0x7f0000001680)="e0585a0a76417aac0a91fae3d31ba44e5cc600771e59e093660052c3c2579c0221f8de2fe612d863f9ead05e571a68edf77cb2412f21e78c31a3d8d97be90ac5ccfd1ce850e22eefeacceda9a1f02ac3a236827478bf2bf4a9881d8cbcaf49dd83e7f92574e76abe5ba7240500b62d8d2344eee05fa8870bc0d84a85265f86a61a4361776c572588932a8294df8942c6b2f578ca17680974bbda38ddc3938f5dea20f262bd578bee11c4dac4762b68d9445e7493e4cb7bcaeeb7eaf8a82bd3088d5088f72a0d15b6334a78607f9a714098fed2d64b25c572e91ec19719ba0d20d9f12c35ef839869b1446fdf19b94d86860b4b8c926a054ba6c8fcf742614f7f4673d9670d0440ffed160695318abd0d4954d7595ba177a11764e95b949a0c70acefe93a15bdabe56b22c4e5c93f8d36235e8c270f4cd369a382394b3262881d237c15b5f45be5f4c40b45417cc55131ebb306486cd16c7cb6149b827b59132771c909392b1823e9c602a380ab3089b8e260459684b1c43d7c1fc470d41624dc5b32e589bb5e91131590d1291e71f4a9bf4f0fefe533166dfb6edc6b67168eed626f11e5648f2abd05da82df4f2b3f28ecbb8737c09dd307f1e6c6eb8cd3c2ccbcd1bed10df79d63d7a9d28ee0f7717c48838a06966366f077c28689ad905c30b12dd778aea0ecf07898063aff52015905c9bc6772e00a3fe58ce0a214e2f1f24f4695ae797afd7a123d8a3d55f33c8c56d4a2718f37ac27a243176e98eef20d8cab90c2b498d2b88cd88526503a5c121ee486d9c3b1598cf2c07351146e7c77d88448e3a0e2cb11b31601af9f425417b8868cb03aac96dca173132ad31a5d328a46be7d89e67d760eb1f76e9e20a86fee724028930cac89e918c665d84832abb1c0902ba85d14be284d7d1b8b3d031c580d7315aba2ebc3b7ed6a4d132937c0a7dc385fd21422013ae8177e5c92da3124e5e48aa48f84d44523673f8f9909c210e6e1fc1f2a5c2eae16ebc6a1ba60e511aab11d7994035e3c222ef9ed679e8bbfa9faf75ebbebfa1bf9576613f0570e262af8eee1b814a7cbb175cace8eb0eb79f82b7abefdce1c04c05156cd7cbb3651c4da7979f444ec31fc35336928fcc9dddecbcc7ea5eee0711ba49608092e8b0c5f81dbe7790bbcd74d6f9fe15e5b36044b1a765c5c1a0bd1629f8d0a62f503822410da4ea62e72d9af0e4410efc19b8a91ed99b57bab83f3a70844b59027a78761a01a1f018895dbf70d8c09aa91555fd7ac56e53ef118abcefd8fa5657e55093d", 0x392}], 0x1)
lstat(&(0x7f0000001640)='./file0\x00', &(0x7f0000000000))

17:48:02 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe80, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:02 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c01, 0x0)

17:48:02 executing program 2:
mknod(&(0x7f0000000180)='./file0\x00', 0x8006, 0x16e8)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0x10, r0, 0x0)
writev(0xffffffffffffffff, &(0x7f00000015c0)=[{&(0x7f0000001680)="e0585a0a76417aac0a91fae3d31ba44e5cc600771e59e093660052c3c2579c0221f8de2fe612d863f9ead05e571a68edf77cb2412f21e78c31a3d8d97be90ac5ccfd1ce850e22eefeacceda9a1f02ac3a236827478bf2bf4a9881d8cbcaf49dd83e7f92574e76abe5ba7240500b62d8d2344eee05fa8870bc0d84a85265f86a61a4361776c572588932a8294df8942c6b2f578ca17680974bbda38ddc3938f5dea20f262bd578bee11c4dac4762b68d9445e7493e4cb7bcaeeb7eaf8a82bd3088d5088f72a0d15b6334a78607f9a714098fed2d64b25c572e91ec19719ba0d20d9f12c35ef839869b1446fdf19b94d86860b4b8c926a054ba6c8fcf742614f7f4673d9670d0440ffed160695318abd0d4954d7595ba177a11764e95b949a0c70acefe93a15bdabe56b22c4e5c93f8d36235e8c270f4cd369a382394b3262881d237c15b5f45be5f4c40b45417cc55131ebb306486cd16c7cb6149b827b59132771c909392b1823e9c602a380ab3089b8e260459684b1c43d7c1fc470d41624dc5b32e589bb5e91131590d1291e71f4a9bf4f0fefe533166dfb6edc6b67168eed626f11e5648f2abd05da82df4f2b3f28ecbb8737c09dd307f1e6c6eb8cd3c2ccbcd1bed10df79d63d7a9d28ee0f7717c48838a06966366f077c28689ad905c30b12dd778aea0ecf07898063aff52015905c9bc6772e00a3fe58ce0a214e2f1f24f4695ae797afd7a123d8a3d55f33c8c56d4a2718f37ac27a243176e98eef20d8cab90c2b498d2b88cd88526503a5c121ee486d9c3b1598cf2c07351146e7c77d88448e3a0e2cb11b31601af9f425417b8868cb03aac96dca173132ad31a5d328a46be7d89e67d760eb1f76e9e20a86fee724028930cac89e918c665d84832abb1c0902ba85d14be284d7d1b8b3d031c580d7315aba2ebc3b7ed6a4d132937c0a7dc385fd21422013ae8177e5c92da3124e5e48aa48f84d44523673f8f9909c210e6e1fc1f2a5c2eae16ebc6a1ba60e511aab11d7994035e3c222ef9ed679e8bbfa9faf75ebbebfa1bf9576613f0570e262af8eee1b814a7cbb175cace8eb0eb79f82b7abefdce1c04c05156cd7cbb3651c4da7979f444ec31fc35336928fcc9dddecbcc7ea5eee0711ba49608092e8b0c5f81dbe7790bbcd74d6f9fe15e", 0x33e}], 0x1)
lstat(&(0x7f0000001640)='./file0\x00', &(0x7f0000000000))

17:48:02 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6]}, 0x2c8)

17:48:02 executing program 1:
mknod(&(0x7f0000000180)='./file0\x00', 0x8006, 0x16e8)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0x10, r0, 0x0)
writev(0xffffffffffffffff, &(0x7f00000015c0)=[{&(0x7f0000001680)="e0585a0a76417aac0a91fae3d31ba44e5cc600771e59e093660052c3c2579c0221f8de2fe612d863f9ead05e571a68edf77cb2412f21e78c31a3d8d97be90ac5ccfd1ce850e22eefeacceda9a1f02ac3a236827478bf2bf4a9881d8cbcaf49dd83e7f92574e76abe5ba7240500b62d8d2344eee05fa8870bc0d84a85265f86a61a4361776c572588932a8294df8942c6b2f578ca17680974bbda38ddc3938f5dea20f262bd578bee11c4dac4762b68d9445e7493e4cb7bcaeeb7eaf8a82bd3088d5088f72a0d15b6334a78607f9a714098fed2d64b25c572e91ec19719ba0d20d9f12c35ef839869b1446fdf19b94d86860b4b8c926a054ba6c8fcf742614f7f4673d9670d0440ffed160695318abd0d4954d7595ba177a11764e95b949a0c70acefe93a15bdabe56b22c4e5c93f8d36235e8c270f4cd369a382394b3262881d237c15b5f45be5f4c40b45417cc55131ebb306486cd16c7cb6149b827b59132771c909392b1823e9c602a380ab3089b8e260459684b1c43d7c1fc470d41624dc5b32e589bb5e91131590d1291e71f4a9bf4f0fefe533166dfb6edc6b67168eed626f11e5648f2abd05da82df4f2b3f28ecbb8737c09dd307f1e6c6eb8cd3c2ccbcd1bed10df79d63d7a9d28ee0f7717c48838a06966366f077c28689ad905c30b12dd778aea0ecf07898063aff52015905c9bc6772e00a3fe58ce0a214e2f1f24f4695ae797afd7a123d8a3d55f33c8c56d4a2718f37ac27a243176e98eef20d8cab90c2b498d2b88cd88526503a5c121ee486d9c3b1598cf2c07351146e7c77d88448e3a0e2cb11b31601af9f425417b8868cb03aac96dca173132ad31a5d328a46be7d89e67d760eb1f76e9e20a86fee724028930cac89e918c665d84832abb1c0902ba85d14be284d7d1b8b3d031c580d7315aba2ebc3b7ed6a4d132937c0a7dc385fd21422013ae8177e5c92da3124e5e48aa48f84d44523673f8f9909c210e6e1fc1f2a5c2eae16ebc6a1ba60e511aab11d7994035e3c222ef9ed679e8bbfa9faf75ebbebfa1bf9576613f0570e262af8eee1b814a7cbb175cace8eb0eb79f82b7abefdce1c04c05156cd7cbb3651c4da7979f444ec31fc35336928fcc9dddecbcc7ea5eee0711ba49608092e8b0c5f", 0x332}], 0x1)
lstat(&(0x7f0000001640)='./file0\x00', &(0x7f0000000000))

17:48:02 executing program 3:
mknod(&(0x7f0000000180)='./file0\x00', 0x8006, 0x16e8)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0x10, r0, 0x0)
writev(0xffffffffffffffff, &(0x7f00000015c0)=[{&(0x7f0000001680)="e0585a0a76417aac0a91fae3d31ba44e5cc600771e59e093660052c3c2579c0221f8de2fe612d863f9ead05e571a68edf77cb2412f21e78c31a3d8d97be90ac5ccfd1ce850e22eefeacceda9a1f02ac3a236827478bf2bf4a9881d8cbcaf49dd83e7f92574e76abe5ba7240500b62d8d2344eee05fa8870bc0d84a85265f86a61a4361776c572588932a8294df8942c6b2f578ca17680974bbda38ddc3938f5dea20f262bd578bee11c4dac4762b68d9445e7493e4cb7bcaeeb7eaf8a82bd3088d5088f72a0d15b6334a78607f9a714098fed2d64b25c572e91ec19719ba0d20d9f12c35ef839869b1446fdf19b94d86860b4b8c926a054ba6c8fcf742614f7f4673d9670d0440ffed160695318abd0d4954d7595ba177a11764e95b949a0c70acefe93a15bdabe56b22c4e5c93f8d36235e8c270f4cd369a382394b3262881d237c15b5f45be5f4c40b45417cc55131ebb306486cd16c7cb6149b827b59132771c909392b1823e9c602a380ab3089b8e260459684b1c43d7c1fc470d41624dc5b32e589bb5e91131590d1291e71f4a9bf4f0fefe533166dfb6edc6b67168eed626f11e5648f2abd05da82df4f2b3f28ecbb8737c09dd307f1e6c6eb8cd3c2ccbcd1bed10df79d63d7a9d28ee0f7717c48838a06966366f077c28689ad905c30b12dd778aea0ecf07898063aff52015905c9bc6772e00a3fe58ce0a214e2f1f24f4695ae797afd7a123d8a3d55f33c8c56d4a2718f37ac27a243176e98eef20d8cab90c2b498d2b88cd88526503a5c121ee486d9c3b1598cf2c07351146e7c77d88448e3a0e2cb11b31601af9f425417b8868cb03aac96dca173132ad31a5d328a46be7d89e67d760eb1f76e9e20a86fee724028930cac89e918c665d84832abb1c0902ba85d14be284d7d1b8b3d031c580d7315aba2ebc3b7ed6a4d132937c0a7dc385fd21422013ae8177e5c92da3124e5e48aa48f84d44523673f8f9909c210e6e1fc1f2a5c2eae16ebc6a1ba60e511aab11d7994035e3c222ef9ed679e8bbfa9faf75ebbebfa1bf9576613f0570e262af8eee1b814a7cbb175cace8eb0eb79f82b7abefdce1c04c05156cd7cbb3651c4da7979f444ec31fc35336928fcc9dddecbcc7ea5eee0711ba4960809", 0x32e}], 0x1)
lstat(&(0x7f0000001640)='./file0\x00', &(0x7f0000000000))

17:48:02 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c02, 0x0)

17:48:02 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfec0, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:03 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, 0x2c8)

17:48:03 executing program 1:
mknod(&(0x7f0000000180)='./file0\x00', 0x8006, 0x16e8)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0x10, r0, 0x0)
writev(0xffffffffffffffff, &(0x7f00000015c0)=[{&(0x7f0000001680)="e0585a0a76417aac0a91fae3d31ba44e5cc600771e59e093660052c3c2579c0221f8de2fe612d863f9ead05e571a68edf77cb2412f21e78c31a3d8d97be90ac5ccfd1ce850e22eefeacceda9a1f02ac3a236827478bf2bf4a9881d8cbcaf49dd83e7f92574e76abe5ba7240500b62d8d2344eee05fa8870bc0d84a85265f86a61a4361776c572588932a8294df8942c6b2f578ca17680974bbda38ddc3938f5dea20f262bd578bee11c4dac4762b68d9445e7493e4cb7bcaeeb7eaf8a82bd3088d5088f72a0d15b6334a78607f9a714098fed2d64b25c572e91ec19719ba0d20d9f12c35ef839869b1446fdf19b94d86860b4b8c926a054ba6c8fcf742614f7f4673d9670d0440ffed160695318abd0d4954d7595ba177a11764e95b949a0c70acefe93a15bdabe56b22c4e5c93f8d36235e8c270f4cd369a382394b3262881d237c15b5f45be5f4c40b45417cc55131ebb306486cd16c7cb6149b827b59132771c909392b1823e9c602a380ab3089b8e260459684b1c43d7c1fc470d41624dc5b32e589bb5e91131590d1291e71f4a9bf4f0fefe533166dfb6edc6b67168eed626f11e5648f2abd05da82df4f2b3f28ecbb8737c09dd307f1e6c6eb8cd3c2ccbcd1bed10df79d63d7a9d28ee0f7717c48838a06966366f077c28689ad905c30b12dd778aea0ecf07898063aff52015905c9bc6772e00a3fe58ce0a214e2f1f24f4695ae797afd7a123d8a3d55f33c8c56d4a2718f37ac27a243176e98eef20d8cab90c2b498d2b88cd88526503a5c121ee486d9c3b1598cf2c07351146e7c77d88448e3a0e2cb11b31601af9f425417b8868cb03aac96dca173132ad31a5d328a46be7d89e67d760eb1f76e9e20a86fee724028930cac89e918c665d84832abb1c0902ba85d14be284d7d1b8b3d031c580d7315aba2ebc3b7ed6a4d132937c0a7dc385fd21422013ae8177e5c92da3124e5e48aa48f84d44523673f8f9909c210e6e1fc1f2a5c2eae16ebc6a1ba60e511aab11d7994035e3c222ef9ed679e8bbfa9faf75ebbebfa1bf9576613f0570e262af8eee1b814a7cbb175cace8eb0eb79f82b7abefdce1c04c05156cd7cbb3651c4da7979f444ec31fc35336928fcc9dddecbcc7ea5eee0711ba49608092e8b", 0x330}], 0x1)
lstat(&(0x7f0000001640)='./file0\x00', &(0x7f0000000000))

17:48:03 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c03, 0x0)

17:48:03 executing program 2:
mknod(&(0x7f0000000180)='./file0\x00', 0x8006, 0x16e8)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0x10, r0, 0x0)
writev(0xffffffffffffffff, &(0x7f00000015c0)=[{&(0x7f0000001680)="e0585a0a76417aac0a91fae3d31ba44e5cc600771e59e093660052c3c2579c0221f8de2fe612d863f9ead05e571a68edf77cb2412f21e78c31a3d8d97be90ac5ccfd1ce850e22eefeacceda9a1f02ac3a236827478bf2bf4a9881d8cbcaf49dd83e7f92574e76abe5ba7240500b62d8d2344eee05fa8870bc0d84a85265f86a61a4361776c572588932a8294df8942c6b2f578ca17680974bbda38ddc3938f5dea20f262bd578bee11c4dac4762b68d9445e7493e4cb7bcaeeb7eaf8a82bd3088d5088f72a0d15b6334a78607f9a714098fed2d64b25c572e91ec19719ba0d20d9f12c35ef839869b1446fdf19b94d86860b4b8c926a054ba6c8fcf742614f7f4673d9670d0440ffed160695318abd0d4954d7595ba177a11764e95b949a0c70acefe93a15bdabe56b22c4e5c93f8d36235e8c270f4cd369a382394b3262881d237c15b5f45be5f4c40b45417cc55131ebb306486cd16c7cb6149b827b59132771c909392b1823e9c602a380ab3089b8e260459684b1c43d7c1fc470d41624dc5b32e589bb5e91131590d1291e71f4a9bf4f0fefe533166dfb6edc6b67168eed626f11e5648f2abd05da82df4f2b3f28ecbb8737c09dd307f1e6c6eb8cd3c2ccbcd1bed10df79d63d7a9d28ee0f7717c48838a06966366f077c28689ad905c30b12dd778aea0ecf07898063aff52015905c9bc6772e00a3fe58ce0a214e2f1f24f4695ae797afd7a123d8a3d55f33c8c56d4a2718f37ac27a243176e98eef20d8cab90c2b498d2b88cd88526503a5c121ee486d9c3b1598cf2c07351146e7c77d88448e3a0e2cb11b31601af9f425417b8868cb03aac96dca173132ad31a5d328a46be7d89e67d760eb1f76e9e20a86fee724028930cac89e918c665d84832abb1c0902ba85d14be284d7d1b8b3d031c580d7315aba2ebc3b7ed6a4d132937c0a7dc385fd21422013ae8177e5c92da3124e5e48aa48f84d44523673f8f9909c210e6e1fc1f2a5c2eae16ebc6a1ba60e511aab11d7994035e3c222ef9ed679e8bbfa9faf75ebbebfa1bf9576613f0570e262af8eee1b814a7cbb175cace8eb0eb79f82b7abefdce1c04c05156cd7cbb3651c4da7979f444ec31fc35336928fcc9dddecbcc7ea5eee0711ba49608092e8b0c5f81dbe7790b", 0x337}], 0x1)
lstat(&(0x7f0000001640)='./file0\x00', &(0x7f0000000000))

17:48:03 executing program 3:
mknod(&(0x7f0000000180)='./file0\x00', 0x8006, 0x16e8)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0x10, r0, 0x0)
writev(0xffffffffffffffff, &(0x7f00000015c0)=[{&(0x7f0000001680)="e0585a0a76417aac0a91fae3d31ba44e5cc600771e59e093660052c3c2579c0221f8de2fe612d863f9ead05e571a68edf77cb2412f21e78c31a3d8d97be90ac5ccfd1ce850e22eefeacceda9a1f02ac3a236827478bf2bf4a9881d8cbcaf49dd83e7f92574e76abe5ba7240500b62d8d2344eee05fa8870bc0d84a85265f86a61a4361776c572588932a8294df8942c6b2f578ca17680974bbda38ddc3938f5dea20f262bd578bee11c4dac4762b68d9445e7493e4cb7bcaeeb7eaf8a82bd3088d5088f72a0d15b6334a78607f9a714098fed2d64b25c572e91ec19719ba0d20d9f12c35ef839869b1446fdf19b94d86860b4b8c926a054ba6c8fcf742614f7f4673d9670d0440ffed160695318abd0d4954d7595ba177a11764e95b949a0c70acefe93a15bdabe56b22c4e5c93f8d36235e8c270f4cd369a382394b3262881d237c15b5f45be5f4c40b45417cc55131ebb306486cd16c7cb6149b827b59132771c909392b1823e9c602a380ab3089b8e260459684b1c43d7c1fc470d41624dc5b32e589bb5e91131590d1291e71f4a9bf4f0fefe533166dfb6edc6b67168eed626f11e5648f2abd05da82df4f2b3f28ecbb8737c09dd307f1e6c6eb8cd3c2ccbcd1bed10df79d63d7a9d28ee0f7717c48838a06966366f077c28689ad905c30b12dd778aea0ecf07898063aff52015905c9bc6772e00a3fe58ce0a214e2f1f24f4695ae797afd7a123d8a3d55f33c8c56d4a2718f37ac27a243176e98eef20d8cab90c2b498d2b88cd88526503a5c121ee486d9c3b1598cf2c07351146e7c77d88448e3a0e2cb11b31601af9f425417b8868cb03aac96dca173132ad31a5d328a46be7d89e67d760eb1f76e9e20a86fee724028930cac89e918c665d84832abb1c0902ba85d14be284d7d1b8b3d031c580d7315aba2ebc3b7ed6a4d132937c0a7dc385fd21422013ae8177e5c92da3124e5e48aa48f84d44523673f8f9909c210e6e1fc1f2a5c2eae16ebc6a1ba60e511aab11d7994035e3c222ef9ed679e8bbfa9faf75ebbebfa1bf9576613f0570e262af8eee1b814a7cbb175cace8eb0eb79f82b7abefdce1c04c05156cd7cbb3651c4da7979f444ec31fc35336928fcc9dddecbcc7ea5eee0711ba49608092e8b0c5f81dbe7790bbcd74d6f9fe15e5b36044b1a765c5c1a0bd1629f8d0a62f503822410da4ea62e72d9af0e4410efc19b8a91ed99b57bab83f3a70844b59027a78761a01a1f018895dbf70d8c09aa91555fd7ac56e53ef118abcefd8fa5657e55093de7", 0x393}], 0x1)
lstat(&(0x7f0000001640)='./file0\x00', &(0x7f0000000000))

17:48:03 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff00, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:03 executing program 1:
mknod(&(0x7f0000000180)='./file0\x00', 0x8006, 0x16e8)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0x10, r0, 0x0)
writev(0xffffffffffffffff, &(0x7f00000015c0)=[{&(0x7f0000001680)="e0585a0a76417aac0a91fae3d31ba44e5cc600771e59e093660052c3c2579c0221f8de2fe612d863f9ead05e571a68edf77cb2412f21e78c31a3d8d97be90ac5ccfd1ce850e22eefeacceda9a1f02ac3a236827478bf2bf4a9881d8cbcaf49dd83e7f92574e76abe5ba7240500b62d8d2344eee05fa8870bc0d84a85265f86a61a4361776c572588932a8294df8942c6b2f578ca17680974bbda38ddc3938f5dea20f262bd578bee11c4dac4762b68d9445e7493e4cb7bcaeeb7eaf8a82bd3088d5088f72a0d15b6334a78607f9a714098fed2d64b25c572e91ec19719ba0d20d9f12c35ef839869b1446fdf19b94d86860b4b8c926a054ba6c8fcf742614f7f4673d9670d0440ffed160695318abd0d4954d7595ba177a11764e95b949a0c70acefe93a15bdabe56b22c4e5c93f8d36235e8c270f4cd369a382394b3262881d237c15b5f45be5f4c40b45417cc55131ebb306486cd16c7cb6149b827b59132771c909392b1823e9c602a380ab3089b8e260459684b1c43d7c1fc470d41624dc5b32e589bb5e91131590d1291e71f4a9bf4f0fefe533166dfb6edc6b67168eed626f11e5648f2abd05da82df4f2b3f28ecbb8737c09dd307f1e6c6eb8cd3c2ccbcd1bed10df79d63d7a9d28ee0f7717c48838a06966366f077c28689ad905c30b12dd778aea0ecf07898063aff52015905c9bc6772e00a3fe58ce0a214e2f1f24f4695ae797afd7a123d8a3d55f33c8c56d4a2718f37ac27a243176e98eef20d8cab90c2b498d2b88cd88526503a5c121ee486d9c3b1598cf2c07351146e7c77d88448e3a0e2cb11b31601af9f425417b8868cb03aac96dca173132ad31a5d328a46be7d89e67d760eb1f76e9e20a86fee724028930cac89e918c665d84832abb1c0902ba85d14be284d7d1b8b3d031c580d7315aba2ebc3b7ed6a4d132937c0a7dc385fd21422013ae8177e5c92da3124e5e48aa48f84d44523673f8f9909c210e6e1fc1f2a5c2eae16ebc6a1ba60e511aab11d7994035e3c222ef9ed679e8bbfa9faf75ebbebfa1bf9576613f0570e262af8eee1b814a7cbb175cace8eb0eb79f82b7abefdce1c04c05156cd7cbb3651c4da7979f444ec31fc35336928fcc9dddecbcc7e", 0x325}], 0x1)
lstat(&(0x7f0000001640)='./file0\x00', &(0x7f0000000000))

17:48:03 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c04, 0x0)

17:48:03 executing program 3:
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000d000)={0xa, 0x3, &(0x7f0000008000)=ANY=[@ANYBLOB="850000002200000007000000000008009500000000000000"], 0x0, 0x2, 0x1000, &(0x7f0000000200)=""/4096}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="e460cdfbef24080000000a9386dd", 0x0, 0x401}, 0x28)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, 0x0)

17:48:03 executing program 2:
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff})
ioctl$sock_ifreq(r0, 0x200008924, &(0x7f0000000080)={'bridge_slave_0\x00', @ifru_settings={0x1, 0xff, @fr_pvc=0x0}})

17:48:03 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}, 0x2c8)

17:48:03 executing program 1:
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xf7d, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000540)='./file0\x00', &(0x7f0000000800)='devtmpfs\x00', 0x0, 0x0)

17:48:03 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20480, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:03 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c05, 0x0)

17:48:03 executing program 3:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = dup2(r0, r1)
setsockopt$bt_rfcomm_RFCOMM_LM(r2, 0x12, 0x3, &(0x7f00000000c0)=0x4000005, 0x4)

17:48:03 executing program 2:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}}, 0xe)

17:48:03 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9]}, 0x2c8)

17:48:03 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c06, 0x0)

17:48:03 executing program 1:
r0 = socket$unix(0x1, 0x1, 0x0)
r1 = socket$unix(0x1, 0x400040000000001, 0x0)
bind$unix(r1, &(0x7f0000003000)=@abs={0x1}, 0x8)
listen(r1, 0x0)
connect(r0, &(0x7f0000985ff8)=@un=@abs={0x1}, 0x8)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/fib_trie\x00')
sendfile(r0, r2, 0x0, 0x800000bf)

17:48:03 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:03 executing program 3:

17:48:03 executing program 2:

17:48:03 executing program 3:

17:48:03 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c07, 0x0)

17:48:03 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:04 executing program 2:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
capset(&(0x7f0000000200)={0x20071026}, &(0x7f0000001fe8))
syz_open_procfs(0x0, &(0x7f00000001c0)='setgroups\x00')

17:48:04 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa]}, 0x2c8)

17:48:04 executing program 3:
mkdir(&(0x7f0000000240)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='cgroup2\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = inotify_init1(0x0)
inotify_add_watch(r1, &(0x7f0000000140)='./file0\x00', 0x80000001)
r2 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000340)='cgroup.controllers\x00', 0x0, 0x0)
readv(r3, &(0x7f0000000180)=[{&(0x7f0000000280)=""/162, 0xa2}], 0x1)

17:48:04 executing program 1:
openat$urandom(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/urandom\x00', 0x0, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
r0 = open(&(0x7f0000000140)='.\x00', 0x143042, 0x0)
write$P9_RSTATFS(r0, &(0x7f0000000040)={0x43, 0x9, 0x2, {0x0, 0x3, 0x4, 0x0, 0x8000, 0x100000001, 0x100000001, 0x7f}}, 0x43)

17:48:04 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c08, 0x0)

17:48:04 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1030000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

[  771.467999][ T7901] capability: warning: `syz-executor2' uses deprecated v2 capabilities in a way that may be insecure
17:48:04 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb]}, 0x2c8)

17:48:04 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:04 executing program 1:

17:48:04 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x0)

17:48:04 executing program 2:

17:48:04 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc]}, 0x2c8)

17:48:04 executing program 3:

17:48:04 executing program 1:

17:48:04 executing program 2:

17:48:04 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:04 executing program 3:

17:48:04 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x5421, 0x0)

[  771.932393][ T7972] syz-executor4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000
17:48:04 executing program 1:

[  772.015598][ T7972] CPU: 1 PID: 7972 Comm: syz-executor4 Not tainted 5.0.0-rc1-next-20190108 #7
[  772.024502][ T7972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  772.034553][ T7972] Call Trace:
[  772.037858][ T7972]  dump_stack+0x1db/0x2d0
[  772.042198][ T7972]  ? dump_stack_print_info.cold+0x20/0x20
[  772.047925][ T7972]  ? check_preemption_disabled+0x48/0x290
[  772.053662][ T7972]  dump_header+0x1e6/0x116c
[  772.058204][ T7972]  ? add_lock_to_list.isra.0+0x450/0x450
[  772.063846][ T7972]  ? perf_trace_lock+0x750/0x750
[  772.068784][ T7972]  ? print_usage_bug+0xd0/0xd0
[  772.073565][ T7972]  ? pagefault_out_of_memory+0x1a1/0x1a1
[  772.079200][ T7972]  ? ___ratelimit+0x37c/0x686
[  772.083894][ T7972]  ? mark_held_locks+0xb1/0x100
[  772.088750][ T7972]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  772.088766][ T7972]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  772.088781][ T7972]  ? lockdep_hardirqs_on+0x415/0x5d0
[  772.088798][ T7972]  ? trace_hardirqs_on+0xbd/0x310
[  772.088813][ T7972]  ? kasan_check_read+0x11/0x20
[  772.088834][ T7972]  ? ___ratelimit+0x37c/0x686
[  772.088850][ T7972]  ? trace_hardirqs_off_caller+0x300/0x300
[  772.088865][ T7972]  ? do_raw_spin_trylock+0x270/0x270
[  772.088885][ T7972]  ? trace_hardirqs_on_caller+0x310/0x310
[  772.137042][ T7972]  ? lock_acquire+0x1db/0x570
[  772.141734][ T7972]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  772.147548][ T7972]  ? ___ratelimit+0xac/0x686
[  772.152143][ T7972]  ? idr_get_free+0xee0/0xee0
[  772.156851][ T7972]  ? lockdep_hardirqs_on+0x415/0x5d0
[  772.162175][ T7972]  oom_kill_process.cold+0x10/0x9ca
[  772.167390][ T7972]  ? cgroup_procs_next+0x70/0x70
[  772.172356][ T7972]  ? _raw_spin_unlock_irq+0x5e/0x90
[  772.177561][ T7972]  ? oom_badness+0xa50/0xa50
[  772.182164][ T7972]  ? oom_evaluate_task+0x540/0x540
[  772.187298][ T7972]  ? mem_cgroup_iter_break+0x30/0x30
[  772.192594][ T7972]  ? mutex_trylock+0x2d0/0x2d0
[  772.197362][ T7972]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  772.203635][ T7972]  ? rcu_read_unlock_special+0x380/0x380
[  772.209278][ T7972]  out_of_memory+0x885/0x1420
17:48:04 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:04 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x5450, 0x0)

17:48:04 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

[  772.213974][ T7972]  ? mem_cgroup_iter+0x4f4/0xf50
[  772.218933][ T7972]  ? oom_killer_disable+0x340/0x340
[  772.224136][ T7972]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[  772.229954][ T7972]  ? lock_acquire+0x1db/0x570
[  772.229983][ T7972]  mem_cgroup_out_of_memory+0x160/0x210
[  772.229999][ T7972]  ? do_raw_spin_unlock+0xa0/0x330
[  772.230016][ T7972]  ? memory_oom_group_write+0x160/0x160
[  772.230030][ T7972]  ? do_raw_spin_trylock+0x270/0x270
[  772.230061][ T7972]  ? _raw_spin_unlock+0x2d/0x50
[  772.230079][ T7972]  try_charge+0x1457/0x1d00
[  772.265541][ T7972]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  772.271102][ T7972]  ? find_held_lock+0x35/0x120
[  772.275869][ T7972]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[  772.281418][ T7972]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  772.287665][ T7972]  ? lock_downgrade+0xbe0/0xbe0
[  772.287681][ T7972]  ? kasan_check_read+0x11/0x20
[  772.287699][ T7972]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  772.287718][ T7972]  ? rcu_read_unlock_special+0x380/0x380
[  772.287745][ T7972]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[  772.287766][ T7972]  __memcg_kmem_charge_memcg+0x7c/0x130
[  772.320219][ T7972]  ? memcg_kmem_put_cache+0xb0/0xb0
[  772.325591][ T7972]  ? lock_release+0xc40/0xc40
[  772.325619][ T7972]  __memcg_kmem_charge+0x136/0x300
[  772.325640][ T7972]  __alloc_pages_nodemask+0x7b8/0xdc0
[  772.325665][ T7972]  ? __alloc_pages_slowpath+0x2c60/0x2c60
[  772.325680][ T7972]  ? rcu_pm_notify+0xd0/0xd0
[  772.325705][ T7972]  ? rcu_read_lock_sched_held+0x110/0x130
[  772.356842][ T7972]  ? kmem_cache_alloc_node+0x347/0x710
[  772.362322][ T7972]  ? print_usage_bug+0xd0/0xd0
17:48:05 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x5451, 0x0)

[  772.367106][ T7972]  copy_process+0x847/0x8720
[  772.371704][ T7972]  ? print_usage_bug+0xd0/0xd0
[  772.376474][ T7972]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  772.382749][ T7972]  ? check_preemption_disabled+0x48/0x290
[  772.388487][ T7972]  ? __lock_acquire+0x572/0x4a10
[  772.393427][ T7972]  ? mark_held_locks+0x100/0x100
[  772.398391][ T7972]  ? __cleanup_sighand+0x70/0x70
[  772.403349][ T7972]  ? mark_held_locks+0x100/0x100
[  772.408292][ T7972]  ? find_held_lock+0x35/0x120
[  772.413078][ T7972]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  772.419336][ T7972]  ? check_preemption_disabled+0x48/0x290
[  772.425070][ T7972]  ? debug_smp_processor_id+0x1c/0x20
[  772.430456][ T7972]  ? perf_trace_lock_acquire+0x138/0x7d0
[  772.436557][ T7972]  ? delayacct_end+0xc9/0x100
[  772.441252][ T7972]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  772.447496][ T7972]  ? add_lock_to_list.isra.0+0x450/0x450
[  772.453134][ T7972]  ? perf_trace_lock+0x750/0x750
[  772.458072][ T7972]  ? perf_trace_lock_acquire+0x138/0x7d0
[  772.463730][ T7972]  ? add_lock_to_list.isra.0+0x450/0x450
[  772.469385][ T7972]  ? find_held_lock+0x35/0x120
[  772.474165][ T7972]  ? print_usage_bug+0xd0/0xd0
[  772.478973][ T7972]  ? psi_memstall_leave+0x1f8/0x280
[  772.484191][ T7972]  ? find_held_lock+0x35/0x120
[  772.488978][ T7972]  ? __lock_acquire+0x572/0x4a10
[  772.493920][ T7972]  ? _raw_spin_unlock_irq+0x28/0x90
[  772.493935][ T7972]  ? _raw_spin_unlock_irq+0x28/0x90
[  772.493953][ T7972]  ? lockdep_hardirqs_on+0x415/0x5d0
[  772.509628][ T7972]  ? trace_hardirqs_on+0xbd/0x310
[  772.514693][ T7972]  ? mark_held_locks+0x100/0x100
[  772.514708][ T7972]  ? check_preemption_disabled+0x48/0x290
[  772.514729][ T7972]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  772.514763][ T7972]  ? check_preemption_disabled+0x48/0x290
[  772.537336][ T7972]  ? debug_smp_processor_id+0x1c/0x20
[  772.542717][ T7972]  ? perf_trace_lock_acquire+0x138/0x7d0
[  772.548363][ T7972]  ? add_lock_to_list.isra.0+0x450/0x450
[  772.553999][ T7972]  ? perf_trace_lock+0x750/0x750
[  772.558941][ T7972]  ? lockdep_hardirqs_on+0x415/0x5d0
[  772.564239][ T7972]  ? try_to_free_pages+0xb70/0xb70
[  772.569374][ T7972]  ? percpu_ref_put_many+0x129/0x270
[  772.574671][ T7972]  ? blkcg_maybe_throttle_current+0x75e/0x13c0
[  772.580841][ T7972]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  772.587101][ T7972]  _do_fork+0x1a9/0x1170
[  772.591366][ T7972]  ? fork_idle+0x1d0/0x1d0
[  772.595799][ T7972]  ? trace_hardirqs_off+0xb8/0x310
[  772.600915][ T7972]  ? get_mctgt_type_thp.isra.0+0x4c0/0x4c0
[  772.606724][ T7972]  ? prepare_exit_to_usermode+0x32e/0x3b0
[  772.612449][ T7972]  ? do_syscall_64+0x8c/0x800
[  772.617129][ T7972]  ? do_syscall_64+0x8c/0x800
[  772.621843][ T7972]  ? lockdep_hardirqs_on+0x415/0x5d0
[  772.627146][ T7972]  ? trace_hardirqs_on+0xbd/0x310
[  772.627168][ T7972]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  772.627185][ T7972]  ? trace_hardirqs_off_caller+0x300/0x300
[  772.627207][ T7972]  __x64_sys_clone+0xbf/0x150
[  772.627228][ T7972]  do_syscall_64+0x1a3/0x800
[  772.627248][ T7972]  ? syscall_return_slowpath+0x5f0/0x5f0
[  772.627267][ T7972]  ? prepare_exit_to_usermode+0x232/0x3b0
[  772.627297][ T7972]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  772.638396][ T7972]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  772.638415][ T7972] RIP: 0033:0x45a899
[  772.638430][ T7972] Code: ff 48 85 f6 0f 84 97 8d fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 6e 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75
[  772.638439][ T7972] RSP: 002b:00007ffcc2973378 EFLAGS: 00000202 ORIG_RAX: 0000000000000038
[  772.638453][ T7972] RAX: ffffffffffffffda RBX: 00007f20e9849700 RCX: 000000000045a899
[  772.638463][ T7972] RDX: 00007f20e98499d0 RSI: 00007f20e9848db0 RDI: 00000000003d0f00
[  772.638473][ T7972] RBP: 00007ffcc2973580 R08: 00007f20e9849700 R09: 00007f20e9849700
[  772.638483][ T7972] R10: 00007f20e98499d0 R11: 0000000000000202 R12: 0000000000000000
[  772.638493][ T7972] R13: 00007ffcc297342f R14: 00007f20e98499c0 R15: 000000000073bf0c
[  772.654236][ T7972] memory: usage 307176kB, limit 307200kB, failcnt 2946
[  772.682000][ T7972] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  772.734590][ T7972] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  772.770632][ T7972] Memory cgroup stats for /syz4: cache:120KB rss:223152KB rss_huge:180224KB shmem:168KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:16KB active_anon:223252KB inactive_file:0KB active_file:4KB unevictable:0KB
[  772.792965][ T7972] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor4,pid=29276,uid=0
[  772.808475][ T7972] Memory cgroup out of memory: Kill process 29276 (syz-executor4) score 1106 or sacrifice child
[  772.819423][ T7972] Killed process 29276 (syz-executor4) total-vm:70532kB, anon-rss:2196kB, file-rss:33740kB, shmem-rss:0kB
17:48:05 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, 0x2c8)

17:48:05 executing program 1:

17:48:05 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:05 executing program 3:

17:48:05 executing program 2:

17:48:05 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x5452, 0x0)

17:48:05 executing program 3:

17:48:05 executing program 1:

17:48:05 executing program 2:

17:48:05 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x5460, 0x0)

[  773.122346][ T8019] syz-executor4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000
17:48:05 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:05 executing program 3:

[  773.274554][ T8019] CPU: 0 PID: 8019 Comm: syz-executor4 Not tainted 5.0.0-rc1-next-20190108 #7
[  773.283435][ T8019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  773.283442][ T8019] Call Trace:
[  773.283464][ T8019]  dump_stack+0x1db/0x2d0
[  773.283486][ T8019]  ? dump_stack_print_info.cold+0x20/0x20
[  773.306926][ T8019]  ? check_preemption_disabled+0x48/0x290
[  773.312677][ T8019]  dump_header+0x1e6/0x116c
[  773.317189][ T8019]  ? add_lock_to_list.isra.0+0x450/0x450
[  773.322820][ T8019]  ? perf_trace_lock+0x750/0x750
[  773.322837][ T8019]  ? print_usage_bug+0xd0/0xd0
[  773.322857][ T8019]  ? pagefault_out_of_memory+0x1a1/0x1a1
[  773.322875][ T8019]  ? ___ratelimit+0x37c/0x686
[  773.342834][ T8019]  ? mark_held_locks+0xb1/0x100
[  773.347711][ T8019]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  773.353517][ T8019]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  773.353533][ T8019]  ? lockdep_hardirqs_on+0x415/0x5d0
[  773.353550][ T8019]  ? trace_hardirqs_on+0xbd/0x310
[  773.353587][ T8019]  ? kasan_check_read+0x11/0x20
[  773.374524][ T8019]  ? ___ratelimit+0x37c/0x686
[  773.379203][ T8019]  ? trace_hardirqs_off_caller+0x300/0x300
[  773.385058][ T8019]  ? do_raw_spin_trylock+0x270/0x270
[  773.390363][ T8019]  ? trace_hardirqs_on_caller+0x310/0x310
[  773.396091][ T8019]  ? lock_acquire+0x1db/0x570
[  773.400799][ T8019]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  773.406619][ T8019]  ? ___ratelimit+0xac/0x686
[  773.411213][ T8019]  ? idr_get_free+0xee0/0xee0
[  773.415896][ T8019]  ? lockdep_hardirqs_on+0x415/0x5d0
[  773.415926][ T8019]  oom_kill_process.cold+0x10/0x9ca
[  773.415946][ T8019]  ? cgroup_procs_next+0x70/0x70
[  773.416001][ T8019]  ? _raw_spin_unlock_irq+0x5e/0x90
[  773.426504][ T8019]  ? oom_badness+0xa50/0xa50
[  773.426526][ T8019]  ? oom_evaluate_task+0x540/0x540
[  773.426546][ T8019]  ? mem_cgroup_iter_break+0x30/0x30
[  773.451608][ T8019]  ? mutex_trylock+0x2d0/0x2d0
[  773.456379][ T8019]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  773.462644][ T8019]  ? rcu_read_unlock_special+0x380/0x380
[  773.468323][ T8019]  out_of_memory+0x885/0x1420
[  773.473012][ T8019]  ? mem_cgroup_iter+0x4f4/0xf50
[  773.477952][ T8019]  ? oom_killer_disable+0x340/0x340
[  773.477971][ T8019]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[  773.477990][ T8019]  ? lock_acquire+0x1db/0x570
[  773.493674][ T8019]  mem_cgroup_out_of_memory+0x160/0x210
[  773.499229][ T8019]  ? do_raw_spin_unlock+0xa0/0x330
[  773.504359][ T8019]  ? memory_oom_group_write+0x160/0x160
[  773.509915][ T8019]  ? do_raw_spin_trylock+0x270/0x270
[  773.515204][ T8019]  ? _raw_spin_unlock+0x2d/0x50
[  773.520050][ T8019]  try_charge+0x1457/0x1d00
[  773.524562][ T8019]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[  773.530092][ T8019]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  773.535622][ T8019]  ? lock_downgrade+0xbe0/0xbe0
[  773.540455][ T8019]  ? kasan_check_read+0x11/0x20
[  773.545294][ T8019]  ? rcu_read_unlock_special+0x380/0x380
[  773.550939][ T8019]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[  773.556503][ T8019]  ? get_mem_cgroup_from_page+0x190/0x190
[  773.562220][ T8019]  ? rcu_read_lock_sched_held+0x110/0x130
[  773.567922][ T8019]  mem_cgroup_try_charge+0x43a/0xdb0
[  773.573192][ T8019]  ? mem_cgroup_protected+0xa10/0xa10
[  773.578543][ T8019]  ? add_lock_to_list.isra.0+0x450/0x450
[  773.584173][ T8019]  ? alloc_set_pte+0x134a/0x1df0
[  773.589106][ T8019]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  773.595335][ T8019]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  773.601560][ T8019]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  773.607175][ T8019]  wp_page_copy+0x45a/0x1c70
[  773.611742][ T8019]  ? swp_swapcount+0x540/0x540
[  773.616485][ T8019]  ? __lock_acquire+0x572/0x4a10
[  773.621407][ T8019]  ? pmd_pfn+0x1d0/0x1d0
[  773.625638][ T8019]  ? find_held_lock+0x35/0x120
[  773.630398][ T8019]  ? do_wp_page+0x894/0x1e80
[  773.634984][ T8019]  ? kasan_check_read+0x11/0x20
[  773.639824][ T8019]  ? do_raw_spin_unlock+0xa0/0x330
[  773.644920][ T8019]  ? do_raw_spin_trylock+0x270/0x270
[  773.650184][ T8019]  ? print_usage_bug+0xd0/0xd0
[  773.654937][ T8019]  do_wp_page+0x89c/0x1e80
[  773.659346][ T8019]  ? finish_mkwrite_fault+0x4f0/0x4f0
[  773.664717][ T8019]  ? find_held_lock+0x35/0x120
[  773.669461][ T8019]  ? lock_acquire+0x1db/0x570
[  773.674117][ T8019]  ? __handle_mm_fault+0x1d80/0x55a0
[  773.679388][ T8019]  ? kasan_check_write+0x14/0x20
[  773.684314][ T8019]  ? do_raw_spin_lock+0x156/0x360
[  773.689333][ T8019]  ? lock_release+0xc40/0xc40
[  773.694007][ T8019]  ? rwlock_bug.part.0+0x90/0x90
[  773.698925][ T8019]  ? pmd_devmap_trans_unstable+0x1d0/0x1d0
[  773.704708][ T8019]  ? add_mm_counter_fast.part.0+0x40/0x40
[  773.710413][ T8019]  __handle_mm_fault+0x2c8e/0x55a0
[  773.715515][ T8019]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  773.721047][ T8019]  ? check_preemption_disabled+0x48/0x290
[  773.726763][ T8019]  ? handle_mm_fault+0x3cc/0xc80
[  773.731709][ T8019]  ? lock_downgrade+0xbe0/0xbe0
[  773.736563][ T8019]  ? kasan_check_read+0x11/0x20
[  773.741399][ T8019]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  773.747365][ T8019]  ? rcu_read_unlock_special+0x380/0x380
[  773.752980][ T8019]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  773.759200][ T8019]  ? check_preemption_disabled+0x48/0x290
[  773.764913][ T8019]  handle_mm_fault+0x4ec/0xc80
[  773.769719][ T8019]  ? __handle_mm_fault+0x55a0/0x55a0
[  773.774998][ T8019]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  773.781233][ T8019]  ? vmacache_update+0x114/0x140
[  773.786162][ T8019]  __do_page_fault+0x5da/0xd60
[  773.790916][ T8019]  do_page_fault+0xe6/0x7d8
[  773.795402][ T8019]  ? trace_hardirqs_on_caller+0xc0/0x310
[  773.801031][ T8019]  ? vmalloc_sync_all+0x30/0x30
[  773.805875][ T8019]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  773.812010][ T8019]  ? syscall_return_slowpath+0x5f0/0x5f0
[  773.817625][ T8019]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  773.823847][ T8019]  ? prepare_exit_to_usermode+0x232/0x3b0
[  773.829574][ T8019]  ? page_fault+0x8/0x30
[  773.833801][ T8019]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  773.839338][ T8019]  ? page_fault+0x8/0x30
[  773.843568][ T8019]  page_fault+0x1e/0x30
[  773.847702][ T8019] RIP: 0033:0x40b4c3
[  773.851577][ T8019] Code: 07 85 c0 0f 85 ed 00 00 00 83 c3 01 49 81 c6 a0 00 00 00 83 fb 10 0f 84 ce 00 00 00 41 80 7e f8 00 49 8d 6e f4 4d 89 f7 75 d4 <41> c6 46 f8 01 41 89 5e f4 4c 89 f7 41 c6 46 15 00 41 c7 46 fc 00
[  773.871166][ T8019] RSP: 002b:00007ffcc29734b0 EFLAGS: 00010246
[  773.877215][ T8019] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007ffcc2973558
[  773.885166][ T8019] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffffffffffff
[  773.893122][ T8019] RBP: 000000000073bf00 R08: 00007ffcc2973560 R09: 0000000000740090
[  773.901088][ T8019] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000005
[  773.909056][ T8019] R13: 0000000000000068 R14: 000000000073bf0c R15: 000000000073bf0c
[  773.945562][ T8019] memory: usage 307200kB, limit 307200kB, failcnt 2979
[  773.952633][ T8019] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  773.961532][ T8019] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  773.970061][ T8019] Memory cgroup stats for /syz4: cache:120KB rss:223080KB rss_huge:180224KB shmem:168KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:16KB active_anon:223248KB inactive_file:8KB active_file:0KB unevictable:0KB
[  773.992495][ T8019] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor4,pid=29568,uid=0
[  774.008449][ T8019] Memory cgroup out of memory: Kill process 29568 (syz-executor4) score 1106 or sacrifice child
[  774.019052][ T8019] Killed process 29568 (syz-executor4) total-vm:70532kB, anon-rss:2196kB, file-rss:33740kB, shmem-rss:0kB
[  774.032231][ T1043] oom_reaper: reaped process 29568 (syz-executor4), now anon-rss:0kB, file-rss:32780kB, shmem-rss:0kB
17:48:06 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe]}, 0x2c8)

17:48:06 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:06 executing program 3:

17:48:06 executing program 2:

17:48:06 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x40049409, 0x0)

17:48:06 executing program 1:

17:48:06 executing program 2:

17:48:06 executing program 1:

17:48:06 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:06 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x40081271, 0x0)

17:48:06 executing program 3:

17:48:07 executing program 2:

17:48:07 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf]}, 0x2c8)

17:48:07 executing program 1:

17:48:07 executing program 3:

17:48:07 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x40101283, 0x0)

17:48:07 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:07 executing program 2:

17:48:07 executing program 3:

17:48:07 executing program 1:

17:48:07 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x401070c9, 0x0)

17:48:07 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:07 executing program 2:

17:48:07 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x401070ca, 0x0)

17:48:07 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10]}, 0x2c8)

17:48:07 executing program 1:

17:48:07 executing program 3:

17:48:07 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:07 executing program 2:

17:48:07 executing program 3:

17:48:07 executing program 1:

17:48:07 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x401070cd, 0x0)

17:48:07 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000120, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:07 executing program 2:

17:48:07 executing program 3:

17:48:07 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11]}, 0x2c8)

17:48:07 executing program 1:

17:48:07 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x401870c8, 0x0)

17:48:07 executing program 2:

17:48:08 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:08 executing program 3:

17:48:08 executing program 1:

17:48:08 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x401870cb, 0x0)

17:48:08 executing program 2:

17:48:08 executing program 3:

17:48:08 executing program 1:

17:48:08 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:08 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12]}, 0x2c8)

17:48:08 executing program 2:

17:48:08 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x401870cc, 0x0)

17:48:08 executing program 3:

17:48:08 executing program 1:

17:48:08 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x13]}, 0x2c8)

17:48:08 executing program 2:

17:48:08 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20010010, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:08 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4020940d, 0x0)

17:48:08 executing program 1:

17:48:08 executing program 3:

17:48:08 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:08 executing program 2:

17:48:08 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x80041284, 0x0)

17:48:08 executing program 1:

17:48:08 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x14]}, 0x2c8)

17:48:08 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x80041285, 0x0)

17:48:08 executing program 2:

17:48:08 executing program 3:

17:48:08 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:08 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x15]}, 0x2c8)

17:48:08 executing program 1:

17:48:08 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x80081270, 0x0)

17:48:09 executing program 2:

17:48:09 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18]}, 0x2c8)

17:48:09 executing program 3:

17:48:09 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x80081272, 0x0)

17:48:09 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:09 executing program 1:

17:48:09 executing program 2:

17:48:09 executing program 3:

17:48:09 executing program 1:

17:48:09 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0xc0045878, 0x0)

17:48:09 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:09 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300]}, 0x2c8)

17:48:09 executing program 2:

17:48:09 executing program 3:

17:48:09 executing program 1:

17:48:09 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0xc0045878, 0x0)

17:48:09 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500]}, 0x2c8)

17:48:09 executing program 3:

17:48:09 executing program 2:

17:48:09 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:09 executing program 1:

17:48:09 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0xc0101282, 0x0)

17:48:09 executing program 3:

17:48:09 executing program 2:

17:48:09 executing program 1:
mknod(&(0x7f0000000180)='./file0\x00', 0x8006, 0x16e8)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0x10, r0, 0x0)
writev(0xffffffffffffffff, &(0x7f00000015c0)=[{&(0x7f0000001680)="e0585a0a76417aac0a91fae3d31ba44e5cc600771e59e093660052c3c2579c0221f8de2fe612d863f9ead05e571a68edf77cb2412f21e78c31a3d8d97be90ac5ccfd1ce850e22eefeacceda9a1f02ac3a236827478bf2bf4a9881d8cbcaf49dd83e7f92574e76abe5ba7240500b62d8d2344eee05fa8870bc0d84a85265f86a61a4361776c572588932a8294df8942c6b2f578ca17680974bbda38ddc3938f5dea20f262bd578bee11c4dac4762b68d9445e7493e4cb7bcaeeb7eaf8a82bd3088d5088f72a0d15b6334a78607f9a714098fed2d64b25c572e91ec19719ba0d20d9f12c35ef839869b1446fdf19b94d86860b4b8c926a054ba6c8fcf742614f7f4673d9670d0440ffed160695318abd0d4954d7595ba177a11764e95b949a0c70acefe93a15bdabe56b22c4e5c93f8d36235e8c270f4cd369a382394b3262881d237c15b5f45be5f4c40b45417cc55131ebb306486cd16c7cb6149b827b59132771c909392b1823e9c602a380ab3089b8e260459684b1c43d7c1fc470d41624dc5b32e589bb5e91131590d1291e71f4a9bf4f0fefe533166dfb6edc6b67168eed626f11e5648f2abd05da82df4f2b3f28ecbb8737c09dd307f1e6c6eb8cd3c2ccbcd1bed10df79d63d7a9d28ee0f7717c48838a06966366f077c28689ad905c30b12dd778aea0ecf07898063aff52015905c9bc6772e00a3fe58ce0a214e2f1f24f4695ae797afd7a123d8a3d55f33c8c56d4a2718f37ac27a243176e98eef20d8cab90c2b498d2b88cd88526503a5c121ee486d9c3b1598cf2c07351146e7c77d88448e3a0e2cb11b31601af9f425417b8868cb03aac96dca173132ad31a5d328a46be7d89e67d760eb1f76e9e20a86fee724028930cac89e918c665d84832abb1c0902ba85d14be284d7d1b8b3d031c580d7315aba2ebc3b7ed6a4d132937c0a7dc385fd21422013ae8177e5c92da3124e5e48aa48f84d44523673f8f9909c210e6e1fc1f2a5c2eae16ebc6a1ba60e511aab11d7994035e3c222ef9ed679e8bbfa9faf75ebbebfa1bf9576613f0570e262af8eee1b814a7cbb175cace8eb0eb79f82b7abefdce1c04c05156cd7cbb3651c4da7979f444ec31fc35336928fcc9dddecbcc7ea5eee0711ba49608092e8b0c5f81dbe7790bbcd74d6f9fe15e5b36044b1a765c5c1a0bd1629f8d0a62f503822410da4ea62e72d9af0e4410efc19b8a91ed99b57bab83f3a70844b59027a78761a01a1f018895dbf70d8c09aa91555fd7ac56e53ef118abcefd8fa5657e55093de79f787cc6b8406299b07e135a", 0x39f}], 0x1)
lstat(&(0x7f0000001640)='./file0\x00', &(0x7f0000000000))

17:48:09 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c8)

17:48:09 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0xc0189436, 0x0)

17:48:09 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:09 executing program 1:

17:48:10 executing program 2:

17:48:10 executing program 3:

17:48:10 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0xc020660b, 0x0)

17:48:10 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700]}, 0x2c8)

17:48:10 executing program 1:

17:48:10 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x78000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:10 executing program 3:

17:48:10 executing program 2:

17:48:10 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0xc0481273, 0x0)

[  777.594621][ T8323] syz-executor4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000
17:48:10 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80040200, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

[  777.710292][ T8323] CPU: 0 PID: 8323 Comm: syz-executor4 Not tainted 5.0.0-rc1-next-20190108 #7
[  777.719175][ T8323] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  777.729352][ T8323] Call Trace:
[  777.732670][ T8323]  dump_stack+0x1db/0x2d0
[  777.737012][ T8323]  ? dump_stack_print_info.cold+0x20/0x20
[  777.742736][ T8323]  ? check_preemption_disabled+0x48/0x290
[  777.748478][ T8323]  dump_header+0x1e6/0x116c
[  777.753052][ T8323]  ? add_lock_to_list.isra.0+0x450/0x450
[  777.758696][ T8323]  ? perf_trace_lock+0x750/0x750
[  777.763653][ T8323]  ? print_usage_bug+0xd0/0xd0
[  777.768434][ T8323]  ? pagefault_out_of_memory+0x1a1/0x1a1
[  777.774084][ T8323]  ? ___ratelimit+0x37c/0x686
[  777.778785][ T8323]  ? mark_held_locks+0xb1/0x100
[  777.783649][ T8323]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  777.789482][ T8323]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  777.795290][ T8323]  ? lockdep_hardirqs_on+0x415/0x5d0
[  777.800595][ T8323]  ? trace_hardirqs_on+0xbd/0x310
[  777.805625][ T8323]  ? kasan_check_read+0x11/0x20
[  777.805641][ T8323]  ? ___ratelimit+0x37c/0x686
[  777.805657][ T8323]  ? trace_hardirqs_off_caller+0x300/0x300
[  777.805673][ T8323]  ? do_raw_spin_trylock+0x270/0x270
[  777.805693][ T8323]  ? trace_hardirqs_on_caller+0x310/0x310
[  777.815246][ T8323]  ? lock_acquire+0x1db/0x570
[  777.836716][ T8323]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  777.842543][ T8323]  ? ___ratelimit+0xac/0x686
[  777.847149][ T8323]  ? idr_get_free+0xee0/0xee0
[  777.851833][ T8323]  ? lockdep_hardirqs_on+0x415/0x5d0
[  777.857140][ T8323]  oom_kill_process.cold+0x10/0x9ca
[  777.862358][ T8323]  ? cgroup_procs_next+0x70/0x70
[  777.867323][ T8323]  ? _raw_spin_unlock_irq+0x5e/0x90
[  777.872545][ T8323]  ? oom_badness+0xa50/0xa50
[  777.877158][ T8323]  ? oom_evaluate_task+0x540/0x540
[  777.877177][ T8323]  ? mem_cgroup_iter_break+0x30/0x30
[  777.877192][ T8323]  ? mutex_trylock+0x2d0/0x2d0
[  777.877212][ T8323]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  777.898609][ T8323]  ? rcu_read_unlock_special+0x380/0x380
[  777.904278][ T8323]  out_of_memory+0x885/0x1420
17:48:10 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x2)

17:48:10 executing program 3:

17:48:10 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8dffffff, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:10 executing program 3:

[  777.908978][ T8323]  ? mem_cgroup_iter+0x4f4/0xf50
[  777.913948][ T8323]  ? oom_killer_disable+0x340/0x340
[  777.919157][ T8323]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[  777.924994][ T8323]  ? lock_acquire+0x1db/0x570
[  777.929712][ T8323]  mem_cgroup_out_of_memory+0x160/0x210
[  777.935261][ T8323]  ? do_raw_spin_unlock+0xa0/0x330
[  777.940384][ T8323]  ? memory_oom_group_write+0x160/0x160
[  777.945934][ T8323]  ? do_raw_spin_trylock+0x270/0x270
[  777.951239][ T8323]  ? _raw_spin_unlock+0x2d/0x50
[  777.956100][ T8323]  try_charge+0x1457/0x1d00
[  777.960622][ T8323]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  777.960638][ T8323]  ? find_held_lock+0x35/0x120
[  777.960655][ T8323]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[  777.960676][ T8323]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  777.970984][ T8323]  ? lock_downgrade+0xbe0/0xbe0
[  777.987571][ T8323]  ? kasan_check_read+0x11/0x20
[  777.992436][ T8323]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  777.998446][ T8323]  ? rcu_read_unlock_special+0x380/0x380
[  778.004099][ T8323]  ? get_mem_cgroup_from_mm+0x1ea/0x420
17:48:10 executing program 3:

[  778.009670][ T8323]  __memcg_kmem_charge_memcg+0x7c/0x130
[  778.015237][ T8323]  ? memcg_kmem_put_cache+0xb0/0xb0
[  778.020443][ T8323]  ? lock_release+0xc40/0xc40
[  778.025144][ T8323]  __memcg_kmem_charge+0x136/0x300
[  778.030272][ T8323]  __alloc_pages_nodemask+0x7b8/0xdc0
[  778.036116][ T8323]  ? __alloc_pages_slowpath+0x2c60/0x2c60
[  778.036131][ T8323]  ? rcu_pm_notify+0xd0/0xd0
[  778.036166][ T8323]  ? rcu_read_lock_sched_held+0x110/0x130
[  778.052168][ T8323]  ? kmem_cache_alloc_node+0x347/0x710
[  778.057649][ T8323]  copy_process+0x847/0x8720
[  778.062271][ T8323]  ? pmd_devmap_trans_unstable+0x1d0/0x1d0
[  778.068122][ T8323]  ? add_lock_to_list.isra.0+0x450/0x450
[  778.073771][ T8323]  ? reacquire_held_locks+0xfb/0x520
[  778.079064][ T8323]  ? alloc_set_pte+0x134a/0x1df0
[  778.084026][ T8323]  ? find_held_lock+0x60/0x120
[  778.088818][ T8323]  ? __cleanup_sighand+0x70/0x70
[  778.093777][ T8323]  ? lock_downgrade+0xbe0/0xbe0
[  778.098686][ T8323]  ? kasan_check_read+0x11/0x20
[  778.098704][ T8323]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  778.098723][ T8323]  ? rcu_read_unlock_special+0x380/0x380
[  778.098751][ T8323]  ? filemap_map_pages+0xe50/0x1cc0
[  778.109597][ T8323]  ? print_usage_bug+0xd0/0xd0
[  778.109617][ T8323]  ? print_usage_bug+0xd0/0xd0
[  778.109637][ T8323]  ? mark_held_locks+0x100/0x100
[  778.134869][ T8323]  ? __lock_acquire+0x572/0x4a10
[  778.139826][ T8323]  ? __handle_mm_fault+0x3fde/0x55a0
[  778.145147][ T8323]  ? mark_held_locks+0x100/0x100
[  778.150106][ T8323]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  778.156347][ T8323]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  778.162585][ T8323]  ? check_preemption_disabled+0x48/0x290
[  778.168313][ T8323]  ? debug_smp_processor_id+0x1c/0x20
[  778.173715][ T8323]  ? perf_trace_lock_acquire+0x138/0x7d0
[  778.179366][ T8323]  ? add_lock_to_list.isra.0+0x450/0x450
[  778.184994][ T8323]  ? perf_trace_lock+0x750/0x750
[  778.189928][ T8323]  ? __handle_mm_fault+0x955/0x55a0
[  778.195128][ T8323]  ? __might_fault+0x12b/0x1e0
[  778.199889][ T8323]  ? find_held_lock+0x35/0x120
[  778.204651][ T8323]  ? __might_fault+0x12b/0x1e0
[  778.209415][ T8323]  ? lock_acquire+0x1db/0x570
[  778.214097][ T8323]  ? lock_downgrade+0xbe0/0xbe0
[  778.218941][ T8323]  ? lock_release+0xc40/0xc40
[  778.223617][ T8323]  ? trace_hardirqs_off_caller+0x300/0x300
[  778.229444][ T8323]  _do_fork+0x1a9/0x1170
[  778.233691][ T8323]  ? fork_idle+0x1d0/0x1d0
[  778.238107][ T8323]  ? kasan_check_read+0x11/0x20
[  778.242972][ T8323]  ? _copy_to_user+0xc9/0x120
[  778.247678][ T8323]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  778.253914][ T8323]  ? put_timespec64+0x115/0x1b0
[  778.258764][ T8323]  ? nsecs_to_jiffies+0x30/0x30
[  778.263610][ T8323]  ? vmacache_update+0x114/0x140
[  778.268544][ T8323]  ? do_syscall_64+0x8c/0x800
[  778.273220][ T8323]  ? do_syscall_64+0x8c/0x800
[  778.277895][ T8323]  ? lockdep_hardirqs_on+0x415/0x5d0
[  778.283179][ T8323]  ? trace_hardirqs_on+0xbd/0x310
[  778.288217][ T8323]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  778.294459][ T8323]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  778.300520][ T8323]  ? trace_hardirqs_off_caller+0x300/0x300
[  778.306778][ T8323]  __x64_sys_clone+0xbf/0x150
[  778.311461][ T8323]  do_syscall_64+0x1a3/0x800
[  778.316051][ T8323]  ? syscall_return_slowpath+0x5f0/0x5f0
[  778.321684][ T8323]  ? prepare_exit_to_usermode+0x232/0x3b0
[  778.327406][ T8323]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  778.332958][ T8323]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  778.338842][ T8323] RIP: 0033:0x457ec9
[  778.342754][ T8323] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  778.362402][ T8323] RSP: 002b:00007f20e9848c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[  778.370807][ T8323] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457ec9
[  778.378790][ T8323] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000002102001ffc
[  778.386770][ T8323] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000
[  778.394734][ T8323] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f20e98496d4
[  778.402698][ T8323] R13: 00000000004be2a0 R14: 00000000004ce600 R15: 00000000ffffffff
[  778.461491][ T8323] memory: usage 307200kB, limit 307200kB, failcnt 3017
[  778.471193][ T8323] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  778.479949][ T8323] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  778.487002][ T8323] Memory cgroup stats for /syz4: cache:120KB rss:221808KB rss_huge:178176KB shmem:168KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:16KB active_anon:221984KB inactive_file:0KB active_file:0KB unevictable:0KB
[  778.487099][ T8323] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor4,pid=32691,uid=0
[  778.525059][ T8323] Memory cgroup out of memory: Kill process 32691 (syz-executor4) score 1106 or sacrifice child
[  778.535808][ T8323] Killed process 32691 (syz-executor4) total-vm:70532kB, anon-rss:2196kB, file-rss:33740kB, shmem-rss:0kB
[  778.569237][ T8322] syz-executor4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000
[  778.596095][ T8322] CPU: 0 PID: 8322 Comm: syz-executor4 Not tainted 5.0.0-rc1-next-20190108 #7
[  778.604965][ T8322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  778.615013][ T8322] Call Trace:
[  778.618301][ T8322]  dump_stack+0x1db/0x2d0
[  778.622677][ T8322]  ? dump_stack_print_info.cold+0x20/0x20
[  778.628380][ T8322]  ? check_preemption_disabled+0x48/0x290
[  778.634083][ T8322]  dump_header+0x1e6/0x116c
[  778.638566][ T8322]  ? add_lock_to_list.isra.0+0x450/0x450
[  778.644174][ T8322]  ? perf_trace_lock+0x750/0x750
[  778.649086][ T8322]  ? print_usage_bug+0xd0/0xd0
[  778.653856][ T8322]  ? pagefault_out_of_memory+0x1a1/0x1a1
[  778.659483][ T8322]  ? ___ratelimit+0x37c/0x686
[  778.664140][ T8322]  ? mark_held_locks+0xb1/0x100
[  778.668972][ T8322]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  778.674755][ T8322]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  778.680537][ T8322]  ? lockdep_hardirqs_on+0x415/0x5d0
[  778.685800][ T8322]  ? trace_hardirqs_on+0xbd/0x310
[  778.690803][ T8322]  ? kasan_check_read+0x11/0x20
[  778.695630][ T8322]  ? ___ratelimit+0x37c/0x686
[  778.700282][ T8322]  ? trace_hardirqs_off_caller+0x300/0x300
[  778.706080][ T8322]  ? do_raw_spin_trylock+0x270/0x270
[  778.711343][ T8322]  ? trace_hardirqs_on_caller+0x310/0x310
[  778.717037][ T8322]  ? lock_acquire+0x1db/0x570
[  778.721694][ T8322]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  778.727503][ T8322]  ? ___ratelimit+0xac/0x686
[  778.732067][ T8322]  ? idr_get_free+0xee0/0xee0
[  778.736719][ T8322]  ? lockdep_hardirqs_on+0x415/0x5d0
[  778.742003][ T8322]  oom_kill_process.cold+0x10/0x9ca
[  778.747180][ T8322]  ? cgroup_procs_next+0x70/0x70
[  778.752096][ T8322]  ? _raw_spin_unlock_irq+0x5e/0x90
[  778.757298][ T8322]  ? oom_badness+0xa50/0xa50
[  778.761919][ T8322]  ? oom_evaluate_task+0x540/0x540
[  778.767009][ T8322]  ? mem_cgroup_iter_break+0x30/0x30
[  778.772266][ T8322]  ? mutex_trylock+0x2d0/0x2d0
[  778.777007][ T8322]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  778.783230][ T8322]  ? rcu_read_unlock_special+0x380/0x380
[  778.788844][ T8322]  out_of_memory+0x885/0x1420
[  778.793501][ T8322]  ? mem_cgroup_iter+0x4f4/0xf50
[  778.798433][ T8322]  ? oom_killer_disable+0x340/0x340
[  778.803627][ T8322]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[  778.809411][ T8322]  ? lock_acquire+0x1db/0x570
[  778.814072][ T8322]  mem_cgroup_out_of_memory+0x160/0x210
[  778.819594][ T8322]  ? do_raw_spin_unlock+0xa0/0x330
[  778.824684][ T8322]  ? memory_oom_group_write+0x160/0x160
[  778.830224][ T8322]  ? do_raw_spin_trylock+0x270/0x270
[  778.835494][ T8322]  ? _raw_spin_unlock+0x2d/0x50
[  778.840336][ T8322]  try_charge+0xd42/0x1d00
[  778.844732][ T8322]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[  778.850259][ T8322]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  778.855780][ T8322]  ? lock_downgrade+0xbe0/0xbe0
[  778.860605][ T8322]  ? kasan_check_read+0x11/0x20
[  778.865449][ T8322]  ? rcu_read_unlock_special+0x380/0x380
[  778.871070][ T8322]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[  778.876590][ T8322]  ? get_mem_cgroup_from_page+0x190/0x190
[  778.882303][ T8322]  ? rcu_read_lock_sched_held+0x110/0x130
[  778.888025][ T8322]  mem_cgroup_try_charge+0x43a/0xdb0
[  778.893293][ T8322]  ? mem_cgroup_protected+0xa10/0xa10
[  778.898671][ T8322]  ? mark_held_locks+0x100/0x100
[  778.903586][ T8322]  ? pmd_val+0x85/0x100
[  778.907721][ T8322]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  778.913951][ T8322]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  778.920170][ T8322]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  778.925796][ T8322]  __handle_mm_fault+0x2594/0x55a0
[  778.930893][ T8322]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  778.936428][ T8322]  ? check_preemption_disabled+0x48/0x290
[  778.942125][ T8322]  ? handle_mm_fault+0x3cc/0xc80
[  778.947051][ T8322]  ? lock_downgrade+0xbe0/0xbe0
[  778.951878][ T8322]  ? kasan_check_read+0x11/0x20
[  778.956723][ T8322]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  778.962682][ T8322]  ? rcu_read_unlock_special+0x380/0x380
[  778.968289][ T8322]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  778.974513][ T8322]  ? check_preemption_disabled+0x48/0x290
[  778.980214][ T8322]  handle_mm_fault+0x4ec/0xc80
[  778.984955][ T8322]  ? __handle_mm_fault+0x55a0/0x55a0
[  778.990233][ T8322]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  778.996480][ T8322]  ? vmacache_update+0x114/0x140
[  779.001421][ T8322]  __do_page_fault+0x5da/0xd60
[  779.006170][ T8322]  do_page_fault+0xe6/0x7d8
[  779.010648][ T8322]  ? trace_hardirqs_on_caller+0xc0/0x310
[  779.016260][ T8322]  ? vmalloc_sync_all+0x30/0x30
[  779.021084][ T8322]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  779.027214][ T8322]  ? syscall_return_slowpath+0x5f0/0x5f0
[  779.032824][ T8322]  ? prepare_exit_to_usermode+0x232/0x3b0
[  779.038521][ T8322]  ? page_fault+0x8/0x30
[  779.042741][ T8322]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  779.048279][ T8322]  ? page_fault+0x8/0x30
[  779.052498][ T8322]  page_fault+0x1e/0x30
[  779.056627][ T8322] RIP: 0033:0x45a87d
[  779.060497][ T8322] Code: 5b 5d f3 c3 66 0f 1f 84 00 00 00 00 00 48 c7 c0 ea ff ff ff 48 85 ff 0f 84 a0 8d fb ff 48 85 f6 0f 84 97 8d fb ff 48 83 ee 10 <48> 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8
[  779.080076][ T8322] RSP: 002b:00007ffcc2973378 EFLAGS: 00010202
[  779.086133][ T8322] RAX: ffffffffffffffea RBX: 00007f20e9828700 RCX: 00007f20e9828700
[  779.094081][ T8322] RDX: 00000000003d0f00 RSI: 00007f20e9827db0 RDI: 000000000040ece0
[  779.102029][ T8322] RBP: 00007ffcc2973580 R08: 00007f20e98289d0 R09: 00007f20e9828700
[  779.110007][ T8322] R10: 00007f20e9827dc0 R11: 0000000000000246 R12: 0000000000000000
[  779.117977][ T8322] R13: 00007ffcc297342f R14: 00007f20e98289c0 R15: 000000000073bfac
[  779.127443][ T8322] memory: usage 304876kB, limit 307200kB, failcnt 3017
[  779.134336][ T8322] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  779.141866][ T8322] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  779.149117][ T8322] Memory cgroup stats for /syz4: cache:120KB rss:219732KB rss_huge:176128KB shmem:168KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:16KB active_anon:219824KB inactive_file:0KB active_file:0KB unevictable:0KB
[  779.171206][ T8322] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor4,pid=1095,uid=0
[  779.186378][ T8322] Memory cgroup out of memory: Kill process 1095 (syz-executor4) score 1106 or sacrifice child
[  779.196833][ T8322] Killed process 1095 (syz-executor4) total-vm:70532kB, anon-rss:2196kB, file-rss:33740kB, shmem-rss:0kB
[  779.209987][ T1043] oom_reaper: reaped process 1095 (syz-executor4), now anon-rss:0kB, file-rss:32780kB, shmem-rss:0kB
17:48:11 executing program 3:

17:48:11 executing program 2:

17:48:11 executing program 1:

17:48:11 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0050000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:11 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900]}, 0x2c8)

17:48:11 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x3)

17:48:12 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
close(0xffffffffffffffff)

17:48:12 executing program 1 (fault-call:2 fault-nth:0):
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:48:12 executing program 3 (fault-call:2 fault-nth:0):
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
close(r0)

17:48:12 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x4)

17:48:12 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc8050000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:12 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x5)

17:48:12 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8030000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:12 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00]}, 0x2c8)

17:48:12 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x6)

17:48:12 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xeffdffff, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:12 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x8)

17:48:12 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf4010000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:12 executing program 2:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x4)

[  780.056915][ T8385] FAULT_INJECTION: forcing a failure.
[  780.056915][ T8385] name failslab, interval 1, probability 0, space 0, times 0
[  780.070980][ T8384] FAULT_INJECTION: forcing a failure.
[  780.070980][ T8384] name failslab, interval 1, probability 0, space 0, times 0
[  780.092936][ T8384] CPU: 1 PID: 8384 Comm: syz-executor1 Not tainted 5.0.0-rc1-next-20190108 #7
[  780.101785][ T8384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  780.111835][ T8384] Call Trace:
[  780.115153][ T8384]  dump_stack+0x1db/0x2d0
[  780.119503][ T8384]  ? dump_stack_print_info.cold+0x20/0x20
[  780.125252][ T8384]  ? __mutex_lock+0x618/0x1670
[  780.130024][ T8384]  should_fail.cold+0xa/0x14
[  780.134612][ T8384]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[  780.140462][ T8384]  ? ___might_sleep+0x1e7/0x310
[  780.145314][ T8384]  ? arch_local_save_flags+0x50/0x50
[  780.150644][ T8384]  __should_failslab+0x121/0x190
[  780.155581][ T8384]  should_failslab+0x9/0x14
[  780.160107][ T8384]  kmem_cache_alloc_trace+0x2d1/0x760
[  780.165484][ T8384]  ? snd_pcm_oss_change_params+0xa4/0xd0
[  780.171131][ T8384]  snd_pcm_oss_change_params_locked+0x1cc/0x3b70
[  780.177484][ T8384]  ? find_held_lock+0x35/0x120
[  780.182247][ T8384]  ? snd_pcm_oss_ioctl+0x1baa/0x3dc0
[  780.187562][ T8384]  ? _snd_pcm_hw_param_set.constprop.0+0x630/0x630
[  780.194148][ T8384]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  780.200412][ T8384]  ? kasan_check_write+0x14/0x20
[  780.205362][ T8384]  ? __mutex_unlock_slowpath+0x195/0x870
[  780.210989][ T8384]  ? lock_acquire+0x1db/0x570
[  780.215661][ T8384]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  780.221929][ T8384]  ? wait_for_completion+0x810/0x810
[  780.227221][ T8384]  snd_pcm_oss_change_params+0x7b/0xd0
[  780.232694][ T8384]  snd_pcm_oss_get_active_substream+0x136/0x190
[  780.238967][ T8384]  snd_pcm_oss_ioctl+0x268f/0x3dc0
[  780.244073][ T8384]  ? __fget+0x473/0x710
[  780.248238][ T8384]  ? snd_pcm_oss_release+0x290/0x290
[  780.253523][ T8384]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  780.259769][ T8384]  ? lock_downgrade+0xbe0/0xbe0
[  780.264616][ T8384]  ? kasan_check_read+0x11/0x20
[  780.269494][ T8384]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  780.275474][ T8384]  ? rcu_read_unlock_special+0x380/0x380
[  780.281123][ T8384]  ? __fget+0x49a/0x710
[  780.285289][ T8384]  ? ksys_dup3+0x660/0x660
[  780.289740][ T8384]  ? snd_pcm_oss_release+0x290/0x290
[  780.295056][ T8384]  do_vfs_ioctl+0x107b/0x17d0
[  780.299733][ T8384]  ? wait_for_completion+0x810/0x810
[  780.305232][ T8384]  ? ioctl_preallocate+0x2f0/0x2f0
[  780.310354][ T8384]  ? __fget_light+0x2db/0x420
[  780.315062][ T8384]  ? fget_raw+0x20/0x20
[  780.319216][ T8384]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  780.325458][ T8384]  ? fput+0x128/0x1a0
[  780.329469][ T8384]  ? do_syscall_64+0x8c/0x800
[  780.334144][ T8384]  ? do_syscall_64+0x8c/0x800
[  780.338838][ T8384]  ? lockdep_hardirqs_on+0x415/0x5d0
[  780.344162][ T8384]  ? security_file_ioctl+0x93/0xc0
[  780.349299][ T8384]  ksys_ioctl+0xab/0xd0
[  780.353511][ T8384]  __x64_sys_ioctl+0x73/0xb0
[  780.358154][ T8384]  do_syscall_64+0x1a3/0x800
[  780.362746][ T8384]  ? syscall_return_slowpath+0x5f0/0x5f0
[  780.368380][ T8384]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  780.374107][ T8384]  ? __switch_to_asm+0x34/0x70
[  780.378877][ T8384]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  780.384430][ T8384]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  780.390318][ T8384] RIP: 0033:0x457ec9
[  780.394210][ T8384] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  780.413860][ T8384] RSP: 002b:00007f861ea6dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  780.422298][ T8384] RAX: ffffffffffffffda RBX: 00007f861ea6dc90 RCX: 0000000000457ec9
[  780.430281][ T8384] RDX: 0000000020000380 RSI: 00800000c0045005 RDI: 0000000000000003
[  780.438707][ T8384] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000
[  780.446684][ T8384] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f861ea6e6d4
[  780.454688][ T8384] R13: 00000000004c313e R14: 00000000004d5980 R15: 0000000000000004
[  780.476262][ T8385] CPU: 1 PID: 8385 Comm: syz-executor3 Not tainted 5.0.0-rc1-next-20190108 #7
[  780.485128][ T8385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  780.495173][ T8385] Call Trace:
[  780.498469][ T8385]  dump_stack+0x1db/0x2d0
[  780.498491][ T8385]  ? dump_stack_print_info.cold+0x20/0x20
17:48:13 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

[  780.498510][ T8385]  ? kasan_check_read+0x11/0x20
[  780.498537][ T8385]  should_fail.cold+0xa/0x14
[  780.498560][ T8385]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[  780.498584][ T8385]  ? ___might_sleep+0x1e7/0x310
[  780.528652][ T8385]  ? arch_local_save_flags+0x50/0x50
[  780.533951][ T8385]  __should_failslab+0x121/0x190
[  780.538893][ T8385]  should_failslab+0x9/0x14
[  780.543404][ T8385]  kmem_cache_alloc_trace+0x2d1/0x760
[  780.548826][ T8385]  ? snd_pcm_oss_change_params+0xa4/0xd0
[  780.554473][ T8385]  ? perf_trace_lock+0x750/0x750
[  780.559436][ T8385]  snd_pcm_oss_change_params_locked+0x1cc/0x3b70
[  780.565779][ T8385]  ? find_held_lock+0x35/0x120
[  780.570590][ T8385]  ? __might_fault+0x12b/0x1e0
[  780.575365][ T8385]  ? lock_acquire+0x1db/0x570
[  780.580054][ T8385]  ? _snd_pcm_hw_param_set.constprop.0+0x630/0x630
[  780.586577][ T8385]  ? __lock_acquire+0x572/0x4a10
[  780.591533][ T8385]  ? lock_downgrade+0xbe0/0xbe0
[  780.596405][ T8385]  ? lock_release+0xc40/0xc40
[  780.601092][ T8385]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  780.607352][ T8385]  ? lock_params+0x12f/0x1b0
[  780.611962][ T8385]  ? mark_held_locks+0x100/0x100
[  780.616908][ T8385]  ? __might_fault+0x1a3/0x1e0
[  780.621677][ T8385]  snd_pcm_oss_change_params+0x7b/0xd0
[  780.627117][ T8385]  snd_pcm_oss_make_ready+0xbe/0x170
[  780.632386][ T8385]  snd_pcm_oss_sync.isra.0+0x275/0x970
[  780.637874][ T8385]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  780.644116][ T8385]  ? ima_file_free+0x128/0x630
[  780.648882][ T8385]  ? snd_pcm_oss_sync1+0x5c0/0x5c0
[  780.654005][ T8385]  ? ima_file_check+0x130/0x130
[  780.658864][ T8385]  snd_pcm_oss_release+0x214/0x290
[  780.663963][ T8385]  __fput+0x3c5/0xb10
[  780.667945][ T8385]  ? snd_pcm_oss_sync.isra.0+0x970/0x970
[  780.673592][ T8385]  ? file_free_rcu+0xe0/0xe0
[  780.678186][ T8385]  ? task_work_run+0x1bb/0x2b0
[  780.682940][ T8385]  ? trace_hardirqs_off_caller+0x300/0x300
[  780.688724][ T8385]  ? do_raw_spin_trylock+0x270/0x270
[  780.694000][ T8385]  ? wait_for_completion+0x810/0x810
[  780.699275][ T8385]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  780.705515][ T8385]  ____fput+0x16/0x20
[  780.709491][ T8385]  task_work_run+0x1f4/0x2b0
[  780.714064][ T8385]  ? task_work_cancel+0x2c0/0x2c0
[  780.719088][ T8385]  ? cpumask_weight.constprop.0+0x3f/0x3f
[  780.724801][ T8385]  ? fput+0x128/0x1a0
[  780.728767][ T8385]  ? do_syscall_64+0x8c/0x800
[  780.733447][ T8385]  exit_to_usermode_loop+0x32a/0x3b0
[  780.738732][ T8385]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  780.744779][ T8385]  ? syscall_trace_enter+0x12a0/0x12a0
[  780.750216][ T8385]  ? ksys_ioctl+0x82/0xd0
[  780.754538][ T8385]  do_syscall_64+0x696/0x800
[  780.759108][ T8385]  ? syscall_return_slowpath+0x5f0/0x5f0
[  780.764722][ T8385]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  780.770419][ T8385]  ? __switch_to_asm+0x34/0x70
[  780.775168][ T8385]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  780.780699][ T8385]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  780.786570][ T8385] RIP: 0033:0x457ec9
[  780.790448][ T8385] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
17:48:13 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
close(r0)

17:48:13 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x300)

17:48:13 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf5ffffff, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:13 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb00]}, 0x2c8)

17:48:13 executing program 2 (fault-call:2 fault-nth:0):
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

[  780.810047][ T8385] RSP: 002b:00007fe56a359c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  780.818436][ T8385] RAX: 0000000000000000 RBX: 00007fe56a359c90 RCX: 0000000000457ec9
[  780.826403][ T8385] RDX: 0000000020000380 RSI: 00800000c0045009 RDI: 0000000000000003
[  780.834357][ T8385] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000
[  780.842316][ T8385] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe56a35a6d4
[  780.850272][ T8385] R13: 00000000004c313e R14: 00000000004d5980 R15: 0000000000000004
17:48:13 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x500)

17:48:13 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfc000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:13 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x600)

17:48:13 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdffffff, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:13 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc00]}, 0x2c8)

17:48:13 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x3f00)

17:48:13 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000000000002, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

[  781.446284][ T8442] FAULT_INJECTION: forcing a failure.
[  781.446284][ T8442] name failslab, interval 1, probability 0, space 0, times 0
[  781.459025][ T8442] CPU: 0 PID: 8442 Comm: syz-executor2 Not tainted 5.0.0-rc1-next-20190108 #7
[  781.467853][ T8442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  781.477923][ T8442] Call Trace:
[  781.481208][ T8442]  dump_stack+0x1db/0x2d0
[  781.485538][ T8442]  ? dump_stack_print_info.cold+0x20/0x20
[  781.491241][ T8442]  ? kasan_check_read+0x11/0x20
[  781.496092][ T8442]  should_fail.cold+0xa/0x14
[  781.500696][ T8442]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[  781.506501][ T8442]  ? ___might_sleep+0x1e7/0x310
[  781.511362][ T8442]  ? arch_local_save_flags+0x50/0x50
[  781.516651][ T8442]  __should_failslab+0x121/0x190
[  781.521582][ T8442]  should_failslab+0x9/0x14
[  781.526069][ T8442]  kmem_cache_alloc_trace+0x2d1/0x760
[  781.531431][ T8442]  ? snd_pcm_oss_change_params+0xa4/0xd0
[  781.537072][ T8442]  ? perf_trace_lock+0x750/0x750
[  781.542011][ T8442]  snd_pcm_oss_change_params_locked+0x1cc/0x3b70
[  781.548337][ T8442]  ? find_held_lock+0x35/0x120
[  781.553099][ T8442]  ? __might_fault+0x12b/0x1e0
[  781.557857][ T8442]  ? lock_acquire+0x1db/0x570
[  781.562575][ T8442]  ? _snd_pcm_hw_param_set.constprop.0+0x630/0x630
[  781.569066][ T8442]  ? __lock_acquire+0x572/0x4a10
[  781.574016][ T8442]  ? lock_downgrade+0xbe0/0xbe0
[  781.578859][ T8442]  ? lock_release+0xc40/0xc40
[  781.583520][ T8442]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  781.589757][ T8442]  ? lock_params+0x12f/0x1b0
[  781.594355][ T8442]  ? mark_held_locks+0x100/0x100
[  781.599291][ T8442]  ? __might_fault+0x1a3/0x1e0
[  781.604055][ T8442]  snd_pcm_oss_change_params+0x7b/0xd0
[  781.609498][ T8442]  snd_pcm_oss_make_ready+0xbe/0x170
[  781.614773][ T8442]  snd_pcm_oss_sync.isra.0+0x275/0x970
[  781.620213][ T8442]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  781.626455][ T8442]  ? ima_file_free+0x128/0x630
[  781.631214][ T8442]  ? snd_pcm_oss_sync1+0x5c0/0x5c0
[  781.636358][ T8442]  ? ima_file_check+0x130/0x130
[  781.641195][ T8442]  snd_pcm_oss_release+0x214/0x290
[  781.646392][ T8442]  __fput+0x3c5/0xb10
[  781.650386][ T8442]  ? snd_pcm_oss_sync.isra.0+0x970/0x970
[  781.656014][ T8442]  ? file_free_rcu+0xe0/0xe0
[  781.660605][ T8442]  ? task_work_run+0x1bb/0x2b0
[  781.665393][ T8442]  ? trace_hardirqs_off_caller+0x300/0x300
[  781.671198][ T8442]  ? do_raw_spin_trylock+0x270/0x270
[  781.676480][ T8442]  ? wait_for_completion+0x810/0x810
[  781.681745][ T8442]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  781.687975][ T8442]  ____fput+0x16/0x20
[  781.691965][ T8442]  task_work_run+0x1f4/0x2b0
[  781.696538][ T8442]  ? task_work_cancel+0x2c0/0x2c0
[  781.701556][ T8442]  ? cpumask_weight.constprop.0+0x3f/0x3f
[  781.707278][ T8442]  exit_to_usermode_loop+0x32a/0x3b0
[  781.712562][ T8442]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  781.718621][ T8442]  ? syscall_trace_enter+0x12a0/0x12a0
[  781.724062][ T8442]  ? ksys_ioctl+0x82/0xd0
[  781.728413][ T8442]  do_syscall_64+0x696/0x800
[  781.733027][ T8442]  ? syscall_return_slowpath+0x5f0/0x5f0
[  781.738699][ T8442]  ? prepare_exit_to_usermode+0x3b0/0x3b0
17:48:14 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000000000002, &(0x7f0000000380)=0x2)
close(r0)

17:48:14 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x4000)

17:48:14 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe800000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:14 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd00]}, 0x2c8)

[  781.744426][ T8442]  ? __switch_to_asm+0x34/0x70
[  781.749212][ T8442]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  781.754772][ T8442]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  781.760666][ T8442] RIP: 0033:0x457ec9
[  781.764565][ T8442] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  781.784167][ T8442] RSP: 002b:00007ffb734ebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  781.792607][ T8442] RAX: 0000000000000000 RBX: 00007ffb734ebc90 RCX: 0000000000457ec9
[  781.800585][ T8442] RDX: 0000000020000380 RSI: 00800000c0045009 RDI: 0000000000000003
[  781.808574][ T8442] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000
[  781.816548][ T8442] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffb734ec6d4
[  781.824641][ T8442] R13: 00000000004c313e R14: 00000000004d5980 R15: 0000000000000004
17:48:14 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:48:14 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000000005000, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:48:14 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfec00000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:14 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x1000000)

17:48:14 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe00]}, 0x2c8)

17:48:14 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x2000000)

17:48:14 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeffffff, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:14 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf00]}, 0x2c8)

17:48:14 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000000005000, &(0x7f0000000380)=0x2)
close(r0)

17:48:14 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000000005001, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:48:14 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x3000000)

17:48:14 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:15 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000000000002, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:48:15 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1100]}, 0x2c8)

17:48:15 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000000005008, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:48:15 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000000005001, &(0x7f0000000380)=0x2)
close(r0)

17:48:15 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff0000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:15 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x4000000)

17:48:15 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdef, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:15 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x5000000)

17:48:15 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000000005008, &(0x7f0000000380)=0x2)
close(r0)

17:48:15 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1200]}, 0x2c8)

17:48:15 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x6000000)

17:48:15 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:15 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000000005000, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:48:15 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x8000000)

17:48:15 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff8d, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:15 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1300]}, 0x2c8)

17:48:15 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x8000000000500e, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:48:16 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff5, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:16 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x3f000000)

17:48:16 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x8000000000500e, &(0x7f0000000380)=0x2)
close(r0)

17:48:16 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1400]}, 0x2c8)

17:48:16 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:16 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000000005001, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:48:16 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x40000000)

17:48:16 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:16 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1500]}, 0x2c8)

17:48:16 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0xf4ffffff)

17:48:16 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:16 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000000005015, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:48:16 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000000005008, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:48:16 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffffffff000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:16 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000000005015, &(0x7f0000000380)=0x2)
close(r0)

17:48:16 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0xfbffffff)

17:48:16 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1800]}, 0x2c8)

17:48:16 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:16 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0ffffff7f0000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:16 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0xfdfdffff)

17:48:16 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:17 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x103000000000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:17 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00]}, 0x2c8)

17:48:17 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000000005016, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:48:17 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0xfffffdfd)

17:48:17 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:17 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000000005016, &(0x7f0000000380)=0x2)
close(r0)

17:48:17 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x8000000000500e, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:48:17 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000]}, 0x2c8)

17:48:17 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:17 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0xfffffff4)

[  784.828015][ T8710] syz-executor4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000
[  784.848062][ T8710] CPU: 0 PID: 8710 Comm: syz-executor4 Not tainted 5.0.0-rc1-next-20190108 #7
[  784.856919][ T8710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  784.866968][ T8710] Call Trace:
[  784.866992][ T8710]  dump_stack+0x1db/0x2d0
17:48:17 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0xfffffffb)

[  784.867013][ T8710]  ? dump_stack_print_info.cold+0x20/0x20
[  784.867028][ T8710]  ? check_preemption_disabled+0x48/0x290
[  784.867072][ T8710]  dump_header+0x1e6/0x116c
[  784.867123][ T8710]  ? add_lock_to_list.isra.0+0x450/0x450
[  784.867137][ T8710]  ? perf_trace_lock+0x750/0x750
[  784.867153][ T8710]  ? print_usage_bug+0xd0/0xd0
[  784.867172][ T8710]  ? pagefault_out_of_memory+0x1a1/0x1a1
[  784.867190][ T8710]  ? ___ratelimit+0x37c/0x686
[  784.880483][ T8710]  ? mark_held_locks+0xb1/0x100
[  784.880503][ T8710]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
17:48:17 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x1000000000000)

[  784.880524][ T8710]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  784.932685][ T8710]  ? lockdep_hardirqs_on+0x415/0x5d0
[  784.937975][ T8710]  ? trace_hardirqs_on+0xbd/0x310
[  784.943007][ T8710]  ? kasan_check_read+0x11/0x20
[  784.947856][ T8710]  ? ___ratelimit+0x37c/0x686
[  784.952534][ T8710]  ? trace_hardirqs_off_caller+0x300/0x300
[  784.958357][ T8710]  ? do_raw_spin_trylock+0x270/0x270
[  784.963675][ T8710]  ? trace_hardirqs_on_caller+0x310/0x310
[  784.969410][ T8710]  ? lock_acquire+0x1db/0x570
[  784.974112][ T8710]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  784.979921][ T8710]  ? ___ratelimit+0xac/0x686
[  784.984532][ T8710]  ? idr_get_free+0xee0/0xee0
[  784.989217][ T8710]  ? lockdep_hardirqs_on+0x415/0x5d0
[  784.994516][ T8710]  oom_kill_process.cold+0x10/0x9ca
[  784.999730][ T8710]  ? cgroup_procs_next+0x70/0x70
[  785.004681][ T8710]  ? _raw_spin_unlock_irq+0x5e/0x90
[  785.009918][ T8710]  ? oom_badness+0xa50/0xa50
[  785.014519][ T8710]  ? oom_evaluate_task+0x540/0x540
[  785.019642][ T8710]  ? mem_cgroup_iter_break+0x30/0x30
[  785.024927][ T8710]  ? mutex_trylock+0x2d0/0x2d0
[  785.029704][ T8710]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  785.035986][ T8710]  ? rcu_read_unlock_special+0x380/0x380
[  785.041626][ T8710]  out_of_memory+0x885/0x1420
[  785.046302][ T8710]  ? mem_cgroup_iter+0x4f4/0xf50
[  785.051335][ T8710]  ? oom_killer_disable+0x340/0x340
[  785.056540][ T8710]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[  785.062394][ T8710]  ? lock_acquire+0x1db/0x570
[  785.067093][ T8710]  mem_cgroup_out_of_memory+0x160/0x210
[  785.072667][ T8710]  ? do_raw_spin_unlock+0xa0/0x330
[  785.077776][ T8710]  ? memory_oom_group_write+0x160/0x160
[  785.083329][ T8710]  ? do_raw_spin_trylock+0x270/0x270
[  785.088623][ T8710]  ? _raw_spin_unlock+0x2d/0x50
[  785.093477][ T8710]  try_charge+0x1457/0x1d00
[  785.097994][ T8710]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[  785.103561][ T8710]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  785.109100][ T8710]  ? lock_downgrade+0xbe0/0xbe0
[  785.113946][ T8710]  ? kasan_check_read+0x11/0x20
[  785.118825][ T8710]  ? rcu_read_unlock_special+0x380/0x380
[  785.124463][ T8710]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[  785.130008][ T8710]  ? get_mem_cgroup_from_page+0x190/0x190
[  785.135731][ T8710]  ? rcu_read_lock_sched_held+0x110/0x130
[  785.141480][ T8710]  mem_cgroup_try_charge+0x43a/0xdb0
[  785.146770][ T8710]  ? mem_cgroup_protected+0xa10/0xa10
[  785.152144][ T8710]  ? check_preemption_disabled+0x48/0x290
[  785.157866][ T8710]  ? __lock_acquire+0x572/0x4a10
[  785.162796][ T8710]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  785.169033][ T8710]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  785.175286][ T8710]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  785.180930][ T8710]  wp_page_copy+0x45a/0x1c70
[  785.185516][ T8710]  ? swp_swapcount+0x540/0x540
[  785.190273][ T8710]  ? __lock_acquire+0x572/0x4a10
[  785.195230][ T8710]  ? pmd_pfn+0x1d0/0x1d0
[  785.199468][ T8710]  ? find_held_lock+0x35/0x120
[  785.204223][ T8710]  ? do_wp_page+0x894/0x1e80
[  785.208811][ T8710]  ? delayacct_end+0xc9/0x100
[  785.213479][ T8710]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  785.219735][ T8710]  ? kasan_check_read+0x11/0x20
[  785.224579][ T8710]  ? do_raw_spin_unlock+0xa0/0x330
[  785.229690][ T8710]  ? do_raw_spin_trylock+0x270/0x270
[  785.234992][ T8710]  ? print_usage_bug+0xd0/0xd0
[  785.239779][ T8710]  do_wp_page+0x89c/0x1e80
[  785.244196][ T8710]  ? finish_mkwrite_fault+0x4f0/0x4f0
[  785.249579][ T8710]  ? lock_acquire+0x1db/0x570
[  785.254249][ T8710]  ? __handle_mm_fault+0x1d80/0x55a0
[  785.259537][ T8710]  ? kasan_check_write+0x14/0x20
[  785.264472][ T8710]  ? do_raw_spin_lock+0x156/0x360
[  785.269493][ T8710]  ? lock_release+0xc40/0xc40
[  785.274171][ T8710]  ? rwlock_bug.part.0+0x90/0x90
[  785.279109][ T8710]  ? pmd_devmap_trans_unstable+0x1d0/0x1d0
[  785.284909][ T8710]  ? add_mm_counter_fast.part.0+0x40/0x40
[  785.290637][ T8710]  __handle_mm_fault+0x2c8e/0x55a0
[  785.295759][ T8710]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  785.301298][ T8710]  ? check_preemption_disabled+0x48/0x290
[  785.307031][ T8710]  ? handle_mm_fault+0x3cc/0xc80
[  785.311984][ T8710]  ? lock_downgrade+0xbe0/0xbe0
[  785.316829][ T8710]  ? kasan_check_read+0x11/0x20
[  785.321675][ T8710]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  785.327652][ T8710]  ? rcu_read_unlock_special+0x380/0x380
[  785.333283][ T8710]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  785.339528][ T8710]  ? check_preemption_disabled+0x48/0x290
[  785.345249][ T8710]  handle_mm_fault+0x4ec/0xc80
[  785.350015][ T8710]  ? __handle_mm_fault+0x55a0/0x55a0
[  785.355292][ T8710]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  785.361539][ T8710]  ? vmacache_update+0x114/0x140
[  785.366487][ T8710]  __do_page_fault+0x5da/0xd60
[  785.371259][ T8710]  do_page_fault+0xe6/0x7d8
[  785.375756][ T8710]  ? trace_hardirqs_on_caller+0xc0/0x310
[  785.381400][ T8710]  ? vmalloc_sync_all+0x30/0x30
[  785.386244][ T8710]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  785.392399][ T8710]  ? prepare_exit_to_usermode+0x232/0x3b0
[  785.398109][ T8710]  ? page_fault+0x8/0x30
[  785.402349][ T8710]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  785.407893][ T8710]  ? page_fault+0x8/0x30
[  785.412183][ T8710]  page_fault+0x1e/0x30
[  785.416340][ T8710] RIP: 0033:0x42f056
[  785.420231][ T8710] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 06 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 0c 5f 62 00 85 c0 0f 84
[  785.439824][ T8710] RSP: 002b:00007ffcc29732a0 EFLAGS: 00010206
[  785.445901][ T8710] RAX: 00000000000205b1 RBX: 0000000000710640 RCX: 0000000000000121
[  785.453865][ T8710] RDX: 0000000001f22930 RSI: 0000000001f22a50 RDI: 0000000000000000
[  785.461832][ T8710] RBP: 0000000000000121 R08: ffffffffffffffff R09: 0000000000000000
[  785.469814][ T8710] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000710698
17:48:18 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

[  785.477782][ T8710] R13: 0000000000710698 R14: 000000000073bf0c R15: 0000000000002710
17:48:18 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000000005421, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

[  785.506131][ T8710] memory: usage 307200kB, limit 307200kB, failcnt 3066
[  785.542527][ T8710] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
17:48:18 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000000005421, &(0x7f0000000380)=0x2)
close(r0)

[  785.581592][ T8710] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
17:48:18 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500000000000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:18 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000000005015, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

[  785.615740][ T8710] Memory cgroup stats for /syz4: cache:120KB rss:220752KB rss_huge:176128KB shmem:168KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:16KB active_anon:220744KB inactive_file:0KB active_file:0KB unevictable:0KB
[  785.661585][ T8710] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor4,pid=2241,uid=0
17:48:18 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x7ffffffffffff)

[  785.719272][ T8710] Memory cgroup out of memory: Kill process 2241 (syz-executor4) score 1106 or sacrifice child
[  785.755788][ T8710] Killed process 2241 (syz-executor4) total-vm:70532kB, anon-rss:2196kB, file-rss:33740kB, shmem-rss:0kB
17:48:18 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600000000000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:18 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000]}, 0x2c8)

17:48:18 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x100000000000000)

17:48:18 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

[  785.997427][ T8760] syz-executor4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000
[  786.011059][ T8760] CPU: 0 PID: 8760 Comm: syz-executor4 Not tainted 5.0.0-rc1-next-20190108 #7
[  786.019910][ T8760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  786.029963][ T8760] Call Trace:
[  786.033259][ T8760]  dump_stack+0x1db/0x2d0
[  786.037600][ T8760]  ? dump_stack_print_info.cold+0x20/0x20
17:48:18 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x200000000000000)

17:48:18 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

[  786.043339][ T8760]  ? check_preemption_disabled+0x48/0x290
[  786.049078][ T8760]  dump_header+0x1e6/0x116c
[  786.053611][ T8760]  ? add_lock_to_list.isra.0+0x450/0x450
[  786.059248][ T8760]  ? perf_trace_lock+0x750/0x750
[  786.064191][ T8760]  ? print_usage_bug+0xd0/0xd0
[  786.068968][ T8760]  ? pagefault_out_of_memory+0x1a1/0x1a1
[  786.074603][ T8760]  ? ___ratelimit+0x37c/0x686
[  786.079304][ T8760]  ? mark_held_locks+0xb1/0x100
[  786.084179][ T8760]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  786.090000][ T8760]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  786.095817][ T8760]  ? lockdep_hardirqs_on+0x415/0x5d0
[  786.101113][ T8760]  ? trace_hardirqs_on+0xbd/0x310
[  786.106141][ T8760]  ? kasan_check_read+0x11/0x20
[  786.111010][ T8760]  ? ___ratelimit+0x37c/0x686
[  786.115689][ T8760]  ? trace_hardirqs_off_caller+0x300/0x300
[  786.121502][ T8760]  ? do_raw_spin_trylock+0x270/0x270
[  786.126808][ T8760]  ? trace_hardirqs_on_caller+0x310/0x310
[  786.132532][ T8760]  ? lock_acquire+0x1db/0x570
[  786.137242][ T8760]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  786.143056][ T8760]  ? ___ratelimit+0xac/0x686
[  786.147653][ T8760]  ? idr_get_free+0xee0/0xee0
[  786.152362][ T8760]  ? lockdep_hardirqs_on+0x415/0x5d0
[  786.157675][ T8760]  oom_kill_process.cold+0x10/0x9ca
[  786.162878][ T8760]  ? cgroup_procs_next+0x70/0x70
[  786.167825][ T8760]  ? _raw_spin_unlock_irq+0x5e/0x90
[  786.173028][ T8760]  ? oom_badness+0xa50/0xa50
[  786.177620][ T8760]  ? oom_evaluate_task+0x540/0x540
[  786.177638][ T8760]  ? mem_cgroup_iter_break+0x30/0x30
[  786.177651][ T8760]  ? mutex_trylock+0x2d0/0x2d0
17:48:18 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900000000000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

[  786.177666][ T8760]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  786.177710][ T8760]  ? rcu_read_unlock_special+0x380/0x380
[  786.177734][ T8760]  out_of_memory+0x885/0x1420
[  786.177755][ T8760]  ? mem_cgroup_iter+0x4f4/0xf50
[  786.199099][ T8760]  ? oom_killer_disable+0x340/0x340
[  786.199119][ T8760]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[  786.199137][ T8760]  ? lock_acquire+0x1db/0x570
[  786.199166][ T8760]  mem_cgroup_out_of_memory+0x160/0x210
[  786.199182][ T8760]  ? do_raw_spin_unlock+0xa0/0x330
[  786.199199][ T8760]  ? memory_oom_group_write+0x160/0x160
[  786.199219][ T8760]  ? do_raw_spin_trylock+0x270/0x270
[  786.214431][ T8760]  ? _raw_spin_unlock+0x2d/0x50
[  786.214466][ T8760]  try_charge+0x1457/0x1d00
[  786.214494][ T8760]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  786.214508][ T8760]  ? find_held_lock+0x35/0x120
[  786.214524][ T8760]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[  786.214542][ T8760]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  786.214561][ T8760]  ? lock_downgrade+0xbe0/0xbe0
[  786.251633][ T8760]  ? kasan_check_read+0x11/0x20
[  786.251667][ T8760]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  786.251685][ T8760]  ? rcu_read_unlock_special+0x380/0x380
[  786.251713][ T8760]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[  786.251733][ T8760]  __memcg_kmem_charge_memcg+0x7c/0x130
[  786.251752][ T8760]  ? memcg_kmem_put_cache+0xb0/0xb0
[  786.276879][ T8760]  ? lock_release+0xc40/0xc40
[  786.276908][ T8760]  __memcg_kmem_charge+0x136/0x300
[  786.276931][ T8760]  __alloc_pages_nodemask+0x7b8/0xdc0
[  786.276946][ T8760]  ? print_usage_bug+0xd0/0xd0
[  786.276970][ T8760]  ? __alloc_pages_slowpath+0x2c60/0x2c60
[  786.276984][ T8760]  ? __lock_acquire+0x572/0x4a10
[  786.277019][ T8760]  ? mark_held_locks+0x100/0x100
[  786.277035][ T8760]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  786.277058][ T8760]  alloc_pages_current+0x107/0x210
[  786.277080][ T8760]  __pmd_alloc+0x41/0x460
[  786.277100][ T8760]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  786.379780][ T8760]  __handle_mm_fault+0x1f73/0x55a0
[  786.384906][ T8760]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  786.390468][ T8760]  ? check_preemption_disabled+0x48/0x290
[  786.396197][ T8760]  ? handle_mm_fault+0x3cc/0xc80
[  786.401155][ T8760]  ? lock_downgrade+0xbe0/0xbe0
[  786.406003][ T8760]  ? kasan_check_read+0x11/0x20
[  786.410858][ T8760]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  786.416843][ T8760]  ? rcu_read_unlock_special+0x380/0x380
[  786.422494][ T8760]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  786.428741][ T8760]  ? check_preemption_disabled+0x48/0x290
[  786.434477][ T8760]  handle_mm_fault+0x4ec/0xc80
[  786.439236][ T8760]  ? __handle_mm_fault+0x55a0/0x55a0
[  786.444526][ T8760]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  786.450768][ T8760]  ? vmacache_update+0x114/0x140
[  786.455728][ T8760]  __do_page_fault+0x5da/0xd60
[  786.460519][ T8760]  do_page_fault+0xe6/0x7d8
[  786.465024][ T8760]  ? trace_hardirqs_on_caller+0xc0/0x310
[  786.465044][ T8760]  ? vmalloc_sync_all+0x30/0x30
[  786.465059][ T8760]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  786.465076][ T8760]  ? syscall_return_slowpath+0x5f0/0x5f0
[  786.465097][ T8760]  ? prepare_exit_to_usermode+0x232/0x3b0
[  786.481711][ T8760]  ? page_fault+0x8/0x30
[  786.481730][ T8760]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  786.481748][ T8760]  ? page_fault+0x8/0x30
[  786.481765][ T8760]  page_fault+0x1e/0x30
[  786.511249][ T8760] RIP: 0033:0x4017b7
[  786.515151][ T8760] Code: 00 00 00 48 83 ec 08 48 8b 15 f5 ec 64 00 48 8b 05 e6 ec 64 00 48 39 d0 48 8d 8a 00 00 00 01 72 17 48 39 c8 73 12 48 8d 50 04 <89> 38 48 89 15 c8 ec 64 00 48 83 c4 08 c3 48 89 c6 bf c8 72 4c 00
[  786.534756][ T8760] RSP: 002b:00007ffcc29734a0 EFLAGS: 00010287
[  786.540849][ T8760] RAX: 0000001b2d320000 RBX: 0000000000000003 RCX: 0000001b2e320000
[  786.548834][ T8760] RDX: 0000001b2d320004 RSI: 00007ffcc2973250 RDI: 0000000000000000
[  786.556803][ T8760] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000004
[  786.564790][ T8760] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000000
[  786.572798][ T8760] R13: 0000000000000001 R14: 000000000000055c R15: 0000000000000004
[  786.584066][ T8760] memory: usage 307200kB, limit 307200kB, failcnt 3093
17:48:19 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000000005450, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

[  786.594609][ T8760] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  786.613151][ T8760] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
17:48:19 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000000005450, &(0x7f0000000380)=0x2)
close(r0)

17:48:19 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00000000000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:19 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x300000000000000)

17:48:19 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000000005016, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

[  786.645976][ T8760] Memory cgroup stats for /syz4: cache:120KB rss:220692KB rss_huge:176128KB shmem:168KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:16KB active_anon:220736KB inactive_file:0KB active_file:0KB unevictable:0KB
17:48:19 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x400000000000000)

[  786.723798][ T8760] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor4,pid=4049,uid=0
[  786.745047][ T8760] Memory cgroup out of memory: Kill process 4049 (syz-executor4) score 1106 or sacrifice child
[  786.780715][ T8760] Killed process 4049 (syz-executor4) total-vm:70532kB, anon-rss:2196kB, file-rss:33740kB, shmem-rss:0kB
17:48:19 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0x2c8)

17:48:19 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe00000000000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:19 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x500000000000000)

17:48:19 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x600000000000000)

17:48:19 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:19 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000]}, 0x2c8)

17:48:19 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000000005451, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:48:19 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000000005451, &(0x7f0000000380)=0x2)
close(r0)

17:48:19 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x800000000000000)

17:48:19 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1100000000000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:19 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000000005421, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:48:19 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000]}, 0x2c8)

17:48:20 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x3f00000000000000)

17:48:20 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1800000000000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:20 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x4000000000000000)

17:48:20 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2001001000000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:20 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5000000]}, 0x2c8)

17:48:20 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000]}, 0x2c8)

17:48:20 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000000005452, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:48:20 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000000005452, &(0x7f0000000380)=0x2)
close(r0)

17:48:20 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x7fffffffffffffff)

17:48:20 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000000000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:20 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000]}, 0x2c8)

17:48:20 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000000005450, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:48:20 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0xf4ffffff00000000)

17:48:20 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00000000000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:20 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000]}, 0x2c8)

17:48:20 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:20 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0xfbffffff00000000)

17:48:20 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5800000000000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:21 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000000005460, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:48:21 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000000005460, &(0x7f0000000380)=0x2)
close(r0)

17:48:21 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0xfdfdffff00000000)

17:48:21 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000000000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:21 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9000000]}, 0x2c8)

17:48:21 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000000005451, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:48:21 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6100000000000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:21 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0xffffffffffff0700)

17:48:21 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7800000000000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:21 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0xffffffffffffff7f)

17:48:21 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000]}, 0x2c8)

17:48:21 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0xffffffffffffffff)

17:48:21 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000040045010, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:48:21 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000040045010, &(0x7f0000000380)=0x2)
close(r0)

17:48:21 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8004020000000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:21 executing program 0:
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TCSETA(r1, 0x5406, &(0x7f0000000200)={0x573, 0xfffffffffffffff7, 0x20, 0x4, 0x1b, 0x0, 0x6, 0x4, 0xffffffff, 0x6})
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffff9c, 0x84, 0x6, &(0x7f0000000040)={<r2=>0x0, @in6={{0xa, 0x4e24, 0x100000000, @mcast1, 0x5}}}, &(0x7f0000000100)=0x84)
setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000140)={r2, @in={{0x2, 0x4e20, @rand_addr=0x1}}}, 0x84)
r3 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r3, 0x1261, 0x0)

17:48:21 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb000000]}, 0x2c8)

17:48:21 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000000005452, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:48:22 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8dffffff00000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:22 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x4)

17:48:22 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc000000]}, 0x2c8)

17:48:22 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa005000000000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:22 executing program 0:
r0 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x5, 0xa0400)
ioctl$BLKIOMIN(r0, 0x1278, &(0x7f0000000040))
r1 = syz_open_dev$loop(&(0x7f00000001c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r1, 0x1261, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000140)={0x6, 0xf800000000000000, 0xba, &(0x7f0000000080)="c4064573c0ecf83fce2e693a06af66c14c43d57314e05aa3be1fbc3de12760df30535e610e27637ad8a0a50782eff4736795f4b366a44ccf0eeaa2fe8664e8aafff0b9db24da85b226a779604e1b5c4548de2886898664f1c3b05c5ed15ff10ddd482ceb0dd39348696d2bffca363e11c661ff9aa7202483494c97e52da915928b66de3f183a0d0affd8e442704c43aeb8864efbe708c7de09073ec9688fe9fc8c7e45b26f7cdd4a2fbb6c4082a490f06d06748060fb4b17b814"})

17:48:22 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc805000000000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:22 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000040045017, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:48:22 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
r1 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x8, 0x2000)
ioctl$UI_BEGIN_FF_UPLOAD(r1, 0xc06855c8, &(0x7f0000000040)={0xd, 0x8, {0x55, 0x2, 0xde25, {0xea45, 0x3}, {0x0, 0x4}, @ramp={0x2, 0x78550f60, {0x9, 0x2, 0x8, 0x5}}}, {0x51, 0x3ff, 0x2, {0x9, 0x100}, {0x9, 0x101}, @ramp={0x2, 0x8, {0xffffffff, 0x1, 0x1, 0x10001}}}})
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)

17:48:22 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd000000]}, 0x2c8)

17:48:22 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000040045017, &(0x7f0000000380)=0x2)
close(r0)

17:48:22 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe803000000000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:22 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000000005460, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

[  790.066712][ T9022] syz-executor4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000
[  790.088303][ T9022] CPU: 0 PID: 9022 Comm: syz-executor4 Not tainted 5.0.0-rc1-next-20190108 #7
[  790.097180][ T9022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  790.107247][ T9022] Call Trace:
[  790.110545][ T9022]  dump_stack+0x1db/0x2d0
[  790.114886][ T9022]  ? dump_stack_print_info.cold+0x20/0x20
[  790.120647][ T9022]  ? check_preemption_disabled+0x48/0x290
[  790.126384][ T9022]  dump_header+0x1e6/0x116c
[  790.130900][ T9022]  ? add_lock_to_list.isra.0+0x450/0x450
[  790.136535][ T9022]  ? perf_trace_lock+0x750/0x750
[  790.141481][ T9022]  ? print_usage_bug+0xd0/0xd0
[  790.146254][ T9022]  ? pagefault_out_of_memory+0x1a1/0x1a1
[  790.151891][ T9022]  ? ___ratelimit+0x37c/0x686
[  790.156592][ T9022]  ? mark_held_locks+0xb1/0x100
[  790.161454][ T9022]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  790.167270][ T9022]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  790.173103][ T9022]  ? lockdep_hardirqs_on+0x415/0x5d0
[  790.178409][ T9022]  ? trace_hardirqs_on+0xbd/0x310
[  790.183437][ T9022]  ? kasan_check_read+0x11/0x20
[  790.188288][ T9022]  ? ___ratelimit+0x37c/0x686
[  790.188305][ T9022]  ? trace_hardirqs_off_caller+0x300/0x300
[  790.188334][ T9022]  ? do_raw_spin_trylock+0x270/0x270
[  790.188352][ T9022]  ? trace_hardirqs_on_caller+0x310/0x310
[  790.198834][ T9022]  ? lock_acquire+0x1db/0x570
[  790.198859][ T9022]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  790.198875][ T9022]  ? ___ratelimit+0xac/0x686
[  790.198907][ T9022]  ? idr_get_free+0xee0/0xee0
[  790.198923][ T9022]  ? lockdep_hardirqs_on+0x415/0x5d0
[  790.198949][ T9022]  oom_kill_process.cold+0x10/0x9ca
[  790.214587][ T9022]  ? cgroup_procs_next+0x70/0x70
[  790.214609][ T9022]  ? _raw_spin_unlock_irq+0x5e/0x90
[  790.214627][ T9022]  ? oom_badness+0xa50/0xa50
[  790.214649][ T9022]  ? oom_evaluate_task+0x540/0x540
[  790.214671][ T9022]  ? mem_cgroup_iter_break+0x30/0x30
[  790.229697][ T9022]  ? mutex_trylock+0x2d0/0x2d0
[  790.229714][ T9022]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  790.229746][ T9022]  ? rcu_read_unlock_special+0x380/0x380
[  790.229771][ T9022]  out_of_memory+0x885/0x1420
[  790.229805][ T9022]  ? mem_cgroup_iter+0x4f4/0xf50
[  790.245190][ T9022]  ? oom_killer_disable+0x340/0x340
[  790.245211][ T9022]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[  790.245229][ T9022]  ? lock_acquire+0x1db/0x570
[  790.245258][ T9022]  mem_cgroup_out_of_memory+0x160/0x210
[  790.265453][ T9022]  ? do_raw_spin_unlock+0xa0/0x330
[  790.265473][ T9022]  ? memory_oom_group_write+0x160/0x160
[  790.265489][ T9022]  ? do_raw_spin_trylock+0x270/0x270
[  790.265519][ T9022]  ? _raw_spin_unlock+0x2d/0x50
[  790.265539][ T9022]  try_charge+0x1457/0x1d00
[  790.265566][ T9022]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  790.265585][ T9022]  ? find_held_lock+0x35/0x120
[  790.348963][ T9022]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[  790.354512][ T9022]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  790.360757][ T9022]  ? lock_downgrade+0xbe0/0xbe0
[  790.365607][ T9022]  ? kasan_check_read+0x11/0x20
[  790.370455][ T9022]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  790.376439][ T9022]  ? rcu_read_unlock_special+0x380/0x380
[  790.382082][ T9022]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[  790.387628][ T9022]  __memcg_kmem_charge_memcg+0x7c/0x130
[  790.393173][ T9022]  ? memcg_kmem_put_cache+0xb0/0xb0
[  790.398368][ T9022]  ? lock_release+0xc40/0xc40
[  790.403050][ T9022]  __memcg_kmem_charge+0x136/0x300
[  790.408167][ T9022]  __alloc_pages_nodemask+0x7b8/0xdc0
[  790.413543][ T9022]  ? __alloc_pages_slowpath+0x2c60/0x2c60
[  790.419254][ T9022]  ? print_usage_bug+0xd0/0xd0
[  790.424031][ T9022]  ? add_lock_to_list.isra.0+0x450/0x450
[  790.429662][ T9022]  ? __lock_is_held+0xb6/0x140
[  790.434494][ T9022]  ? add_lock_to_list.isra.0+0x450/0x450
[  790.440115][ T9022]  ? __pmd_alloc+0x377/0x460
[  790.444701][ T9022]  ? find_held_lock+0x35/0x120
[  790.449462][ T9022]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  790.455708][ T9022]  alloc_pages_current+0x107/0x210
[  790.460820][ T9022]  pte_alloc_one+0x1b/0x1a0
[  790.465349][ T9022]  __do_fault+0x413/0x7b0
[  790.469693][ T9022]  ? do_raw_spin_unlock+0xa0/0x330
[  790.474805][ T9022]  ? do_page_mkwrite+0x740/0x740
[  790.479754][ T9022]  ? lockdep_init_map+0x10c/0x5b0
[  790.484780][ T9022]  ? _raw_spin_unlock+0x2d/0x50
[  790.489629][ T9022]  ? __pmd_alloc+0x37c/0x460
[  790.494239][ T9022]  __handle_mm_fault+0x3500/0x55a0
[  790.499362][ T9022]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  790.504904][ T9022]  ? check_preemption_disabled+0x48/0x290
[  790.510632][ T9022]  ? handle_mm_fault+0x3cc/0xc80
[  790.515583][ T9022]  ? lock_downgrade+0xbe0/0xbe0
[  790.520445][ T9022]  ? kasan_check_read+0x11/0x20
[  790.525292][ T9022]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  790.531285][ T9022]  ? rcu_read_unlock_special+0x380/0x380
[  790.536935][ T9022]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  790.543171][ T9022]  ? check_preemption_disabled+0x48/0x290
[  790.548890][ T9022]  handle_mm_fault+0x4ec/0xc80
[  790.553648][ T9022]  ? __handle_mm_fault+0x55a0/0x55a0
[  790.558922][ T9022]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  790.565154][ T9022]  ? vmacache_update+0x114/0x140
[  790.570099][ T9022]  __do_page_fault+0x5da/0xd60
[  790.574889][ T9022]  do_page_fault+0xe6/0x7d8
[  790.579389][ T9022]  ? trace_hardirqs_on_caller+0xc0/0x310
[  790.585041][ T9022]  ? vmalloc_sync_all+0x30/0x30
[  790.589885][ T9022]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  790.596035][ T9022]  ? syscall_return_slowpath+0x5f0/0x5f0
[  790.601696][ T9022]  ? prepare_exit_to_usermode+0x232/0x3b0
[  790.607410][ T9022]  ? page_fault+0x8/0x30
[  790.611676][ T9022]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  790.617221][ T9022]  ? page_fault+0x8/0x30
[  790.621459][ T9022]  page_fault+0x1e/0x30
[  790.625656][ T9022] RIP: 0033:0x4017b7
[  790.629601][ T9022] Code: 00 00 00 48 83 ec 08 48 8b 15 f5 ec 64 00 48 8b 05 e6 ec 64 00 48 39 d0 48 8d 8a 00 00 00 01 72 17 48 39 c8 73 12 48 8d 50 04 <89> 38 48 89 15 c8 ec 64 00 48 83 c4 08 c3 48 89 c6 bf c8 72 4c 00
[  790.649218][ T9022] RSP: 002b:00007ffcc29734a0 EFLAGS: 00010287
[  790.655296][ T9022] RAX: 0000001b2d320000 RBX: 0000000000000003 RCX: 0000001b2e320000
17:48:22 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mISDNtimer\x00', 0x40000, 0x0)

17:48:22 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xeffdffff00000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:22 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0xfffffffffffffffe)

17:48:22 executing program 0:
pipe2(&(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x4800)
ioctl$SG_GET_COMMAND_Q(r0, 0x2270, &(0x7f00000000c0))
dup3(0xffffffffffffff9c, 0xffffffffffffff9c, 0x80000)
ioctl$SG_GET_PACK_ID(r0, 0x227c, &(0x7f0000000100))
openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x40, 0x0)
r1 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r1, 0x1261, 0x0)

[  790.663273][ T9022] RDX: 0000001b2d320004 RSI: 00007ffcc2973250 RDI: 0000000000000000
[  790.671237][ T9022] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000004
[  790.679209][ T9022] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000000
[  790.687193][ T9022] R13: 0000000000000001 R14: 0000000000000568 R15: 0000000000000004
[  790.697851][ T9022] memory: usage 307200kB, limit 307200kB, failcnt 3131
[  790.716281][ T9022] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  790.723765][ T9022] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
17:48:23 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000040049409, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

[  790.766014][ T9022] Memory cgroup stats for /syz4: cache:120KB rss:219232KB rss_huge:174080KB shmem:168KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:16KB active_anon:219376KB inactive_file:0KB active_file:4KB unevictable:0KB
17:48:23 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf401000000000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:23 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000040049409, &(0x7f0000000380)=0x2)
close(r0)

[  790.835522][ T9022] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor4,pid=4672,uid=0
[  790.866748][ T9022] Memory cgroup out of memory: Kill process 4672 (syz-executor4) score 1106 or sacrifice child
17:48:23 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000040045010, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

[  790.878420][ T9022] Killed process 4672 (syz-executor4) total-vm:70532kB, anon-rss:2196kB, file-rss:33740kB, shmem-rss:0kB
17:48:23 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe000000]}, 0x2c8)

17:48:23 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf5ffffff00000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:23 executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x6, 0x20000)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x400000, 0x0)
ioctl$SIOCGSTAMPNS(r1, 0x8907, &(0x7f0000000100))

17:48:23 executing program 0:
r0 = dup3(0xffffffffffffffff, 0xffffffffffffff9c, 0x80000)
r1 = openat$cgroup_ro(r0, &(0x7f00000000c0)='memory.current\x00p\xf5\xfa\x91\xc2\v.\x87/, \xa2d\xb6\xc6g\xe8\xb0\xd7', 0x0, 0x0)
openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video36\x00', 0x2, 0x0)
getsockopt$inet_sctp_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0xb)
r2 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r2, 0x1261, 0xe6)

17:48:23 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfc00000000000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

[  791.192923][ T9077] syz-executor4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000
[  791.216808][ T9077] CPU: 0 PID: 9077 Comm: syz-executor4 Not tainted 5.0.0-rc1-next-20190108 #7
[  791.225670][ T9077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  791.235727][ T9077] Call Trace:
[  791.239065][ T9077]  dump_stack+0x1db/0x2d0
17:48:23 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdffffff00000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

[  791.243404][ T9077]  ? dump_stack_print_info.cold+0x20/0x20
[  791.249126][ T9077]  ? check_preemption_disabled+0x48/0x290
[  791.254861][ T9077]  dump_header+0x1e6/0x116c
[  791.254883][ T9077]  ? add_lock_to_list.isra.0+0x450/0x450
[  791.254897][ T9077]  ? perf_trace_lock+0x750/0x750
[  791.254919][ T9077]  ? print_usage_bug+0xd0/0xd0
[  791.265036][ T9077]  ? pagefault_out_of_memory+0x1a1/0x1a1
[  791.265054][ T9077]  ? ___ratelimit+0x37c/0x686
[  791.265077][ T9077]  ? mark_held_locks+0xb1/0x100
17:48:23 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe80000000000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

[  791.265104][ T9077]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  791.295695][ T9077]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  791.301510][ T9077]  ? lockdep_hardirqs_on+0x415/0x5d0
[  791.306820][ T9077]  ? trace_hardirqs_on+0xbd/0x310
[  791.311869][ T9077]  ? kasan_check_read+0x11/0x20
[  791.316727][ T9077]  ? ___ratelimit+0x37c/0x686
[  791.321437][ T9077]  ? trace_hardirqs_off_caller+0x300/0x300
[  791.327252][ T9077]  ? do_raw_spin_trylock+0x270/0x270
[  791.332542][ T9077]  ? trace_hardirqs_on_caller+0x310/0x310
[  791.338265][ T9077]  ? lock_acquire+0x1db/0x570
[  791.342951][ T9077]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  791.342967][ T9077]  ? ___ratelimit+0xac/0x686
[  791.342984][ T9077]  ? idr_get_free+0xee0/0xee0
[  791.342998][ T9077]  ? lockdep_hardirqs_on+0x415/0x5d0
[  791.343023][ T9077]  oom_kill_process.cold+0x10/0x9ca
[  791.358066][ T9077]  ? cgroup_procs_next+0x70/0x70
[  791.358088][ T9077]  ? _raw_spin_unlock_irq+0x5e/0x90
[  791.358106][ T9077]  ? oom_badness+0xa50/0xa50
[  791.358129][ T9077]  ? oom_evaluate_task+0x540/0x540
[  791.358146][ T9077]  ? mem_cgroup_iter_break+0x30/0x30
17:48:24 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfec0000000000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

[  791.358161][ T9077]  ? mutex_trylock+0x2d0/0x2d0
[  791.358181][ T9077]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  791.404694][ T9077]  ? rcu_read_unlock_special+0x380/0x380
[  791.410484][ T9077]  out_of_memory+0x885/0x1420
[  791.415171][ T9077]  ? mem_cgroup_iter+0x4f4/0xf50
[  791.420123][ T9077]  ? oom_killer_disable+0x340/0x340
[  791.425361][ T9077]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[  791.431184][ T9077]  ? lock_acquire+0x1db/0x570
[  791.435896][ T9077]  mem_cgroup_out_of_memory+0x160/0x210
[  791.441444][ T9077]  ? do_raw_spin_unlock+0xa0/0x330
[  791.446576][ T9077]  ? memory_oom_group_write+0x160/0x160
[  791.452125][ T9077]  ? do_raw_spin_trylock+0x270/0x270
[  791.457444][ T9077]  ? _raw_spin_unlock+0x2d/0x50
[  791.462286][ T9077]  try_charge+0x1457/0x1d00
[  791.466792][ T9077]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[  791.472370][ T9077]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  791.477917][ T9077]  ? lock_downgrade+0xbe0/0xbe0
[  791.482759][ T9077]  ? kasan_check_read+0x11/0x20
[  791.487607][ T9077]  ? rcu_read_unlock_special+0x380/0x380
[  791.493245][ T9077]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[  791.498775][ T9077]  ? get_mem_cgroup_from_page+0x190/0x190
[  791.504492][ T9077]  ? rcu_read_lock_sched_held+0x110/0x130
[  791.510219][ T9077]  mem_cgroup_try_charge+0x43a/0xdb0
[  791.515538][ T9077]  ? mem_cgroup_protected+0xa10/0xa10
[  791.521018][ T9077]  ? add_lock_to_list.isra.0+0x450/0x450
[  791.526675][ T9077]  ? alloc_set_pte+0x134a/0x1df0
[  791.531647][ T9077]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  791.537892][ T9077]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  791.544129][ T9077]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  791.549758][ T9077]  wp_page_copy+0x45a/0x1c70
[  791.554356][ T9077]  ? swp_swapcount+0x540/0x540
[  791.559127][ T9077]  ? __lock_acquire+0x572/0x4a10
[  791.564066][ T9077]  ? pmd_pfn+0x1d0/0x1d0
[  791.568308][ T9077]  ? find_held_lock+0x35/0x120
[  791.573094][ T9077]  ? do_wp_page+0x894/0x1e80
[  791.577689][ T9077]  ? kasan_check_read+0x11/0x20
[  791.582519][ T9077]  ? do_raw_spin_unlock+0xa0/0x330
[  791.587637][ T9077]  ? do_raw_spin_trylock+0x270/0x270
[  791.592917][ T9077]  ? print_usage_bug+0xd0/0xd0
[  791.597675][ T9077]  do_wp_page+0x89c/0x1e80
[  791.602096][ T9077]  ? finish_mkwrite_fault+0x4f0/0x4f0
[  791.607481][ T9077]  ? find_held_lock+0x35/0x120
[  791.612246][ T9077]  ? lock_acquire+0x1db/0x570
[  791.616951][ T9077]  ? __handle_mm_fault+0x1d80/0x55a0
[  791.622264][ T9077]  ? kasan_check_write+0x14/0x20
[  791.627210][ T9077]  ? do_raw_spin_lock+0x156/0x360
[  791.632221][ T9077]  ? lock_release+0xc40/0xc40
[  791.636902][ T9077]  ? rwlock_bug.part.0+0x90/0x90
[  791.641861][ T9077]  ? pmd_devmap_trans_unstable+0x1d0/0x1d0
[  791.647680][ T9077]  ? add_mm_counter_fast.part.0+0x40/0x40
[  791.653384][ T9077]  __handle_mm_fault+0x2c8e/0x55a0
[  791.658491][ T9077]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  791.664033][ T9077]  ? check_preemption_disabled+0x48/0x290
[  791.669740][ T9077]  ? handle_mm_fault+0x3cc/0xc80
[  791.674683][ T9077]  ? lock_downgrade+0xbe0/0xbe0
[  791.679512][ T9077]  ? kasan_check_read+0x11/0x20
[  791.684366][ T9077]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  791.690351][ T9077]  ? rcu_read_unlock_special+0x380/0x380
[  791.695981][ T9077]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  791.702210][ T9077]  ? check_preemption_disabled+0x48/0x290
[  791.707924][ T9077]  handle_mm_fault+0x4ec/0xc80
[  791.712686][ T9077]  ? __handle_mm_fault+0x55a0/0x55a0
[  791.717973][ T9077]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  791.724203][ T9077]  ? vmacache_update+0x114/0x140
[  791.729159][ T9077]  __do_page_fault+0x5da/0xd60
[  791.733948][ T9077]  do_page_fault+0xe6/0x7d8
[  791.738456][ T9077]  ? trace_hardirqs_on_caller+0xc0/0x310
[  791.744152][ T9077]  ? vmalloc_sync_all+0x30/0x30
[  791.749026][ T9077]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  791.755177][ T9077]  ? syscall_return_slowpath+0x5f0/0x5f0
[  791.760833][ T9077]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  791.767095][ T9077]  ? prepare_exit_to_usermode+0x232/0x3b0
[  791.772813][ T9077]  ? page_fault+0x8/0x30
[  791.777054][ T9077]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  791.782582][ T9077]  ? page_fault+0x8/0x30
[  791.786814][ T9077]  page_fault+0x1e/0x30
[  791.790964][ T9077] RIP: 0033:0x40b4c3
[  791.794840][ T9077] Code: 07 85 c0 0f 85 ed 00 00 00 83 c3 01 49 81 c6 a0 00 00 00 83 fb 10 0f 84 ce 00 00 00 41 80 7e f8 00 49 8d 6e f4 4d 89 f7 75 d4 <41> c6 46 f8 01 41 89 5e f4 4c 89 f7 41 c6 46 15 00 41 c7 46 fc 00
[  791.814429][ T9077] RSP: 002b:00007ffcc29734b0 EFLAGS: 00010246
[  791.820493][ T9077] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007ffcc2973558
[  791.828464][ T9077] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffffffffffff
[  791.836435][ T9077] RBP: 000000000073bf00 R08: 00007ffcc2973560 R09: 0000000000740090
17:48:24 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x8000004020940d, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:48:24 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeffffff00000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

[  791.844415][ T9077] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000005
[  791.852404][ T9077] R13: 0000000000000068 R14: 000000000073bf0c R15: 000000000073bf0c
17:48:24 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x8000004020940d, &(0x7f0000000380)=0x2)
close(r0)

17:48:24 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000040045017, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

[  791.905274][ T9077] memory: usage 307200kB, limit 307200kB, failcnt 3169
[  791.925610][ T9077] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  791.933135][ T9077] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  791.961501][ T9077] Memory cgroup stats for /syz4: cache:120KB rss:219348KB rss_huge:174080KB shmem:168KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:16KB active_anon:219376KB inactive_file:0KB active_file:0KB unevictable:0KB
[  791.985560][ T9077] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor4,pid=7136,uid=0
[  792.019437][ T9077] Memory cgroup out of memory: Kill process 7136 (syz-executor4) score 1106 or sacrifice child
[  792.049471][ T9077] Killed process 7136 (syz-executor4) total-vm:70532kB, anon-rss:2196kB, file-rss:33740kB, shmem-rss:0kB
17:48:24 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf000000]}, 0x2c8)

17:48:24 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0xffffeffffffffffc, 0x0)
ftruncate(r0, 0xa7)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x1)
r1 = fcntl$dupfd(r0, 0x406, r0)
getsockopt$ARPT_SO_GET_REVISION_TARGET(r1, 0x0, 0x63, &(0x7f0000000000)={'NETMAP\x00'}, &(0x7f0000000040)=0x1e)

17:48:24 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff00000000000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:24 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
r1 = creat(&(0x7f0000000000)='./file0\x00', 0x8)
r2 = syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x4b0ee7ce, 0x1)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000080)={r1, r2, 0xc}, 0x10)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000000c0)={{{@in6=@local}}, {{@in=@multicast1}}}, &(0x7f00000001c0)=0xe8)

17:48:24 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff000000000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:24 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x2864, 0x80000)
ioctl$sock_SIOCGIFCONF(r1, 0x8912, &(0x7f00000001c0)=@buf={0x68, &(0x7f0000000140)="195dc9fd327ed11c125ef724331bbde239e491bf1c2996be8712442fab9bafb84e3896cf9ee4dec8ea82a355816fbc90182ffdb46e2ca66cce12d1c3a46847553d359b4ad1437c678271e45a942430bd5a712483e641913c1c884f7668d493267a12f7534d38799c"})
ioctl$EVIOCGBITKEY(r1, 0x80404521, &(0x7f0000000040)=""/253)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)

17:48:25 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f00000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:25 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000, 0x0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:25 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000080044d76, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:48:25 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000]}, 0x2c8)

17:48:25 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000080044d76, &(0x7f0000000380)=0x2)
close(r0)

17:48:25 executing program 0:
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000300)={{{@in6=@local, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r0=>0x0}}, {{@in6=@initdev}, 0x0, @in=@remote}}, &(0x7f0000000400)=0xe8)
syz_mount_image$jfs(&(0x7f0000000040)='jfs\x00', &(0x7f00000000c0)='./file0\x00', 0x4, 0x3, &(0x7f0000000280)=[{&(0x7f0000000100)="959a9150d571979f1235b214b6796e6bdf78ab4387c1faaeaad817ea72c610359481cae9fcc816c55c70a543da1884120f68c5d4e7b8b545e34d6a63a34938b1d5f1348dfded739267aa3a64fe9e188660443437ce0a51be56403736fb49", 0x5e, 0x2}, {&(0x7f0000000180)="20390608745db16b43eecbec31fb269e9e67ea2e2897f4c640a2e66e877d832c3a947f68aaa8aafaf05eab68ef5ce88f6546a2b943ed1cc21d519a3711ca62d2e37a5094dda729b75e71429625b0961e4ea51ff060ede91966d55eee46dafcfe6c58234e3240c1eefff3", 0x6a, 0x8}, {&(0x7f0000000200)="bd85483de40e0855a711b66e6287951afee09062d9f049b2ac6028eda71debf703ff77d8db29817467c7597770b6cd673b521066803610622a2422daada262f10beaad4f8bd62dfc84841ed7505d50580f1c375502b046d85404bde3cb180d2c089bd9a530d7ef88c6956d", 0x6b, 0x6}], 0x8050, &(0x7f0000000440)=ANY=[@ANYBLOB='resize,resize=0x0@00000000000000,integrity,func=CREDS_CHECK,smackfsfloor=/dev/snd/pcmC#D#c\x00,fsname=,obj_role=system\x00,euid<', @ANYRESDEC=r0, @ANYBLOB='\x00\x00'])
r1 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x2, 0x202)
ioctl$BINDER_SET_MAX_THREADS(r1, 0x40046205, 0x0)
ioctl$EVIOCGEFFECTS(r1, 0x80044584, &(0x7f0000000500)=""/230)
r2 = syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x40000)
ioctl$LOOP_SET_BLOCK_SIZE(r2, 0x1261, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000700)='/dev/hwrng\x00', 0x8000, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r2, 0xae03, 0x7)
mount(&(0x7f0000000600)=@sg0='/dev/sg0\x00', &(0x7f0000000640)='./file0\x00', &(0x7f0000000680)='openpromfs\x00', 0x8, &(0x7f00000006c0)='\x00')

17:48:25 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xffffff7f]}}, 0x1c)

17:48:25 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000040049409, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:48:25 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xffffff7f]}}, 0x1c)

17:48:25 executing program 0:
syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x100000000, 0x10080)
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)

17:48:25 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0xffffff7f]}}, 0x1c)

17:48:25 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11000000]}, 0x2c8)

17:48:25 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x208400)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)

17:48:25 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0xffffff7f]}}, 0x1c)

17:48:25 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000080044df9, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:48:25 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
lsetxattr$security_smack_entry(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='security.SMACK64IPOUT\x00', &(0x7f0000000080)='/dev/loop#\x00', 0xb, 0x1)

17:48:26 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000080044df9, &(0x7f0000000380)=0x2)
close(r0)

17:48:26 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0xffffff7f]}}, 0x1c)

17:48:26 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12000000]}, 0x2c8)

17:48:26 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000000)={0x0, <r1=>0x0})
fsetxattr$trusted_overlay_opaque(r0, &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3)
sched_getattr(r1, &(0x7f0000000040), 0x30, 0x0)
r2 = fcntl$dupfd(r0, 0x406, r0)
getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r2, 0x84, 0x1e, &(0x7f0000000380), &(0x7f0000000400)=0x4)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000080)=0x8)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_AGP_INFO(r3, 0x80386433, &(0x7f0000000300)=""/111)

17:48:26 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x8000004020940d, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:48:26 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x5)

17:48:26 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0xffffff7f]}}, 0x1c)

17:48:26 executing program 0:
r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x801, 0x0)
accept$inet6(r0, 0x0, &(0x7f0000000040))
syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)

17:48:26 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0xffffff7f]}}, 0x1c)

17:48:26 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x13000000]}, 0x2c8)

17:48:26 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000080045002, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:48:26 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f0000000180)={{{@in=@loopback, @in6=@ipv4={[], [], @initdev}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}}, {{@in=@loopback}, 0x0, @in=@multicast2}}, &(0x7f0000000280)=0xe8)
getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f00000002c0)={{{@in=@multicast2, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in6=@initdev}, 0x0, @in6=@dev}}, &(0x7f0000000400)=0xe8)
mount$9p_virtio(&(0x7f00000000c0)='wlan0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='9p\x00', 0x400, &(0x7f0000000440)={'trans=virtio,', {[{@mmap='mmap'}, {@access_client='access=client'}, {@version_L='version=9p2000.L'}, {@cache_loose='cache=loose'}, {@noextend='noextend'}], [{@euid_gt={'euid>', r1}}, {@uid_eq={'uid', 0x3d, r2}}, {@obj_role={'obj_role', 0x3d, 'user,\xf9'}}]}})
ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x3ff, 0x12, 0x13, 0x4, "fbad095b078930bfba14b23cc259d2831e6efe52ef8ead5ddc9e40265df68592e4c2104e326f859718230c148c462e4609c694aad7018174ed3c555554e5a9ce", "d5db6cdb4551244017791482dca0f55bde22929561088a0e4bae32923173f890", [0x1000, 0x800]})
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)

17:48:26 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000080045002, &(0x7f0000000380)=0x2)
close(r0)

17:48:26 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0xffffff7f]}}, 0x1c)

17:48:26 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x14000000]}, 0x2c8)

17:48:26 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00')
setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r1, 0x84, 0x12, &(0x7f0000000040)=0x100000001, 0x4)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)

17:48:26 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000080044d76, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:48:26 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0xffffff7f]}}, 0x1c)

17:48:26 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
prctl$PR_MPX_DISABLE_MANAGEMENT(0x2c)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x9, 0x2000)
ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r1, 0x80045530, &(0x7f0000000040)=""/92)
ioctl$SCSI_IOCTL_BENCHMARK_COMMAND(r1, 0x3)

17:48:26 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0xffffff7f]}}, 0x1c)

17:48:26 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$FS_IOC_GETVERSION(r0, 0x80087601, &(0x7f0000000200))
ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r0)
getsockopt$IP_VS_SO_GET_SERVICES(r1, 0x0, 0x482, &(0x7f0000000140)=""/112, &(0x7f00000001c0)=0x70)
r2 = accept$unix(0xffffffffffffff9c, &(0x7f0000000000), &(0x7f0000000080)=0x6e)
connect(r1, &(0x7f00000000c0)=@pppol2tp={0x18, 0x1, {0x0, r2, {0x2, 0x4e21, @broadcast}, 0x3, 0x1, 0x1, 0x2}}, 0x80)
r3 = syz_open_dev$media(&(0x7f0000000240)='/dev/media#\x00', 0x46, 0x400000)
fstat(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, <r4=>0x0})
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000400)={{{@in6=@remote, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}}, {{@in=@remote}, 0x0, @in=@initdev}}, &(0x7f0000000340)=0xe8)
sendmsg$nl_generic(r3, &(0x7f0000000a40)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000500)=ANY=[@ANYBLOB="100500002c00100425bd7000fedbdf251a000000c4016000d8dd84e6e0ef503f5856df653acc5cb5180295694d223dab5acab4e975bffb160302b47f9754dd741be988ed50e19679dcbe58d880aba291a4437dfce3ef6e1190131ba25a3000a95b58c2067e8787cf071291e95af277eca108d2d1f6f567a2dce6c310d7f36c57338f5c5dcdec60b0a5039bc4506d16feccb33bc6195471d12aebfe04009500906971b9df92ea9bd80f45662e4e8180d9904c2e9566398555f961af6f86d8fa2bf5253cbba1306e0b3e933454f83dfc7b8301282d9b0b187fd5e77d8aff396bc633f18b69f52111a72455565894cb556c5bf70791b0cd6fbc4fb5185bdaeaf97a8220da98e3225c49f969ff9636d1668b0405b502e89550cda6f452e1f41e8e7320927d241915d68d4ac680afe5e25b09f182c63b87c15483da4338caa533a918778198503febf325e86774036c851a1e40510d493e14d20baf87016844dd31f90150c64a8042e4a0d645841362e7ecbbe3d1a3a71dc19f92d48d2d84cc5f96307ede9e38740d6c70836823b234913aedaf6192e529d58a1cfc7fd262351425fb47f322582dfde60527ff7049aa5c34849d2bd5a247a07a73457e541dd2f61007596cde5f0a345dd11c20f7a7f5cee64c3e8eb370f231cc00f7e30ba7ebab261235bf36eff5edbf086cebba7c56a3dd4baa2caf0a60d27b475347639d03c51f4e683ee211070000000000000019537baa2352976e9f530481f7464209ab1ced4e2e844f90437a875ca3670ba3d86b7cade8a9dae217994e4253c1f6058f209c51c09b1b5edd398f39c5a6b34e67781c5652d5f55fd2c9c117f49966a6a291844829ebce24f5c25bf0757da79c34105f3c1d23ff99457a0a2368c2bfbcb2a1a458919ebe20c354126ce20af8e7481e1ecec034b251ccc4480413c518020500a6be56afd30b906ce702c57ba928341077ee81f2e8354c64075693203d4523873d831d71c17506866c6426583e0fb038f8966c8e0da5c181211258e224411c1cca8eefb754591effdc935aeccc225eb91c7e3245fc552c353535c8e7823cf4718e21fcc72dd8b0cc992b58d4bd3743c17b0be7aef47d72c94332d9b7f966ae59370dce111e57a2a077690b5c0716decbeb893befa49ae88c4c71eb17a4e270698a1b2deea795a090adc9e999f6ee36f751a8cc32c1ae2a6acd31a697394b12801ef19cb7add1699c360f55a3dc613638d6278f418bd34da41ae4a3196012a49e984b36873ea1ffc0a0b61e0020a577b42cbc07804a5ef61608f7dc8f16c9c4982dbfbef3b13d8a6e38c90ffbec0cd555cf220748d9f93b3dfee4b55bcbb1a13d200c36044b025fcd4c7c20bb60b91fc29fe0af3082a53d0bfacb3818496152ec687e1a46d0b5b21ac90963e11cef7bf0588ab1d3600b6a2e23b668b70c751a9a24e9b7250509b7dff295150800410000000000", @ANYRES32=r4, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=r5, @ANYBLOB="901191397fe2c48275102ae1b79109a3aa014593bc4986a496a5ad4d2907f03416e91ff5c5be9ba2c49979f95a15dd0d74a28b028c863b184f6f75d1944cc953343a81f4e406af773e4c33d85df1ead6a51a1c16f38b145ff36f38cc20566e26ecf07a5e32e3aab30c8b2089a23c668fe64ee9ab55ec0e953186e00a2635541282c3aca16a0000c239c8c7adbc9a25692a54d30b37111f194168c0747e629a749899c3d3a634c4e372f66ff8345d7dd5651c0c4b5fda4ed98052630fd7b13cbd9107678048af51aaf3ecd47e368fa0ab551c4c5e47c78f2a8dab4a2911356544e6f8d64500"], 0x510}, 0x1, 0x0, 0x0, 0xd1c08c7d4727120d}, 0x4000004)

17:48:26 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x15000000]}, 0x2c8)

17:48:27 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000080045005, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:48:27 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0xffffff7f]}}, 0x1c)

17:48:27 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000080045005, &(0x7f0000000380)=0x2)
close(r0)

17:48:27 executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x3)
fcntl$F_GET_RW_HINT(r0, 0x40b, &(0x7f0000000000))

17:48:27 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18000000]}, 0x2c8)

17:48:27 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0xffffff7f]}}, 0x1c)

17:48:27 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000080044df9, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:48:27 executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip6_tables_names\x00')
getsockopt$inet_sctp_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f0000000040), &(0x7f0000000080)=0x4)
r1 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r1, 0x1261, 0x0)

17:48:27 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, 0xffffff7f]}}, 0x1c)

17:48:27 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30, 0x0, 0xffffff7f]}}, 0x1c)

17:48:27 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000]}, 0x2c8)

17:48:27 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x1, 0x2)
mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x38)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0xfffffffffffffffe)
ioctl$EVIOCGBITSW(r1, 0x80404525, &(0x7f0000000080)=""/37)

17:48:27 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000080045006, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:48:27 executing program 0:
socket$vsock_stream(0x28, 0x1, 0x0)
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
r1 = open(&(0x7f00000000c0)='./file0\x00', 0x80, 0x108)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r1, 0xc05c5340, &(0x7f0000000040)={0x54, 0x7, 0xfe6, {0x77359400}, 0x8ada, 0x8})
r2 = shmget$private(0x0, 0x3000, 0x2, &(0x7f0000ffd000/0x3000)=nil)
shmctl$SHM_UNLOCK(r2, 0xc)
ioctl$TUNSETVNETBE(r1, 0x400454de, &(0x7f0000000000)=0x1)
semctl$SEM_STAT(r2, 0x3, 0x12, &(0x7f0000000100)=""/65)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)

17:48:27 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000080045006, &(0x7f0000000380)=0x2)
close(r0)

17:48:27 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x0, 0xffffff7f]}}, 0x1c)

17:48:27 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}, 0x2c8)

17:48:27 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x80)

17:48:27 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000080045002, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:48:28 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x0, 0xffffff7f]}}, 0x1c)

17:48:28 executing program 0:
r0 = dup3(0xffffffffffffff9c, 0xffffffffffffff9c, 0x0)
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000100)={<r1=>0x0, @remote, @multicast1}, &(0x7f0000000140)=0xc)
getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000180)={{{@in=@dev, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in6}}}, &(0x7f0000000280)=0xe8)
setsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f00000002c0)={{{@in6=@initdev={0xfe, 0x88, [], 0x0, 0x0}, @in=@rand_addr=0x5, 0x4e24, 0x0, 0x4e23, 0x5, 0xa, 0xa0, 0x20, 0x2c, r1, r2}, {0x5, 0x7fff, 0x0, 0x42a, 0x72, 0x80000000, 0x6, 0x7}, {0xa3, 0x200, 0x4, 0x1eca}, 0x1a98, 0x6e6bbe, 0x0, 0x1, 0x3}, {{@in=@remote, 0x4d2, 0xff}, 0xa, @in=@loopback, 0x2, 0x6, 0x2, 0x1, 0x2b57cd23, 0x8116c40000000000}}, 0xe8)
ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f0000000000)={'veth1_to_bridge\x00', 0x5})
ioctl$LOOP_CLR_FD(r0, 0x4c01)
r3 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r3, 0x1261, 0x0)

17:48:28 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61, 0x0, 0xffffff7f]}}, 0x1c)

17:48:28 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
dup3(r0, r0, 0x80000)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)

17:48:28 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000]}, 0x2c8)

17:48:28 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000080045007, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:48:28 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x78, 0x0, 0xffffff7f]}}, 0x1c)

17:48:28 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000080045007, &(0x7f0000000380)=0x2)
close(r0)

17:48:28 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0xffffffffffffffff)

17:48:28 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfc, 0x0, 0xffffff7f]}}, 0x1c)

17:48:28 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000]}, 0x2c8)

17:48:28 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000080045005, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:48:28 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x103, 0x0, 0xffffff7f]}}, 0x1c)

17:48:28 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
ioctl$DRM_IOCTL_AGP_RELEASE(r0, 0x6431)
socket$bt_hidp(0x1f, 0x3, 0x6)
r1 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x1, 0xa000)
getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffff9c, 0x84, 0x77, &(0x7f0000000040)={<r2=>0x0, 0x1fd, 0x2, [0x4, 0x3]}, &(0x7f0000000080)=0xc)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f00000000c0)={r2, 0xcb}, &(0x7f0000000100)=0x8)

17:48:28 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f4, 0x0, 0xffffff7f]}}, 0x1c)

17:48:28 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0xfffffffffffffffc)

17:48:28 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000]}, 0x2c8)

17:48:29 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x8000008004500b, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:48:29 executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x20000)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
r1 = syz_open_dev$midi(&(0x7f0000000080)='/dev/midi#\x00', 0xab5, 0x0)
ioctl$SG_SET_FORCE_PACK_ID(r1, 0x227b, &(0x7f00000000c0)=0x1)

17:48:29 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x8000008004500b, &(0x7f0000000380)=0x2)
close(r0)

17:48:29 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300, 0x0, 0xffffff7f]}}, 0x1c)

17:48:29 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000]}, 0x2c8)

17:48:29 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x2, 0x20401)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
poll(&(0x7f0000000000)=[{r0, 0x2000}, {r0, 0x1000}], 0x2, 0x4)
ioctl$BLKTRACESTART(r0, 0x1274, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x7)

17:48:29 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000080045006, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

[  796.772101][ T9457] syz-executor4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=0
[  796.815424][ T9457] CPU: 1 PID: 9457 Comm: syz-executor4 Not tainted 5.0.0-rc1-next-20190108 #7
[  796.824288][ T9457] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  796.824300][ T9457] Call Trace:
[  796.837675][ T9457]  dump_stack+0x1db/0x2d0
[  796.842017][ T9457]  ? dump_stack_print_info.cold+0x20/0x20
[  796.847754][ T9457]  ? check_preemption_disabled+0x48/0x290
[  796.853494][ T9457]  dump_header+0x1e6/0x116c
[  796.858002][ T9457]  ? add_lock_to_list.isra.0+0x450/0x450
[  796.863641][ T9457]  ? perf_trace_lock+0x750/0x750
[  796.868607][ T9457]  ? print_usage_bug+0xd0/0xd0
[  796.868639][ T9457]  ? pagefault_out_of_memory+0x1a1/0x1a1
[  796.868667][ T9457]  ? ___ratelimit+0x37c/0x686
[  796.868706][ T9457]  ? mark_held_locks+0xb1/0x100
[  796.868726][ T9457]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  796.868762][ T9457]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  796.888655][ T9457]  ? lockdep_hardirqs_on+0x415/0x5d0
[  796.900269][ T9457]  ? trace_hardirqs_on+0xbd/0x310
[  796.910556][ T9457]  ? kasan_check_read+0x11/0x20
17:48:29 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x301, 0x0, 0xffffff7f]}}, 0x1c)

[  796.915426][ T9457]  ? ___ratelimit+0x37c/0x686
[  796.920128][ T9457]  ? trace_hardirqs_off_caller+0x300/0x300
[  796.925940][ T9457]  ? do_raw_spin_trylock+0x270/0x270
[  796.931236][ T9457]  ? trace_hardirqs_on_caller+0x310/0x310
[  796.936946][ T9457]  ? lock_acquire+0x1db/0x570
[  796.941634][ T9457]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  796.947446][ T9457]  ? ___ratelimit+0xac/0x686
[  796.952037][ T9457]  ? idr_get_free+0xee0/0xee0
[  796.956728][ T9457]  ? lockdep_hardirqs_on+0x415/0x5d0
17:48:29 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3e8, 0x0, 0xffffff7f]}}, 0x1c)

[  796.962030][ T9457]  oom_kill_process.cold+0x10/0x9ca
[  796.967238][ T9457]  ? cgroup_procs_next+0x70/0x70
[  796.972182][ T9457]  ? _raw_spin_unlock_irq+0x5e/0x90
[  796.977400][ T9457]  ? oom_badness+0xa50/0xa50
[  796.982012][ T9457]  ? oom_evaluate_task+0x540/0x540
[  796.987129][ T9457]  ? mem_cgroup_iter_break+0x30/0x30
[  796.992413][ T9457]  ? mutex_trylock+0x2d0/0x2d0
[  796.997182][ T9457]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  797.003459][ T9457]  ? rcu_read_unlock_special+0x380/0x380
[  797.009104][ T9457]  out_of_memory+0x885/0x1420
[  797.009124][ T9457]  ? mem_cgroup_iter+0x4f4/0xf50
[  797.009146][ T9457]  ? oom_killer_disable+0x340/0x340
[  797.009168][ T9457]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[  797.018762][ T9457]  ? lock_acquire+0x1db/0x570
[  797.018792][ T9457]  mem_cgroup_out_of_memory+0x160/0x210
[  797.018807][ T9457]  ? do_raw_spin_unlock+0xa0/0x330
[  797.018847][ T9457]  ? memory_oom_group_write+0x160/0x160
[  797.018883][ T9457]  ? do_raw_spin_trylock+0x270/0x270
[  797.056002][ T9457]  ? _raw_spin_unlock+0x2d/0x50
[  797.060867][ T9457]  try_charge+0x1457/0x1d00
17:48:29 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500, 0x0, 0xffffff7f]}}, 0x1c)

17:48:29 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5a0, 0x0, 0xffffff7f]}}, 0x1c)

[  797.065375][ T9457]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[  797.070959][ T9457]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  797.076507][ T9457]  ? lock_downgrade+0xbe0/0xbe0
[  797.081368][ T9457]  ? kasan_check_read+0x11/0x20
[  797.086232][ T9457]  ? rcu_read_unlock_special+0x380/0x380
[  797.091896][ T9457]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[  797.097469][ T9457]  ? get_mem_cgroup_from_page+0x190/0x190
[  797.103203][ T9457]  ? rcu_read_lock_sched_held+0x110/0x130
[  797.108942][ T9457]  mem_cgroup_try_charge+0x43a/0xdb0
17:48:29 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c8, 0x0, 0xffffff7f]}}, 0x1c)

[  797.114249][ T9457]  ? mem_cgroup_protected+0xa10/0xa10
[  797.119632][ T9457]  ? check_preemption_disabled+0x48/0x290
[  797.125370][ T9457]  ? __lock_acquire+0x572/0x4a10
[  797.130326][ T9457]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  797.136574][ T9457]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  797.142833][ T9457]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  797.148476][ T9457]  wp_page_copy+0x45a/0x1c70
[  797.153084][ T9457]  ? swp_swapcount+0x540/0x540
[  797.157858][ T9457]  ? __lock_acquire+0x572/0x4a10
[  797.162814][ T9457]  ? pmd_pfn+0x1d0/0x1d0
[  797.167084][ T9457]  ? find_held_lock+0x35/0x120
[  797.171864][ T9457]  ? do_wp_page+0x894/0x1e80
[  797.176459][ T9457]  ? delayacct_end+0xc9/0x100
[  797.181152][ T9457]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  797.187405][ T9457]  ? kasan_check_read+0x11/0x20
[  797.192279][ T9457]  ? do_raw_spin_unlock+0xa0/0x330
[  797.197400][ T9457]  ? do_raw_spin_trylock+0x270/0x270
[  797.202723][ T9457]  ? print_usage_bug+0xd0/0xd0
[  797.207498][ T9457]  do_wp_page+0x89c/0x1e80
[  797.211913][ T9457]  ? finish_mkwrite_fault+0x4f0/0x4f0
[  797.217270][ T9457]  ? lock_acquire+0x1db/0x570
[  797.221932][ T9457]  ? __handle_mm_fault+0x1d80/0x55a0
[  797.227205][ T9457]  ? kasan_check_write+0x14/0x20
[  797.232121][ T9457]  ? do_raw_spin_lock+0x156/0x360
[  797.237123][ T9457]  ? lock_release+0xc40/0xc40
[  797.241790][ T9457]  ? rwlock_bug.part.0+0x90/0x90
[  797.246721][ T9457]  ? pmd_devmap_trans_unstable+0x1d0/0x1d0
[  797.252527][ T9457]  ? add_mm_counter_fast.part.0+0x40/0x40
[  797.258235][ T9457]  __handle_mm_fault+0x2c8e/0x55a0
[  797.263341][ T9457]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  797.268895][ T9457]  ? check_preemption_disabled+0x48/0x290
[  797.274646][ T9457]  ? handle_mm_fault+0x3cc/0xc80
[  797.279585][ T9457]  ? lock_downgrade+0xbe0/0xbe0
[  797.284413][ T9457]  ? kasan_check_read+0x11/0x20
[  797.289245][ T9457]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  797.295207][ T9457]  ? rcu_read_unlock_special+0x380/0x380
[  797.300837][ T9457]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  797.307082][ T9457]  ? check_preemption_disabled+0x48/0x290
[  797.312800][ T9457]  handle_mm_fault+0x4ec/0xc80
[  797.317566][ T9457]  ? __handle_mm_fault+0x55a0/0x55a0
[  797.322838][ T9457]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  797.329056][ T9457]  ? vmacache_update+0x114/0x140
[  797.333983][ T9457]  __do_page_fault+0x5da/0xd60
[  797.338733][ T9457]  do_page_fault+0xe6/0x7d8
[  797.343215][ T9457]  ? trace_hardirqs_on_caller+0xc0/0x310
[  797.348849][ T9457]  ? vmalloc_sync_all+0x30/0x30
[  797.353681][ T9457]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  797.359818][ T9457]  ? prepare_exit_to_usermode+0x232/0x3b0
[  797.365525][ T9457]  ? page_fault+0x8/0x30
[  797.369751][ T9457]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  797.375296][ T9457]  ? page_fault+0x8/0x30
[  797.379580][ T9457]  page_fault+0x1e/0x30
[  797.383714][ T9457] RIP: 0033:0x4564ce
[  797.387603][ T9457] Code: 00 00 85 c0 41 89 c5 0f 85 fc 00 00 00 64 8b 04 25 d0 02 00 00 41 39 c4 0f 84 12 02 00 00 48 8b 05 77 02 60 00 48 85 c0 74 04 <48> 83 00 04 64 8b 04 25 d0 02 00 00 64 89 04 25 d4 02 00 00 0f 31
[  797.407201][ T9457] RSP: 002b:00007ffcc2973600 EFLAGS: 00010206
[  797.413246][ T9457] RAX: 0000000000a56248 RBX: 00007ffcc2973600 RCX: 000000000045649a
[  797.421198][ T9457] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[  797.429150][ T9457] RBP: 00007ffcc2973640 R08: 0000000000000001 R09: 0000000001f21940
[  797.437099][ T9457] R10: 0000000001f21c10 R11: 0000000000000246 R12: 0000000000000001
[  797.445077][ T9457] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000004
17:48:30 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x8000008004500f, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:48:30 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600, 0x0, 0xffffff7f]}}, 0x1c)

17:48:30 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x8000008004500f, &(0x7f0000000380)=0x2)
close(r0)

17:48:30 executing program 0:
syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x800)
r0 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
setxattr$security_evm(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='security.evm\x00', &(0x7f0000000100)=@md5={0x1, "287718e626f7063ef29925d906668e25"}, 0x11, 0x3)

[  797.645054][ T9457] memory: usage 307200kB, limit 307200kB, failcnt 3206
[  797.652425][ T9457] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  797.686066][ T9457] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  797.703105][ T9457] Memory cgroup stats for /syz4: cache:120KB rss:217876KB rss_huge:172032KB shmem:168KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:16KB active_anon:217996KB inactive_file:8KB active_file:0KB unevictable:0KB
[  797.727733][ T9457] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor4,pid=8464,uid=0
[  797.743686][ T9457] Memory cgroup out of memory: Kill process 8464 (syz-executor4) score 1106 or sacrifice child
[  797.754537][ T9457] Killed process 8464 (syz-executor4) total-vm:70532kB, anon-rss:2196kB, file-rss:33740kB, shmem-rss:0kB
[  797.767868][ T1043] oom_reaper: reaped process 8464 (syz-executor4), now anon-rss:0kB, file-rss:32780kB, shmem-rss:0kB
17:48:30 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500000000000000]}, 0x2c8)

17:48:30 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000080045007, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:48:30 executing program 0:
r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x4000, 0x0)
getsockopt$netrom_NETROM_IDLE(r0, 0x103, 0x7, &(0x7f0000000040)=0x6, &(0x7f0000000080)=0x4)
openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcs\x00', 0x1, 0x0)
setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000000100)="f02f346bd81668e0260000001800", 0x5)
syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)

17:48:30 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0xffffff7f]}}, 0x1c)

17:48:30 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x612e00)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={<r1=>0x0, 0xffffffffffffffff, 0x0, 0x15, &(0x7f0000000000)='-vmnet1selfsecurity(\x00', 0xffffffffffffffff}, 0x30)
select(0x40, &(0x7f0000000c00)={0x7, 0x4, 0xe3, 0xff, 0x9, 0x2a9b, 0xffffffffffffffd0, 0x2}, &(0x7f0000000c40)={0xed, 0x6, 0x2, 0x3, 0x9, 0x5, 0x4, 0x27}, &(0x7f0000000c80)={0x0, 0x9, 0x20, 0x5, 0x9, 0x6, 0x6, 0x20000006}, &(0x7f0000000cc0))
process_vm_writev(r1, &(0x7f0000000340)=[{&(0x7f0000000080)=""/246, 0xf6}, {&(0x7f0000000180)=""/183, 0xb7}, {&(0x7f0000000240)=""/160, 0xa0}, {&(0x7f0000000300)=""/10, 0xa}, {&(0x7f0000000400)=""/228, 0xe4}, {&(0x7f0000000500)=""/131, 0x83}, {&(0x7f00000005c0)=""/189, 0xbd}], 0x7, &(0x7f0000000b40)=[{&(0x7f0000000680)=""/158, 0x9e}, {&(0x7f0000000740)=""/100, 0x64}, {&(0x7f00000007c0)=""/8, 0x8}, {&(0x7f0000000800)=""/151, 0x97}, {&(0x7f00000008c0)=""/61, 0x3d}, {&(0x7f0000000900)=""/243, 0xf3}, {&(0x7f0000000a00)=""/30, 0x1e}, {&(0x7f0000000a40)=""/76, 0x4c}, {&(0x7f0000000ac0)=""/126, 0x7e}], 0x9, 0x0)
socketpair(0x9, 0xf, 0xffffffff, &(0x7f0000000d00)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
write$cgroup_int(r0, &(0x7f00000010c0)=0x855e, 0x12)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000d80)='TIPC\x00')
sendmsg$TIPC_CMD_SET_LINK_PRI(r3, &(0x7f0000000e80)={&(0x7f0000000d40)={0x10, 0x0, 0x0, 0x10080000}, 0xc, &(0x7f0000000e40)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="68201480", @ANYRES16=r4, @ANYBLOB="21002dbd7000fedbdf25010000000000000008410000004c0018000000006962000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x68}, 0x1, 0x0, 0x0, 0x20044000}, 0x4000)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r3, 0x84, 0x66, &(0x7f0000000ec0)={<r5=>0x0, 0x8}, &(0x7f0000000f00)=0x8)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r3, 0x84, 0x6, &(0x7f0000000f40)={r5, @in={{0x2, 0x4e22, @broadcast}}}, &(0x7f0000001000)=0x84)
r6 = open(&(0x7f0000001040)='./file0\x00', 0x400, 0x1a2)
ioctl$KDGKBMETA(r6, 0x4b62, &(0x7f0000001080))
ioctl$sock_FIOSETOWN(r2, 0x8901, &(0x7f0000001100)=r1)

17:48:30 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900, 0x0, 0xffffff7f]}}, 0x1c)

17:48:30 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$IOC_PR_PREEMPT(r0, 0x401870cb, &(0x7f0000000000)={0x800000000000, 0x7f, 0x800, 0x7d})
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)

17:48:30 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00, 0x0, 0xffffff7f]}}, 0x1c)

17:48:30 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000080045010, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:48:30 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600000000000000]}, 0x2c8)

17:48:30 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TIOCMGET(r1, 0x5415, &(0x7f0000000080))
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x8000, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0x4008af12, &(0x7f00000000c0)={0x2, 0x4})
ioctl$VHOST_SET_OWNER(r2, 0xaf01, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)

17:48:30 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000080045010, &(0x7f0000000380)=0x2)
close(r0)

17:48:30 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe00, 0x0, 0xffffff7f]}}, 0x1c)

17:48:31 executing program 0:
r0 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x9, 0x100)
r1 = open(&(0x7f0000000040)='./file0\x00', 0x84000, 0x0)
ioctl$LOOP_SET_FD(r0, 0x4c00, r1)
r2 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r2, 0x1261, 0x0)

17:48:31 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x8000008004500b, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:48:31 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1100, 0x0, 0xffffff7f]}}, 0x1c)

17:48:31 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000]}, 0x2c8)

17:48:31 executing program 0:
r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000100)='/dev/btrfs-control\x00', 0x200002, 0x0)
pwrite64(r0, &(0x7f00000001c0)="1b277a41795bfe96ade00381d7f7040f11a2c87ca9c6a8ce01398a5ef1708729e53096d1faaddebf25d822e4f7da9ca86307975fcd04c65f66edb638c3884faf009452420ea948bbabb7705d4fbeefab5e46d5990dd9e7bf84f69bf8eaae1da06ee78cb1ec675cf6a9402dba54a1f67cce33310d82dc5a941692fe8a58ff3c19f9d434cd0b37667deade4778d8e97fac90564b79a616403d5b59aeb593ff2bfc701b3afccf2d021833b7f1a3baa76f0b14b0a65bd5ade10b47840b3d41c38044", 0xc0, 0x0)
ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(r0, 0xc0305615, &(0x7f0000000140)={0x0, {0x0, 0x8001}})
r1 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r1, 0x1261, 0x0)
ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xd33, 0x1, 0x0, 0x0, 0x14, 0x1, "e5e5331d4a2ccf36abf1001fd879f2f9a93a3c49fe93a2edd046d9668993c736ab8fa38c45188eef2a857ea607e2cc5a42bfcb4483bab7cafba5ef75b92d2d52", "b2928d369084cabcde86eda0e1bec38ee466310f69604a8be11fc57b993530d1299602d62372d8076caa7a5076cca04770885ce3ae8221290fd3add35eb629cc", "7c23dfc9b8cd4b78736013c2a21bf41353e1acbb7d1a7ed7b8dd9b75323d8f0c", [0x9, 0x7]})
ioctl$EVIOCSCLOCKID(r0, 0x400445a0, &(0x7f0000000180)=0x100000001)

17:48:31 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1800, 0x0, 0xffffff7f]}}, 0x1c)

17:48:31 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:31 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000080045017, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:48:31 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000000000]}, 0x2c8)

17:48:31 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00, 0x0, 0xffffff7f]}}, 0x1c)

17:48:31 executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0xfffffffffffffffc, 0x800003c)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)

17:48:31 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000080045017, &(0x7f0000000380)=0x2)
close(r0)

17:48:31 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:31 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x8000008004500f, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:48:31 executing program 0:
iopl(0x4)
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)

17:48:31 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5800, 0x0, 0xffffff7f]}}, 0x1c)

17:48:31 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900000000000000]}, 0x2c8)

17:48:31 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:31 executing program 0:
r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x9, 0x400)
ioctl$IMGETDEVINFO(r0, 0x80044944, &(0x7f0000000040)={0x7})
r1 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r1, 0x1261, 0x0)

17:48:32 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000800c5011, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:48:32 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6100, 0x0, 0xffffff7f]}}, 0x1c)

17:48:32 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ubi_ctrl\x00', 0x20000, 0x0)
setsockopt$RXRPC_SECURITY_KEY(r1, 0x110, 0x1, &(0x7f0000000140)='*system,#5vboxnet0+@*}\x00', 0x17)
ioctl$DRM_IOCTL_AGP_INFO(0xffffffffffffffff, 0x80386433, &(0x7f0000000040)=""/215)

17:48:32 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00000000000000]}, 0x2c8)

17:48:32 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000800c5011, &(0x7f0000000380)=0x2)
close(r0)

17:48:32 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7800, 0x0, 0xffffff7f]}}, 0x1c)

17:48:32 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000080045010, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:48:32 executing program 0:
r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/capi/capi20ncci\x00', 0x10401, 0x0)
r1 = syz_open_dev$video(&(0x7f0000000140)='/dev/video#\x00', 0x1, 0x2000)
sendmsg$nl_generic(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x640000c}, 0xc, &(0x7f0000000180)={&(0x7f0000000400)={0x255c, 0x34, 0x800, 0x70bd2c, 0x25dfdbfd, {0x1f}, [@typed={0x8, 0x2e, @str='*,\\\x00'}, @generic="9913ad91f48b75612eecaa155447ca25a296edf4eb1e1dfdce143861415dafe2aae899b8421623fb73e29928504a52cc18b1d6d56a881905b929758714caf847559754bf2b26caa19263dd0e066f8012ff7591c15262ba073e03ef061eeca8f22e7e1d7f924ae2f874aa4fda37f4d0ab14c15686aa3460bdf59308c66c890b307fa325677a5d0efa27ced95d88424f35f4f3b2a0f5d77b43231e023280c20fd365742d52587003ed75daa4483698d01e99b19424b14ac26b121b587b2dd248", @generic="0d2ae983d44a2f3c4263ae3aaa43ab799f85459718897eaa97e0e559186338d5924beddd7780902ee9", @typed={0xc, 0x3e, @u64=0x81}, @nested={0x2260, 0x81, [@generic="71862b2809b30899479297c046c7392be3a8e638759652ef2f7f278f86ef7213dfd7210609a475ab10ec260397bb672f9dd73e6f523e453634ebca62719d26bd4ced26a769b06093d9857cb66f631fad53d0fd615bbb5d604d99606ddf06dced46842933b29bdbeeac995a75b7558a1a1684e33cd181d320eb8ab183ea3b4bdc1ed8f685236a050a410a18fab53d95c1d32b7eeaae51a3b30ba095e607906cf376053be18ac634577aa6edc7907e18c0fc8d5c5f8c4f7d46d6d20349ba73a457271e8165c97a400bee4f78042efcaecf3ff9fd85831ddd", @generic="c84100a12e49463318400fe2f828e236e132fb749b04c58152160bdf904dcb9a08aa642adf38779f3c67e91e96503076f5c9e7db584af528b63c6dfd460946bb0f0d479855dfa1b27f22c441cb04abbd0b1b178a58444c1ea3cfab939454f578748acc7f0976d20925935d5fc2abfa1b71728b863b2b5a512d56830257d36a3d4516c91df51439c9322b4d05d0b1a718be0203cdfbc80c6382f748eafd1c4c5c7c055d500dcd313a80561f6baa246a3e57ca35c011b56437deafae98f11ad53a526d9109fdc1e79dcd104d8c60aa238cb3955b9951bf55310d79e479cc524322981b45adfdab0ade85d109dc2ab53ba77d170a10f94e8b87", @typed={0x8, 0x8e, @ipv4=@rand_addr=0x8}, @typed={0x34, 0x4f, @binary="bc34b3412421c2773c5e111479ebf20946a628c6f375c86ec8f1b028c7e69bb8a15bf84f9083390b4f82419ac3"}, @generic="0ff3f40541cdc973e579af60f544f0ffba86e61e9a76ba3cfdcc5b21b15dc42043f1aad64621c49f34fd945b1bfb54c5649702ad158a9e46585226c0179ddb", @typed={0x8, 0x71, @u32=0x7ff}, @typed={0x8, 0x88, @str='\x00'}, @generic="31cfa745f276e0db9f2d698b9cbe950e08726014c1c580aba46faad39564a1de0f35a0c8685b7e5da38bde475f0e2ccb9f52f0c1d1b0b75092e5ff28cbabedad4383f9939b388697437f64bf15bf6779eb9e974f71cfc8142fee1b5753ddfc1540ed2a685355ec1826810cfee1fedc82b7aef336363e163654aa38a376f7108606d138354da1a6b72a5da3010292698f1fd8b99ac4bfe9c281d227fb176ef6fe9ae9e57315ff5076af049fd4c9c34d88139b7e6d0ba1c3453bcb4ef70356a863ed0c31005cb53064ce8ffa4bdfc58304e73ff61cb88caf9bc874daaa138ee126b604ff2a8f763b25b4c7053077e877f18d93a51a59924a52d567c2e6345095e25b750f462433e3ea8b3b42c5e98da4a0bd3cebbfcf4aba2dfa43fc141f30138b867cfc2c93ca3c53b4ca020732570f9cf981a72c4fa386d8afd0e16149b7e19709e569badfc6c5f019c4114d2e9c5d95c50186fd60970092fbc677adaa13dbb4d668a4f5a07e9cf94eb0443ac3fd02675497b86028640b514f0431ba97d319b2bc091c85403300fdd321ba8630d6a13313ba6694cf9e60fce937d7887acfe5adb1b8f3fe47c26af4a106a431d7412432a51700f0840e4edcfe8a7b99a50a70e382939326c16ecaf0942ff0a2547ebce4b51bc966b39eda522645cb585cf33e6ef6f1859c457e802564363ccb5a3b55c8c26fa65a23df07be5fc016877112ac9a6acda3980f5fd4181c484d3b969545d9d25b30962d42ce59a4c7390f210b3f0264de80dc6aa690dcf29977faa87a4c0ee04ce1932f41e0c6f1fb23552ef36ead772cffe12cad50385e2807ebede5574798077147be289f81101b6cd3ed239c8e646d4778734072a0bf6452136c3f21e426367c65bb212a4069f983d99e64db119cf56020bba6c2aedd2e4c90c9c39eb904adcbee36f78392e2d34a86311d83e4b70d4d02cc5536a47c4df7ed48e248d04b490764ce0fd69ae2bc5ef80fd357641fd07f53467126745e0a895c98828c289176cac965d8a51f9acdd366996505c3b5ee5116075a5604afca46ceebc6825e47af8b4a5c2e4101f78c32543a513aefb1a7e2bb5a7356b7c3ff94e04abe9bbf35e83aae3ad3a40fe36a3f50923ef833e5045b8d4b5da79ce99e1218d4a40f26415bfa386919415850cc448a888aa00213df76700a6b67958df62b9a3da6e4fc411c4758747700259f200f3c3b82c7b2bca74e967ba1122bbd52e0556092c45acb4f2c17c32e6e6ce3bc7971447fcba76023631030f774de0a6b00b631ae00d5934321afc4427f717fbf909648ab5ba79e6e68abb5fbe79d57f32078228fb248e63d0aad99cce8326af3fba10024961e39ef3fa8e36a09254a27f621f5113aabfcd830a8b851c276798fc5202fb1344832aefb0afc65d579415553033d3b99187d1b8220b567573f3c8752c19dd07334163aadd20cc622e2089cbe09965e83e007b29866caa84f54413e983aeabba21e53c80ffc1d04c3383fd40d94ce4f23ae4eae6a0f2b25b0cee2b5f66f0c13130517c6f73fb7e93ea58f8d989ec6de526372b9399950122ac655a37e9cadea404ec9e4b556b848901c6eec5ca5d1805c9a0eed3d7bd949fbb7f2f6610160a09429384b2c96bd530a60065ab621eb918eabf341b7925110bd65da2ec12fa99f5b780292254e5c147add9a86aa7e7b9ff2f3af10b526d4547df8b8c3c70d9bbf1d17b52db57eee0c6ca896bc0768e12108bd54b555fac90eab721ece019586d123d7a05cf8ec4f7a00a0a5c5208fe4ce6a39f6fd9c320180f8b84c8bdb8521c0205025ca1e4e76ec0cd38d33749ba3e5a1be7e1d9f7be2e360059f6694cdddedc3a3b08706ded7f11dae5fcb9b30bc76e333941d9274d4c3245d06123aa7fad413d89c9fc4716a822a60992983e2358f715ab4a211536df8eb3631c2e1d3f000cd040a5474940da6c9edc5e983c85b49aa75370393ef295c587487ae3deee4c9b4419e697a89d981e6e455050f36a66fc6d584328395affeac5b2c4ae53eac8c94a18a6ab2c1feb8a54b5b05c8ffd58d9b9c9549eb9ac55d3a1afda9c2e5014352ae9bfda630c8e77f3a4b9918289f5f19e867e24478ac5c795064102e4ce7acc968e0b7c585f13decb6de1f85324387a7b61bc20cbd2fceec7f5f365b683a3f7508a75ea9512de91e4fac6c03fe14d409078d3078b71b5e1e76c789d475bf3903daaebdc583e6ec08ab2c95878adf1899bf7be12fbe2f9968963d25ebcae2f0bf15e290288fdaaa3c65b3591678e293ec90f41ec079d9c2c166e7ecea20b2a8c4879562751e1a90dbf3d2efcc783273e0d5b6a3ba3f3c5dfa0b2c5e236e83fd67fe3e4600b0f4ec95974894420c3e087702ef0979a5af894fc9994c741c49ba75de9c7b713b7feea43ce8c5e9ab1cffef065bc40402d4287ffaefd9a276e916dc65804ba0a3e25679a807594f94665ddd609bd9787f7ac39e7231ac9b78c834885134937802ccb7bd7faa1a321add7657bda9974a1796afa2c6e49f4f2ed19fffaa49401069d2a9ab860609b4d7082c3325195c857da6aae1d712737a9fbd32ebbf3443ae67c48806b533cff1b597c7f6589004b78f91925e277a2d2a0e5b03f03a1c74ce7e39303a0d5c5eb4d0984c29b5137ec22910d26388f08edf373803e4125b126c3666e5964f995c878d06546742a535de58017b957a5966bda966f517915cbd819130590b5ad6c78fdfe46731fc1cd1bbd574184a9baa833b3de051e013a2b37be327d9e9e8f21c2eaaabbb152980aecfdf346a24d6feca98d9abea03fa5acf5811a89e1545e472a2febf938b1369133ac9003bca00564448345d1a9e7cca1663510061a8f37741e341e88e090d83b82928007912e9ca9059dea77217e2275c5948cf3bfafeccad9e25bc6d3b95f334dbd6c60cc4a930c9efb51b5bdbcf22bf8d4e6426e52c702b9c1affd61b52a179bc5bc43dd86bc5621bd961602fd7105589a9cc7e483d46ff5f6e9503b90bfc2832fd4d26af9943b8c7ee100e55d114bcd0f0122e220ff5f38df40b420a7243d4ca8794845c5dd86ed146c70a2e16006bb9c4440926c210e1f09dc2ffb593738c7bb12b98f0497fc29171d0a37c148d4460967fb07dfdf5c0fb1ed0cde2d532622d54a6e940d1d4dc3de1527042aa8cf6ccea6f105ef6c5ca42ca4c8cbfba9d150e956ea3aa42a307e026fc2692ca5a69c42fb596d313949951873cd51d8e8643bb12db502a4140eb5d2dfc5d6ca689f4f3a817a4b6fbafb33b76dd967873a62b5e2d704f36e9d86f23883b98d3bce093d7bd2c3fb4cb03805d5513f9bc77a99b3f0811029817d90ba4644e88274fe61a7b881281bd8386f77cf84fb91dd96e5a6c20586f452ddc952d310d95ad034c0d9104a6f8acb5a2f88fcf1b43336e2d9a39769af405358370934b27f7013fb5f13b8e0f9b39902cc923680dbe62bf1ab7fa4b57a230a1ef3bef4ca0b23ad107410bb5e165a54ca734932abdfa588f93506d7168e2396e8cd5f83421b4e03de79e99933a3c38da2d5c6a4335bab2e7e06b4ecd65058ab75c8374a8c0641e1c771fa73fee7afd800933e7c58d2d23ae9b163e3848ff317d96d0d631d81de9bf420127e3ecc4391c5e6f9509e81187ed5459d328133b7ab4c6488ce661e191d342ff3d06cc86941b5c7b6de31cc6ac3cd01b5dd8f9f7400b104bb4bb70b275878d0cec4069b9f60f58bd4d8cf25895aa070f437c02256b8713e0d6236b679b4536c7a23c5c536e12da7bbaea9f492aa13727e457106ba1dd7f91aeaa2bf613562ebbe89e9d7f2176601f8a92214249a2b8714d00cce807fff248a385c83d967214a461c7c99fdf77a04fa984505abd36f93a3e58db90ffe9056e23a33912cb6d4b6340809f8af22f6119ca04762b272311b1262e18979a1048fea2324d64d1b352993092d78cc89b994d2137a876f791a8f3d0d3d7dfc37d439ba4b8680942b0f2fcacbee9c5fc273e92eea7ffbaf21b227056cdcc2c960ef99c50e87a2abc13e3204343387131407f0913d973219b2ee95194aba976c938223da1690aae9107a6954a126ecc0ad5a461d2f1908d40fbcb491ec89193fb37fbb6ea49e95ffe1e9ffbb75a21b8211a3b4e56b4bae4da427194f5138b923c4681fe03f68272060a350fe51197c536a45ddce7c1a3e86dbcf16ec3f9a13597fb820484d81a499230bd34fa60818a6b8df76f41f23fe61704cd81c5ba360fcdbc0dce81b71afd5d0a448a3ee5508846a1e1953e3ee76d81f90785dadb75a5c0769ff564f1fb786adc154d4036ca5227c6da6b66b0f1b024ec6a4de48735082db7d7899ac1eae247ffd2b3a8b1397d2c6bb1d6c562b3c198d5005f6d14a1223388fd37c60f5ce0f8dababc03900a0506c36a64df86a32c129c7f32eea849c3298ec4f4b2d43d913d124e90918326a7f7d26b0a022e972d5c2c1de5ce9312a049a1a57b93ab0f7a4d83fdf32c0b8dcab05aa691c0d25b704d53777323ca959c6de763c735b8954bb71d41ae9ac29a20ad99c1eee220bc2faed72692e7de08d7d147f012975874196ffbc8deae2cb39845efb8cf917730b0f49a3f00b0fc85ed127f6dcd93ac5ada2c4dcc70be210da421a738c8b82000449e953128e24f50f265c5338f406935fac3afb5ef23775b961b209629878634451b234e634d0c1ed1511a0e7df12fee87233891cc14ae26157fcd07800eea1ca8194139110b8442386731d9d57aff747e2ee43841e00c9f935195a2c73b3d3b8303098be1ea1c27a4164ec20c972deb74df6536afc5c535115ec2dce52c5a4a3522e6051e636862ea253b6d0fc36b38d9de4e28c9a3b7580fc7883394229366019570f353c1f93723d8a9f6f77a3afd17843174bab65b3bc7ddedf076a0a8d9317aa16fd65a44386358d0d66257ecce4d36556c71a556aa13ad76a9c30328e5b4153a44e7a63fc0aecf40a6a3197ad62fce9395f65ad2b5a7074dcdc4824d90341d9de2c2844ab449eaa2a63bbe3a93074fd4a4163979148797c3a11b51e451a3b6b51d78e8c5acf2919e251a01a2cfc675d85848c3cf978a5e498a4f703016058cf0ba56864abdf4d28d9b883828e779b25ecc77f65c0c89d948c61713616df678356a131c55b2600af18a07b937b5a65f1957cc17b46e4f6af0ba28bd88de0f604ab21b36facd62c9354b76a7163d9234f59aaed09ce68e55d7113372762cd1aedeae95de44da8c98c5bff9a37e735edb502cf6e3cbff3ee6430ed57e1d670fb404636263ff1e6556a1e1a24ade391744c831005980ec3036c3dbd991ef1a2a7a533a3a04b8f6f4b452f13d6e12a23337122d71f2330a700976d2667575eb24834506b8c1f06e228e6b14037c189948525f4b7d841e6a62e2ac90895c7b6a42de75668cf44251e6ce88d53973c5fdc19e7e93cca59c5df2e14a6db6913252c361b5d9094549bca90acc171dfcca0b42535860797793efde9b0a5553a9396c860ee386aec6474f724e0dd80681485b30a62d258d8a77ecce80a01a128ded7dd0c9ad7ca5d93685c06a796eab58ab0f0148f217c6ca5d104d30d0b65a60c3bf56d36e07a63213d44dc02eac8c32e7f55bb5e61f8fa27ed82c223a8cfb36de017768673116130b6f158ca850a5036a924775ebb3282899107d2732870efd94135cfe4ae79569bb6a116ba3d39e44c9c8f979a31ddef25dc7bd7ce7e613d0d51438a32a65ee6b2a56e31aff6d4ca0738c7055f700bc14fdb74b0f7fe1b5ab564913e9c135a5c1bd82c232b90fe8762ac9a0974a", @generic="9f55fe5c784bd861597a13fce265390c664b2c3287ed873168612056f6ab33dbfbf0c4f6d890996b8cff28df351ae4c32bddda814246148e3c40bb5bb3fac028dbcee735f0292aead3eb11e6c3a60d5237697e6ca6bb1cb55cb4f3a821f6407470c1e409f4c9dfdc6eb09cf103489d118751e2dbcc59ee82483c71b49fe6fd023f9cae968746bfed9fdd6d911ffa3ce454dee21dad414532eb846190bf3349cb815bda0647d10d2de179f3922706e923f6fbd9b373a92e243a27485298f8b7314f4abfe87dd64515719a76d72738fb23cdea60823ce18a924333f088d02149ba6a683d2628d5ec6a07824174b85a64bc32620eedf1212c94e56e8ddc1ac28e25aeeeb9860e92a0d8915443f3d185ebc4d89309514db5baeb048cb2262a54586d16d654a205ee63fc1d8ce5665daf6d24491d7e2f0bdb0db104d552872bb29f032d8dc08612cca28ff87e1e31c140ee027ac19d6f0a2a9cf0e8948a907a904baab0294bc8da5d4c4f072015a8812a3c893019cbb02011c6aae7b104f4527cc0310066edec311f0328eece4b553b4ead4551b1ebbc6f8dc70849d0839bb6ad84b3d1235f8338c0ce33b0bc4e0f0d650c7f5141c55474f32ab83de3c2e5a9eed04633442caa69cd09f1e390fab7593e2bcb069d0bee9409092c0acc505df7b6db7afbf90c9a0f37186994ba9c57bae73455297ff5e676cdd856fc4ff82c27e183fdcdb08a4074ff1fc1a8426cd8c3b02b4a90bf595c5aadd76aa08acee710af78488c960ff13861858fff3c30dd8c18bf82c3faf15310518ed6898ee1dc671ac36bdc952dfd11c18763fb18be14bcd0745d86efc07996fb42cc5999166918ce228d57781e15bae38cf66afc906cf6b49cb2f5dc5cd3b6628fb5b128760b54b5063779f410a341ba7c52aa0f913a0f363feb0edbe82f3245ae3f68aa29ff4ffb77891338e6dbe599789af45bb74741c400bc1d4f8f063e54752be7a36470064dd97d41354bb91d54cf9969d9d4c52e47005897161ff803584f512e55459a9d57416a67b533923454f7a90a785d7057349b3058de17badc556a04eef54b5c8b03b2b6b003853cb784fbbad0f0e11f33110479f9a663fde9a32459e8f09405d07be17b9450a8d733a0c348051762f51f0cd24532ec194cd3c3f3c8c3efc501ffd5d229ea01201928fcbc9659cb039a37ccd6f6ceea831e1f3d556cd189f5d9d64bf6234b3f76cf0c37d3d3219c8de7ef0393fb2161ca6bcb75ce90821d22bac14e21b388497f61c1195ead41968fd4bbc1d94f55f8241c7f4e6c8127fc97bcedaf3a6c79cf62fafcd5d5a7be87dceb3f3efef14bb1a8f1058289612f7eeb31d78d6eb0e5691769638aa37c4bfc4be69a42d60a960de66bcae3feb64a6dce2742ee7801bf8402501806803e207aaa81e94a9c931c5272a320fc5d407a8d14131edce86c53b7614f7aab881bc03c0458c1988303f77657fa2fe23c389d92d58a0e045738be2650cdcbf39408eae2a7ee43fc46e819a03f3ce13ccdce15567559acfb86ce3f3f872984eb2c88835f477fe8342bfca8dfe797e70153b9e551f82b7bbacaa4a6582bf71d3efefdae3e61b889029587e2a59cd07de3a1745def839e97674b2092315303cd5005cecdb3faaed380d0e5ad799d90b350f0e83c2372f6ee7e2db5e582f635de06b26799e610548d610cc05c3a49f8f53ea12e40d4f0f4ba62cc566a69c663d49178f45dc0ebe1e5743f638d423dcecbf34054a4c2089f9ca17a50ffa7b027264736a9c6dca8dd5e81da87dca7b43596c646e9e94a79fa7c60d3b0cc022e583c9897519b31d556d71e9806bbe3bea0a4f0d66fbe24ad0ba69a15c439432f754eff7ba612725803d10e5def4ede1e54251b45c25d307d45458566ae9e4d327491d8e5d74672c6cd8e482bdfad56fa647eefef1b7dcebbd3839beadcff2e1c9f1ce2bc23a9c7712c3c7f34c44a0a56159a4298e7ee434331346b7e2ad78b7ccf70402ba78bbfe5a3aa6aad7e0cab7d26c6c119c8bd93b5fa84a6a9bbe6ce93c68d6fe749b43fbdaac3c575fba068a01573337284f08fbfe79f84845800d20a552fc911c3cbcdbce0f84d5eedb734d591d8a222fb11807bac300627c8ad0ca3fee82aa081ea3496c46175f1cf4823c3307692c85ea55e99958c98ee54563ea1b00a6b6e0570c536b9387b511f6174f434dac6fac6cf8662ace346ce7e6fd34d212b486c226c0a0b484d7ca4acd21faffa594db5c614e0999af14a101c74512e375ba659653d08b16690e218820110f05270ee185f655b86e5a976b57f970fa6740f060aaf5882277c6c069fe25257284b81581b5ab67f517f3094b8f3ea9bd721082f4a82c99632872e7b5497ca16c75e0b3e0e40fd0119929f3139edbe94d40112f3499c2805129d2eafa2529bcd667ac7e028cc9bac6b39658d691c53cb60be54723121c2514848ea340b67fd9ca38739d13d6fb24e6b5448446ef01e0b38a2e2de70f0af0c2e4e2c01ebd4424a9d564fd813dca55d2a85438e2bd6513e59a13628f96244b6b226f799594a8e9f3697efac99afd961baf01c04d1bc8828d7c8c653bb5787ba68472023a95cc0aca219156b9c11e475a9a7e9c8cca3538347d54190f67ca2bcbef71cccd1ecc32986c5fea18f43b0b7022ec66492e4852f682deb083fb4913ab15e03427c706355af4a64e675c9d4058dcd1781cbd82581cc774afcff2dcc0e82238e8e8306d109f0fc3d4df2a8b247db770c9429f2e5fc8b5936f11555b3c4cea7dacb10e643b8f852f1010ec76be4d99539188ba280b76c825c8404d1940cd8a8b99952b426aae1fb00ec59206506837cb4695ee2f27a6b14c76578c82e98f216bff5c27a9c9c32fe64fba62e836406b3f5d5bcd1a2d5102ac63621c71c6307ee4bb889cc3ff254ccd5a9adeaf1049e51aa7cf1591d98f56660006f647c9641b23e7bf288f15db9b06be94fccd70267984e47ec576863ab8a44b5ed87457b390a1dda9815c717b3bd670aee9cda3b514b900a20272b65d991306ca70009e6713aa91883f359796443f3e5cf0f3af3e795a4d2c0eb44b076da92d109e2d3df4ddb4abb2e9df8d47c25c500c2130e66a9746d9eaaf85700404ba396b32fb063ad6c5a25172b03d54ffb474f517ab03aa9781d8f4ba7f5ea2d0859fbb066499260459cd8fbdef9a903eedb78deba50e58c093c718d3c50fdcce92b4a6f23b6978eb1f7080029f9bad87752d5a676c9472a9247f8e3810f719d44f1ad98cf34960234639828589f084fd80bee03bc74879c6d7bb5d4dd98a0b0a83f07cb703b394d8886b5e3eef6c1202e379d6f22b3e8ea89f7ac6b109429009c8edbd9fed90651939a391c2ea106bafb62579292e570017c9848b0ea5320b9e9e6616d33538d6149e4e955aec762fcc93eca1b8161c4d78d3f7ad40b1b31422a97ae3d56caa33b08b94e2e8098e7ca8c452fe3ee577c8736a4175f81203faabeb6bc7d65d0cc5ec5403e8b6e21dec53eed33da64e6b39173d0ed0a9d5a6c023a038703e2b56299adbb9900aefca53492eecec4856bd66078c668b0205fc6214eebdaa5abc8d3091b98c0775e4640f909371df3216a920f9b4621fbe52585130e69682a593b98ef045d58df273907c38f45ff7403b30d2b3b4def3ba80f0c8aac5d0fc097c94c2f5606cd6afa87799bb19598273076bfb601f1e498d66962d6e794b0669ebaa6ffaa7fb92707acc6276498350a5c63dfb94769570bbf03b2308031841faef6ed5e4d352215f0dca7ed8f92934b5f38f1df0cc5d6437347bdc85dc9ae2f9817a37716093103c569d5e1ad13e67b1558313c8950a5a597e444710e4133b629699187a4113c2c2699d4fd11c8a45958a02117efd06166b6d4fb6ff6ab9433e34b57ed3a8c53e06317beaff620d2963ed69cf73e807b85455f737fc763f8b19765b8b2aa34f405a9f5dcece64faeedb411724877b942b8cf5e878c9da0eb4da38517fe69c05d4cfebb75805b5dbbe3db94e5110c94a8ffd51166101d8af665be961452c81348cd355212fb66243bc9117d55566cc7930abaf75362c6fc04bbdec80570ae09f20d929141d928bc3a2630e6e53847a2623a36794a0a191230043ef265141cdf91afabc7538b3c6f34419336925ada0309ffad908d502c975d048799857a65c2a9c4393467ecfffa39d0e381022d6ec3744197ef69727089ece5551caac5d6c36cd3479d9e3fd366d4c59c9a6b0d20edc2267f4753bde37336d8ace5026afcd8250f2e18d1c4adc0c61595a722e52db5615ffc9459e947a45e2961e111a5b18caefc1e2c29ffc5f647e60814ecef56c2947626e89f9aa2a2cc13bd80703789b645b1daad23c579d07a4f3457178bcf56cafba76abdb084e3609d983d2d93cca69456fc7a45f8ffeb4f7bd195f68c1930c4692dfb7361e640cae692e58670ee2d3ff251fbf15d9ae4ef262670d7a0b6d004d83317a5504390e79462c8d5e9969f8289743e3dd94f198634b74b1ea1620b1b3abfb852ffe94b30cc0ae066e861a86d0487262c3ee5c4be8e7a4650866c4a5b7f2d9b0b4f80af60d78b8980acac27ea7cee5d17ce0aa593494835d5f12e2dcf2bd7face1f71588683bc89f9b9434202b2032734e25077bf96109ec50f30d21c9957ece12e8d5cf05f2d381e39ee5eb827c9d27607fd2d207381921d9bf5563245e0629d3841f8ad704f9a9b900092eeba10fae6b16247fb25b4df985f08ea1dfb86d51c1a710e035e9b8c44511823372d12661ab3d1577a9e7435356c13472cd9b670f90d5cf79de7e08a47a1c00e366e5e09e759b0942e7ef8042efd2a31e60e50d8878efd863193ab3e6f4160141c0393a99800adfe74c22847dae27e3e9f579bda4f5a64457e45cbcb9ee6b4aad9508dd2b3b823241541496036d3b0f5b328fcda89f33aea809c5680b7fe905e58ed106f75330bbad691be70c2c84f0f6221f5396730e03ba9d23bae49f2d1c0dd7bf32a860b8ea69919b94ee3d4bc4c42b04391776179ad7b462f95192ad1d99755cebfd8e129c72cd3e02f658dfc63a04f163245e690e912768f2c57f45f612a7ae37fa2719e15be490bbba8bc7ec2b96e0263b8ca24991fa80bb64a95382dfa4b145799cada37249806bd717206798234c26c4f61582f80db8086dae6f8c1444a05df70bf03a3dda6fccd799d6354845d56fda38afc7ca8ecff693cb7b370e3c0bb749e015f77d665eac2ca3f982b10c46e51591ce40e9c0c0056dba68812959cd1e0d34e45b4c14fdac158b7177913064b003399f9ee0ba827d0d12400efe70424ed3724d82a10a70d2d206dce95378c05b5bfb9c4f34f3959935a5867d199d6603213b749676f611e594facfeecfb9c3346296f57bf72a4f92037457c2a50c9d66fcf5c25383bf68d7f1c85742c58c5f1d90e59918a9fb85d61dc12b5e6e08eac2d014f8c24325aab651d86222e8c0175b29e13c924997ad30474ebff8175bd9536460841e42f3047d0c67a6854c75238f6862726cb9751d125f760d0bfa04b0738734c8f79a3026d9e21cf3d2b0724ada317b1b8b0142d40975e7a30510f95573caf05d1f8a15ccc98c944a2d06b6995d88e0f0f62d671f12f14e262d059232a88042b745ead114235c2eeeeb5ec4b0ccbee2f45e39ba2da216218c54de7720f335ae32e276c04ad55cefc56e6fe38dcab7c35aa09bdbce57d6f8182eb98cb359db66db838b577813375d897072834b1af8c77fdc8ac3a2cbc400356d73c886ee6fe4d946c01bc0530f3e83a2f534da4"]}, @nested={0x1b4, 0x7e, [@typed={0x8, 0x42, @fd=r1}, @generic="36f76e08f558ee47ffa9802bfbbd2db9633e52c9b7d831374131b84e0c97c0b6bd2a5fc660fa9754ffaa951111d7afee539e778136b2f3c4700eb77e4d1f0436a1ef332ec592813167a6eba44f14b6c776fa1fe8e854dc3deac011f81006d49ff1a1ac13162d01729d1c80c02fa3694733fbdc2f63a11b5ce4051b8f7aea5d5af4392d971d1cbbaf32fff2", @typed={0x8, 0x58, @str='\x00'}, @generic="aa3e70b2bd5760d6146c6ee90d826c39a7baac7aacdbad816fa77fb0bc07ac93af061c8fba9a7b5445b6ce5cdafeeb2da3fa1584fed22cbe1886fc8474587d6ade8889a17ff83ba01528", @generic="f4d82134773bdc843b35574ee3bf97b24d421b58201ff420d10d63a075f1837891fdbbee6908dbcba849fa9715c858a157da429bddc6556a14ec2b07387301fc555b880b07281e69bdf9f2b4b7dfe2e56ec4adc49b", @generic="683a8e0cfbd85d4967daa4ffbbe4809dab2969fc9a984c4bb5afbe681b9d4262deda60f1cd245dd4535db3a756483f1848b8ce21e87dd991965539ef55764756ca34de85cc0226c471dafc300d5403c779d7fef7a6ccb9ed59e7b757ac95432e42a2e850c92fcdcef017", @typed={0xc, 0x69, @str='!GPL)\x00'}]}, @typed={0x8, 0x77, @u32=0x4}, @generic="f8296588eb914ac8b3d879b0c503b444b5c860f2a85f9d3aa665dcedbbe484ae20a8a5c27d5ad3abdad6591022b711"]}, 0x255c}, 0x1, 0x0, 0x0, 0x800}, 0x800)
syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
fcntl$getownex(0xffffffffffffff9c, 0x10, &(0x7f0000000080)={0x0, <r2=>0x0})
r3 = getpgid(r2)
ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000200)={0x200, {0x101, 0x9, 0x81, 0x1, 0x800, 0x401}})
timer_create(0x5, &(0x7f0000000000)={0x0, 0x32, 0x2, @tid=r3}, &(0x7f0000000040))
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x4)

17:48:32 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80fe, 0x0, 0xffffff7f]}}, 0x1c)

17:48:32 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb00000000000000]}, 0x2c8)

17:48:32 executing program 0:
r0 = syz_open_dev$cec(&(0x7f00000001c0)='/dev/cec#\x00', 0x3, 0x2)
ioctl$VIDIOC_QUERYMENU(r0, 0xc02c5625, &(0x7f0000000200)={0xff, 0x6, @name="70dd2d5079a97e8365473d3c1f052517687f87897d32494661d9620d9f54aa43"})
r1 = inotify_init()
r2 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r2, 0x1261, 0x0)
r3 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x3, 0x2)
ioctl$sock_bt_cmtp_CMTPCONNDEL(r1, 0x400443c9, &(0x7f0000000040)={{0xf67, 0x3f, 0x1, 0x0, 0x20, 0x5}, 0x5})
ioctl$PIO_FONT(r3, 0x4b61, &(0x7f0000000100)="165b701b4119b3ba84fc8f0b948e6bf562e000ce06e32de8487770e695ffcf00664ef7451ed3550603b41988e2e9b3af5a7408fe1bc631256b5f3a1ec08da3fbfcaaf9f5b99d0839b284aa0cdad88fd81282f35780f1ae45f73238a14c6f59636b37a4d1f0396021c578afee03dd2146547a7f15233157fda5074cfafbb3caa42c50f588673e60d04667250b8450a44ca0793be4")

17:48:32 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa005, 0x0, 0xffffff7f]}}, 0x1c)

17:48:32 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000800c5012, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:48:32 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0fe, 0x0, 0xffffff7f]}}, 0x1c)

17:48:32 executing program 0:
r0 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x7, 0x80000)
ioctl$PERF_EVENT_IOC_ID(r0, 0x80082407, &(0x7f00000000c0))
r1 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0xfffffffffffffffc, 0x0)
rt_sigprocmask(0x2, &(0x7f0000000000)={0x6}, &(0x7f0000000040), 0x8)
ioctl$LOOP_SET_BLOCK_SIZE(r1, 0x1261, 0x0)

17:48:32 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc00000000000000]}, 0x2c8)

17:48:32 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000800c5012, &(0x7f0000000380)=0x2)
close(r0)

17:48:32 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x4000, 0x0)
getpeername$inet(r1, &(0x7f0000000040)={0x2, 0x0, @initdev}, &(0x7f0000000080)=0x10)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)

17:48:33 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x80000080045017, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:48:33 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc805, 0x0, 0xffffff7f]}}, 0x1c)

17:48:33 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd00000000000000]}, 0x2c8)

17:48:33 executing program 0:
r0 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vfio/vfio\x00', 0x100000000002000, 0x0)
openat$cgroup_ro(r0, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r1, 0x1261, 0x1000000001000000)

17:48:33 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe00000000000000]}, 0x2c8)

17:48:33 executing program 0:
ioctl$LOOP_SET_BLOCK_SIZE(0xffffffffffffffff, 0x1261, 0x0)

17:48:33 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x8000008010500c, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:48:33 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe803, 0x0, 0xffffff7f]}}, 0x1c)

17:48:33 executing program 0:
prctl$PR_GET_NAME(0x10, &(0x7f0000000140)=""/220)
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x7)
r1 = creat(&(0x7f0000000340)='./file0\x00', 0x80)
sendmsg$can_raw(r1, &(0x7f0000000480)={&(0x7f0000000380), 0x10, &(0x7f0000000440)={&(0x7f0000000400)=@can={{0x0, 0x2be7, 0x10001, 0xffffffffffffffff}, 0x0, 0x197e218301a8b21, 0x0, 0x0, "8a22a38f6f5e8eaa"}, 0x10}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
r2 = request_key(&(0x7f0000000080)='asymmetric\x00', &(0x7f00000000c0)={'syz', 0x2}, &(0x7f0000000100)='posix_acl_access\x00', 0xffffffffffffffff)
add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, r2)
r3 = syz_open_dev$radio(&(0x7f0000000240)='/dev/radio#\x00', 0x2, 0x2)
getsockopt$inet6_dccp_buf(r3, 0x21, 0xe, &(0x7f0000000280)=""/125, &(0x7f0000000300)=0x7d)

17:48:33 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf401, 0x0, 0xffffff7f]}}, 0x1c)

17:48:33 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x8000008010500c, &(0x7f0000000380)=0x2)
close(r0)

17:48:33 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x400000, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(r1, 0xc02c564a, &(0x7f0000000040)={0x1ff, 0x3231564e, 0x2, @discrete={0x100000001, 0x5}})

17:48:33 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000800c5011, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:48:33 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf00000000000000]}, 0x2c8)

17:48:33 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfc00, 0x0, 0xffffff7f]}}, 0x1c)

17:48:33 executing program 0:
syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/sequencer\x00', 0x80000, 0x0)
clock_gettime(0x0, &(0x7f0000000380)={<r1=>0x0, <r2=>0x0})
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f0000000400)={0x6, 0x4, 0x4, {r1, r2+10000000}, 0x0, 0x63d})
symlink(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)='./file0\x00')
ioctl$RTC_PLL_GET(r0, 0x80207011, &(0x7f0000000180))
ioctl$EVIOCGBITSW(r0, 0x80404525, &(0x7f0000000240)=""/129)
write$RDMA_USER_CM_CMD_NOTIFY(r0, &(0x7f00000000c0)={0xf, 0x8, 0xfa00, {0xffffffffffffffff, 0x13}}, 0x10)
ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f0000000100)={'ip6_vti0\x00', 0x3})
ioctl$PIO_FONT(r0, 0x4b61, &(0x7f0000000000)="85ccf5043d876a218761a33879e8671090bf7bdceae89a86b57988aa45142ddfb613e042c206a331f7519d1880c372de09232b4d0fc83e437c87e07a2304c21e187a1fa7400b0cc2123e2f22707b11270b2cc08a5e5611ba8d2b6155518ac402b829e85dfbd4d3db4a7c34de55335540af1738133c098382267e0fb2fb97da8d4b69958cbb94b5a6f79fa6")
ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f0000000480)=0x9)
bind$isdn_base(r0, &(0x7f0000000200)={0x22, 0x3f, 0x1c00000, 0x1ff, 0xf6}, 0x6)
syz_open_dev$sndpcmp(&(0x7f0000000140)='/dev/snd/pcmC#D#p\x00', 0x3, 0x200000)

17:48:33 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe80, 0x0, 0xffffff7f]}}, 0x1c)

17:48:33 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x800000005, 0x0, &(0x7f0000000180)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000)='/dev/urandom\x00', 0x2000, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r4 = syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x80000)
setsockopt$inet_tcp_TCP_MD5SIG(r4, 0x6, 0xe, &(0x7f0000000080)={@in={{0x2, 0x4e22, @multicast1}}, 0x0, 0x1, 0x0, "afee8ac5e22d25ef1df5178844447424e19cba8f89344c7bf0bf7175ea32c1fc57f168f9bdc82852aa915b2ae0c7db59d9ff75c3cbb04aacd8ac0cc8a1b94b5b5a9baa6764cb0dce2ce7598b14a55c0c"}, 0xd8)
dup2(r1, r3)
setsockopt$inet6_MRT6_ADD_MIF(r4, 0x29, 0xca, &(0x7f00000001c0)={0x0, 0x1, 0x6, 0x1, 0x7fffffff}, 0xc)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)

17:48:34 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x8000008010500d, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:48:34 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfec0, 0x0, 0xffffff7f]}}, 0x1c)

17:48:34 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x6, 0x0)
r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x20000, 0x0)
delete_module(&(0x7f0000000080)='em1{selinux\'({\x00', 0x200)
ioctl$EVIOCREVOKE(r1, 0x40044591, &(0x7f0000000240)=0x5)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
prctl$PR_GET_THP_DISABLE(0x2a)
getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f00000001c0)=ANY=[@ANYRES32=<r2=>0x0, @ANYBLOB="21000000a1d7b2729de283cfb7d65468bca528d4c26b7e17066abee90734559bbc8d8b0858e8124b05c6"], &(0x7f0000000100)=0x29)
getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000140)={<r3=>r2, 0x9}, &(0x7f0000000180)=0x8)
ioctl$LOOP_SET_CAPACITY(r0, 0x4c07)
socket$nl_netfilter(0x10, 0x3, 0xc)
getpeername$tipc(r1, &(0x7f0000000040)=@name, &(0x7f0000000280)=0x10)
getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f00000000c0)={r3, 0x1}, &(0x7f0000000200)=0x8)

17:48:34 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000]}, 0x2c8)

17:48:34 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x8000008010500d, &(0x7f0000000380)=0x2)
close(r0)

17:48:34 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000080)='/proc/capi/capi20\x00', 0x80400, 0x0)
getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r1, 0x84, 0x1a, &(0x7f0000000280)=ANY=[@ANYRES32=<r3=>0x0, @ANYBLOB="0d0000007000d300000000000000000000"], &(0x7f00000002c0)=0x15)
setsockopt$inet_sctp_SCTP_ADD_STREAMS(r2, 0x84, 0x79, &(0x7f0000000300)={r3, 0xfffffffffffffffb, 0x2}, 0x8)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f00000000c0)={<r4=>0x0, @in6={{0xa, 0x4e23, 0xc2, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x16}}, 0x80}}, 0x8b, 0x8, 0x9, 0x7, 0x4}, &(0x7f0000000180)=0x98)
setsockopt$inet_sctp_SCTP_AUTH_KEY(r2, 0x84, 0x17, &(0x7f00000001c0)={r4, 0x9, 0xb2, "38e5adb9441a629de3fdbbcbdd4017b84c10d8a143d2a04163c570f8f70b4d75751dc6d0773c91332cab285c94fd4f6d742fe551f2a7891ff774005208a1ae993859df6678346d4945b0aea79aa281e5e1aae2d88d4963af059056c42ffb3d7352b219be4c06abdf84a732d8b9d73abd7ae04a060b6adc721cf00d175be1f0d858ec0f01c43c42eb2cf2df4a1322ea0eb3e32a399ee8d9da9c48289e6c8cbf3dad7e0f585844428b59ba169b48b438928b18"}, 0xba)
r5 = request_key(&(0x7f0000000340)='rxrpc\x00', &(0x7f0000000380)={'syz', 0x3}, &(0x7f0000000400)='/proc/capi/capi20\x00', 0xfffffffffffffff9)
r6 = request_key(&(0x7f00000004c0)='.dead\x00', &(0x7f0000000500)={'syz', 0x2}, &(0x7f0000000540)='/proc/capi/capi20\x00', 0xfffffffffffffff8)
keyctl$search(0xa, r5, &(0x7f0000000440)='ceph\x00', &(0x7f0000000480)={'syz', 0x0}, r6)
accept$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @local}, &(0x7f0000000040)=0x1c)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x7ff)

17:48:34 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000800c5012, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:48:34 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff00, 0x0, 0xffffff7f]}}, 0x1c)

17:48:34 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1100000000000000]}, 0x2c8)

17:48:34 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
r1 = getpgid(0xffffffffffffffff)
getpgid(r1)
r2 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x80, 0x4000)
ioctl$VIDIOC_G_STD(0xffffffffffffffff, 0x80085617, &(0x7f0000000040)=<r3=>0x0)
ioctl$VIDIOC_S_STD(r2, 0x40085618, &(0x7f0000000080)=r3)

17:48:34 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20480, 0x0, 0xffffff7f]}}, 0x1c)

17:48:34 executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x101)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)

17:48:34 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045002, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:48:34 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={<r1=>0x0, 0xffffffffffffff9c, 0x0, 0x1, &(0x7f0000000000)='\x00'}, 0x30)
setpriority(0x0, r1, 0x1)

17:48:34 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:34 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1200000000000000]}, 0x2c8)

17:48:34 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045002, &(0x7f0000000380)=0x2)
close(r0)

17:48:34 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x20500)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
r2 = gettid()
perf_event_open(&(0x7f0000000100)={0x3, 0x70, 0x7fffffff, 0x80, 0x100, 0x80000001, 0x0, 0x8001, 0x200, 0x5, 0x28d, 0x6359, 0x7, 0x8, 0x0, 0x7fff, 0x401, 0x7ff, 0x6, 0x160, 0xffffffffffffff80, 0x7fff, 0x7, 0x7, 0x6e762f3a, 0x9, 0x0, 0x865, 0x10000, 0x80000000, 0x34f7, 0xfffffffffffffffa, 0x1, 0x5, 0x3, 0x100, 0x0, 0x3, 0x0, 0x8, 0x0, @perf_bp={&(0x7f00000000c0), 0x8}, 0x8000, 0x7, 0x400, 0x8, 0x9, 0x400, 0x5101}, r2, 0xffffffffffffffff, r1, 0x2)
fsetxattr$trusted_overlay_upper(r1, &(0x7f0000000180)='trusted.overlay.upper\x00', &(0x7f0000000400)=ANY=[], 0x0, 0x2)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f00000001c0)={<r3=>0x0, 0x5f8, 0x30}, &(0x7f0000000200)=0xc)
setsockopt$inet_sctp_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000240)={r3, 0x100000001, 0x19ab, 0x97d7, 0x3, 0x8000}, 0x14)
getsockopt$IPT_SO_GET_INFO(r1, 0x0, 0x40, &(0x7f0000000280)={'raw\x00'}, &(0x7f0000000300)=0x54)
getsockopt$netrom_NETROM_T4(r1, 0x103, 0x6, &(0x7f0000000040)=0x4, &(0x7f0000000080)=0x4)

17:48:35 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x8000008010500c, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:48:35 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:35 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1300000000000000]}, 0x2c8)

17:48:35 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
r1 = msgget$private(0x0, 0x200)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f0000000180)={{{@in=@initdev, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in6=@ipv4={[], [], @loopback}}, 0x0, @in6=@mcast1}}, &(0x7f0000000280)=0xe8)
r3 = getegid()
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000002c0)={{{@in=@dev, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}}, {{@in=@dev}, 0x0, @in6=@initdev}}, &(0x7f0000000400)=0xe8)
lstat(&(0x7f0000000440)='./file0\x00', &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0})
r6 = getpgrp(0xffffffffffffffff)
fcntl$getownex(r0, 0x10, &(0x7f0000000500)={0x0, <r7=>0x0})
msgctl$IPC_SET(r1, 0x1, &(0x7f0000000540)={{0x80, r2, r3, r4, r5, 0x4, 0x1}, 0x2c68, 0x10000, 0xffffffffffffff80, 0x9, 0x7, 0xffffffffffffff11, r6, r7})
r8 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x4, 0x4000)
getsockopt$bt_BT_SECURITY(r8, 0x112, 0x4, &(0x7f00000005c0), 0x2)
r9 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000080)='NET_DM\x00')
sendmsg$NET_DM_CMD_START(r8, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8008}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, r9, 0x400, 0x70bd25, 0x25dfdbff, {}, ["", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0xc001}, 0x1)

17:48:35 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1400000000000000]}, 0x2c8)

17:48:35 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1030000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:35 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045003, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:48:35 executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x4, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x8000, 0x0)
sendmmsg$unix(r1, &(0x7f0000000180)=[{&(0x7f0000000080)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000140)=[{&(0x7f0000000100)="a38a4e51b542c4bfe52398afb61a9cfa0c9a179ef9c680324f57b92d24401e256f4348f075390df6fb", 0x29}], 0x1, 0x0, 0x0, 0x8000}], 0x1, 0x80)

17:48:35 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:35 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:35 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045003, &(0x7f0000000380)=0x2)
close(r0)

17:48:35 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
r1 = open(&(0x7f0000000000)='./file0\x00', 0x4002, 0xa)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000040)={<r2=>0xffffffffffffffff}, 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_DISCONNECT(r1, &(0x7f00000000c0)={0xa, 0x4, 0xfa00, {r2}}, 0xc)

17:48:35 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x8000008010500d, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:48:35 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1500000000000000]}, 0x2c8)

17:48:35 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:35 executing program 0:
syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
r0 = syz_open_dev$media(&(0x7f0000000100)='/dev/media#\x00', 0x200, 0x101003)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000080)={&(0x7f0000000000)='./file0\x00', r0}, 0x10)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000040)=@assoc_value={<r1=>0x0}, &(0x7f00000000c0)=0x8)
setsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000140)={r1, 0x9, 0x4, 0x8000}, 0x10)
ioctl$TUNSETSNDBUF(r0, 0x400454d4, &(0x7f0000000180)=0x7ff)
r2 = openat$cgroup_ro(r0, &(0x7f00000001c0)='cpuacct.usage_all\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r2, 0x1261, 0x5)

17:48:35 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:35 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x200, 0x0)
setsockopt$inet_MCAST_MSFILTER(r1, 0x0, 0x30, &(0x7f0000000400)={0x2, {{0x2, 0x4e23, @multicast1}}, 0x0, 0x9, [{{0x2, 0x4e20, @rand_addr=0x2}}, {{0x2, 0x4e21, @loopback}}, {{0x2, 0x4e23, @empty}}, {{0x2, 0x4e20, @broadcast}}, {{0x2, 0x4e20, @rand_addr=0x1}}, {{0x2, 0x4e22, @local}}, {{0x2, 0x4e20, @loopback}}, {{0x2, 0x4e22, @local}}, {{0x2, 0x4e24, @rand_addr=0xced}}]}, 0x510)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)

17:48:36 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045004, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:48:36 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1800000000000000]}, 0x2c8)

17:48:36 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:36 executing program 0:
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)=<r0=>0x0)
waitid(0x0, r0, &(0x7f00000001c0), 0xa000000d, 0x0)
r1 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r1, 0x1261, 0x0)
r2 = geteuid()
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000280)='/dev/full\x00', 0x100, 0x0)
clock_gettime(0x0, &(0x7f00000002c0)={<r4=>0x0, <r5=>0x0})
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r3, 0xc4c85512, &(0x7f0000000400)={{0x0, 0x1, 0x0, 0x12a, 'syz0\x00', 0xffffffff}, 0x0, [0x0, 0x2, 0x40, 0x9, 0x2b, 0x1f, 0xf4e, 0xffff, 0x7, 0xff, 0x178f, 0x0, 0x3, 0x2, 0x224d8c75, 0x0, 0xc55, 0x5, 0x5, 0x6, 0x3f, 0x1, 0x4, 0x0, 0x4daee2d8, 0x1ff, 0x6d8fcf1c, 0x8001, 0x2, 0x5, 0x40, 0x3, 0x40, 0x7, 0x200, 0xffffffffffffff07, 0x1, 0x8, 0x7, 0x1, 0xec, 0xffffffff951e417e, 0x2, 0x3, 0xfffffffffffffffd, 0x8, 0x3ff, 0x9, 0x3, 0x6a, 0xffffffff, 0x101, 0x4, 0x0, 0x8, 0x424, 0x6, 0x2, 0x80000000, 0x80000001, 0x100, 0xfff, 0x800, 0x3, 0x2, 0x2e0, 0x4, 0x8000, 0x5, 0xd, 0x46, 0xfffffffffffffff9, 0xaf, 0x8, 0x5, 0x400, 0xfffffffffffffffb, 0x5, 0x7, 0x5, 0x97, 0x8, 0xf2, 0x4782, 0x2, 0x6, 0x4, 0x3, 0x9, 0x40, 0x100000000, 0x100000001, 0xce20, 0x0, 0x3, 0x7, 0x97a, 0x8, 0xd541, 0x1, 0x1f, 0x7ff, 0x7, 0x40, 0x4, 0x1, 0x7, 0x1a67, 0xcc, 0x80, 0x0, 0x5, 0x1, 0x0, 0x6, 0x5, 0x12, 0x5, 0x5, 0x6, 0x2, 0x137, 0x3, 0x1, 0x0, 0x1, 0x4, 0x600000000000000], {r4, r5+30000000}})
setuid(r2)
openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x101000, 0x0)
r6 = getpgrp(0xffffffffffffffff)
ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000000)={[], 0x7f, 0x1f, 0x0, 0x4, 0x6e1, r6})
r7 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x140, 0x0)
close(r7)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r7, 0x84, 0x1e, &(0x7f00000000c0), &(0x7f0000000100)=0x4)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000140)={0x0, r7, 0xb, 0x1}, 0x14)

[  803.381267][ T7961] syz-executor4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0
[  803.405673][ T7961] CPU: 0 PID: 7961 Comm: syz-executor4 Not tainted 5.0.0-rc1-next-20190108 #7
[  803.414540][ T7961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  803.424590][ T7961] Call Trace:
[  803.427891][ T7961]  dump_stack+0x1db/0x2d0
[  803.432233][ T7961]  ? dump_stack_print_info.cold+0x20/0x20
[  803.437960][ T7961]  ? check_preemption_disabled+0x48/0x290
[  803.443714][ T7961]  dump_header+0x1e6/0x116c
[  803.448232][ T7961]  ? add_lock_to_list.isra.0+0x450/0x450
[  803.453870][ T7961]  ? perf_trace_lock+0x750/0x750
[  803.458814][ T7961]  ? print_usage_bug+0xd0/0xd0
[  803.463572][ T7961]  ? pagefault_out_of_memory+0x1a1/0x1a1
[  803.469207][ T7961]  ? ___ratelimit+0x37c/0x686
[  803.473893][ T7961]  ? mark_held_locks+0xb1/0x100
[  803.478752][ T7961]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  803.484571][ T7961]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  803.490382][ T7961]  ? lockdep_hardirqs_on+0x415/0x5d0
[  803.495672][ T7961]  ? trace_hardirqs_on+0xbd/0x310
[  803.500741][ T7961]  ? kasan_check_read+0x11/0x20
[  803.505592][ T7961]  ? ___ratelimit+0x37c/0x686
[  803.510269][ T7961]  ? trace_hardirqs_off_caller+0x300/0x300
[  803.516079][ T7961]  ? do_raw_spin_trylock+0x270/0x270
[  803.521565][ T7961]  ? trace_hardirqs_on_caller+0x310/0x310
[  803.527301][ T7961]  ? lock_acquire+0x1db/0x570
[  803.532015][ T7961]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  803.537855][ T7961]  ? ___ratelimit+0xac/0x686
[  803.542440][ T7961]  ? idr_get_free+0xee0/0xee0
[  803.547108][ T7961]  ? lockdep_hardirqs_on+0x415/0x5d0
[  803.552412][ T7961]  oom_kill_process.cold+0x10/0x9ca
[  803.557600][ T7961]  ? cgroup_procs_next+0x70/0x70
[  803.562554][ T7961]  ? _raw_spin_unlock_irq+0x5e/0x90
[  803.567759][ T7961]  ? oom_badness+0xa50/0xa50
[  803.572403][ T7961]  ? oom_evaluate_task+0x540/0x540
[  803.577533][ T7961]  ? mem_cgroup_iter_break+0x30/0x30
[  803.582835][ T7961]  ? mutex_trylock+0x2d0/0x2d0
[  803.587601][ T7961]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  803.593855][ T7961]  ? rcu_read_unlock_special+0x380/0x380
[  803.599520][ T7961]  out_of_memory+0x885/0x1420
[  803.604207][ T7961]  ? mem_cgroup_iter+0x4f4/0xf50
[  803.609152][ T7961]  ? oom_killer_disable+0x340/0x340
[  803.609173][ T7961]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[  803.609191][ T7961]  ? lock_acquire+0x1db/0x570
[  803.609219][ T7961]  mem_cgroup_out_of_memory+0x160/0x210
[  803.609240][ T7961]  ? do_raw_spin_unlock+0xa0/0x330
[  803.620219][ T7961]  ? memory_oom_group_write+0x160/0x160
[  803.620233][ T7961]  ? do_raw_spin_trylock+0x270/0x270
[  803.620260][ T7961]  ? _raw_spin_unlock+0x2d/0x50
[  803.620279][ T7961]  try_charge+0x1457/0x1d00
[  803.620307][ T7961]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  803.620341][ T7961]  ? find_held_lock+0x35/0x120
[  803.620358][ T7961]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[  803.620375][ T7961]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  803.620395][ T7961]  ? lock_downgrade+0xbe0/0xbe0
[  803.682751][ T7961]  ? kasan_check_read+0x11/0x20
[  803.687628][ T7961]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  803.693602][ T7961]  ? rcu_read_unlock_special+0x380/0x380
[  803.699238][ T7961]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[  803.704778][ T7961]  __memcg_kmem_charge_memcg+0x7c/0x130
[  803.710339][ T7961]  ? memcg_kmem_put_cache+0xb0/0xb0
[  803.715543][ T7961]  ? lock_release+0xc40/0xc40
[  803.720227][ T7961]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  803.726457][ T7961]  ? check_preemption_disabled+0x48/0x290
[  803.732187][ T7961]  __memcg_kmem_charge+0x136/0x300
[  803.737334][ T7961]  __alloc_pages_nodemask+0x7b8/0xdc0
[  803.742715][ T7961]  ? add_lock_to_list.isra.0+0x450/0x450
[  803.748364][ T7961]  ? __alloc_pages_slowpath+0x2c60/0x2c60
[  803.754079][ T7961]  ? copy_page_range+0x14a6/0x2730
[  803.759195][ T7961]  ? __lock_is_held+0xb6/0x140
[  803.763976][ T7961]  ? copy_page_range+0xa4a/0x2730
[  803.769011][ T7961]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  803.775265][ T7961]  alloc_pages_current+0x107/0x210
[  803.780363][ T7961]  pte_alloc_one+0x1b/0x1a0
[  803.784852][ T7961]  __pte_alloc+0x20/0x310
[  803.789193][ T7961]  copy_page_range+0x1844/0x2730
[  803.794135][ T7961]  ? save_stack+0x45/0xd0
[  803.798460][ T7961]  ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[  803.804301][ T7961]  ? pmd_alloc+0x180/0x180
[  803.808747][ T7961]  ? add_lock_to_list.isra.0+0x450/0x450
[  803.814395][ T7961]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  803.820650][ T7961]  ? copy_process+0x3668/0x8720
[  803.825505][ T7961]  ? find_held_lock+0x35/0x120
[  803.830275][ T7961]  ? copy_process+0x3668/0x8720
[  803.835140][ T7961]  ? lock_acquire+0x1db/0x570
[  803.839822][ T7961]  ? lock_downgrade+0xbe0/0xbe0
[  803.844685][ T7961]  ? kmem_cache_alloc+0x341/0x710
[  803.849720][ T7961]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  803.855485][ T7961]  ? vma_compute_subtree_gap+0x158/0x230
[  803.861133][ T7961]  ? __vma_link_rb+0x279/0x370
[  803.865907][ T7961]  copy_process+0x4291/0x8720
[  803.865962][ T7961]  ? __cleanup_sighand+0x70/0x70
[  803.866011][ T7961]  ? do_wp_page+0x7d7/0x1e80
17:48:36 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045004, &(0x7f0000000380)=0x2)
close(r0)

17:48:36 executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0x5, &(0x7f0000001600)=0x4, 0x4)
r1 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r1, 0x1261, 0x0)

[  803.866027][ T7961]  ? find_held_lock+0x35/0x120
[  803.866044][ T7961]  ? do_wp_page+0x7d7/0x1e80
[  803.866063][ T7961]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  803.866087][ T7961]  ? kasan_check_read+0x11/0x20
[  803.866107][ T7961]  ? do_raw_spin_trylock+0x270/0x270
[  803.875742][ T7961]  ? __lock_acquire+0x572/0x4a10
[  803.875766][ T7961]  ? finish_mkwrite_fault+0x4f0/0x4f0
[  803.875790][ T7961]  ? mark_held_locks+0x100/0x100
[  803.875809][ T7961]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  803.875825][ T7961]  ? check_preemption_disabled+0x48/0x290
[  803.875847][ T7961]  ? debug_smp_processor_id+0x1c/0x20
[  803.938746][ T7961]  ? add_lock_to_list.isra.0+0x450/0x450
[  803.944380][ T7961]  ? perf_trace_lock+0x750/0x750
[  803.949351][ T7961]  ? __handle_mm_fault+0x955/0x55a0
[  803.954596][ T7961]  ? __might_fault+0x12b/0x1e0
[  803.959397][ T7961]  ? find_held_lock+0x35/0x120
[  803.964167][ T7961]  ? __might_fault+0x12b/0x1e0
[  803.968961][ T7961]  ? lock_acquire+0x1db/0x570
[  803.973681][ T7961]  ? lock_downgrade+0xbe0/0xbe0
[  803.978553][ T7961]  ? lock_release+0xc40/0xc40
[  803.983253][ T7961]  ? trace_hardirqs_off_caller+0x300/0x300
[  803.989071][ T7961]  _do_fork+0x1a9/0x1170
[  803.993351][ T7961]  ? fork_idle+0x1d0/0x1d0
[  803.997775][ T7961]  ? kasan_check_read+0x11/0x20
[  804.002657][ T7961]  ? _copy_to_user+0xc9/0x120
[  804.007362][ T7961]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  804.013605][ T7961]  ? put_timespec64+0x115/0x1b0
[  804.018458][ T7961]  ? nsecs_to_jiffies+0x30/0x30
[  804.023373][ T7961]  ? do_syscall_64+0x8c/0x800
[  804.028059][ T7961]  ? do_syscall_64+0x8c/0x800
[  804.032742][ T7961]  ? lockdep_hardirqs_on+0x415/0x5d0
[  804.038033][ T7961]  ? trace_hardirqs_on+0xbd/0x310
[  804.043062][ T7961]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  804.043086][ T7961]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  804.055379][ T7961]  ? trace_hardirqs_off_caller+0x300/0x300
[  804.061214][ T7961]  __x64_sys_clone+0xbf/0x150
[  804.061236][ T7961]  do_syscall_64+0x1a3/0x800
[  804.061255][ T7961]  ? syscall_return_slowpath+0x5f0/0x5f0
[  804.061275][ T7961]  ? prepare_exit_to_usermode+0x232/0x3b0
[  804.081840][ T7961]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  804.087404][ T7961]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  804.087418][ T7961] RIP: 0033:0x45649a
[  804.087434][ T7961] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00
[  804.087449][ T7961] RSP: 002b:00007ffcc2973600 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[  804.097228][ T7961] RAX: ffffffffffffffda RBX: 00007ffcc2973600 RCX: 000000000045649a
[  804.133218][ T7961] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[  804.141192][ T7961] RBP: 00007ffcc2973640 R08: 0000000000000001 R09: 0000000001f21940
[  804.149162][ T7961] R10: 0000000001f21c10 R11: 0000000000000246 R12: 0000000000000001
[  804.157129][ T7961] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000004
[  804.192232][ T7961] memory: usage 307200kB, limit 307200kB, failcnt 3279
[  804.199371][ T7961] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  804.207072][ T7961] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
17:48:36 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045002, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:48:36 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045006, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:48:36 executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0xaa6, 0x4c6442)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x9)

17:48:36 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000, 0x0, 0xffffff7f]}}, 0x1c)

[  804.222465][ T7961] Memory cgroup stats for /syz4: cache:120KB rss:216440KB rss_huge:169984KB shmem:168KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:16KB active_anon:216580KB inactive_file:0KB active_file:0KB unevictable:0KB
[  804.245874][ T7961] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor4,pid=20988,uid=0
17:48:36 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)

17:48:37 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0xffffff7f]}}, 0x1c)

[  804.309501][ T7961] Memory cgroup out of memory: Kill process 20988 (syz-executor4) score 1106 or sacrifice child
[  804.328606][ T7961] Killed process 20988 (syz-executor4) total-vm:70532kB, anon-rss:2196kB, file-rss:33736kB, shmem-rss:0kB
17:48:37 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
write(r1, &(0x7f0000000040)="4448ddae543f8582c997ce29bbb655c9a473179dd565a35d7953cc31a4882f3ac6fbac38d8d3320d23982f891aa9fa5c7508cfc71fb29185439f1bd298af6d5a8f7f5d3141ce45629ca0063bbcf9912c88d70487496dbdc196bc", 0x5a)

17:48:37 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00000000000000]}, 0x2c8)

17:48:37 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:37 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x2)
close(r0)

17:48:37 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00')
setsockopt$RDS_GET_MR(r1, 0x114, 0x2, &(0x7f0000000140)={{&(0x7f0000000040)=""/146, 0x92}, &(0x7f0000000100), 0x60}, 0x20)

17:48:37 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:37 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045003, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:48:37 executing program 0:
r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x101000, 0x0)
r1 = accept4$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000080)=0x14, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f00000000c0)={0x20000000})
sendmsg$alg(r0, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000100)="17f53617923f280abb86b55064057fa7b14428ae83102d077db83566", 0x1c}, {&(0x7f0000000140)="f67c5165359c49638a300b4c69a0c1045bd66cee0577e97472d9d0556f125f685f799b7f1cb7400522c07d1b7978c5b06bb9d1ec1c6b8443f6", 0x39}, {&(0x7f0000000400)="3e1bcf7900ed1380a8bc6aeff41d2c392ca81f278503ff4a32838fd87e34c34d246038b08ca563c97c97f5e36cd89af7b75e2be198e512b7d3cc5537b0966e97b19a830da06067cf61f08a8ab3b4ffda70f15e902682c0c773633a4e2e946a34886455dbcd827f6b51773bbe94096f8c4a2c80ba9599216839ffdd3e1f93b9299f742a6f1ac4ae96b6fbc928c10ee65ab28f250dc6f21333c2685e0bcef2fb14695359aa0de030491e9991d2ff08c7cf4263757c5ea78939ff5bbf93f91b8821272eeb1abecbe1c69f89f89f8197e8a56898ecee1ed99b3900f0ffba97b8ed4ef1d38fb47156e4b787afdef76f776ac6393162f047194cc7f0931df88ab33d98453882ffbf0c2183d6a95a251ade48cd1a768b738bbce7bf89558ebac090fd1514c439bab4daadcc22537512259f657810780b88853b6ba5b6bae74f27b4b5494cf7e4adaa2fb33c7289221edc23ad0b6d163de187f42c9873ea20c450af6037b343246cb4beb249e11d5e96c4366431543bf6da1f6d9e520301e5954e1367a0cd1972e35735a05c2433910ac6f69740730c32eb06d765c6593e53be728b9314707e71ea6b9f66beaaf4fb370c2737c200a32d4ea0bae45045c7fea030a37b53add12099cf9d72b6680c389aabda785ab3a3d13ecf11a109eab61672ae63c8ef69571f3140724920122731854cc0afebbda3b30857954003300020d8c264f0adb5b39c7e083d50645930bc27b411688efd4ab729b00434cf07e7d761a2d213ae577caf81efdc221d5cd2b919ebcbdc66b5d5c9959020c8b3430bc8e8ecf6f5d48a6fe06a0220ba885df6bf0a0fa5d02ec211a850677b1bd0a7f7cd187da331ec273d903ece9a74d454ded914e27de88de0d26aaa6fb309e4cc71f5dccb888489928deb827f83361aeaf9e5516de80a1ffff9fa0ac869ed7329796a41a0358e49dbf719d24c6da6c7b6e4c9067271650406ce0f986c2b67da22e54329cc765cc027557efbd0202535c7808593aa9f30c6802d8bb533f005acb6464b582d640317cedd13ec037ea85805b3ded78095be7a7f8e64e52453a50c897032007748d4183f174dc0e888de5e9dc2d21fe18a3333112b30fa26917650c018c4b5433c3390bce96576f492cbd359ff8658f98a787c47446ace5b8b15230d5b8d51d1d819ce39448a3aec74d850622203376056bc2f06ec5f28844fe8ab1b7bef4abd4d3e15674410675c88fff279021ce8f7c5714b62b2b01bfab55afd2ae39999a4df92fc51198c1f841c802b3842831b7b310094019d1571beea28edd4d1480d0623325716e3a6a43a7ca660fd4b9847654e40fb6018d8a1c678061ab1d6a91ab5d2a918482a3bc3571e7549f7807c076031a8b0fb1d309e686e722937ad15d3a61140fddff311e2ead34d2ae04750124ec4a4772300c919c3684402975872506214a92ef8f178d0858b12500084a83f27af0bd5bb6d65ed7bccd823269c6303c35ddee10431c5ff989948df5df9b26f8fbb96e6338e273488969bb58a6f7135bbc17ae1d36775ab40a5ab284a3ee0da1180c4d771ec4ce2cf2c78095082fbc69c510472e2a26b6766d4b341dcd8a3a35c26dc3c601f6ec16b915807da5063bfbb0b74c8c71234a0f81cd2b6d0e4fc8464814648d21bae1d3f4dcfc437002b6f1170058b03e1081891797386e493dc58b3d652f468be340d20554d4e57ca6415ea973b6838f056a63b3b4d5bf98aea8b979e6089ebb3d4aa77600342baed5d4790e4ba3b3de7a0af219f885c221cfe83bcb1313ff6dafdd94cd84776a44b89f147dc0e7f6e3dd215876a2ffae6615fe4c2c718affd0889e5fced65343543ae74b5836f322b3a68350da002a0a4ac2f0da3f3235e0f90e6f8f09d46fe26a851dfd493d365c4467a2bb231efa0696847f2ca793bfa70384d9afee6b135987d3e5822e69903eebfad356aad8b16cb23a2dd50d084159d139d92f9dc25745aa08de6e08fb69825c59562533764b10761a95c4a3387bc0c32e08f2c0e3fe0125d35cd5d7e4f7f8d5c559a92189d32e63a388bc6ce9f0c77620a8d677a248f01d3dd99a6f1ecb939782690961f48c65074b25bda5ce29d1ae90c515c9638783e92238f6b2a9bb2a378d258c7f78c3c853d08d9789078bbd953585e9a4a8d5d2e6b2905a6ef0847239d7e3856f33844c23c92ee4088d86e9846de998e8e84e0d0907b15b76be060d938cbe10472365db5b14b0ea55e346b505bd9d1a480ca394db97fd61fe3f103512073d1cc3ec7264576ba9fa4790af6658d603e93f63387f8dbb9a90673a834ebe808d3251137b2b940bc66072dbc557054ac280243d1b1b22e26653a2eb189476313352b41bc826d0d101da27675ea274df91ef9eeecee217996641dc5155b2382dd2135d8368a1ff338474e2155c16cda3e25c60b21eeb4e200d4ddca4082afe3ca70611abb0067a47739c0822e4cd8a73a9221ee262217b3346d664f24aab04f89046d2f4c085c3a178811b1726dcd519512a696bbc33cb0ad1a4a7e1b7c9de16bead70dd171f00ac4dcdbf8e4710557ab9f8ea3418f0f26517d867bf0105eefed1ad4dbe97e6bbb1b13b317f5cc13aee3424208b4f14a12f9dbf3609a7252f00bfa712dddec554c3d3c885023e7dd4ffac0a913b56c71cf68017cb2f9793438a3e8a8c3f11ae857bf7c711e23a53c75ce05c08b466cf667b572e97660e790d98abac904e4755de13cc9595e8dc01a2d5b03d37140e22abeece4b175db3931a279ac4fe98f5657696b60de58bf8593711ddc08e70dce075d4b5a2ee82444801a0fa9d35121ec1256bf51a461e0de954c76c44d878f16a1f58b57c9761a54126e0a8dc986a02d83c0107fa1ed0b31dd91deb512ad0f5f6692077407603100ca22ec282a43c8a2fe743c74e8ea8b93dfa76ed264fc9cd245cea46acec8b21dea2be841bed66a9104c1812cd968190bf96b404ab00d5427108f4b873e4fc99844e506aa3ace443a2f53eb726c6b1b73c5aa4fa545fe8a0b587f51e32b909747855c8750b3e15777a803bea889542192bf12d131762da3c2aa646d77e8527efddd0756d277f7e8fb1e41765bd01de1b04369ab2e3a933e322fddb85bad4a61dee08dff27429b978659e55e915ebb6c41c792e00ca383708731111271d4868caa6e9c4443ed3f99c60fc3c35288ea3d95982d4211eda403d31b38bcfa7f56eb2741a882a1060a09fc23b1132ece3e6042a20c8d047cb675c2a619252d44b6492fb4bab3148d49372f529eda56955d229dda0947b3334b327d84fe49193f296c3a77a917d0ed20fc0477bc0864ecfc148ac524be0930e5f98245392fe87cfd13c95a8370ae79fd15b16128175c38b1bd96eadaf7ad41f59181ebdc6d35f188e8b854319426b316707b161c5b2ddc0f029d9f30fb15f4f471679dfa8044247a658081ad2da60d60ab0f7ec678208edd1e92abc04a98db2ce8330e181d69bb6a8f33a14e641c5b187f947f6c1940acd0313f2edb4da93af7070955c1e6db445734a0796b7a89d0949e59dff18e8490f72bc8203ca104ce34ac8f2ec535adc8e9d1ce6f22e70b16d11a60b5580215580c1606559dac551346ec33bb1096c4a4aa7891e41bb8dced0b0ccc2b127a0386033bdda0d196bbfb9b173e8c9df9083ebaa1a2b7e9b31a05543844d4444fee7b1f080287ed6e65577d369ef90314d1db075127f9cfb28790d1137c4355b8d0d5882ff05b3939835b895c7c43699c1fbd69b187b9d60222f109978ff62751561f7c1cc75fc304f92250e9b54abb862af58e2decc98772baec5e8676291f2659ad3d865febc2f7ddb36187bc9ec94db67058766277b26b84671f661786fa8b8ad5d7de55def0f4aa1be624d813d05045d14318b79bb62b018b926faf0c136a703065e9f4b34b9cf1b6745749bd4c6976d70ff509d0770f18fcb72fcbd1a42106cbaa9a14381a51229e55044a3d6eb3af5fbaebf79355c4eff0abcc46181aa2f47f10eb3f24c4285c605d933ede3e844e8912aea979e51484fa9561270250ef81f27c503ad0fafba0bf0828547d903ecf44674749ab098f746f6079594f0c31e2103c49f33386d32e3d0593ba966883fc861fb7e4ab0e4dc7cc93b8ae1b1ec0327ce0078b91018a356d23871b8e3f4190808cb694717794f2191f546172522072270a19f2108791a39fe5e1ccaf5807a357c007e0e35b7071dac913e9e4b62686672def603d6f5fac79f8a151f4f42f7c13bd8f32877317a7c08b613bf46ffe2c54d3e1b7e796cc1ff6fdfa0caa8c578eeb96e56ba1e0f1aa526283d50f356df854f5a1a0ca1b10ea45e4ea3ee3ee0ddd715bde3b639d37ad3b1ee983b657ae5f7f91f91ad2e1feffe7f8b42108fff5e64cb4b164aa9f4ef8f0ffb673306cc21446b5dbcee61be9e3b8a62490ed37feb86bc34bbf5cb8051271d969deac7fa597db5b6d9ce7585fa3ba5b94356ae6d0d68c88ce2d0feb63c13a4ad2becc116b09ffc2fc58b542c94962e4d1454c1426ffed1d83bf75441c8f8aa6685b5fde2dbcaf888f3e81dfdcec6f4fbd4e648624fb7a783112c2c20e2174b36224226829dd2b87b1621a1cdfccfb3745575381d5e4f019b5a9373f9150b611889779454b4ff82f84eff68c6c3af7aa41acf67b9af4ba82bfab3e5a51b87e7d73232bd0e605cc71f5d12e99bea50cd91e219f5decdd50ca58195335a0770aabfc71386e78e2b44fb1bc2c574752935ff7fc54079c80a3984894d0fee38a9256a7c1357270264c36a965b04790056c474874bf99e399233bbeac46f534e59be871f5340e3eca6205d883d9aedba4677623a74c602e0551c75201f1ab48504e86a1ad4f0cdb50e778c8f2f23747c31fcd88b0fc5060f51cae6b753dcac6c3dec30bd3963b96187b3d5853b971e4dc98b2fbe5eb9ead7124f6d23b4811534c4de9a90d5a96693537c36c649896f14c26086df98ca564b0fce36b5c7067e3ab5fb4e6617513b451c5f7a446aac175ff743d2c16d7bad6cbdcafc3f5678b7f85594c0bb3ff16eec1fed475d032d0fef09e5f49237b33743dc5d351d92d9f0b996e1fc203d8c5e3540b402b9588b2e11a6fabfdf06568ea8b9f4482392f43ff08ddf59aeb6c5233f153854f302b9c1ed9878c63514e8d015bbc31a24b45a1f2e367ef1d57aa2d91378fc4dc89c856e079ca852655e441ebaf2541403c20105b16c350f9dafefbbfae964be125e2f0ab2f4803a8aaad45f2280598dd7391402f38c2d640b81dbf65a6aaf87d519127ae7f6a0354f80b95f401dcc7fcb50bbf8356b60191a764913589cd9193b993a7b40da7e11e13f42b6cf6be05f07b50fc582c96f8c63a0af8ae6472f83b209e39b1458f31fa32759b12a16f48b61a8ac751ffa6dc988cf4057785536bee45d54477efd5179a703a2312683a30e6389341f172a400846b8ba5109fc476356bf50c6b06d0b4761685adaad46dc0e963d41a03972bf7427636b0b7e3bb243378c59c7df7b31ea191670646ee7313308e8b7c559d56fbaf8e223492cdcdb203d0e40446ffbc8611bcb5960ae202e7dd2fbe69cdea25c6f75fc45c249ffed7fd6c936863ef75ba4d4de19a7b6346dedfb224c67a3d85f0c5dd1c1d6b3e5eaefd8dbb22469c800b4a0051005988e269a4c347c50d4968dcf88807495f5706b54ad663e663ebccdaa8de079397875120928565dcf80394498f6e1fcf7c536e86f8e3b298c077fa1ea9c38b6aeeca12de6d79eb65fd8f099b05906d0bb48edec79c708b6fa3e9b2a1c2842ba2769b7c25a736", 0x1000}, {&(0x7f0000000180)="c4d87e25f507a3594a2ba7957fcf848e187a12fa1110f0550c822fd3a6d3d9b7cbbbb615ec2939ff6fcc12069425491a77d5580e1a310c7b94937f1a9b034421d743bed2a0a755c845c2e9e3635e896df3fda01f2bc1977157a01f8b306fef9db51f7f8ae98299eb16222e7d66e2a0833d9622b75cc7aee8c4e480102db0927041e410a6baa0158bcfe8960f0b4e439f", 0x90}, {&(0x7f0000000240)="42136a1e79287000fa432eae05ad8c9d62f42de337e84cbff26d1a273fd7cf8f31dccaf2f8849847f16be6befd273cc6b4a7d9c7422dd232457576100b40063cf33cb312f882ec4bfa8924e2d1834d3bd7c683f01199c29030ffa09ae468935d941026620d9155da7ca72f0fc559eb43492716612b442c10de3bde0a3538a6f7921920739917501c22e67b27b02410414d040abf54c804be5071e0851f46fdb5e88a873cda6eb7822c915b7649c0546de5021fa992ce0081c4efdf7b33f7eedd2f0cc4babd0276a92176a450fc11f4810cabd0d13636ced68b813cdaf66d6996950f972c6d59d60c", 0xe8}, {&(0x7f0000001400)="e538af35d999ed0d7f92a3e817f9d6ca2e89235f86a10dc0e704ffe219249a87a4e0f6fd7a776547fceb46da73d0de4775adc1349d59188b38c53ad02aeeb0d6e812649ec6eef539ee92f75b96b485d34aad72e18a149641552b890cb2e46a3bf14e9131cb19105a1f505630ead8b5ab6a7e528e983b29c7dc79f302675377c5ae", 0x81}], 0x6, &(0x7f00000014c0)=[@assoc={0x18, 0x117, 0x4, 0x77b1}, @op={0x18}, @iv={0x38, 0x117, 0x2, 0x21, "50baade87d64bf964317d60dc9823566b1e99dc7079e4800d57f3b9eab43ba05d8"}, @op={0x18}], 0x80, 0x1}, 0x40800)
r2 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r2, 0x4c09, 0xffff)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)

17:48:37 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:37 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000]}, 0x2c8)

17:48:37 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045007, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:48:37 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0xffffff7f]}}, 0x1c)

[  804.956510][T10012] Unknown ioctl 4705
[  804.976288][T10012] Unknown ioctl 4705
17:48:37 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10)
setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4)
connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e21, @loopback}, 0xb)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000380)='vcan0\x00\x00\x00\x16\xed,\r\x00', 0x10)
sendmsg$TIPC_CMD_GET_NETID(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x1c}, 0x1c}}, 0x0)
sendto$inet(r1, &(0x7f000000c500)="df", 0x1, 0x4200110, 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)

17:48:37 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x2c8)

17:48:37 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000120, 0x0, 0xffffff7f]}}, 0x1c)

17:48:37 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045006, &(0x7f0000000380)=0x2)
close(r0)

17:48:37 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
r1 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000400)='/dev/vfio/vfio\x00', 0x3614c2, 0x0)
ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f0000000440)={{0x7, 0xfffffffffffffc39, 0x5, 0x4}, 'syz0\x00', 0x22})
r2 = syz_open_dev$media(&(0x7f00000000c0)='/dev/media#\x00', 0xffff, 0x42)
getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000100)={{{@in=@initdev, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{}, 0x0, @in6=@remote}}, &(0x7f0000000200)=0xe8)
fstat(r0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0})
mount$fuseblk(&(0x7f0000000000)='/dev/loop0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='fuseblk\x00', 0x80000, &(0x7f00000002c0)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@default_permissions='default_permissions'}, {@max_read={'max_read', 0x3d, 0x3}}, {@allow_other='allow_other'}, {@allow_other='allow_other'}, {@default_permissions='default_permissions'}], [{@subj_role={'subj_role', 0x3d, 'wlan1*/'}}]}})

17:48:37 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:38 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045004, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:48:38 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:38 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x800, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x3)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2f, 0x4, 0x0, {0x3, 0xffffffffffffe04d, 0x7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x2f)

17:48:38 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x2c8)

17:48:38 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:48:38 executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x2000, 0x0)
ioctl$TIOCSTI(r1, 0x5412, 0x3)

17:48:38 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20010010, 0x0, 0xffffff7f]}}, 0x1c)

17:48:38 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:38 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x2c8)

17:48:38 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045007, &(0x7f0000000380)=0x2)
close(r0)

17:48:38 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0xfffffffffffffffe)
r1 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2)
ioctl$sock_ifreq(r1, 0x8933, &(0x7f0000000080)={'sit0\x00', @ifru_settings={0x8, 0x7ff, @raw_hdlc=&(0x7f0000000040)={0x6, 0x5}}})
fcntl$notify(r0, 0x402, 0x1)

17:48:38 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:38 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:48:38 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5]}, 0x2c8)

17:48:38 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:38 executing program 0:
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x0, 0x1)
vmsplice(r0, &(0x7f0000000180)=[{&(0x7f0000000000)="821f43313437c69b8e71428e93a167eb182395059cb0cc062d43b545d88ed0f093f1d9267f1a1a21352809757d11724ca84a0919a2d13895f1a1a5ab55b268247aca6ca29f204966e80ebddee24cfe9cc16c7f7c504486e76d9414", 0x5b}, {&(0x7f0000000400)="b448e01f86cd391438509e2c4e7d8f36a34c8421434764437494b34b4e3686b9088b346d116cf172b713c145928ab6c2578cdf61fbf8b75a4e3e31b616f96c34172a1b6aba17917252d39c06a271dfb6579a33be4a629565579454aff2ea3af9a31ca5ad63a045c7dd3ba8af506efb8ee1bdc86dfdeca9b99c4cbb5e030a01b85b59087e48ef09070a36ae98fa38533b962b7bf2bf639ce9eb55c4df4f41d4c1777612e59716b4a4583b0194b03cad1496119f76ea3dba485de99e416f5d7a986e4a1d406df88ec977b4cdaac6d93b706c670d382bd5dfd3a78087d968d85aa7deb40a2f26bb90f0b9a1e38273f6067b5bef7a9e8011c55297c1d2ac73d4226ddf812405212b4a7458a5032ac8c249f0bb2ebcbfa2b5a180d68f7bcc33b22ea741933e128b4f462909278888b8ee3a0d6de5029c1e9fbffcc4114bccdd311671f9b0741b5c14f59215fee865c26a1c83491da08d847ef8b026a56b6e2b5ac19da23db5b44614e327b14e6bc687c8a680a12a92b81a1c4412e871eea3d2183454da216805776fbd832bbb1e9df42958a99d5f613572f23a3e5b1002a03c11e4aab54f9c6e8f9b538acc630cd73c33bb0e64de831cef933ab9f915d46f90de2209c611fee6885eca125c04d191d3e8ac5e8d195b5c2b70191a6ce7be0acb99f842fdcb0ad5af3708cef50a716eb9839eac3b408cd84d2eda6015ac9a83952a800fd7de0ebdcfb4488bed2533143b06768a58f8a5b90abddc167b86e8b970a0511ae14e2095e522d0bba20bb88541b0c3a1f3e9dd472b2d217fbefac92e340ea0a331e7af6e3fbdc00962ad2008abbf7e150dbb1cf397ad587c7a8292fdd4c00dd0cb293c265bbd933001c5d1baebba9065ea275ff9fbaa5757bc659abafc0e82af0cd597a4250c8efb26a9b7802e89db8ce0ba8264fe2ec90bc15c723597615e6fd3b9c91b4c03658c12f817a5111bc83c45e80de7d12500aa1f2012fec2762d5e2b0a8ce6bc355b18f5a1c524de8c6c04c78e7ffcd33217665e1763d49bd5a007b89597a44c357723501b80b8421ed58f6e78bec9394b20f424b9eac0b08d4415234e2623ef02d3339c17414bc0433f16217754f9fb89fda6748c67a371b69ee4d4763812b2988754cb4830af92ab11bd81ef874b6bc4f5783b2ae4205e9b58a156fe190402bb1eda20a17c3c253a8afc92ac862f80040f57cb345993ddce2c5d9632c03e1fe221b1217dad5bbf1db1c8fe88e9dfdcfc3d69c07c91056c1a61d2f82839ea4842d4607f44ed52a8371bf0940e72b544e508530d727594b245fad53c55d5df79f4c1de09aac1349fb4e4a78d73474d9945b48c317e6742ffd3b96a7afa9d53fbb44db1f98be69ac768f7ce88bec3a6020048438ae345983d12e047253094f66c90b542227db558fef47f3e6719cb09978674d33453bbbcca27c98bde0ae74d658cd6ec57309126f46c9ca9f3a66b15b72abccc487087d229e34c06281f5edd57c59c59aa461d3b8b1d152bfd30d36482cbb3f33c8a52fb488bed0e898cc536827393eb82ac999ea4fc4894e2e2d76632dd1c3387bb251167a54a62dba16955e4c990fc7dff49959a535885563bebcbfbfcf89d370a371dfc103893171e1dce01adb7e0757902d3b62fbb55bbd67065176ac2925a4973226149db4dd8437db17204ef6a002d7b2153305a089059496d8cd1703b619ca795f4ac84b0d0ca9aa20b2c76b651033852fc9038a492d9f499fe520c09179346e3a84a1704a32062e9b291fc6eec41647321189ec101a7949225359c779e94b24db95c6453f73135180dfc1286cc4bf8cdd892640f73ebf2b8736537f60d6a2f539d21cbc7b4808d274a1243b16d0e95655e96e71494a71c310f6f2cfa710d1ab9112c25cdc194d41f99faef030fbc42951a1e1a5b874755ff82a368b7a46d6d492be8116be30805c7690610b84bc806e555a7bb6bd92f9b65dfe26f0488e4a2ba4c38382dfb8e4e9e648250c4e567b9c9c80dceba829f6a8893f625f30a599a606e0fd01154d4da73203544e234d785985cec466ef95e73fdb6825cba9f5ac158ef808ef03a5197694fae8291b90ef866b3a6758338b9a9779e48963732e309a46d5e6231cdccc33ddbd2b38c4e04e6ee1ac43aab1215d6a7cfbae509e062d516b81ceddb16d6860d86e614a62160c952019d03f1c73e7fcf5dc1884404338ef7a191fdde0a113fed6dc0173181f404f7bb94f05386782690289255cd94b2a6d2783edd0c44299e88c2c4b24f78276519ad916b8ce78c9e6ba60dce2356cb780dbce4a9f8666e95ba8c5890bfe8369362b6c79205114e1dbcf225d35929d29a30c8a2ade48b380cf32b7b3b1a4ba6202ed86164355dcef2d06917768c4e38630254b61c574648d6edfc27e1a8a0a3f73e5db7a3b2f42c3b0d503c69cb9e5ae9ed3da74e211063b358c7467ed9b9e8f05bac4805e42c261c9365474cba9cf02bf477ec398ca25688aa2556290bb035b6bfd329b41e083d31daa79d650ed5c1274838f61212ef8fc748acbe25e5365c83294712257d345f4313dff7217642c8f6befe854ed4bb62e18afcd477d9483c868b87d9358fb7feaa3d407ac92ec5c7d7ac41d3999374e962d8222501410ef926c8ea16ffdeb3d9bcc3be5e3b51e32a741f7511e462be1ca4ab67b9949b6f4e9851a020f41de459270820c44e9d2a178a3084818f46859f7667ce35d74167be38f8c6b0b6428ba76a1c625776ad276560315afd2e26ca32ee8ccb581a864891cd7d216f12a39e9c47589064df86150eec23276f2286bbf9f3a51461f5b493a4403e94f9122850abc9933a364b07be5ca23c94e47500737ac48016b50c312155baf40245a6bb2c0cde1ca14a4933654a9525cea43b09f3e2b15210eb809ae65b5a84347f640b70628d7dcb0878c440f8b472a9d60360ceccc893c26289db843a2fa9647409868e64da7fd3920baabd51e0f3e9ea0b025c7a3b8510f4061833acb6f2717b7eaba94a903193072ee2a3e410dfe5d8f116b53ae743a9d3055db1ad7c75bd7903aca13dec026df0fe98cefd4639e29dfefe2e234794c938f5d0912e0e45c574d415bfac2f9ffa24026cf40d90b037a3bcfb6b2a302ce014a6eed48d7f0dc2c68a15b2689e949a997c7151c19e8a62cb6879123357d3b12124c7bca871a2eab97434d5d8b6e5cbe7ba1e872ed409e042dd9d615d9ef40e765096aede8a7b9df919d3cf654a2e978d425a6a85580fab1e9ced0402f9db4382f2ead65d89f2dc72572f352ff0028e79b61ef4d048972b83a0746f24ba54c44ae232ac305360bbaeba2f87eb5f2edb0e1c25ccb02fa6969d01abdc160fffd5fc9ebcdf7411b41d9e0813408d55e2237602dbd95bf5efe8838e6d3b70933cefb9ec653e270d57f10a562676f94ec73acb494825a76b7bfb0b4dbf0e82c7e8d6e5ca46d55588ce13182db5fdd961870e9366bb9869da50195e0849fe218551c4fb6611651ad67bc737826fd527edee8b1c668a1949adf51fa72949325714064e2e34ebbfea123eaa56e84cd2393c789800bf4edf47d9f5247a00fad34b40851aa32922dcc0279ab997846945cb79004c842378fc0e0fe579cc1fe406bdf21687b1138beb3703797fbec23b894c5b8a40220908f9c380b061fff9122929d40463842e4ac3350fdd913dabf11f38b7f58b0f52a18e4f6ce74431af2da94c6b76e4e7403e7a86a531ec3c592db7bb33b0491f2f03077599e05858a7fcf6f1df66cea411e93733df296e4c8fffd0c8ee5e44687d2d5df29ab62df46b25f23f8c1029c3a7cd835551cfef0491db23e9029b7be28f8798b64972b81e1b8930395f727c15ab9a684f5b4ccc970ab1938e521858f2dd0af675f9bb54b94d37aabc6a97c19079173795be6a6e2353ca861e5a81f64cc703e90623f5dca955177019ce05b08ed1517ced8c9e6af88fbfa603ea3baa1d0f1d306d705e3e7592ef9375f75a15f372f8067b1cd2ab03e1d24da4528cb00322644d8ac16544e737d46fe1200cab64eac6b16a666b69d633ceebdf0fa0ec1ea2b579983eef1f6fdb0c4fbd2dc66bdca6007f19ca0ae15e047e93f47a03032641aac3d396514f892a5d2fb19776333c09066090677652af87dd2be6f36edf85c306b980cb0aad0fc1fe238b1db3a8279b295db1535565e824f210526d671f46e8737eb2fce76df0b06ef233e8d897199e6ffba96a6610c1325c17861c82e97ff084f55d3f43cf5a05452226cb42d145571c3103cdebc6aadfc330f984a5630ad89fbfa211ba75bce2624d4e073067c0939d5872d4370d095f52f0d2a1dd98174969ba573ea5fd72428ee02b54ae36102f753806e93895c0e56817806382777b7e8c41b3703c79d44d142a61aaa0bbe4efe24e60c96cbc2d330a0eab59b80d6ab3c90d8a5f8ae569d107192b652a4315407f75a033f787a4d820d8c8be794a8e55a20f8ffe43d600430b3b860a02b516b12de2c64c150f11c4b4aa8b3bd7993c4402c9e140c9754bc1b00600ea57f20ecf863bc85d5d485901e037db80a8c2fac82a78c99998861415cd3e7cc8514e5f8463fa23e3e824c61e672a25e432f7c61da5e49489c2beb8bd284ef6ecea27fa6827b8d487ad905e59d60e108510ab4f72b50ecbbafae031cfd202bc09ae680ad85bf4117201bf0798064b50e98213f6472b53a2e48c5629938f8c4f451df243b1b2b915a40a3d0723d51d3344ada1141a25ea31c23df1e2f88f2481182412f193b522ff1edf5fcc9fd33284e3a1ec83e8d9e87255a6161145a424dcb10946debb30b79a29ca837529770a04670f47533270ece6ff716c1a936b95cf23d36dbd865b1e2c62aa47b7d390b08d12ba05d87bfeb8a42c91fc47e63395ca98e63b8302f56d304ca9a0a819ac9015a0d77595c3491e79b87dcc2466509e64a1eb8569fb484343d37af78b92a9c1b97fcc7790094836907533714e244e19c19c176e01cd7e354c0bdb724595e90e4265cb6fea0122a884df34bd515c7d612bc32e374778d06662201fe30424df246f2428f4517d560df1f9dff26f758a393428819cb16642d5bd08f54e8885aa16a8d22e9de3c8a70ff8597364424c46fce87616f3f9314b29b81d89e7d1a62888a9267b2fea90525833ba939b422fed223ab54a617f20414bbda963b075643576c5b94a2190487588f540263cc50309a35eb29e2077c86a77d51f94325282abecf9519a4feb49c70f8e68db7e94ccfdf25a2ece9ff5baca5e8211e8be3051f4dfef82a551ef4c0f80cdba311371b032d8f53fe4ecb61439e951713f21a4443e195cdeec7ada0b0bd84286aa7a3a96ce2fccbb34e229beec0f83a684453502ced954983554b304965f7516802734f69be9f99958da3f713cea05e1288dbe329459e2d48629ff71f19afffaa734f9d2635bedc1728879b4777af1d91da610d7a0b01d661f48ba574bd75e80c6ad0bb0d3a10292fa29050a817b97a6ead1be195a5681f8216566af3f17e4b3fdbbb6a4a8e592578f8507458564cb35799a33487b3d0bbdc841a9ab73e3304aff8c4305f085bbe3ab8dd242018b2cff7d2e609b213de80c54b33a9cb39c3a1311772be2a72c041e648be2a16bc72d6dc8a81e68fe81d5fc1b5188cea33cb42827fa03d476d091f9c9830c2003aaa9973ea73ce9ba363f0587371f270120e9c3de5ab510da0d3d304ca9013529373aecce614eca465b4287c10c5e2877903b14a3cb2b699898713bd4b856a971c6ab1fb62940e086b18ad00fed9d8890b6a383ad4cf40fd0", 0x1000}, {&(0x7f0000000080)="59ef2448b4356d79f232c6a2931ddbb9390391c1eb08ef244a6cca5ef0614c35d52115388d98e33af20c43f5be1506ce01e52a27b2055bcc633b2e3c7a861ab03068de3615a238049601df96c91809bb4ce0025e53765dab27e910be82af668d5a7aa7ec8030ec26988712ed1b9858ea808e567952f9e49f64c07aa6970ab3ff004de486c66bb9c3fae21d536a5053804d4e1c35fa9f82c1090ad70b8a39361f5d9b71c91a61e618d89d5e394b3c8adb1a59cc82a8f8ead0d403ab468d19e9de25feff899fd73f7df630dc60fdd4", 0xce}], 0x3, 0x9)
r1 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r1, 0x1261, 0x0)

17:48:38 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:48:39 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0xffffffffffffffff, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x2902, 0x0)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000040)={0x100000, 0x119000})
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x8b)
openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm-monitor\x00', 0x1, 0x0)

17:48:39 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:39 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6]}, 0x2c8)

17:48:39 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cachefiles\x00', 0x8000, 0x0)
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffff9c, 0x84, 0x22, &(0x7f0000000040)={0x5, 0x205, 0x4, 0x0, <r2=>0x0}, &(0x7f0000000080)=0x10)
getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f00000000c0)={r2, 0x6f17}, &(0x7f0000000100)=0x8)

17:48:39 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000380)=0x2)
close(r0)

17:48:39 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:39 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, 0x2c8)

17:48:39 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045006, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:48:39 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$BLKALIGNOFF(r0, 0x127a, &(0x7f0000000000))
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x2000000)
uselib(&(0x7f0000000040)='./file0\x00')

17:48:39 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:39 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}, 0x2c8)

17:48:39 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c004500b, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:48:39 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
r1 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0xf6, 0x40082)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100)='IPVS\x00')
sendmsg$IPVS_CMD_SET_SERVICE(r1, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x38, r2, 0x120, 0x70bd29, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_SERVICE={0x24, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x2f}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0xa}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x10}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
inotify_add_watch(r3, &(0x7f0000000040)='./file0\x00', 0x800)
geteuid()

17:48:39 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x78000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:39 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9]}, 0x2c8)

17:48:39 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80040200, 0x0, 0xffffff7f]}}, 0x1c)

[  807.270166][T10185] syz-executor4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000
[  807.317083][T10185] CPU: 1 PID: 10185 Comm: syz-executor4 Not tainted 5.0.0-rc1-next-20190108 #7
[  807.326038][T10185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  807.336112][T10185] Call Trace:
[  807.339409][T10185]  dump_stack+0x1db/0x2d0
[  807.339432][T10185]  ? dump_stack_print_info.cold+0x20/0x20
[  807.339447][T10185]  ? check_preemption_disabled+0x48/0x290
[  807.339478][T10185]  dump_header+0x1e6/0x116c
[  807.349499][T10185]  ? add_lock_to_list.isra.0+0x450/0x450
[  807.349514][T10185]  ? perf_trace_lock+0x750/0x750
[  807.349531][T10185]  ? print_usage_bug+0xd0/0xd0
[  807.349552][T10185]  ? pagefault_out_of_memory+0x1a1/0x1a1
[  807.349568][T10185]  ? ___ratelimit+0x37c/0x686
[  807.349590][T10185]  ? mark_held_locks+0xb1/0x100
[  807.349610][T10185]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  807.349634][T10185]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  807.401921][T10185]  ? lockdep_hardirqs_on+0x415/0x5d0
[  807.407203][T10185]  ? trace_hardirqs_on+0xbd/0x310
[  807.412236][T10185]  ? kasan_check_read+0x11/0x20
[  807.417094][T10185]  ? ___ratelimit+0x37c/0x686
[  807.421775][T10185]  ? trace_hardirqs_off_caller+0x300/0x300
[  807.427573][T10185]  ? do_raw_spin_trylock+0x270/0x270
[  807.432860][T10185]  ? trace_hardirqs_on_caller+0x310/0x310
[  807.438560][T10185]  ? lock_acquire+0x1db/0x570
[  807.443224][T10185]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  807.449024][T10185]  ? ___ratelimit+0xac/0x686
[  807.453609][T10185]  ? idr_get_free+0xee0/0xee0
[  807.458288][T10185]  ? lockdep_hardirqs_on+0x415/0x5d0
[  807.463585][T10185]  oom_kill_process.cold+0x10/0x9ca
[  807.468792][T10185]  ? cgroup_procs_next+0x70/0x70
[  807.473775][T10185]  ? _raw_spin_unlock_irq+0x5e/0x90
[  807.478988][T10185]  ? oom_badness+0xa50/0xa50
[  807.483585][T10185]  ? oom_evaluate_task+0x540/0x540
[  807.488695][T10185]  ? mem_cgroup_iter_break+0x30/0x30
[  807.493968][T10185]  ? mutex_trylock+0x2d0/0x2d0
[  807.498721][T10185]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  807.504966][T10185]  ? rcu_read_unlock_special+0x380/0x380
[  807.510611][T10185]  out_of_memory+0x885/0x1420
[  807.515295][T10185]  ? mem_cgroup_iter+0x4f4/0xf50
[  807.520240][T10185]  ? oom_killer_disable+0x340/0x340
[  807.525444][T10185]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[  807.531248][T10185]  ? lock_acquire+0x1db/0x570
[  807.535929][T10185]  mem_cgroup_out_of_memory+0x160/0x210
[  807.541467][T10185]  ? do_raw_spin_unlock+0xa0/0x330
[  807.546562][T10185]  ? memory_oom_group_write+0x160/0x160
[  807.552087][T10185]  ? do_raw_spin_trylock+0x270/0x270
[  807.557375][T10185]  ? _raw_spin_unlock+0x2d/0x50
[  807.562208][T10185]  try_charge+0x1457/0x1d00
[  807.566690][T10185]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[  807.572221][T10185]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  807.577745][T10185]  ? lock_downgrade+0xbe0/0xbe0
[  807.582590][T10185]  ? kasan_check_read+0x11/0x20
[  807.587436][T10185]  ? rcu_read_unlock_special+0x380/0x380
[  807.593084][T10185]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[  807.598641][T10185]  ? get_mem_cgroup_from_page+0x190/0x190
[  807.604352][T10185]  ? rcu_read_lock_sched_held+0x110/0x130
[  807.610066][T10185]  mem_cgroup_try_charge+0x43a/0xdb0
[  807.615368][T10185]  ? mem_cgroup_protected+0xa10/0xa10
[  807.620747][T10185]  ? check_preemption_disabled+0x48/0x290
[  807.626464][T10185]  ? __lock_acquire+0x572/0x4a10
[  807.631406][T10185]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  807.637634][T10185]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  807.643866][T10185]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  807.649502][T10185]  wp_page_copy+0x45a/0x1c70
[  807.654092][T10185]  ? swp_swapcount+0x540/0x540
[  807.658851][T10185]  ? __lock_acquire+0x572/0x4a10
[  807.663777][T10185]  ? pmd_pfn+0x1d0/0x1d0
[  807.668013][T10185]  ? find_held_lock+0x35/0x120
[  807.672799][T10185]  ? do_wp_page+0x894/0x1e80
[  807.677414][T10185]  ? delayacct_end+0xc9/0x100
[  807.682071][T10185]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  807.688303][T10185]  ? kasan_check_read+0x11/0x20
[  807.693145][T10185]  ? do_raw_spin_unlock+0xa0/0x330
[  807.698248][T10185]  ? do_raw_spin_trylock+0x270/0x270
[  807.703543][T10185]  ? print_usage_bug+0xd0/0xd0
[  807.708291][T10185]  do_wp_page+0x89c/0x1e80
[  807.712718][T10185]  ? finish_mkwrite_fault+0x4f0/0x4f0
[  807.718074][T10185]  ? lock_acquire+0x1db/0x570
[  807.722735][T10185]  ? __handle_mm_fault+0x1d80/0x55a0
[  807.728028][T10185]  ? kasan_check_write+0x14/0x20
[  807.732952][T10185]  ? do_raw_spin_lock+0x156/0x360
[  807.737966][T10185]  ? lock_release+0xc40/0xc40
[  807.742642][T10185]  ? rwlock_bug.part.0+0x90/0x90
[  807.747585][T10185]  ? pmd_devmap_trans_unstable+0x1d0/0x1d0
[  807.753370][T10185]  ? add_mm_counter_fast.part.0+0x40/0x40
[  807.759091][T10185]  __handle_mm_fault+0x2c8e/0x55a0
[  807.764207][T10185]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  807.769732][T10185]  ? check_preemption_disabled+0x48/0x290
[  807.775471][T10185]  ? handle_mm_fault+0x3cc/0xc80
[  807.780425][T10185]  ? lock_downgrade+0xbe0/0xbe0
[  807.785256][T10185]  ? kasan_check_read+0x11/0x20
[  807.790097][T10185]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  807.796081][T10185]  ? rcu_read_unlock_special+0x380/0x380
[  807.801707][T10185]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  807.807950][T10185]  ? check_preemption_disabled+0x48/0x290
[  807.813664][T10185]  handle_mm_fault+0x4ec/0xc80
[  807.818432][T10185]  ? __handle_mm_fault+0x55a0/0x55a0
[  807.823719][T10185]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  807.829973][T10185]  ? vmacache_update+0x114/0x140
[  807.834920][T10185]  __do_page_fault+0x5da/0xd60
[  807.839699][T10185]  do_page_fault+0xe6/0x7d8
[  807.844194][T10185]  ? trace_hardirqs_on_caller+0xc0/0x310
[  807.849815][T10185]  ? vmalloc_sync_all+0x30/0x30
[  807.854688][T10185]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  807.860876][T10185]  ? prepare_exit_to_usermode+0x232/0x3b0
[  807.866607][T10185]  ? page_fault+0x8/0x30
[  807.870882][T10185]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  807.876464][T10185]  ? page_fault+0x8/0x30
[  807.880731][T10185]  page_fault+0x1e/0x30
[  807.884912][T10185] RIP: 0033:0x42f056
[  807.888810][T10185] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 06 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 0c 5f 62 00 85 c0 0f 84
[  807.908439][T10185] RSP: 002b:00007ffcc29732a0 EFLAGS: 00010206
17:48:40 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0xc0045878, &(0x7f0000000380)=0x2)
close(r0)

17:48:40 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
getsockname$ax25(r1, &(0x7f0000000000)={{0x3, @netrom}, [@netrom, @bcast, @default, @netrom, @null, @bcast, @default, @netrom]}, &(0x7f0000000080)=0x48)

17:48:40 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045007, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:48:40 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045012, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

[  807.914503][T10185] RAX: 00000000000205b1 RBX: 0000000000710640 RCX: 0000000000000121
[  807.922475][T10185] RDX: 0000000001f22930 RSI: 0000000001f22a50 RDI: 0000000000000000
[  807.930452][T10185] RBP: 0000000000000121 R08: ffffffffffffffff R09: 0000000000000000
[  807.938429][T10185] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000710698
[  807.946397][T10185] R13: 0000000000710698 R14: 000000000073bf0c R15: 0000000000002710
17:48:40 executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000100)='/dev/loop#\x00', 0x2000000000000, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
socket$rds(0x15, 0x5, 0x0)
ioctl$EVIOCGEFFECTS(r0, 0x80044584, &(0x7f0000000000)=""/187)

17:48:40 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8dffffff, 0x0, 0xffffff7f]}}, 0x1c)

17:48:40 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045878, &(0x7f0000000380)=0x2)
close(r0)

[  808.019720][T10185] memory: usage 307200kB, limit 307200kB, failcnt 3323
[  808.047950][T10185] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  808.061874][T10185] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  808.069076][T10185] Memory cgroup stats for /syz4: cache:120KB rss:215084KB rss_huge:167936KB shmem:168KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:16KB active_anon:215268KB inactive_file:4KB active_file:4KB unevictable:0KB
17:48:40 executing program 0:
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000000)=<r0=>0x0)
getpgrp(r0)
r1 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r1, 0x1261, 0x0)

17:48:40 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0050000, 0x0, 0xffffff7f]}}, 0x1c)

[  808.164201][T10185] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor4,pid=21042,uid=0
17:48:40 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
munlockall()
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
r1 = dup2(r0, r0)
setsockopt$netlink_NETLINK_PKTINFO(r1, 0x10e, 0x3, &(0x7f0000000000)=0x8, 0x4)

[  808.218834][T10185] Memory cgroup out of memory: Kill process 21042 (syz-executor4) score 1106 or sacrifice child
[  808.249654][T10185] Killed process 21042 (syz-executor4) total-vm:70532kB, anon-rss:2196kB, file-rss:33736kB, shmem-rss:0kB
17:48:41 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa]}, 0x2c8)

17:48:41 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc8050000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:41 executing program 0:
r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x691, 0x10000)
connect$rose(r0, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @null, 0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}}, 0x1c)
r1 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
syz_open_dev$amidi(&(0x7f0000000080)='/dev/amidi#\x00', 0x7, 0x10000)
ioctl$LOOP_SET_BLOCK_SIZE(r1, 0x1261, 0x0)

17:48:41 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045014, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:48:41 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:48:41 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
r1 = creat(&(0x7f0000000000)='./file0\x00', 0x20)
openat(r1, &(0x7f0000000040)='./file0\x00', 0x801, 0x90)

17:48:41 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8030000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:41 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0189436, &(0x7f0000000380)=0x2)
close(r0)

17:48:41 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb]}, 0x2c8)

17:48:41 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xeffdffff, 0x0, 0xffffff7f]}}, 0x1c)

[  808.802075][T10262] syz-executor4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=0
[  808.819846][T10262] CPU: 1 PID: 10262 Comm: syz-executor4 Not tainted 5.0.0-rc1-next-20190108 #7
[  808.828783][T10262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  808.839002][T10262] Call Trace:
[  808.842305][T10262]  dump_stack+0x1db/0x2d0
[  808.846659][T10262]  ? dump_stack_print_info.cold+0x20/0x20
17:48:41 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf4010000, 0x0, 0xffffff7f]}}, 0x1c)

[  808.852392][T10262]  ? __switch_to_asm+0x40/0x70
[  808.857160][T10262]  ? __switch_to_asm+0x34/0x70
[  808.861930][T10262]  ? __switch_to_asm+0x34/0x70
[  808.866700][T10262]  ? __switch_to_asm+0x40/0x70
[  808.871463][T10262]  dump_header+0x1e6/0x116c
[  808.875959][T10262]  ? __schedule+0x89f/0x1e60
[  808.880555][T10262]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  808.886027][T10262]  ? pagefault_out_of_memory+0x1a1/0x1a1
[  808.891667][T10262]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  808.897823][T10262]  ? ___ratelimit+0x37c/0x686
17:48:41 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf5ffffff, 0x0, 0xffffff7f]}}, 0x1c)

17:48:41 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfc000000, 0x0, 0xffffff7f]}}, 0x1c)

[  808.902526][T10262]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  808.908009][T10262]  ? preempt_schedule+0x4b/0x60
[  808.912872][T10262]  ? preempt_schedule_common+0x4f/0xe0
[  808.918363][T10262]  ? preempt_schedule+0x4b/0x60
[  808.923224][T10262]  ? ___preempt_schedule+0x16/0x18
[  808.928370][T10262]  ? _raw_spin_unlock_irqrestore+0xbd/0xe0
[  808.934184][T10262]  ? ___ratelimit+0xac/0x686
[  808.938781][T10262]  ? idr_get_free+0xee0/0xee0
[  808.943496][T10262]  ? lockdep_hardirqs_on+0x415/0x5d0
17:48:41 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdffffff, 0x0, 0xffffff7f]}}, 0x1c)

[  808.948807][T10262]  oom_kill_process.cold+0x10/0x9ca
[  808.954025][T10262]  ? cgroup_procs_next+0x70/0x70
[  808.958988][T10262]  ? _raw_spin_unlock_irq+0x5e/0x90
[  808.964205][T10262]  ? oom_badness+0xa50/0xa50
[  808.968866][T10262]  ? oom_evaluate_task+0x540/0x540
[  808.974013][T10262]  ? mem_cgroup_iter_break+0x30/0x30
[  808.979325][T10262]  ? mutex_trylock+0x2d0/0x2d0
[  808.984093][T10262]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  808.990379][T10262]  ? rcu_read_unlock_special+0x380/0x380
[  808.996035][T10262]  out_of_memory+0x885/0x1420
17:48:41 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe800000, 0x0, 0xffffff7f]}}, 0x1c)

[  809.000723][T10262]  ? mem_cgroup_iter+0x4f4/0xf50
[  809.005719][T10262]  ? oom_killer_disable+0x340/0x340
[  809.010948][T10262]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[  809.016761][T10262]  ? lock_acquire+0x1db/0x570
[  809.021466][T10262]  mem_cgroup_out_of_memory+0x160/0x210
[  809.027012][T10262]  ? do_raw_spin_unlock+0xa0/0x330
[  809.032133][T10262]  ? memory_oom_group_write+0x160/0x160
[  809.037683][T10262]  ? do_raw_spin_trylock+0x270/0x270
[  809.042988][T10262]  ? _raw_spin_unlock+0x2d/0x50
[  809.047870][T10262]  try_charge+0x1457/0x1d00
[  809.052376][T10262]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[  809.057933][T10262]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  809.063509][T10262]  ? lock_downgrade+0xbe0/0xbe0
[  809.068373][T10262]  ? kasan_check_read+0x11/0x20
[  809.073222][T10262]  ? rcu_read_unlock_special+0x380/0x380
[  809.078861][T10262]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[  809.078882][T10262]  ? get_mem_cgroup_from_page+0x190/0x190
[  809.078906][T10262]  ? rcu_read_lock_sched_held+0x110/0x130
[  809.078926][T10262]  mem_cgroup_try_charge+0x43a/0xdb0
[  809.090184][T10262]  ? mem_cgroup_protected+0xa10/0xa10
[  809.090216][T10262]  ? add_lock_to_list.isra.0+0x450/0x450
[  809.090240][T10262]  ? alloc_set_pte+0x134a/0x1df0
[  809.090261][T10262]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  809.123343][T10262]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  809.129571][T10262]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  809.135212][T10262]  wp_page_copy+0x45a/0x1c70
[  809.139787][T10262]  ? swp_swapcount+0x540/0x540
[  809.144532][T10262]  ? __lock_acquire+0x572/0x4a10
[  809.149453][T10262]  ? pmd_pfn+0x1d0/0x1d0
[  809.153680][T10262]  ? find_held_lock+0x35/0x120
[  809.158456][T10262]  ? do_wp_page+0x894/0x1e80
[  809.163053][T10262]  ? kasan_check_read+0x11/0x20
[  809.167886][T10262]  ? do_raw_spin_unlock+0xa0/0x330
[  809.172976][T10262]  ? do_raw_spin_trylock+0x270/0x270
[  809.178243][T10262]  ? print_usage_bug+0xd0/0xd0
[  809.183000][T10262]  do_wp_page+0x89c/0x1e80
[  809.187404][T10262]  ? finish_mkwrite_fault+0x4f0/0x4f0
[  809.192756][T10262]  ? find_held_lock+0x35/0x120
[  809.197505][T10262]  ? lock_acquire+0x1db/0x570
[  809.202161][T10262]  ? __handle_mm_fault+0x1d80/0x55a0
[  809.207435][T10262]  ? kasan_check_write+0x14/0x20
[  809.212385][T10262]  ? do_raw_spin_lock+0x156/0x360
[  809.217414][T10262]  ? lock_release+0xc40/0xc40
[  809.222096][T10262]  ? rwlock_bug.part.0+0x90/0x90
[  809.227025][T10262]  ? pmd_devmap_trans_unstable+0x1d0/0x1d0
[  809.232831][T10262]  ? add_mm_counter_fast.part.0+0x40/0x40
[  809.238534][T10262]  __handle_mm_fault+0x2c8e/0x55a0
[  809.243646][T10262]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  809.249170][T10262]  ? check_preemption_disabled+0x48/0x290
[  809.254880][T10262]  ? handle_mm_fault+0x3cc/0xc80
[  809.259821][T10262]  ? lock_downgrade+0xbe0/0xbe0
[  809.264670][T10262]  ? kasan_check_read+0x11/0x20
[  809.269516][T10262]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  809.275479][T10262]  ? rcu_read_unlock_special+0x380/0x380
[  809.281093][T10262]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  809.287332][T10262]  ? check_preemption_disabled+0x48/0x290
[  809.293040][T10262]  handle_mm_fault+0x4ec/0xc80
[  809.297810][T10262]  ? __handle_mm_fault+0x55a0/0x55a0
[  809.303105][T10262]  __do_page_fault+0x5da/0xd60
[  809.307863][T10262]  do_page_fault+0xe6/0x7d8
[  809.312352][T10262]  ? trace_hardirqs_on_caller+0xc0/0x310
[  809.317969][T10262]  ? vmalloc_sync_all+0x30/0x30
[  809.322818][T10262]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  809.328978][T10262]  ? syscall_return_slowpath+0x5f0/0x5f0
[  809.334593][T10262]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  809.340840][T10262]  ? prepare_exit_to_usermode+0x232/0x3b0
[  809.346541][T10262]  ? page_fault+0x8/0x30
[  809.350769][T10262]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  809.356304][T10262]  ? page_fault+0x8/0x30
[  809.360547][T10262]  page_fault+0x1e/0x30
[  809.364684][T10262] RIP: 0033:0x46fdde
[  809.368561][T10262] Code: ff 90 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 81 ec 28 05 00 00 48 c7 c0 d4 ff ff ff 64 8b 00 <89> 85 5c fb ff ff 8b 87 c0 00 00 00 85 c0 0f 85 ee 00 00 00 c7 87
[  809.388143][T10262] RSP: 002b:00007ffcc2972ea0 EFLAGS: 00010206
[  809.394186][T10262] RAX: 0000000000000006 RBX: 00007ffcc2973400 RCX: 0000000000000000
[  809.402137][T10262] RDX: 00007ffcc2973578 RSI: 00000000004bd04b RDI: 00007ffcc2973400
[  809.410113][T10262] RBP: 00007ffcc29733f0 R08: 0000000000000000 R09: 00007ffcc2973578
[  809.418065][T10262] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc29736b0
[  809.426034][T10262] R13: 00000000004bd04b R14: 00007ffcc2973578 R15: 0000000000000001
17:48:42 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045018, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

[  809.509883][T10262] memory: usage 307200kB, limit 307200kB, failcnt 3360
17:48:42 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c004500b, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:48:42 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfec00000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:42 executing program 0:
r0 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x1f, 0x4041)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000040)=<r1=>0x0)
ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000080)={[], 0x9ef, 0x5, 0x4, 0x8000, 0x3, r1})
r2 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r2, 0x1261, 0x0)

17:48:42 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c020660b, &(0x7f0000000380)=0x2)
close(r0)

[  809.551480][T10262] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  809.566673][T10262] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  809.573542][T10262] Memory cgroup stats for /syz4: cache:120KB rss:215216KB rss_huge:167936KB shmem:168KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:16KB active_anon:215256KB inactive_file:4KB active_file:4KB unevictable:0KB
[  809.660002][T10262] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor4,pid=10244,uid=0
[  809.676485][T10262] Memory cgroup out of memory: Kill process 10244 (syz-executor4) score 1106 or sacrifice child
[  809.694826][T10262] Killed process 10244 (syz-executor4) total-vm:70532kB, anon-rss:2196kB, file-rss:33740kB, shmem-rss:0kB
17:48:42 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc]}, 0x2c8)

17:48:42 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeffffff, 0x0, 0xffffff7f]}}, 0x1c)

17:48:42 executing program 0:
r0 = open(&(0x7f0000000040)='./file0\x00', 0x400, 0x20)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000100)={r0, 0x50, &(0x7f0000000080)}, 0x10)
r1 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r1, 0x40087602, &(0x7f0000000000)=0xe3)
ioctl$LOOP_SET_BLOCK_SIZE(r1, 0x1261, 0x0)

17:48:42 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:42 executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0xffffff, 0x20000)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)

17:48:42 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff0000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:42 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x5, 0x400)
ioctl$LOOP_SET_CAPACITY(r0, 0x4c07)

17:48:42 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c004501b, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:48:42 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdef, 0x0, 0xffffff7f]}}, 0x1c)

17:48:42 executing program 3:
r0 = syz_init_net_socket$llc(0x1a, 0x3, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cgroup.stat\x00', 0x0, 0x0)
splice(r0, &(0x7f0000000000), r1, &(0x7f00000000c0), 0xd5, 0xd)
r2 = syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x1, 0x0)
readv(r2, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r2, 0x800000c0045009, &(0x7f0000000380)=0x2)
close(r2)

17:48:42 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, 0x2c8)

17:48:42 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c004500d, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:48:42 executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x8, 0x4)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x501)
r1 = syz_open_dev$audion(&(0x7f0000000080)='/dev/audio#\x00', 0x5, 0x800)
ioctl$SCSI_IOCTL_SYNC(r1, 0x4)
ioctl$RTC_PIE_ON(r1, 0x7005)

17:48:43 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x0, 0xffffff7f]}}, 0x1c)

17:48:43 executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
r1 = shmget(0x3, 0x13000, 0x1820, &(0x7f0000feb000/0x13000)=nil)
shmctl$IPC_RMID(r1, 0x0)
r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x440, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001680))
syz_mount_image$bfs(&(0x7f0000000280)='bfs\x00', &(0x7f00000002c0)='./file0\x00', 0x8, 0x8, &(0x7f00000015c0)=[{&(0x7f0000000300)="a9bc", 0x2, 0x4e}, {&(0x7f0000000340)="d807e1b55731e3c4700b3b5ff84b605b36751dd3a34edfcc3fc1c222c5ad71c2c0", 0x21, 0x81}, {&(0x7f0000000380)="a954922f722485fe2a4e710c82eff7a90d5ffda6118bcf028e9c62bb377855689cff3ebe26de2a13ad1195cca7db1e39f03438826cb9860437fc47dc2d", 0x3d, 0x8001}, {&(0x7f00000003c0)="f97440080e233e06dfb122b2fd5055d6cf732ddb033bafa27b79bd3ce2833e812499cb36956a20b093974c3d62aa77a978950dc16b3b33ce53fa4a42235fae30e995b137819f9044ebd70863abbc70613199c3c311a534dc1916126eb13029e114d8bda69acd02981ccf1203c50611c918aef4940b9fa4444db9a5c750f1b8d6774ba263ddbed88d6b94e7ad7d63", 0x8e, 0x80000001}, {&(0x7f0000000480)="77bbe041ecee6c081c440aa1b4c4e89daaad50f697620c4ee7145b5f95049c64e8980ebcb2d4e5374cf7e86544b57733d9d2b9517c26fb38847d1164eed640", 0x3f, 0x314}, {&(0x7f00000004c0)="6f7224910c9095ee4db1afeb1fc67cfc2eb262018be5fb75cdc54802679327e302dd34e2b0eca3ccfef44dd904389a5fdf100bb054e45f87d39f72ea68050ca88764669826d403638d00926d11dc8b3ffc86ff40b912d32510790fc218dce91e0c81bc93610559041adadc80ac643ae6a7ac0bf38f26fee8fb0a5de5d0f55d4b074b467ab6d98daad11c1c8938f0026bbc192f54abf4abccee4df45e06a3e9c3759f0eb4fe16fc26e1e5e86e07f2358e81ecf931cda946b9e4178601bac680b182d6d040a552951c8272d2755c76fd53ac8132ab83b7e7034798e00544e0284435e21aba51a34c84b04cf5a9444bc52615f3043d9c4194ee71a62bdb7684d928faf57d67979322fb91fc69efb338c0bf4d50287cc3f05406fa8810a8367f22b2724c86054f6ab13a368fe80db0d856e8e64d30093727c12209a848df09765d205e095e7dbcd6d35630e0ff6f917991dbaa1501c8535e4d58cc2a00d12c37bab552a998940d61eef25f00ae474585956f22447e036f8e078d966be396fb99f2345ae7b41a16cd2cdd9a1dbc5b3526cc2cbf35264ab6667c09238e58ff0d777227058750c4bfcba43e643b8b57097d4c6258826179ef31e54f212b280bceb6231e2433237ad05eee3190ec7b31bd2a27b24a4599e2e6da2eaf3394e183a68658112b6a28cd78865004d25a9ba60c56a940f32976255af6e8993e5614469afd213d72b757e1fc74cfff835953a83efd6b519d7da97f84d70adddcd3e8575cbb5505c9ee05ec65609b0157f12073b48567360ed2e18aa1b4534949f342bcf3e7244ed14c91e6816b0194db5b256edb41fadb32c3f835bd85a25e963c20c20e78bf004ecfa60e59e84c9a0a7b151f97a833e968b4ab237a08d7bbb8a70215da6c68984d57272fef135b0682e444e7cf95f9d144669709fe7555007d0c08246041cf549125cd4d1eb9ca0a0ab6fb69dc98b66ead04c70ad793f1b5b873fea333f29b59e31416c27f4936ff29fdacd46f089ccaca3026b3a1ce46e93beed14c271a762ffd90c050bb748400cb501d1a74a8f1142b5abfd3c124523f52c7b8a249f5191edf01dd743c561dc97f26c51c39d08ba3296be8258a422eb317095a0e6fbfaeed276dbd4fd11af48c4fae4845ce590e0286fc9a89a44c64e29a37f66453dcca9c18298c332eee3904963e9c8607b90d3942d5892e27155a723a06379bf3b469f5d1af2a90c8df81335bff2bd4facf370c51764c6afeadef46231a234c9fb95ba635eebafa8e2b430d4aa0b5b2ed31544fe57e615e56b13565aecac34d5d2db657dba2e353e0d1cc86e07d7c9a9ef11d796a92ee20ab6b1296340a8728a1964d09184599d46cc58650b566ba4329c862be9d6118865187d7cd6a0d94a76e623df7b27f4a3c80ceace007f7490673f446366423da77b6387da88e24502a91e6cff69b7b1e7e9e6662b77add1ec11f965771a1407bcca622a53ef5a73193d25deeb0d64de6b9837974bfa0933b17389671f833c150a32900c928203132efcc266a3a6caec91310f451363c36de02bafd1cbdc58e4fe62a1688775aab85378329f680f199b685a2f615ddcb8daf76985e0506727a2fae68d2bc5d07445787904fd401fb5662b1ca99af4637438dd8d206ef697817795cafe2748d018c5ca9991280259b7664e3ca584511c1d3389f8f5808e81bd4d7a0d8823062c201408b125df16c4911a14709f7061c124a2a1ed0d580b6bec36913dc43803ef8b87b95b09160b015c4900899ac8d59b1aff5633d6733825d498849b2d6ce2aed101caa484248d75b3171f9308042885f8a8e2cc348547cfa6286f612901b1a2a788151b4bbef3b86b703fa16dc21cf3ca17ba19c6f28b8e0fd008888ca63afad72e06331afc66f89f4110c17ae0195783e4ba697be3a96942b828b376333a3fef5d828f8d41bfcbfa2038c3d48e0079d1fc7be070fcd20ecd9be41c8d1aa2de7269b1e35474c2d742fc901c85c5f0c0c508925e19f515bfd95e007fe2e7c4a7d2ea7e1b49ca20892044ba74ae8e60bcb9d136462a74cc2fb25a58cf824ca7f18f86f2b54f84eda984565a07f5ab68b62edd63a5a4a6942e2957b9ff5f83e29373696c9d82b7bb5a578bef73e2051cbdfae6b69c704e1462f7623e7b9cf113c2375fd5390f3bf0f24409d691a7f5cafa769aaba9b66bbb26a49521c6543167693e6b22fc310516dc29436f2bb98e1d180e5bbaa1a17798d9d9e3e5481eeaa8bddd048ea03d966da382a3a815634ab6aa7f779535777e52a93646bc84495578fbac969dd8d66b4d512b3aa20f19a1aae811cb6f8be5046bd3d3a6faaaee386d5aecfb39a1bf5bfa36dd39242ba3c904ac0223dd4b5a73f80efc5d3f3029284803e3e3f564b4cd9be09c7a9f0fb4f65b8805c3162ded1596897e1eb76bed25f41b650d4978e59283d5bb1aa47830e01960dc76e088a5affc054c7f4cd723cb7bdd0b975668a2e4b649945464539a43e766cc50e68d0c895f3cd1ed56dd9b3ad52583c57047b472a7cbc9359ed3fffe1d20f5c148cac99dcdae3fce176eb4be21eb1e7f4bc178dd204c30b915b146b6029c0bd05830443c710302ca713353cd7d98afc7b6b3c7ac78f522da6d7010e475b3bd3348551375bc423c174ed57245e987ac3a1c2959f4f415c045d9b48861eb61a48f52c26e2e3af3898a9bdb10db44526026d6bb3ae8ccc7540348587cfb3c3762a714f0a43aea0a16e5b1a0c1dec3ebca0856e837b17c97401d1eba10328fdbe89e5d61486e26dea8b52e1532ef263ad58842936facd180a9a6e28be9edafd617e0fdca65b7a15171af373192d3be9bca9e6a44fd68774f01ec9bd29d148c40d59df5705dc8a49fa7a4c4474b6eebca414a6c20573d027f819c61f56c0be79ef6ca1baacc70926a1612052110a7ffacb7f886885fa737520499c61d0a1d7440c87224e0781cfb5993eab86535295975f5787ddae80f96c88ee23e5348608b688f56543701dc1f706751560a7124a6bd13826c57911468005c12a8f6cb4d30601257d3d285151b98bae20c2df5ffcb19ccd78b93d784fa6436f8a655592de352be2ad87822d3b296bb395b673315b9094be147429701ee6cbdbf0b24fb788933636f4dce669a5aa2ddfc91581f993e3c62867723dc95cf42195ac437b6edc737f6451437a7cb70b5379451c0c457388cc14192bd166ffe7e8aa5daeb0aa78fc0bf97d9b4c8f567739c412cb50ae5186034caf2ba3de9b9311a46a4794d96e6f18d57785935edb6709e48f84f2b60275cac4032f13d40565d84ca9a36113a08cc23a8713c285bac83d14160f9d875ea7fe82edad7d53e669fae083e52b92c8015d6dc057a54374c78b5d5cfd98e1d860f2dffae08a9b9a7d8a6063555f89e55ac8e5c5d35f55ec2a7de63715da4ed284eef6e294cafb5615c41c0a342e3f89bd6ea1507dfd04887fd2eb83c0a12c6c6931a64eea024abd8d56128b96c5bb8d9664c84466ac843542a83fc848d6ae500357d8f88a7c36aa02af8b7b129c9fafad2bbc558d542078958dcb525e5130b30376edcf05f106492d4c87ffccebbf08eab33d63236e8006a05644c569cc9ce9359d916801166458ca780aafb4ce78ab1010e823c3b2854c851f6385be76863d1cc89dffae7f6177e502770d4d23ccb363f4d9a1aa8b8eea1c80cbc0c3d19cfd5d35a8ded6e94af9abe706d240e1e54c6c01ded9f28a079de0e34725f89b1a4e6d16042fc5ca756b6de0517db2bd575bc8cd939aa6a894c13bdfabb3755fde83b0da514d4bcdd2cb0d741a4707b6b293df0c1144e91599b1f05370a25e87c3d6e814f57ffffdf671116ef5d0b746aae3f45e96eabf08c341c4036c7333a910275ecf8a8ebd78f3053a03d2ce34fcaab55128d41521dbcdef35b1cf4e5a7299504c7ba4759205a3c6bc041730a7f02f65dee5247552322d30b5e0e23e73fd474f9ca9c8b28d948d67d17c46f6142154301f6b916e4f6abc0e86aa422031ad615b7139775b608d0e7a6d1bcca7002d53fabd8119e17a2b376dca5f47931992975580780d0572108b75d3c6dd79706d49990857b3432b6540c1326ff9d122ee326c4fb8b1097cd1259bae854e8fb9d10a8967428d89c323a6dd75516fd67069bfcc258dd0c3ae7badfa9988894f1489006b45ea616410d0889b08218a29e48f15599261f9bec23dfc02acd1d755cef050c53355d54d254371befc6fcbf369991f0bd6d45877745aa241cc2467c1d3bc8f6aef43955eed13651e83213ae8a883cf2fa3470a69df1d32e3b451bc047d99fb56bfeecb2172978d2398a887d8d2d45d999785340e779df0bb86c76c78032e8bddb465ed2f5e11c9cf0f10448fcdc3715787f8631bea8514bebe122555bdd05c0f872d8e05af8005a307386d2af831e05670aa511ed2817564b9525e137fd89b8108bedc3174f3172ccc188b47460c577e369abfb45a8fbe0b3a3d1fada09b9a437c37dc75bb021dabbb120a0c063f0f275104423c09259b8cdfed5fbdfa3c1d23c1ff2e7a4f3c65c97b65484d20b1865da1edc9384e5ac934820ef4cb0acadb815b713aec48cadadce6f3f6cff0e83fbddc38859a189bafde9e4dec7db1c0f5e8d86a6efe1f091cde2178d7dd20b23f40444191e02bc0de72929d68419f5b17ae3bb48cf37f79ce233624f41a8c406fe46bb56dcb1e69089f928e783f1f7cb851f72d6ff3173bdeb4bff33b9f221356e9ad3ef4aaa8521704d2e1df798b7878c3805c0d85f7b87549708e607fc85621a98b2ca3200a5347c2a71f69151b2896bf3c941fa35100b12a449b90d211c628382bd17169c6015ae9a8130fa0699a3d77eac7090f1f169e45b67d5e505a02f60c7cf4933c02ca7d8ac687ba0b39593acca86ae5bc67409266eb2681784f91929d9bcf04a18bdab2389059dfb8bb6a4a8fb55431f59d8e1cfca37ce016ba3d362a3a0c7ab7bd6e6688623483afa1fa71a6ff6ac149bebe7824300e245ce7718d1a76a82d1c7acc04b667abc7ec66211d852ba6a5a2b0b45ce6941dc64dd1b4b5aa0f34734f307b7c7af40e79c20bdc06a3394002930e9027040e5d81e1d83f878e264fa5e44eb97dabd826b40e5cb17e462c429ce1be0d709a250cc988fd5aa71b0a8ac6eca2299b299b2c92de19c4ade197564d16b89877df6b2ff73bea78c12e4471a3974041bc38f2b11494019ca4dc9e1800d07b90d069faeca2dc63dbf2c46f4ee3f49534d55c57dbd31b21b7117e390af942bd086d85c333b1b23c1ab0aa76f988b83ddca44cb84a3a0051eb139a5c78007894a2067e501ba025c512e9802a75098b845c9a5739c22980b15480b362168236bada19219b6c4189efb021c2ab41a6ca6e594a58118fcb1e9904944e1aa5237c58df967f1caff8e89dec7fbe72f4def3fc79e8def588e8d118ac36101b4a20bb1a0b58626eeadd6aaa4a99e2dcbfdb1a2ebd6fc652fada33a2cd275ff8944ec4ee6a989e23b003d5c09bf2c387be22c8a29c7f02388e4e68e31409e2d0977e4665704dd24e8f461f1e89a8199605226c7fc037096ee36e17b8a2cab95cb464bad21ff57b2b2d5037a75786521b92c3a8229294a24bd9652d54db9e72217cd3daad0a7d46eab85b9b7243619caadd2b049604cb15a42d49ccdbd3d9ed3f969ddab9ee06e9e8491c4cc77a233e6ccde1c779ef8cae9160bc0ac00289d347338428a223a150d498138482a860fda7f55284003765e0a855787be2297dca2d90fe0d0a01bf357f92081bb02ba1301d1f46ae570b1826d8", 0x1000, 0x6}, {&(0x7f00000014c0)="13a4e97c8219768c5bd69ea20e4fd7701d9602dd2a8094ba96f19a7f641bf0994c9e0899d8a7e29fd47657c2a42fe89e0826b1c9", 0x34, 0x5}, {&(0x7f0000001500)="6af6dd201d692d60d37cfe83131fffdc1f1d98bf191743e7afc2e1eb41e0c85252fb252de25a989831fda7c54666f0c547564031f0090198b27450cacea2df3bace9259db294b87381b6922dbaaf15616288fcf7a9fde8697504493419727d96745f2024f8f3f8f3e39d0de336459c6933449d011e5ee32ede1b7526f99afddd1de96c57c1576c9d5c574a58869b333c1fe5b3c7f8222b27195c787ff8", 0x9d}], 0x100000, 0x0)
sendmsg$unix(r2, &(0x7f0000000240)={&(0x7f0000000080)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f0000000200)=[{&(0x7f0000000100)="50884f54794f2ecdf1a60e11325ba576485730aab3a5c79efcc0ba87fa7e20725016976f4bd53c49cdc0c0c8b607bc52b195f26a4bd0c7b4ea8418b0d4f907007a616575827d69055fe67776da793fa7630826859f9a1ed14b87e1366940db3776c3754157a45e57b61f86dc6c4aa1dba619adb7f3c7e775f4020677c93fd141da0557970459dec95631244b03dde2b1ab875fc0690b5c829c982ec940a243d5ab74ad8f6acc87e156acf1190c491d2a9b5f5bbdf14f78dd0bb7f1347088904a903c280acef3fe669ceb8f0eac7d1cf64dcebe5abc9e", 0xd6}], 0x1, 0x0, 0x0, 0x4000}, 0x8004)

17:48:43 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff8d, 0x0, 0xffffff7f]}}, 0x1c)

17:48:43 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff5, 0x0, 0xffffff7f]}}, 0x1c)

17:48:43 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe]}, 0x2c8)

17:48:43 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x10000)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)

17:48:43 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045035, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:48:43 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0xffffff7f]}}, 0x1c)

17:48:43 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x8, 0x3)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)

17:48:43 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf]}, 0x2c8)

17:48:43 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045012, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:48:43 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f0000000000)=[{&(0x7f00000001c0)=""/82, 0xfffffffffffffecd}], 0xffffffffffffe4e)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380))
close(r0)

[  811.042750][T10388] syz-executor4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=0
[  811.090756][T10388] CPU: 0 PID: 10388 Comm: syz-executor4 Not tainted 5.0.0-rc1-next-20190108 #7
[  811.099713][T10388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  811.109780][T10388] Call Trace:
[  811.109819][T10388]  dump_stack+0x1db/0x2d0
[  811.109839][T10388]  ? dump_stack_print_info.cold+0x20/0x20
[  811.109854][T10388]  ? check_preemption_disabled+0x48/0x290
[  811.109891][T10388]  dump_header+0x1e6/0x116c
[  811.117480][T10388]  ? add_lock_to_list.isra.0+0x450/0x450
[  811.117509][T10388]  ? perf_trace_lock+0x750/0x750
[  811.117525][T10388]  ? print_usage_bug+0xd0/0xd0
[  811.117544][T10388]  ? pagefault_out_of_memory+0x1a1/0x1a1
[  811.117561][T10388]  ? ___ratelimit+0x37c/0x686
[  811.159077][T10388]  ? mark_held_locks+0xb1/0x100
[  811.163949][T10388]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  811.169758][T10388]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  811.169773][T10388]  ? lockdep_hardirqs_on+0x415/0x5d0
[  811.169790][T10388]  ? trace_hardirqs_on+0xbd/0x310
[  811.169806][T10388]  ? kasan_check_read+0x11/0x20
[  811.169823][T10388]  ? ___ratelimit+0x37c/0x686
[  811.185892][T10388]  ? trace_hardirqs_off_caller+0x300/0x300
[  811.185908][T10388]  ? do_raw_spin_trylock+0x270/0x270
[  811.185923][T10388]  ? trace_hardirqs_on_caller+0x310/0x310
[  811.185936][T10388]  ? lock_acquire+0x1db/0x570
[  811.185959][T10388]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  811.185973][T10388]  ? ___ratelimit+0xac/0x686
[  811.185990][T10388]  ? idr_get_free+0xee0/0xee0
[  811.206558][T10388]  ? lockdep_hardirqs_on+0x415/0x5d0
17:48:43 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f0000000080)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
fgetxattr(r0, &(0x7f0000000000)=@random={'btrfs.', 'lotrusted+#*-\x00'}, &(0x7f0000000100)=""/170, 0xaa)
ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f0000000400)={0x0, 0x0, 0x4, 0x0, [], [{0x3, 0x7, 0x74, 0x140000000, 0xb7, 0x1f}, {0x8, 0x1, 0x0, 0x100, 0x5, 0x5}], [[], [], [], []]})
ioctl$IOC_PR_CLEAR(r0, 0x401070cd, &(0x7f00000001c0)={0xb68})
close(r0)

17:48:43 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xffffff7f]}}, 0x1c)

17:48:43 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
prctl$PR_GET_PDEATHSIG(0x2, &(0x7f00000000c0))
ioctl$FICLONE(r0, 0x40049409, r0)
timer_create(0x1, &(0x7f0000000200)={0x0, 0x40000014, 0xfffffffffffffffd}, &(0x7f0000000040)=<r1=>0x0)
clock_gettime(0x0, &(0x7f0000000080))
clock_gettime(0x0, &(0x7f0000000140))
clock_gettime(0x0, &(0x7f00000001c0)={<r2=>0x0, <r3=>0x0})
timer_settime(r1, 0x0, &(0x7f0000000180)={{0x77359400}, {r2, r3+10000000}}, 0x0)

[  811.206585][T10388]  oom_kill_process.cold+0x10/0x9ca
[  811.206605][T10388]  ? cgroup_procs_next+0x70/0x70
[  811.206624][T10388]  ? _raw_spin_unlock_irq+0x5e/0x90
[  811.227364][T10388]  ? oom_badness+0xa50/0xa50
[  811.227385][T10388]  ? oom_evaluate_task+0x540/0x540
[  811.227403][T10388]  ? mem_cgroup_iter_break+0x30/0x30
[  811.227416][T10388]  ? mutex_trylock+0x2d0/0x2d0
[  811.227439][T10388]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  811.278637][T10388]  ? rcu_read_unlock_special+0x380/0x380
[  811.284284][T10388]  out_of_memory+0x885/0x1420
17:48:43 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x493)

[  811.288977][T10388]  ? mem_cgroup_iter+0x4f4/0xf50
[  811.293932][T10388]  ? oom_killer_disable+0x340/0x340
[  811.299138][T10388]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[  811.304967][T10388]  ? lock_acquire+0x1db/0x570
[  811.309676][T10388]  mem_cgroup_out_of_memory+0x160/0x210
[  811.315227][T10388]  ? do_raw_spin_unlock+0xa0/0x330
[  811.320376][T10388]  ? memory_oom_group_write+0x160/0x160
[  811.325928][T10388]  ? do_raw_spin_trylock+0x270/0x270
[  811.331233][T10388]  ? _raw_spin_unlock+0x2d/0x50
[  811.336092][T10388]  try_charge+0x1457/0x1d00
17:48:43 executing program 0:
r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x9, 0x400)
ioctl$IMGETDEVINFO(r0, 0x80044944, &(0x7f0000000040)={0x7})
r1 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r1, 0x1261, 0x0)

[  811.340599][T10388]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[  811.346170][T10388]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  811.351723][T10388]  ? lock_downgrade+0xbe0/0xbe0
[  811.356575][T10388]  ? kasan_check_read+0x11/0x20
[  811.356597][T10388]  ? rcu_read_unlock_special+0x380/0x380
[  811.356630][T10388]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[  811.367115][T10388]  ? get_mem_cgroup_from_page+0x190/0x190
[  811.367138][T10388]  ? rcu_read_lock_sched_held+0x110/0x130
[  811.367159][T10388]  mem_cgroup_try_charge+0x43a/0xdb0
17:48:44 executing program 0:
r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x9, 0x400)
ioctl$IMGETDEVINFO(r0, 0x80044944, &(0x7f0000000040)={0x7})
r1 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r1, 0x1261, 0x0)

[  811.367179][T10388]  ? mem_cgroup_protected+0xa10/0xa10
[  811.394777][T10388]  ? check_preemption_disabled+0x48/0x290
[  811.400518][T10388]  ? __lock_acquire+0x572/0x4a10
[  811.405462][T10388]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  811.411722][T10388]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  811.417974][T10388]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  811.423615][T10388]  wp_page_copy+0x45a/0x1c70
[  811.428210][T10388]  ? swp_swapcount+0x540/0x540
[  811.432975][T10388]  ? __lock_acquire+0x572/0x4a10
[  811.437923][T10388]  ? pmd_pfn+0x1d0/0x1d0
[  811.442185][T10388]  ? find_held_lock+0x35/0x120
[  811.446960][T10388]  ? do_wp_page+0x894/0x1e80
[  811.451559][T10388]  ? delayacct_end+0xc9/0x100
[  811.456251][T10388]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  811.462506][T10388]  ? kasan_check_read+0x11/0x20
[  811.467393][T10388]  ? do_raw_spin_unlock+0xa0/0x330
[  811.472552][T10388]  ? do_raw_spin_trylock+0x270/0x270
[  811.477843][T10388]  ? print_usage_bug+0xd0/0xd0
[  811.482620][T10388]  do_wp_page+0x89c/0x1e80
[  811.487053][T10388]  ? finish_mkwrite_fault+0x4f0/0x4f0
[  811.492435][T10388]  ? lock_acquire+0x1db/0x570
[  811.497117][T10388]  ? __handle_mm_fault+0x1d80/0x55a0
[  811.502408][T10388]  ? kasan_check_write+0x14/0x20
[  811.507356][T10388]  ? do_raw_spin_lock+0x156/0x360
[  811.512410][T10388]  ? lock_release+0xc40/0xc40
[  811.517086][T10388]  ? rwlock_bug.part.0+0x90/0x90
[  811.522024][T10388]  ? pmd_devmap_trans_unstable+0x1d0/0x1d0
[  811.527831][T10388]  ? add_mm_counter_fast.part.0+0x40/0x40
[  811.527858][T10388]  __handle_mm_fault+0x2c8e/0x55a0
[  811.527890][T10388]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  811.538699][T10388]  ? check_preemption_disabled+0x48/0x290
[  811.538718][T10388]  ? handle_mm_fault+0x3cc/0xc80
[  811.538749][T10388]  ? lock_downgrade+0xbe0/0xbe0
[  811.538779][T10388]  ? kasan_check_read+0x11/0x20
[  811.538800][T10388]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  811.570558][T10388]  ? rcu_read_unlock_special+0x380/0x380
[  811.576178][T10388]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  811.582409][T10388]  ? check_preemption_disabled+0x48/0x290
[  811.588159][T10388]  handle_mm_fault+0x4ec/0xc80
[  811.592933][T10388]  ? __handle_mm_fault+0x55a0/0x55a0
[  811.598202][T10388]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  811.604419][T10388]  ? vmacache_update+0x114/0x140
[  811.609353][T10388]  __do_page_fault+0x5da/0xd60
[  811.614143][T10388]  do_page_fault+0xe6/0x7d8
[  811.618691][T10388]  ? trace_hardirqs_on_caller+0xc0/0x310
[  811.624361][T10388]  ? vmalloc_sync_all+0x30/0x30
[  811.629216][T10388]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  811.635361][T10388]  ? prepare_exit_to_usermode+0x232/0x3b0
[  811.641075][T10388]  ? page_fault+0x8/0x30
[  811.645305][T10388]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  811.650851][T10388]  ? page_fault+0x8/0x30
[  811.655084][T10388]  page_fault+0x1e/0x30
[  811.659215][T10388] RIP: 0033:0x4564ce
[  811.663126][T10388] Code: 00 00 85 c0 41 89 c5 0f 85 fc 00 00 00 64 8b 04 25 d0 02 00 00 41 39 c4 0f 84 12 02 00 00 48 8b 05 77 02 60 00 48 85 c0 74 04 <48> 83 00 04 64 8b 04 25 d0 02 00 00 64 89 04 25 d4 02 00 00 0f 31
[  811.682720][T10388] RSP: 002b:00007ffcc2973600 EFLAGS: 00010206
[  811.688762][T10388] RAX: 0000000000a56248 RBX: 00007ffcc2973600 RCX: 000000000045649a
[  811.696709][T10388] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[  811.704657][T10388] RBP: 00007ffcc2973640 R08: 0000000000000001 R09: 0000000001f21940
[  811.712628][T10388] R10: 0000000001f21c10 R11: 0000000000000246 R12: 0000000000000001
[  811.720603][T10388] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000004
[  811.736334][T10388] memory: usage 307200kB, limit 307200kB, failcnt 3393
[  811.743191][T10388] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  811.769037][T10388] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
17:48:44 executing program 0:
r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x9, 0x400)
ioctl$IMGETDEVINFO(r0, 0x80044944, &(0x7f0000000040)={0x7})
r1 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r1, 0x1261, 0x0)

17:48:44 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:44 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0xc0045878, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

[  811.776635][T10388] Memory cgroup stats for /syz4: cache:120KB rss:215288KB rss_huge:167936KB shmem:168KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:16KB active_anon:215240KB inactive_file:0KB active_file:0KB unevictable:0KB
[  811.822803][T10388] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor4,pid=21138,uid=0
[  811.887176][T10388] Memory cgroup out of memory: Kill process 21138 (syz-executor4) score 1106 or sacrifice child
[  811.923863][T10388] Killed process 21138 (syz-executor4) total-vm:70532kB, anon-rss:2196kB, file-rss:33736kB, shmem-rss:0kB
17:48:44 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10]}, 0x2c8)

17:48:44 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045014, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:48:44 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffffffff000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:44 executing program 0:
r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x9, 0x400)
ioctl$IMGETDEVINFO(r0, 0x80044944, &(0x7f0000000040)={0x7})
ioctl$LOOP_SET_BLOCK_SIZE(0xffffffffffffffff, 0x1261, 0x0)

17:48:44 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
close(r0)
fcntl$setflags(r0, 0x2, 0x1)

17:48:44 executing program 0:
r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x9, 0x400)
ioctl$IMGETDEVINFO(r0, 0x80044944, &(0x7f0000000040)={0x7})
ioctl$LOOP_SET_BLOCK_SIZE(0xffffffffffffffff, 0x1261, 0x0)

17:48:44 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:44 executing program 0:
r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x9, 0x400)
ioctl$IMGETDEVINFO(r0, 0x80044944, &(0x7f0000000040)={0x7})
ioctl$LOOP_SET_BLOCK_SIZE(0xffffffffffffffff, 0x1261, 0x0)

17:48:44 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11]}, 0x2c8)

17:48:44 executing program 0:
syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x9, 0x400)
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)

17:48:44 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0ffffff7f0000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:45 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045878, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:48:45 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:45 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045018, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:48:45 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)

17:48:45 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12]}, 0x2c8)

17:48:45 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x7, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
close(r0)

17:48:45 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x103000000000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:45 executing program 0:
r0 = syz_open_dev$loop(0x0, 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)

17:48:45 executing program 0:
syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(0xffffffffffffffff, 0x1261, 0x0)

17:48:45 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x13]}, 0x2c8)

17:48:45 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:45 executing program 0:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000]}, 0x2c8)

17:48:45 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:45 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0189436, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:48:45 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x14]}, 0x2c8)

17:48:45 executing program 0:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000]}, 0x2c8)

17:48:45 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045035, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:48:46 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x2, 0x0)
close(r0)
pread64(r0, &(0x7f0000000080)=""/179, 0xb3, 0x0)

17:48:46 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:46 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x15]}, 0x2c8)

17:48:46 executing program 0:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000]}, 0x2c8)

17:48:46 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18]}, 0x2c8)

17:48:46 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500000000000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:46 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300]}, 0x2c8)

17:48:46 executing program 0 (fault-call:1 fault-nth:0):
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)

[  813.668891][ T7961] syz-executor4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0
[  813.691175][ T7961] CPU: 1 PID: 7961 Comm: syz-executor4 Not tainted 5.0.0-rc1-next-20190108 #7
[  813.700044][ T7961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  813.710094][ T7961] Call Trace:
[  813.713387][ T7961]  dump_stack+0x1db/0x2d0
[  813.717723][ T7961]  ? dump_stack_print_info.cold+0x20/0x20
[  813.717738][ T7961]  ? check_preemption_disabled+0x48/0x290
[  813.717768][ T7961]  dump_header+0x1e6/0x116c
[  813.717786][ T7961]  ? add_lock_to_list.isra.0+0x450/0x450
[  813.717808][ T7961]  ? perf_trace_lock+0x750/0x750
[  813.729208][ T7961]  ? print_usage_bug+0xd0/0xd0
[  813.729226][ T7961]  ? pagefault_out_of_memory+0x1a1/0x1a1
[  813.729241][ T7961]  ? ___ratelimit+0x37c/0x686
[  813.729261][ T7961]  ? mark_held_locks+0xb1/0x100
[  813.729278][ T7961]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  813.729293][ T7961]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  813.729309][ T7961]  ? lockdep_hardirqs_on+0x415/0x5d0
[  813.754756][ T7961]  ? trace_hardirqs_on+0xbd/0x310
[  813.754773][ T7961]  ? kasan_check_read+0x11/0x20
[  813.754786][ T7961]  ? ___ratelimit+0x37c/0x686
[  813.754801][ T7961]  ? trace_hardirqs_off_caller+0x300/0x300
[  813.754816][ T7961]  ? do_raw_spin_trylock+0x270/0x270
[  813.754840][ T7961]  ? trace_hardirqs_on_caller+0x310/0x310
[  813.764335][ T7961]  ? lock_acquire+0x1db/0x570
[  813.764360][ T7961]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  813.764375][ T7961]  ? ___ratelimit+0xac/0x686
[  813.764391][ T7961]  ? idr_get_free+0xee0/0xee0
[  813.764410][ T7961]  ? lockdep_hardirqs_on+0x415/0x5d0
[  813.837532][ T7961]  oom_kill_process.cold+0x10/0x9ca
[  813.842736][ T7961]  ? cgroup_procs_next+0x70/0x70
[  813.847695][ T7961]  ? _raw_spin_unlock_irq+0x5e/0x90
[  813.847712][ T7961]  ? oom_badness+0xa50/0xa50
[  813.847734][ T7961]  ? oom_evaluate_task+0x540/0x540
[  813.847752][ T7961]  ? mem_cgroup_iter_break+0x30/0x30
[  813.847771][ T7961]  ? mutex_trylock+0x2d0/0x2d0
[  813.872720][ T7961]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  813.878994][ T7961]  ? rcu_read_unlock_special+0x380/0x380
[  813.884650][ T7961]  out_of_memory+0x885/0x1420
[  813.889348][ T7961]  ? mem_cgroup_iter+0x4f4/0xf50
[  813.894303][ T7961]  ? oom_killer_disable+0x340/0x340
[  813.899525][ T7961]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[  813.905359][ T7961]  ? lock_acquire+0x1db/0x570
[  813.910057][ T7961]  mem_cgroup_out_of_memory+0x160/0x210
[  813.915604][ T7961]  ? do_raw_spin_unlock+0xa0/0x330
[  813.920723][ T7961]  ? memory_oom_group_write+0x160/0x160
[  813.926269][ T7961]  ? do_raw_spin_trylock+0x270/0x270
[  813.926299][ T7961]  ? _raw_spin_unlock+0x2d/0x50
[  813.926326][ T7961]  try_charge+0x1457/0x1d00
[  813.936453][ T7961]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  813.936469][ T7961]  ? find_held_lock+0x35/0x120
[  813.936486][ T7961]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[  813.936505][ T7961]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  813.936526][ T7961]  ? lock_downgrade+0xbe0/0xbe0
17:48:46 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c020660b, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:48:46 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)

17:48:46 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x2, 0x0)

[  813.936540][ T7961]  ? kasan_check_read+0x11/0x20
[  813.936557][ T7961]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  813.936577][ T7961]  ? rcu_read_unlock_special+0x380/0x380
[  813.984444][ T7961]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[  813.990017][ T7961]  __memcg_kmem_charge_memcg+0x7c/0x130
[  813.995570][ T7961]  ? memcg_kmem_put_cache+0xb0/0xb0
[  814.000802][ T7961]  ? lock_release+0xc40/0xc40
[  814.005484][ T7961]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  814.011731][ T7961]  ? check_preemption_disabled+0x48/0x290
[  814.017449][ T7961]  __memcg_kmem_charge+0x136/0x300
[  814.022562][ T7961]  __alloc_pages_nodemask+0x7b8/0xdc0
[  814.027939][ T7961]  ? add_lock_to_list.isra.0+0x450/0x450
[  814.033556][ T7961]  ? __alloc_pages_slowpath+0x2c60/0x2c60
[  814.039263][ T7961]  ? copy_page_range+0x14a6/0x2730
[  814.044361][ T7961]  ? __lock_is_held+0xb6/0x140
[  814.049120][ T7961]  ? copy_page_range+0xa4a/0x2730
[  814.054126][ T7961]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  814.060379][ T7961]  alloc_pages_current+0x107/0x210
[  814.065494][ T7961]  pte_alloc_one+0x1b/0x1a0
[  814.069977][ T7961]  __pte_alloc+0x20/0x310
[  814.074287][ T7961]  copy_page_range+0x1844/0x2730
[  814.079205][ T7961]  ? save_stack+0x45/0xd0
[  814.083512][ T7961]  ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[  814.089338][ T7961]  ? pmd_alloc+0x180/0x180
[  814.093737][ T7961]  ? add_lock_to_list.isra.0+0x450/0x450
[  814.099353][ T7961]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  814.105572][ T7961]  ? copy_process+0x3668/0x8720
[  814.110431][ T7961]  ? find_held_lock+0x35/0x120
[  814.115201][ T7961]  ? copy_process+0x3668/0x8720
[  814.120044][ T7961]  ? lock_acquire+0x1db/0x570
[  814.124733][ T7961]  ? lock_downgrade+0xbe0/0xbe0
[  814.129589][ T7961]  ? kmem_cache_alloc+0x341/0x710
[  814.134630][ T7961]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  814.140359][ T7961]  ? vma_compute_subtree_gap+0x158/0x230
[  814.146023][ T7961]  ? __vma_link_rb+0x279/0x370
[  814.150782][ T7961]  copy_process+0x4291/0x8720
[  814.155494][ T7961]  ? __cleanup_sighand+0x70/0x70
[  814.160446][ T7961]  ? do_wp_page+0x7d7/0x1e80
[  814.165016][ T7961]  ? find_held_lock+0x35/0x120
[  814.169757][ T7961]  ? do_wp_page+0x7d7/0x1e80
[  814.174340][ T7961]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  814.180569][ T7961]  ? kasan_check_read+0x11/0x20
[  814.185428][ T7961]  ? do_raw_spin_trylock+0x270/0x270
[  814.190719][ T7961]  ? __lock_acquire+0x572/0x4a10
[  814.195639][ T7961]  ? finish_mkwrite_fault+0x4f0/0x4f0
[  814.201010][ T7961]  ? mark_held_locks+0x100/0x100
[  814.205945][ T7961]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  814.212165][ T7961]  ? check_preemption_disabled+0x48/0x290
[  814.217868][ T7961]  ? debug_smp_processor_id+0x1c/0x20
[  814.223237][ T7961]  ? add_lock_to_list.isra.0+0x450/0x450
[  814.228862][ T7961]  ? perf_trace_lock+0x750/0x750
[  814.233797][ T7961]  ? __handle_mm_fault+0x955/0x55a0
[  814.238999][ T7961]  ? __might_fault+0x12b/0x1e0
[  814.243742][ T7961]  ? find_held_lock+0x35/0x120
[  814.248485][ T7961]  ? __might_fault+0x12b/0x1e0
[  814.253229][ T7961]  ? lock_acquire+0x1db/0x570
[  814.257889][ T7961]  ? lock_downgrade+0xbe0/0xbe0
[  814.262718][ T7961]  ? lock_release+0xc40/0xc40
[  814.267378][ T7961]  ? trace_hardirqs_off_caller+0x300/0x300
[  814.273196][ T7961]  _do_fork+0x1a9/0x1170
[  814.277423][ T7961]  ? fork_idle+0x1d0/0x1d0
[  814.281822][ T7961]  ? kasan_check_read+0x11/0x20
[  814.286658][ T7961]  ? _copy_to_user+0xc9/0x120
[  814.291325][ T7961]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  814.297577][ T7961]  ? put_timespec64+0x115/0x1b0
[  814.302437][ T7961]  ? nsecs_to_jiffies+0x30/0x30
[  814.307432][ T7961]  ? do_syscall_64+0x8c/0x800
[  814.312097][ T7961]  ? do_syscall_64+0x8c/0x800
[  814.316769][ T7961]  ? lockdep_hardirqs_on+0x415/0x5d0
[  814.322033][ T7961]  ? trace_hardirqs_on+0xbd/0x310
[  814.327041][ T7961]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  814.333271][ T7961]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  814.339348][ T7961]  ? trace_hardirqs_off_caller+0x300/0x300
[  814.345181][ T7961]  __x64_sys_clone+0xbf/0x150
[  814.349862][ T7961]  do_syscall_64+0x1a3/0x800
[  814.354448][ T7961]  ? syscall_return_slowpath+0x5f0/0x5f0
[  814.360075][ T7961]  ? prepare_exit_to_usermode+0x232/0x3b0
[  814.365817][ T7961]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  814.371431][ T7961]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  814.377328][ T7961] RIP: 0033:0x45649a
[  814.381209][ T7961] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00
[  814.400793][ T7961] RSP: 002b:00007ffcc2973600 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[  814.409184][ T7961] RAX: ffffffffffffffda RBX: 00007ffcc2973600 RCX: 000000000045649a
17:48:47 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0xc0045878, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

[  814.417139][ T7961] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[  814.425098][ T7961] RBP: 00007ffcc2973640 R08: 0000000000000001 R09: 0000000001f21940
[  814.433068][ T7961] R10: 0000000001f21c10 R11: 0000000000000246 R12: 0000000000000001
[  814.441517][ T7961] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000004
17:48:47 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000000)={<r1=>0xffffffffffffffff}, 0x2, 0x1009}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY(r0, &(0x7f00000000c0)={0x13, 0x10, 0xfa00, {&(0x7f0000000400), r1, 0x1}}, 0x18)
close(r0)

17:48:47 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x301, 0x0)

17:48:47 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600000000000000, 0x0, 0xffffff7f]}}, 0x1c)

[  814.468007][ T7961] memory: usage 307200kB, limit 307200kB, failcnt 3423
[  814.481886][ T7961] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  814.493412][ T7961] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  814.502518][ T7961] Memory cgroup stats for /syz4: cache:120KB rss:213848KB rss_huge:165888KB shmem:168KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:16KB active_anon:213984KB inactive_file:4KB active_file:4KB unevictable:0KB
17:48:47 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x125d, 0x0)

17:48:47 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x2)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:48:47 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000, 0x0, 0xffffff7f]}}, 0x1c)

[  814.590284][ T7961] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor4,pid=21152,uid=0
[  814.676537][ T7961] Memory cgroup out of memory: Kill process 21152 (syz-executor4) score 1106 or sacrifice child
[  814.700429][ T7961] Killed process 21152 (syz-executor4) total-vm:70532kB, anon-rss:2196kB, file-rss:33736kB, shmem-rss:0kB
17:48:47 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500]}, 0x2c8)

17:48:47 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:47 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x125e, 0x0)

17:48:47 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900000000000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:47 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x125f, 0x0)

17:48:47 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00000000000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:47 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045878, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:48:47 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c8)

17:48:47 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1260, 0x0)

17:48:47 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$VIDIOC_S_PARM(r0, 0xc0cc5616, &(0x7f0000000080)={0xe, @capture={0x1000, 0x1, {0xc688, 0x3}, 0x100000001, 0x400}})
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000000)=0x8000000)
close(r0)

17:48:47 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x4)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:48:47 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe00000000000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:47 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1262, 0x0)

17:48:48 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700]}, 0x2c8)

17:48:48 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:48 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1263, 0x0)

17:48:48 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1100000000000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:48 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1264, 0x0)

17:48:48 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0189436, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:48:48 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1800000000000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:48 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1265, 0x0)

17:48:48 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x2)
close(r0)
ioctl$VIDIOC_ENUMAUDIO(r0, 0xc0345641, &(0x7f0000000080)={0x5, "edc47937e3e882163ed87837d2da52a352a343c035e6bb0f231aa24f65a54868", 0x1, 0x1})
ioctl$PPPIOCGUNIT(r0, 0x80047456, &(0x7f0000000000))

17:48:48 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x8)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:48:48 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900]}, 0x2c8)

17:48:48 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2001001000000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:48 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1267, 0x0)

17:48:48 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1268, 0x0)

17:48:48 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000000000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:48 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00000000000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:48 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1269, 0x0)

17:48:49 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c020660b, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:48:49 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00]}, 0x2c8)

17:48:49 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:49 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
close(r0)
setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f0000000080)=[@in={0x2, 0x4e21, @multicast1}, @in={0x2, 0x4e22, @remote}, @in={0x2, 0x4e20, @loopback}, @in6={0xa, 0x4e23, 0x400, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0xe329}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}], 0x5c)

17:48:49 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1274, 0x0)

17:48:49 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5800000000000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:49 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:48:49 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb00]}, 0x2c8)

17:48:49 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000000000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:49 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1276, 0x0)

17:48:49 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6100000000000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:49 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7800000000000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:49 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:48:49 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1277, 0x0)

17:48:49 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc00]}, 0x2c8)

17:48:50 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
write$P9_RXATTRCREATE(r0, &(0x7f0000000000)={0x7, 0x21, 0x2}, 0x7)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000080)={{{@in=@broadcast, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}}, {{@in=@multicast2}}}, &(0x7f0000000180)=0xe8)
ioctl$SIOCAX25DELUID(r0, 0x89e2, &(0x7f0000000240)={0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, r1})
close(r0)

17:48:50 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8004020000000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:50 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1278, 0x0)

17:48:50 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd00]}, 0x2c8)

17:48:50 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x2000)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:48:50 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8dffffff00000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:50 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1279, 0x0)

17:48:50 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe00]}, 0x2c8)

17:48:50 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa005000000000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:50 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x3)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:48:50 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x127a, 0x0)

17:48:50 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc805000000000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:50 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x8000, 0x0)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
close(r0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x80ffff, 0xff})
ioctl$KVM_DIRTY_TLB(r0, 0x4010aeaa, &(0x7f0000000000)={0x81, 0x8})
ioctl$EVIOCSCLOCKID(r0, 0x400445a0, &(0x7f0000000080)=0xe152)

17:48:50 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf00]}, 0x2c8)

17:48:50 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe803000000000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:50 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x127b, 0x0)

17:48:50 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x4000)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:48:50 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$VIDIOC_TRY_EXT_CTRLS(r0, 0xc0205649, &(0x7f0000000080)={0x9c0000, 0x401, 0xffffffffffff82c8, [], &(0x7f0000000000)={0x9909db, 0x0, [], @ptr=0x9}})
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
close(r0)

17:48:50 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xeffdffff00000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:50 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x127c, 0x0)

17:48:50 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1100]}, 0x2c8)

17:48:51 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x4)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:48:51 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x127d, 0x0)

17:48:51 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf401000000000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:51 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf5ffffff00000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:51 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1200]}, 0x2c8)

17:48:51 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x127e, 0x0)

17:48:51 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfc00000000000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:51 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x20000)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:48:51 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0xffffffffffffffff)
timerfd_gettime(r0, &(0x7f0000000000))
semget$private(0x0, 0x6, 0x6)
close(r0)
ioctl$SIOCRSSL2CALL(r0, 0x89e2, &(0x7f00000000c0)=@null)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e20, 0x6, @empty, 0x5}, 0x1c)

17:48:51 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x127f, 0x0)

17:48:51 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdffffff00000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:51 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1300]}, 0x2c8)

17:48:51 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x5)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:48:51 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c00, 0x0)

17:48:51 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe80000000000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:51 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1400]}, 0x2c8)

[  819.125842][T10939] syz-executor4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000
[  819.150126][T10939] CPU: 0 PID: 10939 Comm: syz-executor4 Not tainted 5.0.0-rc1-next-20190108 #7
[  819.159067][T10939] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  819.169116][T10939] Call Trace:
[  819.172445][T10939]  dump_stack+0x1db/0x2d0
[  819.176803][T10939]  ? dump_stack_print_info.cold+0x20/0x20
[  819.182541][T10939]  ? check_preemption_disabled+0x48/0x290
[  819.188267][T10939]  dump_header+0x1e6/0x116c
[  819.192777][T10939]  ? add_lock_to_list.isra.0+0x450/0x450
[  819.198428][T10939]  ? perf_trace_lock+0x750/0x750
[  819.203380][T10939]  ? print_usage_bug+0xd0/0xd0
[  819.208142][T10939]  ? pagefault_out_of_memory+0x1a1/0x1a1
[  819.208159][T10939]  ? ___ratelimit+0x37c/0x686
[  819.208180][T10939]  ? mark_held_locks+0xb1/0x100
[  819.208198][T10939]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  819.208218][T10939]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  819.218542][T10939]  ? lockdep_hardirqs_on+0x415/0x5d0
[  819.218558][T10939]  ? trace_hardirqs_on+0xbd/0x310
[  819.218572][T10939]  ? kasan_check_read+0x11/0x20
[  819.218585][T10939]  ? ___ratelimit+0x37c/0x686
[  819.218600][T10939]  ? trace_hardirqs_off_caller+0x300/0x300
[  819.218613][T10939]  ? do_raw_spin_trylock+0x270/0x270
[  819.218628][T10939]  ? trace_hardirqs_on_caller+0x310/0x310
17:48:51 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfec0000000000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:51 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c01, 0x0)

[  819.218640][T10939]  ? lock_acquire+0x1db/0x570
[  819.218662][T10939]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  819.218676][T10939]  ? ___ratelimit+0xac/0x686
[  819.218691][T10939]  ? idr_get_free+0xee0/0xee0
[  819.218705][T10939]  ? lockdep_hardirqs_on+0x415/0x5d0
[  819.218730][T10939]  oom_kill_process.cold+0x10/0x9ca
[  819.218762][T10939]  ? cgroup_procs_next+0x70/0x70
[  819.218780][T10939]  ? _raw_spin_unlock_irq+0x5e/0x90
[  819.218798][T10939]  ? oom_badness+0xa50/0xa50
[  819.229466][T10939]  ? oom_evaluate_task+0x540/0x540
17:48:51 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c02, 0x0)

[  819.229485][T10939]  ? mem_cgroup_iter_break+0x30/0x30
[  819.229500][T10939]  ? mutex_trylock+0x2d0/0x2d0
[  819.229516][T10939]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  819.229547][T10939]  ? rcu_read_unlock_special+0x380/0x380
[  819.229571][T10939]  out_of_memory+0x885/0x1420
[  819.240671][T10939]  ? mem_cgroup_iter+0x4f4/0xf50
[  819.240709][T10939]  ? oom_killer_disable+0x340/0x340
[  819.240727][T10939]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[  819.240743][T10939]  ? lock_acquire+0x1db/0x570
[  819.240782][T10939]  mem_cgroup_out_of_memory+0x160/0x210
[  819.364382][T10939]  ? do_raw_spin_unlock+0xa0/0x330
[  819.364401][T10939]  ? memory_oom_group_write+0x160/0x160
[  819.364431][T10939]  ? do_raw_spin_trylock+0x270/0x270
[  819.364460][T10939]  ? _raw_spin_unlock+0x2d/0x50
[  819.364479][T10939]  try_charge+0x1457/0x1d00
[  819.364505][T10939]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  819.390648][T10939]  ? find_held_lock+0x35/0x120
[  819.410251][T10939]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[  819.415801][T10939]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  819.422050][T10939]  ? lock_downgrade+0xbe0/0xbe0
[  819.426904][T10939]  ? kasan_check_read+0x11/0x20
[  819.431766][T10939]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  819.437756][T10939]  ? rcu_read_unlock_special+0x380/0x380
[  819.443432][T10939]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[  819.448990][T10939]  __memcg_kmem_charge_memcg+0x7c/0x130
[  819.454540][T10939]  ? memcg_kmem_put_cache+0xb0/0xb0
[  819.459744][T10939]  ? lock_release+0xc40/0xc40
[  819.464458][T10939]  __memcg_kmem_charge+0x136/0x300
[  819.469594][T10939]  __alloc_pages_nodemask+0x7b8/0xdc0
[  819.474989][T10939]  ? __alloc_pages_slowpath+0x2c60/0x2c60
[  819.480733][T10939]  ? rcu_pm_notify+0xd0/0xd0
[  819.485357][T10939]  ? rcu_read_lock_sched_held+0x110/0x130
[  819.491106][T10939]  ? kmem_cache_alloc_node+0x347/0x710
[  819.496562][T10939]  ? print_usage_bug+0xd0/0xd0
[  819.496594][T10939]  copy_process+0x847/0x8720
[  819.496630][T10939]  ? print_usage_bug+0xd0/0xd0
[  819.496649][T10939]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  819.496663][T10939]  ? check_preemption_disabled+0x48/0x290
[  819.496687][T10939]  ? __lock_acquire+0x572/0x4a10
[  819.496700][T10939]  ? mark_held_locks+0x100/0x100
[  819.496728][T10939]  ? __cleanup_sighand+0x70/0x70
[  819.496746][T10939]  ? mark_held_locks+0x100/0x100
[  819.506087][T10939]  ? find_held_lock+0x35/0x120
[  819.506107][T10939]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  819.506122][T10939]  ? check_preemption_disabled+0x48/0x290
[  819.506141][T10939]  ? debug_smp_processor_id+0x1c/0x20
[  819.506156][T10939]  ? perf_trace_lock_acquire+0x138/0x7d0
[  819.506173][T10939]  ? delayacct_end+0xc9/0x100
[  819.506187][T10939]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  819.506204][T10939]  ? add_lock_to_list.isra.0+0x450/0x450
[  819.506218][T10939]  ? perf_trace_lock+0x750/0x750
[  819.506237][T10939]  ? perf_trace_lock_acquire+0x138/0x7d0
[  819.597439][T10939]  ? add_lock_to_list.isra.0+0x450/0x450
[  819.603075][T10939]  ? find_held_lock+0x35/0x120
[  819.607841][T10939]  ? print_usage_bug+0xd0/0xd0
[  819.612615][T10939]  ? psi_memstall_leave+0x1f8/0x280
[  819.617816][T10939]  ? find_held_lock+0x35/0x120
[  819.622585][T10939]  ? __lock_acquire+0x572/0x4a10
[  819.627526][T10939]  ? _raw_spin_unlock_irq+0x28/0x90
[  819.627543][T10939]  ? _raw_spin_unlock_irq+0x28/0x90
[  819.627557][T10939]  ? lockdep_hardirqs_on+0x415/0x5d0
[  819.627574][T10939]  ? trace_hardirqs_on+0xbd/0x310
[  819.627596][T10939]  ? mark_held_locks+0x100/0x100
[  819.627609][T10939]  ? check_preemption_disabled+0x48/0x290
[  819.627630][T10939]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  819.627644][T10939]  ? check_preemption_disabled+0x48/0x290
[  819.627661][T10939]  ? debug_smp_processor_id+0x1c/0x20
[  819.676250][T10939]  ? perf_trace_lock_acquire+0x138/0x7d0
[  819.681891][T10939]  ? add_lock_to_list.isra.0+0x450/0x450
[  819.687541][T10939]  ? perf_trace_lock+0x750/0x750
[  819.692478][T10939]  ? lockdep_hardirqs_on+0x415/0x5d0
[  819.697775][T10939]  ? try_to_free_pages+0xb70/0xb70
[  819.702893][T10939]  ? percpu_ref_put_many+0x129/0x270
[  819.708232][T10939]  ? blkcg_maybe_throttle_current+0x75e/0x13c0
[  819.714403][T10939]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  819.720654][T10939]  _do_fork+0x1a9/0x1170
[  819.724917][T10939]  ? fork_idle+0x1d0/0x1d0
[  819.729372][T10939]  ? trace_hardirqs_off+0xb8/0x310
[  819.734501][T10939]  ? get_mctgt_type_thp.isra.0+0x4c0/0x4c0
[  819.740323][T10939]  ? prepare_exit_to_usermode+0x32e/0x3b0
[  819.746062][T10939]  ? do_syscall_64+0x8c/0x800
[  819.750737][T10939]  ? do_syscall_64+0x8c/0x800
[  819.755515][T10939]  ? lockdep_hardirqs_on+0x415/0x5d0
[  819.760802][T10939]  ? trace_hardirqs_on+0xbd/0x310
[  819.765862][T10939]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  819.771941][T10939]  ? trace_hardirqs_off_caller+0x300/0x300
[  819.777766][T10939]  __x64_sys_clone+0xbf/0x150
[  819.782457][T10939]  do_syscall_64+0x1a3/0x800
[  819.787054][T10939]  ? syscall_return_slowpath+0x5f0/0x5f0
[  819.792701][T10939]  ? prepare_exit_to_usermode+0x232/0x3b0
[  819.798436][T10939]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  819.804023][T10939]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  819.809918][T10939] RIP: 0033:0x45a899
[  819.813824][T10939] Code: ff 48 85 f6 0f 84 97 8d fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 6e 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75
[  819.833438][T10939] RSP: 002b:00007ffcc2973378 EFLAGS: 00000202 ORIG_RAX: 0000000000000038
[  819.841863][T10939] RAX: ffffffffffffffda RBX: 00007f20e9849700 RCX: 000000000045a899
[  819.849820][T10939] RDX: 00007f20e98499d0 RSI: 00007f20e9848db0 RDI: 00000000003d0f00
[  819.857811][T10939] RBP: 00007ffcc2973580 R08: 00007f20e9849700 R09: 00007f20e9849700
[  819.865783][T10939] R10: 00007f20e98499d0 R11: 0000000000000202 R12: 0000000000000000
17:48:52 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x40000)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:48:52 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000080)={<r1=>0x0, 0x7ff}, &(0x7f00000000c0)=0x8)
setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x23, &(0x7f0000000100)={r1, 0xec4b}, 0x8)
mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x2000000, 0x110, r0, 0x0)
ioctl$PPPIOCGMRU(r0, 0x80047453, &(0x7f0000000140))
ioctl$FS_IOC_ENABLE_VERITY(r0, 0x6685)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
close(r0)

17:48:52 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeffffff00000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:52 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c03, 0x0)

[  819.873759][T10939] R13: 00007ffcc297342f R14: 00007f20e98499c0 R15: 000000000073bf0c
[  819.892809][T10939] memory: usage 307192kB, limit 307200kB, failcnt 3468
[  819.906590][T10939] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  819.943857][T10939] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  819.965856][T10939] Memory cgroup stats for /syz4: cache:120KB rss:212520KB rss_huge:163840KB shmem:168KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:16KB active_anon:212684KB inactive_file:4KB active_file:0KB unevictable:0KB
17:48:52 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c04, 0x0)

17:48:52 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x6)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:48:52 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff00000000000000, 0x0, 0xffffff7f]}}, 0x1c)

[  819.999967][T10939] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor4,pid=21164,uid=0
[  820.033154][T10939] Memory cgroup out of memory: Kill process 21164 (syz-executor4) score 1106 or sacrifice child
17:48:52 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c05, 0x0)

[  820.069846][T10939] Killed process 21164 (syz-executor4) total-vm:70532kB, anon-rss:2196kB, file-rss:33736kB, shmem-rss:0kB
17:48:52 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1500]}, 0x2c8)

17:48:52 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff000000000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:52 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c06, 0x0)

17:48:52 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c07, 0x0)

[  820.410402][T11005] syz-executor4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000
[  820.428123][T11005] CPU: 1 PID: 11005 Comm: syz-executor4 Not tainted 5.0.0-rc1-next-20190108 #7
[  820.437606][T11005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  820.447659][T11005] Call Trace:
[  820.450952][T11005]  dump_stack+0x1db/0x2d0
17:48:53 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x4080000000000, 0x400000)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)
ioctl$KVM_SET_CPUID(r0, 0x4008ae8a, &(0x7f0000000080)={0x5, 0x0, [{0x40000000, 0x7, 0x5, 0x8, 0x4}, {0xf, 0x4, 0x8, 0x81, 0x7}, {0x40000007, 0x40, 0xf80000000000000, 0x400, 0x7}, {0x80000001, 0xf5, 0x800, 0xffff, 0xff}, {0xd, 0x480000, 0x80, 0xfffffffffffffffd}]})

[  820.455292][T11005]  ? dump_stack_print_info.cold+0x20/0x20
[  820.461073][T11005]  ? check_preemption_disabled+0x48/0x290
[  820.466813][T11005]  dump_header+0x1e6/0x116c
[  820.471351][T11005]  ? add_lock_to_list.isra.0+0x450/0x450
[  820.477008][T11005]  ? perf_trace_lock+0x750/0x750
[  820.481963][T11005]  ? print_usage_bug+0xd0/0xd0
[  820.486735][T11005]  ? pagefault_out_of_memory+0x1a1/0x1a1
[  820.492372][T11005]  ? ___ratelimit+0x37c/0x686
[  820.497057][T11005]  ? mark_held_locks+0xb1/0x100
[  820.501946][T11005]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  820.507772][T11005]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  820.513581][T11005]  ? lockdep_hardirqs_on+0x415/0x5d0
[  820.518876][T11005]  ? trace_hardirqs_on+0xbd/0x310
[  820.518892][T11005]  ? kasan_check_read+0x11/0x20
[  820.518905][T11005]  ? ___ratelimit+0x37c/0x686
[  820.518920][T11005]  ? trace_hardirqs_off_caller+0x300/0x300
[  820.518940][T11005]  ? do_raw_spin_trylock+0x270/0x270
[  820.544547][T11005]  ? trace_hardirqs_on_caller+0x310/0x310
[  820.550275][T11005]  ? lock_acquire+0x1db/0x570
[  820.554985][T11005]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  820.555001][T11005]  ? ___ratelimit+0xac/0x686
[  820.555018][T11005]  ? idr_get_free+0xee0/0xee0
[  820.555037][T11005]  ? lockdep_hardirqs_on+0x415/0x5d0
[  820.565423][T11005]  oom_kill_process.cold+0x10/0x9ca
[  820.565445][T11005]  ? cgroup_procs_next+0x70/0x70
[  820.565466][T11005]  ? _raw_spin_unlock_irq+0x5e/0x90
[  820.565482][T11005]  ? oom_badness+0xa50/0xa50
[  820.565503][T11005]  ? oom_evaluate_task+0x540/0x540
[  820.600565][T11005]  ? mem_cgroup_iter_break+0x30/0x30
[  820.605888][T11005]  ? mutex_trylock+0x2d0/0x2d0
[  820.610679][T11005]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  820.616925][T11005]  ? rcu_read_unlock_special+0x380/0x380
[  820.622544][T11005]  out_of_memory+0x885/0x1420
[  820.627205][T11005]  ? mem_cgroup_iter+0x4f4/0xf50
[  820.632130][T11005]  ? oom_killer_disable+0x340/0x340
[  820.637308][T11005]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[  820.643119][T11005]  ? lock_acquire+0x1db/0x570
[  820.647786][T11005]  mem_cgroup_out_of_memory+0x160/0x210
[  820.653312][T11005]  ? do_raw_spin_unlock+0xa0/0x330
[  820.658431][T11005]  ? memory_oom_group_write+0x160/0x160
[  820.663961][T11005]  ? do_raw_spin_trylock+0x270/0x270
[  820.669234][T11005]  ? _raw_spin_unlock+0x2d/0x50
[  820.674070][T11005]  try_charge+0x1457/0x1d00
[  820.678559][T11005]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  820.684092][T11005]  ? find_held_lock+0x35/0x120
[  820.688868][T11005]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[  820.694413][T11005]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  820.700648][T11005]  ? lock_downgrade+0xbe0/0xbe0
[  820.705476][T11005]  ? kasan_check_read+0x11/0x20
[  820.710305][T11005]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  820.716277][T11005]  ? rcu_read_unlock_special+0x380/0x380
[  820.721894][T11005]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[  820.727445][T11005]  __memcg_kmem_charge_memcg+0x7c/0x130
[  820.733118][T11005]  ? memcg_kmem_put_cache+0xb0/0xb0
[  820.738291][T11005]  ? lock_release+0xc40/0xc40
[  820.742959][T11005]  __memcg_kmem_charge+0x136/0x300
[  820.748083][T11005]  __alloc_pages_nodemask+0x7b8/0xdc0
[  820.753441][T11005]  ? __alloc_pages_slowpath+0x2c60/0x2c60
[  820.759136][T11005]  ? rcu_pm_notify+0xd0/0xd0
[  820.763711][T11005]  ? rcu_read_lock_sched_held+0x110/0x130
[  820.769408][T11005]  ? kmem_cache_alloc_node+0x347/0x710
[  820.774853][T11005]  ? print_usage_bug+0xd0/0xd0
[  820.779602][T11005]  copy_process+0x847/0x8720
[  820.784194][T11005]  ? print_usage_bug+0xd0/0xd0
[  820.788979][T11005]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  820.795207][T11005]  ? check_preemption_disabled+0x48/0x290
[  820.800908][T11005]  ? __lock_acquire+0x572/0x4a10
[  820.805849][T11005]  ? mark_held_locks+0x100/0x100
[  820.810769][T11005]  ? __cleanup_sighand+0x70/0x70
[  820.815712][T11005]  ? mark_held_locks+0x100/0x100
[  820.820654][T11005]  ? find_held_lock+0x35/0x120
[  820.825415][T11005]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  820.831701][T11005]  ? check_preemption_disabled+0x48/0x290
[  820.837437][T11005]  ? debug_smp_processor_id+0x1c/0x20
[  820.842800][T11005]  ? perf_trace_lock_acquire+0x138/0x7d0
[  820.848437][T11005]  ? delayacct_end+0xc9/0x100
[  820.853094][T11005]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  820.859314][T11005]  ? add_lock_to_list.isra.0+0x450/0x450
[  820.864981][T11005]  ? perf_trace_lock+0x750/0x750
[  820.869910][T11005]  ? perf_trace_lock_acquire+0x138/0x7d0
[  820.875541][T11005]  ? add_lock_to_list.isra.0+0x450/0x450
[  820.881165][T11005]  ? find_held_lock+0x35/0x120
[  820.885911][T11005]  ? print_usage_bug+0xd0/0xd0
[  820.890663][T11005]  ? psi_memstall_leave+0x1f8/0x280
[  820.895843][T11005]  ? find_held_lock+0x35/0x120
[  820.900638][T11005]  ? __lock_acquire+0x572/0x4a10
[  820.905571][T11005]  ? _raw_spin_unlock_irq+0x28/0x90
[  820.910777][T11005]  ? _raw_spin_unlock_irq+0x28/0x90
[  820.916094][T11005]  ? lockdep_hardirqs_on+0x415/0x5d0
[  820.921368][T11005]  ? trace_hardirqs_on+0xbd/0x310
[  820.926389][T11005]  ? mark_held_locks+0x100/0x100
[  820.931332][T11005]  ? check_preemption_disabled+0x48/0x290
[  820.937077][T11005]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  820.943356][T11005]  ? check_preemption_disabled+0x48/0x290
[  820.949094][T11005]  ? debug_smp_processor_id+0x1c/0x20
[  820.954459][T11005]  ? perf_trace_lock_acquire+0x138/0x7d0
[  820.960074][T11005]  ? add_lock_to_list.isra.0+0x450/0x450
[  820.965683][T11005]  ? perf_trace_lock+0x750/0x750
[  820.970623][T11005]  ? lockdep_hardirqs_on+0x415/0x5d0
[  820.975925][T11005]  ? try_to_free_pages+0xb70/0xb70
[  820.981023][T11005]  ? percpu_ref_put_many+0x129/0x270
[  820.986356][T11005]  ? blkcg_maybe_throttle_current+0x75e/0x13c0
[  820.992568][T11005]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  820.998796][T11005]  _do_fork+0x1a9/0x1170
[  821.003041][T11005]  ? fork_idle+0x1d0/0x1d0
[  821.007443][T11005]  ? trace_hardirqs_off+0xb8/0x310
[  821.012533][T11005]  ? get_mctgt_type_thp.isra.0+0x4c0/0x4c0
[  821.018332][T11005]  ? prepare_exit_to_usermode+0x32e/0x3b0
[  821.024032][T11005]  ? do_syscall_64+0x8c/0x800
[  821.028704][T11005]  ? do_syscall_64+0x8c/0x800
[  821.033404][T11005]  ? lockdep_hardirqs_on+0x415/0x5d0
[  821.038707][T11005]  ? trace_hardirqs_on+0xbd/0x310
[  821.043717][T11005]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  821.049775][T11005]  ? trace_hardirqs_off_caller+0x300/0x300
[  821.055566][T11005]  __x64_sys_clone+0xbf/0x150
[  821.060228][T11005]  do_syscall_64+0x1a3/0x800
[  821.064810][T11005]  ? syscall_return_slowpath+0x5f0/0x5f0
[  821.070456][T11005]  ? prepare_exit_to_usermode+0x232/0x3b0
[  821.076268][T11005]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  821.081838][T11005]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  821.087709][T11005] RIP: 0033:0x45a899
[  821.091598][T11005] Code: ff 48 85 f6 0f 84 97 8d fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 6e 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75
[  821.111186][T11005] RSP: 002b:00007ffcc2973378 EFLAGS: 00000202 ORIG_RAX: 0000000000000038
[  821.119618][T11005] RAX: ffffffffffffffda RBX: 00007f20e9849700 RCX: 000000000045a899
[  821.127565][T11005] RDX: 00007f20e98499d0 RSI: 00007f20e9848db0 RDI: 00000000003d0f00
[  821.135514][T11005] RBP: 00007ffcc2973580 R08: 00007f20e9849700 R09: 00007f20e9849700
[  821.143466][T11005] R10: 00007f20e98499d0 R11: 0000000000000202 R12: 0000000000000000
[  821.151415][T11005] R13: 00007ffcc297342f R14: 00007f20e98499c0 R15: 000000000073bf0c
[  821.186225][T11005] memory: usage 307180kB, limit 307200kB, failcnt 3497
[  821.193234][T11005] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  821.204549][T11005] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  821.211515][T11005] Memory cgroup stats for /syz4: cache:120KB rss:212624KB rss_huge:163840KB shmem:168KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:16KB active_anon:212672KB inactive_file:0KB active_file:0KB unevictable:0KB
17:48:53 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
close(r0)
close(r0)

17:48:53 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f00000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:53 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x6, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:48:53 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c08, 0x0)

17:48:53 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x7)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

[  821.233858][T11005] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor4,pid=21205,uid=0
[  821.261196][T11005] Memory cgroup out of memory: Kill process 21205 (syz-executor4) score 1106 or sacrifice child
[  821.272304][T11005] Killed process 21205 (syz-executor4) total-vm:70532kB, anon-rss:2196kB, file-rss:33736kB, shmem-rss:0kB
17:48:54 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x0)

17:48:54 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000, 0x0, 0xffffff7f]}}, 0x1c)

17:48:54 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1800]}, 0x2c8)

17:48:54 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffffff7f]}}, 0x1c)

17:48:54 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x5421, 0x0)

[  821.592585][T11047] syz-executor4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000
[  821.604988][T11047] CPU: 0 PID: 11047 Comm: syz-executor4 Not tainted 5.0.0-rc1-next-20190108 #7
[  821.613938][T11047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  821.623987][T11047] Call Trace:
[  821.627308][T11047]  dump_stack+0x1db/0x2d0
[  821.631707][T11047]  ? dump_stack_print_info.cold+0x20/0x20
[  821.637431][T11047]  ? check_preemption_disabled+0x48/0x290
[  821.643166][T11047]  dump_header+0x1e6/0x116c
[  821.647681][T11047]  ? add_lock_to_list.isra.0+0x450/0x450
[  821.653335][T11047]  ? perf_trace_lock+0x750/0x750
[  821.658278][T11047]  ? print_usage_bug+0xd0/0xd0
[  821.663070][T11047]  ? pagefault_out_of_memory+0x1a1/0x1a1
[  821.668708][T11047]  ? ___ratelimit+0x37c/0x686
[  821.673417][T11047]  ? mark_held_locks+0xb1/0x100
[  821.678273][T11047]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  821.684069][T11047]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  821.689867][T11047]  ? lockdep_hardirqs_on+0x415/0x5d0
[  821.695179][T11047]  ? trace_hardirqs_on+0xbd/0x310
[  821.700205][T11047]  ? kasan_check_read+0x11/0x20
[  821.705051][T11047]  ? ___ratelimit+0x37c/0x686
[  821.709722][T11047]  ? trace_hardirqs_off_caller+0x300/0x300
[  821.715535][T11047]  ? do_raw_spin_trylock+0x270/0x270
[  821.720830][T11047]  ? trace_hardirqs_on_caller+0x310/0x310
[  821.726552][T11047]  ? lock_acquire+0x1db/0x570
[  821.731224][T11047]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  821.737020][T11047]  ? ___ratelimit+0xac/0x686
[  821.741616][T11047]  ? idr_get_free+0xee0/0xee0
[  821.746293][T11047]  ? lockdep_hardirqs_on+0x415/0x5d0
[  821.751621][T11047]  oom_kill_process.cold+0x10/0x9ca
[  821.756855][T11047]  ? cgroup_procs_next+0x70/0x70
[  821.761788][T11047]  ? _raw_spin_unlock_irq+0x5e/0x90
[  821.766977][T11047]  ? oom_badness+0xa50/0xa50
[  821.771596][T11047]  ? oom_evaluate_task+0x540/0x540
[  821.776714][T11047]  ? mem_cgroup_iter_break+0x30/0x30
[  821.782021][T11047]  ? mutex_trylock+0x2d0/0x2d0
[  821.786815][T11047]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  821.793083][T11047]  ? rcu_read_unlock_special+0x380/0x380
[  821.798738][T11047]  out_of_memory+0x885/0x1420
[  821.803413][T11047]  ? mem_cgroup_iter+0x4f4/0xf50
[  821.808362][T11047]  ? oom_killer_disable+0x340/0x340
[  821.813566][T11047]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[  821.819398][T11047]  ? lock_acquire+0x1db/0x570
[  821.824091][T11047]  mem_cgroup_out_of_memory+0x160/0x210
[  821.829657][T11047]  ? do_raw_spin_unlock+0xa0/0x330
[  821.834771][T11047]  ? memory_oom_group_write+0x160/0x160
[  821.840306][T11047]  ? do_raw_spin_trylock+0x270/0x270
[  821.845605][T11047]  ? _raw_spin_unlock+0x2d/0x50
[  821.850464][T11047]  try_charge+0x1457/0x1d00
[  821.854998][T11047]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  821.860538][T11047]  ? find_held_lock+0x35/0x120
[  821.865299][T11047]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[  821.870849][T11047]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  821.877114][T11047]  ? lock_downgrade+0xbe0/0xbe0
[  821.881966][T11047]  ? kasan_check_read+0x11/0x20
[  821.886821][T11047]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  821.892819][T11047]  ? rcu_read_unlock_special+0x380/0x380
[  821.898476][T11047]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[  821.904018][T11047]  __memcg_kmem_charge_memcg+0x7c/0x130
[  821.909556][T11047]  ? memcg_kmem_put_cache+0xb0/0xb0
[  821.914754][T11047]  ? lock_release+0xc40/0xc40
[  821.919430][T11047]  __memcg_kmem_charge+0x136/0x300
[  821.924555][T11047]  __alloc_pages_nodemask+0x7b8/0xdc0
[  821.929940][T11047]  ? __alloc_pages_slowpath+0x2c60/0x2c60
[  821.935661][T11047]  ? rcu_pm_notify+0xd0/0xd0
[  821.940277][T11047]  ? rcu_read_lock_sched_held+0x110/0x130
[  821.945988][T11047]  ? kmem_cache_alloc_node+0x347/0x710
[  821.951453][T11047]  ? print_usage_bug+0xd0/0xd0
[  821.956233][T11047]  copy_process+0x847/0x8720
[  821.960832][T11047]  ? print_usage_bug+0xd0/0xd0
[  821.965610][T11047]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  821.971878][T11047]  ? check_preemption_disabled+0x48/0x290
[  821.977629][T11047]  ? __lock_acquire+0x572/0x4a10
[  821.982599][T11047]  ? mark_held_locks+0x100/0x100
[  821.987541][T11047]  ? __cleanup_sighand+0x70/0x70
[  821.992488][T11047]  ? mark_held_locks+0x100/0x100
[  821.997432][T11047]  ? find_held_lock+0x35/0x120
[  822.002187][T11047]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  822.008420][T11047]  ? check_preemption_disabled+0x48/0x290
[  822.014186][T11047]  ? debug_smp_processor_id+0x1c/0x20
[  822.019556][T11047]  ? perf_trace_lock_acquire+0x138/0x7d0
[  822.025170][T11047]  ? delayacct_end+0xc9/0x100
[  822.029841][T11047]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  822.036103][T11047]  ? add_lock_to_list.isra.0+0x450/0x450
[  822.041775][T11047]  ? perf_trace_lock+0x750/0x750
[  822.046723][T11047]  ? perf_trace_lock_acquire+0x138/0x7d0
[  822.052415][T11047]  ? add_lock_to_list.isra.0+0x450/0x450
[  822.058074][T11047]  ? find_held_lock+0x35/0x120
[  822.062853][T11047]  ? print_usage_bug+0xd0/0xd0
[  822.067630][T11047]  ? psi_memstall_leave+0x1f8/0x280
[  822.072829][T11047]  ? find_held_lock+0x35/0x120
[  822.077603][T11047]  ? __lock_acquire+0x572/0x4a10
[  822.082535][T11047]  ? _raw_spin_unlock_irq+0x28/0x90
[  822.087742][T11047]  ? _raw_spin_unlock_irq+0x28/0x90
[  822.092944][T11047]  ? lockdep_hardirqs_on+0x415/0x5d0
[  822.098247][T11047]  ? trace_hardirqs_on+0xbd/0x310
[  822.103271][T11047]  ? mark_held_locks+0x100/0x100
[  822.108208][T11047]  ? check_preemption_disabled+0x48/0x290
[  822.113931][T11047]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  822.120175][T11047]  ? check_preemption_disabled+0x48/0x290
[  822.125892][T11047]  ? debug_smp_processor_id+0x1c/0x20
[  822.131307][T11047]  ? perf_trace_lock_acquire+0x138/0x7d0
[  822.136965][T11047]  ? add_lock_to_list.isra.0+0x450/0x450
[  822.142636][T11047]  ? perf_trace_lock+0x750/0x750
[  822.147572][T11047]  ? lockdep_hardirqs_on+0x415/0x5d0
[  822.152864][T11047]  ? try_to_free_pages+0xb70/0xb70
[  822.158001][T11047]  ? percpu_ref_put_many+0x129/0x270
[  822.163286][T11047]  ? blkcg_maybe_throttle_current+0x75e/0x13c0
[  822.169423][T11047]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  822.175659][T11047]  _do_fork+0x1a9/0x1170
[  822.179969][T11047]  ? fork_idle+0x1d0/0x1d0
[  822.184412][T11047]  ? trace_hardirqs_off+0xb8/0x310
[  822.189559][T11047]  ? get_mctgt_type_thp.isra.0+0x4c0/0x4c0
[  822.195414][T11047]  ? prepare_exit_to_usermode+0x32e/0x3b0
[  822.201153][T11047]  ? do_syscall_64+0x8c/0x800
[  822.205839][T11047]  ? do_syscall_64+0x8c/0x800
[  822.210522][T11047]  ? lockdep_hardirqs_on+0x415/0x5d0
[  822.215816][T11047]  ? trace_hardirqs_on+0xbd/0x310
[  822.220875][T11047]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  822.226968][T11047]  ? trace_hardirqs_off_caller+0x300/0x300
[  822.232782][T11047]  __x64_sys_clone+0xbf/0x150
[  822.237469][T11047]  do_syscall_64+0x1a3/0x800
[  822.242085][T11047]  ? syscall_return_slowpath+0x5f0/0x5f0
[  822.247728][T11047]  ? prepare_exit_to_usermode+0x232/0x3b0
[  822.253471][T11047]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  822.259027][T11047]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  822.264920][T11047] RIP: 0033:0x45a899
[  822.264936][T11047] Code: ff 48 85 f6 0f 84 97 8d fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 6e 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75
17:48:54 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x8)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:48:54 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x5450, 0x0)

[  822.264945][T11047] RSP: 002b:00007ffcc2973378 EFLAGS: 00000202 ORIG_RAX: 0000000000000038
[  822.264961][T11047] RAX: ffffffffffffffda RBX: 00007f20e9849700 RCX: 000000000045a899
[  822.264971][T11047] RDX: 00007f20e98499d0 RSI: 00007f20e9848db0 RDI: 00000000003d0f00
[  822.264980][T11047] RBP: 00007ffcc2973580 R08: 00007f20e9849700 R09: 00007f20e9849700
[  822.264996][T11047] R10: 00007f20e98499d0 R11: 0000000000000202 R12: 0000000000000000
[  822.288467][T11047] R13: 00007ffcc297342f R14: 00007f20e98499c0 R15: 000000000073bf0c
17:48:55 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x8000, 0x0)
setsockopt$inet_sctp6_SCTP_NODELAY(r1, 0x84, 0x3, &(0x7f0000000080)=0x5, 0x4)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
close(r0)

17:48:55 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0xffffff7f]}}, 0x1c)

17:48:55 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
accept4$unix(r0, &(0x7f0000000080)=@abs, &(0x7f0000000000)=0x6e, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$sock_bt_bnep_BNEPGETCONNINFO(r0, 0x800442d3, &(0x7f0000000100)={0x9, 0x20, 0xb35, @empty, 'irlan0\x00\x00\x00\x93\x00'})
ioctl$int_in(r0, 0x5473, &(0x7f0000000380)=0x80)
socketpair$unix(0x1, 0x7, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:48:55 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x5451, 0x0)

17:48:55 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x5452, 0x0)

17:48:55 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0xffffff7f]}}, 0x1c)

17:48:55 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x5460, 0x0)

[  822.586950][T11047] memory: usage 307196kB, limit 307200kB, failcnt 3553
[  822.603514][T11047] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  822.622766][T11047] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  822.662505][T11047] Memory cgroup stats for /syz4: cache:120KB rss:212556KB rss_huge:163840KB shmem:168KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:16KB active_anon:212672KB inactive_file:4KB active_file:0KB unevictable:0KB
[  822.691204][T11047] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor4,pid=21226,uid=0
[  822.715127][T11047] Memory cgroup out of memory: Kill process 21226 (syz-executor4) score 1106 or sacrifice child
[  822.726010][T11047] Killed process 21226 (syz-executor4) total-vm:70532kB, anon-rss:2196kB, file-rss:33736kB, shmem-rss:0kB
17:48:55 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00]}, 0x2c8)

17:48:55 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0xffffff7f]}}, 0x1c)

17:48:55 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x40049409, 0x0)

[  822.997603][T11101] syz-executor4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000
[  823.023634][T11101] CPU: 0 PID: 11101 Comm: syz-executor4 Not tainted 5.0.0-rc1-next-20190108 #7
[  823.032593][T11101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  823.042653][T11101] Call Trace:
[  823.042676][T11101]  dump_stack+0x1db/0x2d0
[  823.042698][T11101]  ? dump_stack_print_info.cold+0x20/0x20
[  823.042713][T11101]  ? check_preemption_disabled+0x48/0x290
[  823.042743][T11101]  dump_header+0x1e6/0x116c
[  823.042777][T11101]  ? add_lock_to_list.isra.0+0x450/0x450
[  823.050401][T11101]  ? perf_trace_lock+0x750/0x750
[  823.050418][T11101]  ? print_usage_bug+0xd0/0xd0
[  823.050439][T11101]  ? pagefault_out_of_memory+0x1a1/0x1a1
[  823.050455][T11101]  ? ___ratelimit+0x37c/0x686
[  823.050479][T11101]  ? mark_held_locks+0xb1/0x100
17:48:55 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x9)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:48:55 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x40081271, 0x0)

[  823.050506][T11101]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  823.102703][T11101]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  823.108522][T11101]  ? lockdep_hardirqs_on+0x415/0x5d0
[  823.113838][T11101]  ? trace_hardirqs_on+0xbd/0x310
[  823.118867][T11101]  ? kasan_check_read+0x11/0x20
[  823.123779][T11101]  ? ___ratelimit+0x37c/0x686
[  823.128471][T11101]  ? trace_hardirqs_off_caller+0x300/0x300
[  823.134297][T11101]  ? do_raw_spin_trylock+0x270/0x270
[  823.139650][T11101]  ? trace_hardirqs_on_caller+0x310/0x310
[  823.145389][T11101]  ? lock_acquire+0x1db/0x570
[  823.150159][T11101]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  823.155991][T11101]  ? ___ratelimit+0xac/0x686
[  823.156008][T11101]  ? idr_get_free+0xee0/0xee0
[  823.156024][T11101]  ? lockdep_hardirqs_on+0x415/0x5d0
[  823.156049][T11101]  oom_kill_process.cold+0x10/0x9ca
[  823.156084][T11101]  ? cgroup_procs_next+0x70/0x70
[  823.156105][T11101]  ? _raw_spin_unlock_irq+0x5e/0x90
[  823.165354][T11101]  ? oom_badness+0xa50/0xa50
[  823.165377][T11101]  ? oom_evaluate_task+0x540/0x540
[  823.165417][T11101]  ? mem_cgroup_iter_break+0x30/0x30
[  823.165436][T11101]  ? mutex_trylock+0x2d0/0x2d0
[  823.205814][T11101]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  823.212101][T11101]  ? rcu_read_unlock_special+0x380/0x380
[  823.217757][T11101]  out_of_memory+0x885/0x1420
[  823.222446][T11101]  ? mem_cgroup_iter+0x4f4/0xf50
[  823.227404][T11101]  ? oom_killer_disable+0x340/0x340
[  823.232629][T11101]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[  823.238497][T11101]  ? lock_acquire+0x1db/0x570
[  823.243188][T11101]  mem_cgroup_out_of_memory+0x160/0x210
[  823.248726][T11101]  ? do_raw_spin_unlock+0xa0/0x330
[  823.253833][T11101]  ? memory_oom_group_write+0x160/0x160
[  823.259376][T11101]  ? do_raw_spin_trylock+0x270/0x270
[  823.264676][T11101]  ? _raw_spin_unlock+0x2d/0x50
[  823.269556][T11101]  try_charge+0x1457/0x1d00
[  823.274173][T11101]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  823.279729][T11101]  ? find_held_lock+0x35/0x120
[  823.284484][T11101]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[  823.290024][T11101]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  823.296256][T11101]  ? lock_downgrade+0xbe0/0xbe0
[  823.301127][T11101]  ? kasan_check_read+0x11/0x20
[  823.305989][T11101]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  823.311968][T11101]  ? rcu_read_unlock_special+0x380/0x380
[  823.317587][T11101]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[  823.323129][T11101]  __memcg_kmem_charge_memcg+0x7c/0x130
[  823.328696][T11101]  ? memcg_kmem_put_cache+0xb0/0xb0
[  823.333900][T11101]  ? lock_release+0xc40/0xc40
[  823.338600][T11101]  __memcg_kmem_charge+0x136/0x300
[  823.343724][T11101]  __alloc_pages_nodemask+0x7b8/0xdc0
[  823.349108][T11101]  ? __alloc_pages_slowpath+0x2c60/0x2c60
[  823.354845][T11101]  ? rcu_pm_notify+0xd0/0xd0
[  823.359452][T11101]  ? rcu_read_lock_sched_held+0x110/0x130
[  823.365181][T11101]  ? kmem_cache_alloc_node+0x347/0x710
[  823.365196][T11101]  ? print_usage_bug+0xd0/0xd0
[  823.365224][T11101]  copy_process+0x847/0x8720
[  823.375462][T11101]  ? print_usage_bug+0xd0/0xd0
[  823.375483][T11101]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  823.375498][T11101]  ? check_preemption_disabled+0x48/0x290
17:48:56 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
close(r0)

17:48:56 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xffffff7f]}}, 0x1c)

17:48:56 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x40101283, 0x0)

17:48:56 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xffffffffffffffff, 0x0)
readv(r0, &(0x7f00000000c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = getuid()
ioctl$SIOCAX25DELUID(r0, 0x89e2, &(0x7f0000000000)={0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, r2})
close(r0)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100)='/dev/hwrng\x00', 0x10000, 0x0)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000140)='IPVS\x00')
ioctl$KVM_X86_SETUP_MCE(r0, 0x4008ae9c, &(0x7f0000000080)={0x3, 0x5, 0xfff})

[  823.375522][T11101]  ? __lock_acquire+0x572/0x4a10
[  823.375536][T11101]  ? mark_held_locks+0x100/0x100
[  823.375563][T11101]  ? __cleanup_sighand+0x70/0x70
[  823.375582][T11101]  ? mark_held_locks+0x100/0x100
[  823.375597][T11101]  ? find_held_lock+0x35/0x120
[  823.375616][T11101]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  823.375630][T11101]  ? check_preemption_disabled+0x48/0x290
[  823.375650][T11101]  ? debug_smp_processor_id+0x1c/0x20
[  823.375664][T11101]  ? perf_trace_lock_acquire+0x138/0x7d0
[  823.375700][T11101]  ? delayacct_end+0xc9/0x100
[  823.449036][T11101]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  823.455297][T11101]  ? add_lock_to_list.isra.0+0x450/0x450
[  823.460944][T11101]  ? perf_trace_lock+0x750/0x750
[  823.465890][T11101]  ? perf_trace_lock_acquire+0x138/0x7d0
[  823.471548][T11101]  ? add_lock_to_list.isra.0+0x450/0x450
[  823.477181][T11101]  ? find_held_lock+0x35/0x120
[  823.477231][T11101]  ? print_usage_bug+0xd0/0xd0
[  823.477252][T11101]  ? psi_memstall_leave+0x1f8/0x280
[  823.477266][T11101]  ? find_held_lock+0x35/0x120
[  823.477284][T11101]  ? __lock_acquire+0x572/0x4a10
[  823.477301][T11101]  ? _raw_spin_unlock_irq+0x28/0x90
[  823.477325][T11101]  ? _raw_spin_unlock_irq+0x28/0x90
[  823.477344][T11101]  ? lockdep_hardirqs_on+0x415/0x5d0
[  823.517414][T11101]  ? trace_hardirqs_on+0xbd/0x310
[  823.522457][T11101]  ? mark_held_locks+0x100/0x100
[  823.527428][T11101]  ? check_preemption_disabled+0x48/0x290
[  823.533159][T11101]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  823.539403][T11101]  ? check_preemption_disabled+0x48/0x290
17:48:56 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x401070c9, 0x0)

[  823.545146][T11101]  ? debug_smp_processor_id+0x1c/0x20
[  823.550533][T11101]  ? perf_trace_lock_acquire+0x138/0x7d0
[  823.556174][T11101]  ? add_lock_to_list.isra.0+0x450/0x450
[  823.561817][T11101]  ? perf_trace_lock+0x750/0x750
[  823.566761][T11101]  ? lockdep_hardirqs_on+0x415/0x5d0
[  823.572056][T11101]  ? try_to_free_pages+0xb70/0xb70
[  823.577213][T11101]  ? percpu_ref_put_many+0x129/0x270
[  823.582504][T11101]  ? blkcg_maybe_throttle_current+0x75e/0x13c0
[  823.582522][T11101]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  823.582545][T11101]  _do_fork+0x1a9/0x1170
[  823.582566][T11101]  ? fork_idle+0x1d0/0x1d0
[  823.603618][T11101]  ? trace_hardirqs_off+0xb8/0x310
[  823.608756][T11101]  ? get_mctgt_type_thp.isra.0+0x4c0/0x4c0
[  823.608772][T11101]  ? prepare_exit_to_usermode+0x32e/0x3b0
[  823.608787][T11101]  ? do_syscall_64+0x8c/0x800
[  823.608802][T11101]  ? do_syscall_64+0x8c/0x800
[  823.608817][T11101]  ? lockdep_hardirqs_on+0x415/0x5d0
[  823.608832][T11101]  ? trace_hardirqs_on+0xbd/0x310
[  823.608850][T11101]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  823.608865][T11101]  ? trace_hardirqs_off_caller+0x300/0x300
[  823.608886][T11101]  __x64_sys_clone+0xbf/0x150
[  823.608906][T11101]  do_syscall_64+0x1a3/0x800
[  823.608923][T11101]  ? syscall_return_slowpath+0x5f0/0x5f0
[  823.608940][T11101]  ? prepare_exit_to_usermode+0x232/0x3b0
[  823.608966][T11101]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  823.678069][T11101]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  823.683964][T11101] RIP: 0033:0x45a899
[  823.687864][T11101] Code: ff 48 85 f6 0f 84 97 8d fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 6e 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75
[  823.707470][T11101] RSP: 002b:00007ffcc2973378 EFLAGS: 00000202 ORIG_RAX: 0000000000000038
[  823.715883][T11101] RAX: ffffffffffffffda RBX: 00007f20e9849700 RCX: 000000000045a899
[  823.723851][T11101] RDX: 00007f20e98499d0 RSI: 00007f20e9848db0 RDI: 00000000003d0f00
[  823.731824][T11101] RBP: 00007ffcc2973580 R08: 00007f20e9849700 R09: 00007f20e9849700
[  823.739795][T11101] R10: 00007f20e98499d0 R11: 0000000000000202 R12: 0000000000000000
17:48:56 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x401070ca, 0x0)

17:48:56 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0xffffff7f]}}, 0x1c)

[  823.747768][T11101] R13: 00007ffcc297342f R14: 00007f20e98499c0 R15: 000000000073bf0c
[  823.777600][T11101] memory: usage 307104kB, limit 307200kB, failcnt 3580
[  823.805512][T11101] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  823.812994][T11101] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  823.844240][T11101] Memory cgroup stats for /syz4: cache:120KB rss:212548KB rss_huge:163840KB shmem:168KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:16KB active_anon:212672KB inactive_file:8KB active_file:0KB unevictable:0KB
[  823.866483][T11101] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor4,pid=21316,uid=0
[  823.904010][T11101] Memory cgroup out of memory: Kill process 21316 (syz-executor4) score 1106 or sacrifice child
[  823.914755][T11101] Killed process 21316 (syz-executor4) total-vm:70532kB, anon-rss:2196kB, file-rss:33736kB, shmem-rss:0kB
17:48:56 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x401070cd, 0x0)

17:48:56 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045007, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:48:56 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000]}, 0x2c8)

17:48:56 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0xb)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:48:56 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xffffff7f]}}, 0x1c)

17:48:56 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x401870c8, 0x0)

17:48:56 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xffffff7f]}}, 0x1c)

17:48:56 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
close(r0)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SET_LINK_TOL(r0, &(0x7f0000000140)={&(0x7f0000000000), 0xc, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYPTR64=&(0x7f0000000080)=ANY=[@ANYRESOCT=r1, @ANYRES32=r0], @ANYRES16=r1, @ANYBLOB="120028bd700004dbdf25010000e20000000007410000001400180000000169623a64756d6d7930000000c6d28a5ea63227ae80fdd27c2946b9d6e165ba17ac3d4b6909337a8203d9e834ce1200ca8329e1182cda21f131ffb2cc2df49aa92365b4586f4de6efee"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

17:48:56 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0xffffff7f]}}, 0x1c)

[  824.251256][T11158] syz-executor4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000
[  824.307970][T11158] CPU: 1 PID: 11158 Comm: syz-executor4 Not tainted 5.0.0-rc1-next-20190108 #7
[  824.316925][T11158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  824.326978][T11158] Call Trace:
[  824.327002][T11158]  dump_stack+0x1db/0x2d0
[  824.327025][T11158]  ? dump_stack_print_info.cold+0x20/0x20
[  824.327041][T11158]  ? check_preemption_disabled+0x48/0x290
[  824.327072][T11158]  dump_header+0x1e6/0x116c
[  824.327092][T11158]  ? add_lock_to_list.isra.0+0x450/0x450
[  824.327106][T11158]  ? perf_trace_lock+0x750/0x750
[  824.327129][T11158]  ? print_usage_bug+0xd0/0xd0
[  824.334741][T11158]  ? pagefault_out_of_memory+0x1a1/0x1a1
[  824.334758][T11158]  ? ___ratelimit+0x37c/0x686
[  824.334783][T11158]  ? mark_held_locks+0xb1/0x100
[  824.334804][T11158]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  824.334825][T11158]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  824.392770][T11158]  ? lockdep_hardirqs_on+0x415/0x5d0
[  824.398065][T11158]  ? trace_hardirqs_on+0xbd/0x310
[  824.403098][T11158]  ? kasan_check_read+0x11/0x20
17:48:57 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0xffffff7f]}}, 0x1c)

17:48:57 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x401870cb, 0x0)

[  824.407956][T11158]  ? ___ratelimit+0x37c/0x686
[  824.412678][T11158]  ? trace_hardirqs_off_caller+0x300/0x300
[  824.418492][T11158]  ? do_raw_spin_trylock+0x270/0x270
[  824.423785][T11158]  ? trace_hardirqs_on_caller+0x310/0x310
[  824.429598][T11158]  ? lock_acquire+0x1db/0x570
[  824.434293][T11158]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  824.440621][T11158]  ? ___ratelimit+0xac/0x686
[  824.445220][T11158]  ? idr_get_free+0xee0/0xee0
[  824.449907][T11158]  ? lockdep_hardirqs_on+0x415/0x5d0
[  824.455209][T11158]  oom_kill_process.cold+0x10/0x9ca
[  824.460420][T11158]  ? cgroup_procs_next+0x70/0x70
[  824.465373][T11158]  ? _raw_spin_unlock_irq+0x5e/0x90
[  824.470579][T11158]  ? oom_badness+0xa50/0xa50
[  824.475181][T11158]  ? oom_evaluate_task+0x540/0x540
[  824.480352][T11158]  ? mem_cgroup_iter_break+0x30/0x30
[  824.485659][T11158]  ? mutex_trylock+0x2d0/0x2d0
[  824.490427][T11158]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  824.496700][T11158]  ? rcu_read_unlock_special+0x380/0x380
[  824.502356][T11158]  out_of_memory+0x885/0x1420
17:48:57 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x401870cc, 0x0)

[  824.507041][T11158]  ? mem_cgroup_iter+0x4f4/0xf50
[  824.511989][T11158]  ? oom_killer_disable+0x340/0x340
[  824.517196][T11158]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[  824.523007][T11158]  ? lock_acquire+0x1db/0x570
[  824.527735][T11158]  mem_cgroup_out_of_memory+0x160/0x210
[  824.533280][T11158]  ? do_raw_spin_unlock+0xa0/0x330
[  824.538399][T11158]  ? memory_oom_group_write+0x160/0x160
[  824.538414][T11158]  ? do_raw_spin_trylock+0x270/0x270
[  824.538442][T11158]  ? _raw_spin_unlock+0x2d/0x50
[  824.538462][T11158]  try_charge+0x1457/0x1d00
17:48:57 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffff7f]}}, 0x1c)

[  824.538521][T11158]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  824.564211][T11158]  ? find_held_lock+0x35/0x120
[  824.568985][T11158]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[  824.574542][T11158]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  824.580791][T11158]  ? lock_downgrade+0xbe0/0xbe0
[  824.585654][T11158]  ? kasan_check_read+0x11/0x20
[  824.590528][T11158]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  824.596508][T11158]  ? rcu_read_unlock_special+0x380/0x380
[  824.602151][T11158]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[  824.607705][T11158]  __memcg_kmem_charge_memcg+0x7c/0x130
[  824.613252][T11158]  ? memcg_kmem_put_cache+0xb0/0xb0
[  824.618472][T11158]  ? lock_release+0xc40/0xc40
[  824.623163][T11158]  __memcg_kmem_charge+0x136/0x300
[  824.628288][T11158]  __alloc_pages_nodemask+0x7b8/0xdc0
[  824.633700][T11158]  ? __alloc_pages_slowpath+0x2c60/0x2c60
[  824.639420][T11158]  ? rcu_pm_notify+0xd0/0xd0
[  824.644029][T11158]  ? rcu_read_lock_sched_held+0x110/0x130
[  824.649755][T11158]  ? kmem_cache_alloc_node+0x347/0x710
[  824.655224][T11158]  ? pci_mmcfg_check_reserved+0x170/0x170
[  824.660956][T11158]  copy_process+0x847/0x8720
[  824.665569][T11158]  ? ___might_sleep+0x1e7/0x310
[  824.670431][T11158]  ? arch_local_save_flags+0x50/0x50
[  824.675720][T11158]  ? __schedule+0x1e60/0x1e60
[  824.680407][T11158]  ? do_raw_spin_trylock+0x270/0x270
[  824.685708][T11158]  ? __cleanup_sighand+0x70/0x70
[  824.690678][T11158]  ? futex_wait_queue_me+0x539/0x810
[  824.696002][T11158]  ? refill_pi_state_cache.part.0+0x310/0x310
[  824.702091][T11158]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  824.707826][T11158]  ? handle_futex_death+0x230/0x230
[  824.713036][T11158]  ? lock_acquire+0x1db/0x570
[  824.717719][T11158]  ? __sanitizer_cov_trace_switch+0x49/0x80
[  824.723629][T11158]  ? drop_futex_key_refs.isra.0+0x6f/0xf0
[  824.729388][T11158]  ? futex_wait+0x6e6/0xa40
[  824.733908][T11158]  ? print_usage_bug+0xd0/0xd0
[  824.738705][T11158]  ? futex_wait_setup+0x430/0x430
[  824.743999][T11158]  ? drop_futex_key_refs.isra.0+0x6f/0xf0
[  824.749736][T11158]  ? __lock_acquire+0x572/0x4a10
[  824.754735][T11158]  ? mark_held_locks+0x100/0x100
[  824.759681][T11158]  ? trace_hardirqs_on_caller+0x310/0x310
[  824.765413][T11158]  ? kfree+0x173/0x230
[  824.769492][T11158]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  824.775736][T11158]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  824.782011][T11158]  ? check_preemption_disabled+0x48/0x290
[  824.787741][T11158]  ? debug_smp_processor_id+0x1c/0x20
[  824.793110][T11158]  ? perf_trace_lock_acquire+0x138/0x7d0
[  824.798738][T11158]  ? add_lock_to_list.isra.0+0x450/0x450
[  824.804366][T11158]  ? perf_trace_lock+0x750/0x750
[  824.809296][T11158]  ? exit_robust_list+0x290/0x290
[  824.814370][T11158]  ? __might_fault+0x12b/0x1e0
[  824.819144][T11158]  ? find_held_lock+0x35/0x120
[  824.823917][T11158]  ? __might_fault+0x12b/0x1e0
[  824.828687][T11158]  ? lock_acquire+0x1db/0x570
[  824.833361][T11158]  ? lock_downgrade+0xbe0/0xbe0
[  824.838192][T11158]  ? lock_release+0xc40/0xc40
[  824.842864][T11158]  ? trace_hardirqs_off_caller+0x300/0x300
[  824.848685][T11158]  _do_fork+0x1a9/0x1170
[  824.852953][T11158]  ? fork_idle+0x1d0/0x1d0
[  824.857364][T11158]  ? kasan_check_read+0x11/0x20
[  824.862209][T11158]  ? _copy_to_user+0xc9/0x120
[  824.866885][T11158]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  824.873119][T11158]  ? put_timespec64+0x115/0x1b0
[  824.877963][T11158]  ? nsecs_to_jiffies+0x30/0x30
[  824.882808][T11158]  ? do_syscall_64+0x8c/0x800
[  824.887510][T11158]  ? do_syscall_64+0x8c/0x800
[  824.892196][T11158]  ? lockdep_hardirqs_on+0x415/0x5d0
[  824.897533][T11158]  ? trace_hardirqs_on+0xbd/0x310
[  824.902559][T11158]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
17:48:57 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x80000, 0x8)
ioctl$KVM_SET_CLOCK(r0, 0x4030ae7b, &(0x7f0000000080)={0x1, 0x6e3})
r1 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r1, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$FICLONERANGE(r1, 0x4020940d, &(0x7f0000000100)={r1, 0x0, 0x9, 0x2a, 0x17})
ioctl$int_in(r1, 0x5421, &(0x7f00000000c0)=0x5)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
close(r1)

[  824.908806][T11158]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  824.914911][T11158]  ? trace_hardirqs_off_caller+0x300/0x300
[  824.920732][T11158]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  824.926980][T11158]  __x64_sys_clone+0xbf/0x150
[  824.931664][T11158]  do_syscall_64+0x1a3/0x800
[  824.931686][T11158]  ? syscall_return_slowpath+0x5f0/0x5f0
[  824.931719][T11158]  ? prepare_exit_to_usermode+0x232/0x3b0
[  824.931757][T11158]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  824.931781][T11158]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  824.941986][T11158] RIP: 0033:0x457ec9
[  824.942004][T11158] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  824.942013][T11158] RSP: 002b:00007f20e9848c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[  824.942029][T11158] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457ec9
[  824.942040][T11158] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000002102001ffc
[  824.942050][T11158] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000
[  824.942059][T11158] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f20e98496d4
[  824.942075][T11158] R13: 00000000004be2a0 R14: 00000000004ce600 R15: 00000000ffffffff
[  825.076600][T11158] memory: usage 307188kB, limit 307200kB, failcnt 3621
[  825.083651][T11158] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  825.101396][T11158] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  825.112993][T11158] Memory cgroup stats for /syz4: cache:120KB rss:212528KB rss_huge:163840KB shmem:168KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:16KB active_anon:212724KB inactive_file:0KB active_file:0KB unevictable:0KB
[  825.135193][T11158] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor4,pid=21332,uid=0
[  825.150644][T11158] Memory cgroup out of memory: Kill process 21332 (syz-executor4) score 1106 or sacrifice child
[  825.161702][T11158] Killed process 21332 (syz-executor4) total-vm:70532kB, anon-rss:2196kB, file-rss:33736kB, shmem-rss:0kB
17:48:57 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000]}, 0x2c8)

17:48:57 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4020940d, 0x0)

17:48:57 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0xffffff7f]}}, 0x1c)

17:48:57 executing program 3:
r0 = syz_open_dev$cec(&(0x7f00000000c0)='/dev/cec#\x00', 0x2, 0x2)
ioctl$EVIOCSABS2F(r0, 0x401845ef, &(0x7f0000000080)={0xf1d6, 0x800000000000, 0x6, 0x393d, 0x1, 0x7})
r1 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r1, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r1, 0x800000c0045009, &(0x7f0000000380)=0x2)
close(r1)

17:48:57 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0xd)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

[  825.174787][ T1043] oom_reaper: reaped process 21332 (syz-executor4), now anon-rss:0kB, file-rss:32776kB, shmem-rss:0kB
17:48:57 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x80041284, 0x0)

17:48:57 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0xffffff7f]}}, 0x1c)

17:48:58 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30, 0xffffff7f]}}, 0x1c)

17:48:58 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x80041285, 0x0)

17:48:58 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0x2c8)

17:48:58 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x80081270, 0x0)

[  825.543850][T11227] syz-executor4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000
[  825.585729][T11227] CPU: 0 PID: 11227 Comm: syz-executor4 Not tainted 5.0.0-rc1-next-20190108 #7
[  825.594693][T11227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  825.604739][T11227] Call Trace:
[  825.608023][T11227]  dump_stack+0x1db/0x2d0
[  825.612373][T11227]  ? dump_stack_print_info.cold+0x20/0x20
[  825.618090][T11227]  ? check_preemption_disabled+0x48/0x290
[  825.623830][T11227]  dump_header+0x1e6/0x116c
[  825.628349][T11227]  ? add_lock_to_list.isra.0+0x450/0x450
[  825.633977][T11227]  ? perf_trace_lock+0x750/0x750
[  825.634007][T11227]  ? print_usage_bug+0xd0/0xd0
[  825.634025][T11227]  ? pagefault_out_of_memory+0x1a1/0x1a1
[  825.634039][T11227]  ? ___ratelimit+0x37c/0x686
[  825.634064][T11227]  ? mark_held_locks+0xb1/0x100
[  825.658816][T11227]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  825.664606][T11227]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  825.670446][T11227]  ? lockdep_hardirqs_on+0x415/0x5d0
[  825.675734][T11227]  ? trace_hardirqs_on+0xbd/0x310
[  825.680756][T11227]  ? kasan_check_read+0x11/0x20
[  825.685611][T11227]  ? ___ratelimit+0x37c/0x686
[  825.690266][T11227]  ? trace_hardirqs_off_caller+0x300/0x300
[  825.696063][T11227]  ? do_raw_spin_trylock+0x270/0x270
[  825.701379][T11227]  ? trace_hardirqs_on_caller+0x310/0x310
[  825.707155][T11227]  ? lock_acquire+0x1db/0x570
[  825.711848][T11227]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  825.717678][T11227]  ? ___ratelimit+0xac/0x686
[  825.722272][T11227]  ? idr_get_free+0xee0/0xee0
[  825.726954][T11227]  ? lockdep_hardirqs_on+0x415/0x5d0
17:48:58 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)
prctl$PR_CAP_AMBIENT(0x2f, 0x1, 0x24)

17:48:58 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0xffffff7f]}}, 0x1c)

17:48:58 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x80081272, 0x0)

[  825.732263][T11227]  oom_kill_process.cold+0x10/0x9ca
[  825.737506][T11227]  ? cgroup_procs_next+0x70/0x70
[  825.742469][T11227]  ? _raw_spin_unlock_irq+0x5e/0x90
[  825.747680][T11227]  ? oom_badness+0xa50/0xa50
[  825.752280][T11227]  ? oom_evaluate_task+0x540/0x540
[  825.757446][T11227]  ? mem_cgroup_iter_break+0x30/0x30
[  825.762777][T11227]  ? mutex_trylock+0x2d0/0x2d0
[  825.767563][T11227]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  825.773827][T11227]  ? rcu_read_unlock_special+0x380/0x380
[  825.779474][T11227]  out_of_memory+0x885/0x1420
17:48:58 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0xffffff7f]}}, 0x1c)

[  825.784161][T11227]  ? mem_cgroup_iter+0x4f4/0xf50
[  825.789111][T11227]  ? oom_killer_disable+0x340/0x340
[  825.794336][T11227]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[  825.800155][T11227]  ? lock_acquire+0x1db/0x570
[  825.804862][T11227]  mem_cgroup_out_of_memory+0x160/0x210
[  825.810406][T11227]  ? do_raw_spin_unlock+0xa0/0x330
[  825.815521][T11227]  ? memory_oom_group_write+0x160/0x160
[  825.821065][T11227]  ? do_raw_spin_trylock+0x270/0x270
[  825.826386][T11227]  ? _raw_spin_unlock+0x2d/0x50
[  825.831243][T11227]  try_charge+0x1457/0x1d00
[  825.835745][T11227]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[  825.841299][T11227]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  825.841313][T11227]  ? lock_downgrade+0xbe0/0xbe0
[  825.841343][T11227]  ? kasan_check_read+0x11/0x20
[  825.841364][T11227]  ? rcu_read_unlock_special+0x380/0x380
[  825.841395][T11227]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[  825.856598][T11227]  ? get_mem_cgroup_from_page+0x190/0x190
[  825.856624][T11227]  ? rcu_read_lock_sched_held+0x110/0x130
[  825.856660][T11227]  mem_cgroup_try_charge+0x43a/0xdb0
[  825.856682][T11227]  ? mem_cgroup_protected+0xa10/0xa10
[  825.856705][T11227]  ? check_preemption_disabled+0x48/0x290
[  825.856726][T11227]  ? __lock_acquire+0x572/0x4a10
[  825.856745][T11227]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  825.895640][T11227]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  825.895665][T11227]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  825.895685][T11227]  wp_page_copy+0x45a/0x1c70
[  825.895700][T11227]  ? __lock_acquire+0x572/0x4a10
[  825.895714][T11227]  ? find_held_lock+0x35/0x120
[  825.895734][T11227]  ? pmd_pfn+0x1d0/0x1d0
[  825.895748][T11227]  ? find_held_lock+0x35/0x120
[  825.895766][T11227]  ? do_wp_page+0x894/0x1e80
[  825.906959][T11227]  ? delayacct_end+0xc9/0x100
[  825.951287][T11227]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  825.957561][T11227]  ? kasan_check_read+0x11/0x20
[  825.962437][T11227]  ? do_raw_spin_unlock+0xa0/0x330
[  825.967571][T11227]  ? _vm_normal_page+0x15d/0x3d0
[  825.972536][T11227]  ? do_raw_spin_trylock+0x270/0x270
[  825.977814][T11227]  ? print_usage_bug+0xd0/0xd0
[  825.982575][T11227]  do_wp_page+0x89c/0x1e80
[  825.986990][T11227]  ? finish_mkwrite_fault+0x4f0/0x4f0
[  825.992376][T11227]  ? __lock_acquire+0x572/0x4a10
[  825.997311][T11227]  ? find_held_lock+0x35/0x120
[  826.002089][T11227]  ? lock_acquire+0x1db/0x570
[  826.006753][T11227]  ? __handle_mm_fault+0x1d80/0x55a0
[  826.012041][T11227]  ? kasan_check_write+0x14/0x20
[  826.016993][T11227]  ? do_raw_spin_lock+0x156/0x360
[  826.021994][T11227]  ? lock_release+0xc40/0xc40
[  826.026653][T11227]  ? rwlock_bug.part.0+0x90/0x90
[  826.031571][T11227]  ? pmd_devmap_trans_unstable+0x1d0/0x1d0
[  826.037359][T11227]  ? add_mm_counter_fast.part.0+0x40/0x40
[  826.043095][T11227]  __handle_mm_fault+0x2c8e/0x55a0
[  826.048222][T11227]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  826.053802][T11227]  ? check_preemption_disabled+0x48/0x290
[  826.059531][T11227]  ? handle_mm_fault+0x3cc/0xc80
[  826.064577][T11227]  ? lock_downgrade+0xbe0/0xbe0
[  826.069425][T11227]  ? kasan_check_read+0x11/0x20
[  826.074267][T11227]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  826.080242][T11227]  ? rcu_read_unlock_special+0x380/0x380
[  826.085868][T11227]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  826.092096][T11227]  ? check_preemption_disabled+0x48/0x290
[  826.097819][T11227]  handle_mm_fault+0x4ec/0xc80
[  826.102578][T11227]  ? __handle_mm_fault+0x55a0/0x55a0
[  826.107867][T11227]  __do_page_fault+0x5da/0xd60
[  826.112638][T11227]  do_page_fault+0xe6/0x7d8
[  826.117131][T11227]  ? trace_hardirqs_on_caller+0xc0/0x310
[  826.122763][T11227]  ? vmalloc_sync_all+0x30/0x30
[  826.127623][T11227]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  826.133757][T11227]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  826.139986][T11227]  ? prepare_exit_to_usermode+0x232/0x3b0
[  826.145703][T11227]  ? page_fault+0x8/0x30
[  826.149960][T11227]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  826.155501][T11227]  ? page_fault+0x8/0x30
[  826.159743][T11227]  page_fault+0x1e/0x30
[  826.163887][T11227] RIP: 0033:0x40d130
[  826.167777][T11227] Code: 89 f8 49 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 74 ff ff ff bf 19 d5 4b 00 31 c0 e8 08 49 ff ff 31 ff e8 41 45 ff ff 90 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d 36 33 64 00
[  826.187383][T11227] RSP: 002b:00007ffcc29733e0 EFLAGS: 00010246
[  826.193440][T11227] RAX: 00000000d37c1adb RBX: 00000000cd0cee9d RCX: 0000001b2e320000
[  826.201404][T11227] RDX: 0000000000000000 RSI: 0000000000001adb RDI: ffffffffd37c1adb
[  826.209384][T11227] RBP: 0000000000000001 R08: 00000000d37c1adb R09: 00000000d37c1adf
[  826.217365][T11227] R10: 00007ffcc2973570 R11: 0000000000000246 R12: 000000000073bf00
[  826.225334][T11227] R13: 0000000080000000 R14: 00007f20eb64a008 R15: 0000000000000001
[  826.251560][T11227] memory: usage 307168kB, limit 307200kB, failcnt 3642
[  826.258839][T11227] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  826.266430][T11227] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  826.273275][T11227] Memory cgroup stats for /syz4: cache:120KB rss:212592KB rss_huge:163840KB shmem:168KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:16KB active_anon:212680KB inactive_file:0KB active_file:4KB unevictable:0KB
[  826.295482][T11227] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor4,pid=11210,uid=0
[  826.311259][T11227] Memory cgroup out of memory: Kill process 11210 (syz-executor4) score 1106 or sacrifice child
[  826.321818][T11227] Killed process 11210 (syz-executor4) total-vm:70532kB, anon-rss:2196kB, file-rss:33740kB, shmem-rss:0kB
[  826.335018][ T1043] oom_reaper: reaped process 11210 (syz-executor4), now anon-rss:0kB, file-rss:32780kB, shmem-rss:0kB
17:48:59 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f00000000c0))
close(r0)

17:48:59 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0xc0045878, 0x0)

17:48:59 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61, 0xffffff7f]}}, 0x1c)

17:48:59 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x10)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:48:59 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x18003, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:48:59 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0xc0045878, 0x0)

17:48:59 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000]}, 0x2c8)

17:48:59 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x78, 0xffffff7f]}}, 0x1c)

17:48:59 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0xc0101282, 0x0)

17:48:59 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfc, 0xffffff7f]}}, 0x1c)

[  826.691355][T11278] syz-executor4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000
[  826.716089][T11278] CPU: 0 PID: 11278 Comm: syz-executor4 Not tainted 5.0.0-rc1-next-20190108 #7
[  826.725039][T11278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  826.735090][T11278] Call Trace:
[  826.738391][T11278]  dump_stack+0x1db/0x2d0
[  826.742735][T11278]  ? dump_stack_print_info.cold+0x20/0x20
[  826.748489][T11278]  ? check_preemption_disabled+0x48/0x290
[  826.754227][T11278]  dump_header+0x1e6/0x116c
[  826.758740][T11278]  ? add_lock_to_list.isra.0+0x450/0x450
[  826.764375][T11278]  ? perf_trace_lock+0x750/0x750
[  826.769327][T11278]  ? print_usage_bug+0xd0/0xd0
[  826.774081][T11278]  ? pagefault_out_of_memory+0x1a1/0x1a1
[  826.779702][T11278]  ? ___ratelimit+0x37c/0x686
[  826.784366][T11278]  ? mark_held_locks+0xb1/0x100
[  826.789226][T11278]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  826.795041][T11278]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  826.800840][T11278]  ? lockdep_hardirqs_on+0x415/0x5d0
[  826.806120][T11278]  ? trace_hardirqs_on+0xbd/0x310
[  826.811139][T11278]  ? kasan_check_read+0x11/0x20
[  826.815980][T11278]  ? ___ratelimit+0x37c/0x686
[  826.820650][T11278]  ? trace_hardirqs_off_caller+0x300/0x300
[  826.826450][T11278]  ? do_raw_spin_trylock+0x270/0x270
[  826.831715][T11278]  ? trace_hardirqs_on_caller+0x310/0x310
[  826.837410][T11278]  ? lock_acquire+0x1db/0x570
[  826.842086][T11278]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  826.847909][T11278]  ? ___ratelimit+0xac/0x686
[  826.852488][T11278]  ? idr_get_free+0xee0/0xee0
[  826.857144][T11278]  ? lockdep_hardirqs_on+0x415/0x5d0
[  826.862415][T11278]  oom_kill_process.cold+0x10/0x9ca
[  826.867609][T11278]  ? cgroup_procs_next+0x70/0x70
[  826.872546][T11278]  ? _raw_spin_unlock_irq+0x5e/0x90
[  826.877724][T11278]  ? oom_badness+0xa50/0xa50
[  826.882360][T11278]  ? oom_evaluate_task+0x540/0x540
[  826.887469][T11278]  ? mem_cgroup_iter_break+0x30/0x30
[  826.892732][T11278]  ? mutex_trylock+0x2d0/0x2d0
[  826.897499][T11278]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  826.903736][T11278]  ? rcu_read_unlock_special+0x380/0x380
[  826.909399][T11278]  out_of_memory+0x885/0x1420
[  826.914075][T11278]  ? mem_cgroup_iter+0x4f4/0xf50
[  826.919000][T11278]  ? oom_killer_disable+0x340/0x340
[  826.924190][T11278]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[  826.929985][T11278]  ? lock_acquire+0x1db/0x570
[  826.934648][T11278]  mem_cgroup_out_of_memory+0x160/0x210
[  826.940170][T11278]  ? do_raw_spin_unlock+0xa0/0x330
[  826.945262][T11278]  ? memory_oom_group_write+0x160/0x160
[  826.950785][T11278]  ? do_raw_spin_trylock+0x270/0x270
[  826.956053][T11278]  ? _raw_spin_unlock+0x2d/0x50
[  826.960884][T11278]  try_charge+0x1457/0x1d00
[  826.965374][T11278]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  826.970899][T11278]  ? find_held_lock+0x35/0x120
[  826.975642][T11278]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[  826.981168][T11278]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  826.987403][T11278]  ? lock_downgrade+0xbe0/0xbe0
[  826.992251][T11278]  ? kasan_check_read+0x11/0x20
[  826.997096][T11278]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  827.003059][T11278]  ? rcu_read_unlock_special+0x380/0x380
[  827.008691][T11278]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[  827.014219][T11278]  __memcg_kmem_charge_memcg+0x7c/0x130
[  827.019772][T11278]  ? memcg_kmem_put_cache+0xb0/0xb0
[  827.024947][T11278]  ? lock_release+0xc40/0xc40
[  827.029610][T11278]  __memcg_kmem_charge+0x136/0x300
[  827.034719][T11278]  __alloc_pages_nodemask+0x7b8/0xdc0
[  827.040093][T11278]  ? __alloc_pages_slowpath+0x2c60/0x2c60
[  827.045804][T11278]  ? rcu_pm_notify+0xd0/0xd0
[  827.050411][T11278]  ? rcu_read_lock_sched_held+0x110/0x130
[  827.056109][T11278]  ? kmem_cache_alloc_node+0x347/0x710
[  827.061546][T11278]  ? pci_mmcfg_check_reserved+0x170/0x170
[  827.067251][T11278]  copy_process+0x847/0x8720
[  827.071842][T11278]  ? ___might_sleep+0x1e7/0x310
[  827.076693][T11278]  ? arch_local_save_flags+0x50/0x50
[  827.081964][T11278]  ? __schedule+0x1e60/0x1e60
[  827.086622][T11278]  ? do_raw_spin_trylock+0x270/0x270
[  827.091903][T11278]  ? __cleanup_sighand+0x70/0x70
[  827.096835][T11278]  ? futex_wait_queue_me+0x539/0x810
[  827.102104][T11278]  ? refill_pi_state_cache.part.0+0x310/0x310
[  827.108146][T11278]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  827.113866][T11278]  ? handle_futex_death+0x230/0x230
[  827.119087][T11278]  ? lock_acquire+0x1db/0x570
[  827.123760][T11278]  ? __sanitizer_cov_trace_switch+0x49/0x80
[  827.129649][T11278]  ? drop_futex_key_refs.isra.0+0x6f/0xf0
[  827.135376][T11278]  ? futex_wait+0x6e6/0xa40
[  827.139885][T11278]  ? print_usage_bug+0xd0/0xd0
[  827.144646][T11278]  ? futex_wait_setup+0x430/0x430
[  827.149680][T11278]  ? drop_futex_key_refs.isra.0+0x6f/0xf0
[  827.155380][T11278]  ? __lock_acquire+0x572/0x4a10
[  827.160307][T11278]  ? mark_held_locks+0x100/0x100
[  827.165233][T11278]  ? trace_hardirqs_on_caller+0x310/0x310
[  827.170930][T11278]  ? kfree+0x173/0x230
[  827.174978][T11278]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  827.181196][T11278]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  827.187415][T11278]  ? check_preemption_disabled+0x48/0x290
[  827.193114][T11278]  ? debug_smp_processor_id+0x1c/0x20
[  827.198462][T11278]  ? perf_trace_lock_acquire+0x138/0x7d0
[  827.204084][T11278]  ? add_lock_to_list.isra.0+0x450/0x450
[  827.209694][T11278]  ? perf_trace_lock+0x750/0x750
[  827.214639][T11278]  ? exit_robust_list+0x290/0x290
[  827.219646][T11278]  ? __might_fault+0x12b/0x1e0
[  827.224392][T11278]  ? find_held_lock+0x35/0x120
[  827.229135][T11278]  ? __might_fault+0x12b/0x1e0
[  827.233919][T11278]  ? lock_acquire+0x1db/0x570
[  827.238606][T11278]  ? lock_downgrade+0xbe0/0xbe0
[  827.243460][T11278]  ? lock_release+0xc40/0xc40
[  827.248134][T11278]  ? trace_hardirqs_off_caller+0x300/0x300
[  827.253937][T11278]  _do_fork+0x1a9/0x1170
[  827.258215][T11278]  ? fork_idle+0x1d0/0x1d0
[  827.262641][T11278]  ? kasan_check_read+0x11/0x20
[  827.267489][T11278]  ? _copy_to_user+0xc9/0x120
[  827.272181][T11278]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  827.278407][T11278]  ? put_timespec64+0x115/0x1b0
[  827.283250][T11278]  ? nsecs_to_jiffies+0x30/0x30
[  827.288082][T11278]  ? do_syscall_64+0x8c/0x800
[  827.292738][T11278]  ? do_syscall_64+0x8c/0x800
[  827.297393][T11278]  ? lockdep_hardirqs_on+0x415/0x5d0
[  827.302658][T11278]  ? trace_hardirqs_on+0xbd/0x310
[  827.307661][T11278]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  827.313881][T11278]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  827.319949][T11278]  ? trace_hardirqs_off_caller+0x300/0x300
[  827.325772][T11278]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  827.332022][T11278]  __x64_sys_clone+0xbf/0x150
[  827.336708][T11278]  do_syscall_64+0x1a3/0x800
[  827.341294][T11278]  ? syscall_return_slowpath+0x5f0/0x5f0
[  827.346920][T11278]  ? prepare_exit_to_usermode+0x232/0x3b0
[  827.352622][T11278]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  827.358187][T11278]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  827.364057][T11278] RIP: 0033:0x457ec9
[  827.367932][T11278] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
17:49:00 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0xc0189436, 0x0)

[  827.387512][T11278] RSP: 002b:00007f20e9848c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[  827.395900][T11278] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457ec9
[  827.403850][T11278] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000002102001ffc
[  827.411802][T11278] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000
[  827.419752][T11278] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f20e98496d4
[  827.427724][T11278] R13: 00000000004be2a0 R14: 00000000004ce600 R15: 00000000ffffffff
17:49:00 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)
pipe(&(0x7f0000000000))

[  827.453196][T11278] memory: usage 307192kB, limit 307200kB, failcnt 3668
[  827.476919][T11278] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  827.524932][T11278] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  827.565016][T11278] Memory cgroup stats for /syz4: cache:120KB rss:212572KB rss_huge:163840KB shmem:168KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:16KB active_anon:212712KB inactive_file:0KB active_file:0KB unevictable:0KB
[  827.589600][T11278] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor4,pid=21346,uid=0
[  827.605644][T11278] Memory cgroup out of memory: Kill process 21346 (syz-executor4) score 1106 or sacrifice child
17:49:00 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f00000002c0)='/dev/dsp#\x00', 0x40000000001, 0x1)
ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000140)=<r1=>0x0)
ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000240)={[], 0x5, 0xffffffffffffffff, 0xffffffffffffb51e, 0x7, 0x7, r1})
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
r2 = fcntl$getown(r0, 0x9)
ptrace$cont(0x3f, r2, 0x80000000, 0x1e80000000000)
openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/keycreate\x00', 0x2, 0x0)
ioctl$VIDIOC_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000080)={0x0, @reserved})
ioctl$KDSETLED(r0, 0x4b32, 0xfffffffffffffff9)
close(r0)

17:49:00 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x103, 0xffffff7f]}}, 0x1c)

17:49:00 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0xc020660b, 0x0)

17:49:00 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x11)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

[  827.629985][T11278] Killed process 21346 (syz-executor4) total-vm:70532kB, anon-rss:2196kB, file-rss:33736kB, shmem-rss:0kB
17:49:00 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0xc0481273, 0x0)

17:49:00 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f4, 0xffffff7f]}}, 0x1c)

[  827.729842][T11277] syz-executor4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000
[  827.781857][T11277] CPU: 1 PID: 11277 Comm: syz-executor4 Not tainted 5.0.0-rc1-next-20190108 #7
[  827.790827][T11277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  827.800885][T11277] Call Trace:
[  827.804182][T11277]  dump_stack+0x1db/0x2d0
[  827.808539][T11277]  ? dump_stack_print_info.cold+0x20/0x20
[  827.814256][T11277]  ? check_preemption_disabled+0x48/0x290
[  827.819992][T11277]  dump_header+0x1e6/0x116c
[  827.824546][T11277]  ? add_lock_to_list.isra.0+0x450/0x450
[  827.830174][T11277]  ? perf_trace_lock+0x750/0x750
[  827.830191][T11277]  ? print_usage_bug+0xd0/0xd0
[  827.830210][T11277]  ? pagefault_out_of_memory+0x1a1/0x1a1
[  827.830233][T11277]  ? ___ratelimit+0x37c/0x686
[  827.839938][T11277]  ? mark_held_locks+0xb1/0x100
[  827.839973][T11277]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  827.839989][T11277]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  827.840005][T11277]  ? lockdep_hardirqs_on+0x415/0x5d0
[  827.840022][T11277]  ? trace_hardirqs_on+0xbd/0x310
[  827.840038][T11277]  ? kasan_check_read+0x11/0x20
[  827.840052][T11277]  ? ___ratelimit+0x37c/0x686
[  827.840068][T11277]  ? trace_hardirqs_off_caller+0x300/0x300
[  827.840083][T11277]  ? do_raw_spin_trylock+0x270/0x270
[  827.840116][T11277]  ? trace_hardirqs_on_caller+0x310/0x310
[  827.903396][T11277]  ? lock_acquire+0x1db/0x570
[  827.908167][T11277]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  827.913974][T11277]  ? ___ratelimit+0xac/0x686
[  827.918567][T11277]  ? idr_get_free+0xee0/0xee0
[  827.923246][T11277]  ? lockdep_hardirqs_on+0x415/0x5d0
[  827.928542][T11277]  oom_kill_process.cold+0x10/0x9ca
[  827.933744][T11277]  ? cgroup_procs_next+0x70/0x70
[  827.938713][T11277]  ? _raw_spin_unlock_irq+0x5e/0x90
[  827.943917][T11277]  ? oom_badness+0xa50/0xa50
[  827.948525][T11277]  ? oom_evaluate_task+0x540/0x540
[  827.948557][T11277]  ? mem_cgroup_iter_break+0x30/0x30
[  827.948571][T11277]  ? mutex_trylock+0x2d0/0x2d0
[  827.948600][T11277]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  827.948632][T11277]  ? rcu_read_unlock_special+0x380/0x380
[  827.948692][T11277]  out_of_memory+0x885/0x1420
[  827.959114][T11277]  ? mem_cgroup_iter+0x4f4/0xf50
[  827.959144][T11277]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  827.959164][T11277]  ? oom_killer_disable+0x340/0x340
[  827.959182][T11277]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[  827.959197][T11277]  ? lock_acquire+0x1db/0x570
[  827.959224][T11277]  mem_cgroup_out_of_memory+0x160/0x210
[  827.959242][T11277]  ? do_raw_spin_unlock+0xa0/0x330
[  828.017488][T11277]  ? memory_oom_group_write+0x160/0x160
[  828.023039][T11277]  ? do_raw_spin_trylock+0x270/0x270
[  828.028351][T11277]  ? _raw_spin_unlock+0x2d/0x50
[  828.033188][T11277]  try_charge+0xd42/0x1d00
[  828.037640][T11277]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  828.043204][T11277]  ? find_held_lock+0x35/0x120
[  828.047947][T11277]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[  828.053475][T11277]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  828.059714][T11277]  ? lock_downgrade+0xbe0/0xbe0
[  828.064562][T11277]  ? kasan_check_read+0x11/0x20
[  828.069401][T11277]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  828.075368][T11277]  ? rcu_read_unlock_special+0x380/0x380
[  828.081004][T11277]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[  828.086573][T11277]  __memcg_kmem_charge_memcg+0x7c/0x130
[  828.092134][T11277]  ? memcg_kmem_put_cache+0xb0/0xb0
[  828.097368][T11277]  ? lock_release+0xc40/0xc40
[  828.102100][T11277]  __memcg_kmem_charge+0x136/0x300
[  828.107235][T11277]  __alloc_pages_nodemask+0x7b8/0xdc0
[  828.112601][T11277]  ? __alloc_pages_slowpath+0x2c60/0x2c60
[  828.118298][T11277]  ? rcu_pm_notify+0xd0/0xd0
[  828.122896][T11277]  ? rcu_read_lock_sched_held+0x110/0x130
[  828.128602][T11277]  ? kmem_cache_alloc_node+0x347/0x710
[  828.134045][T11277]  ? print_usage_bug+0xd0/0xd0
[  828.138789][T11277]  copy_process+0x847/0x8720
[  828.143358][T11277]  ? print_usage_bug+0xd0/0xd0
[  828.148110][T11277]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  828.154341][T11277]  ? check_preemption_disabled+0x48/0x290
[  828.160043][T11277]  ? __lock_acquire+0x572/0x4a10
[  828.164951][T11277]  ? mark_held_locks+0x100/0x100
[  828.169887][T11277]  ? __cleanup_sighand+0x70/0x70
[  828.174812][T11277]  ? mark_held_locks+0x100/0x100
[  828.179732][T11277]  ? find_held_lock+0x35/0x120
[  828.184473][T11277]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  828.190699][T11277]  ? check_preemption_disabled+0x48/0x290
[  828.196419][T11277]  ? debug_smp_processor_id+0x1c/0x20
[  828.201766][T11277]  ? perf_trace_lock_acquire+0x138/0x7d0
[  828.207392][T11277]  ? delayacct_end+0xc9/0x100
[  828.212068][T11277]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  828.218296][T11277]  ? add_lock_to_list.isra.0+0x450/0x450
[  828.223927][T11277]  ? perf_trace_lock+0x750/0x750
[  828.228857][T11277]  ? perf_trace_lock_acquire+0x138/0x7d0
[  828.234498][T11277]  ? add_lock_to_list.isra.0+0x450/0x450
[  828.240170][T11277]  ? find_held_lock+0x35/0x120
[  828.244952][T11277]  ? print_usage_bug+0xd0/0xd0
[  828.249726][T11277]  ? psi_memstall_leave+0x1f8/0x280
[  828.254922][T11277]  ? find_held_lock+0x35/0x120
[  828.259704][T11277]  ? __lock_acquire+0x572/0x4a10
[  828.264643][T11277]  ? _raw_spin_unlock_irq+0x28/0x90
[  828.269857][T11277]  ? _raw_spin_unlock_irq+0x28/0x90
[  828.275046][T11277]  ? lockdep_hardirqs_on+0x415/0x5d0
[  828.280309][T11277]  ? trace_hardirqs_on+0xbd/0x310
[  828.285342][T11277]  ? mark_held_locks+0x100/0x100
[  828.290265][T11277]  ? check_preemption_disabled+0x48/0x290
[  828.296014][T11277]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  828.302255][T11277]  ? check_preemption_disabled+0x48/0x290
[  828.308066][T11277]  ? debug_smp_processor_id+0x1c/0x20
[  828.313425][T11277]  ? perf_trace_lock_acquire+0x138/0x7d0
[  828.319057][T11277]  ? add_lock_to_list.isra.0+0x450/0x450
[  828.324667][T11277]  ? perf_trace_lock+0x750/0x750
[  828.329589][T11277]  ? lockdep_hardirqs_on+0x415/0x5d0
[  828.334866][T11277]  ? try_to_free_pages+0xb70/0xb70
[  828.339953][T11277]  ? percpu_ref_put_many+0x129/0x270
[  828.345214][T11277]  ? blkcg_maybe_throttle_current+0x75e/0x13c0
[  828.351362][T11277]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  828.357615][T11277]  _do_fork+0x1a9/0x1170
[  828.361851][T11277]  ? fork_idle+0x1d0/0x1d0
[  828.366276][T11277]  ? trace_hardirqs_off+0xb8/0x310
[  828.371435][T11277]  ? get_mctgt_type_thp.isra.0+0x4c0/0x4c0
[  828.377234][T11277]  ? prepare_exit_to_usermode+0x32e/0x3b0
[  828.382933][T11277]  ? do_syscall_64+0x8c/0x800
[  828.387615][T11277]  ? do_syscall_64+0x8c/0x800
[  828.392303][T11277]  ? lockdep_hardirqs_on+0x415/0x5d0
[  828.397611][T11277]  ? trace_hardirqs_on+0xbd/0x310
[  828.402617][T11277]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  828.408682][T11277]  ? trace_hardirqs_off_caller+0x300/0x300
[  828.414496][T11277]  __x64_sys_clone+0xbf/0x150
[  828.419154][T11277]  do_syscall_64+0x1a3/0x800
[  828.423720][T11277]  ? syscall_return_slowpath+0x5f0/0x5f0
[  828.429345][T11277]  ? prepare_exit_to_usermode+0x232/0x3b0
[  828.435060][T11277]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  828.440593][T11277]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  828.446472][T11277] RIP: 0033:0x45a899
[  828.450370][T11277] Code: ff 48 85 f6 0f 84 97 8d fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 6e 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75
[  828.469968][T11277] RSP: 002b:00007ffcc2973378 EFLAGS: 00000202 ORIG_RAX: 0000000000000038
[  828.478377][T11277] RAX: ffffffffffffffda RBX: 00007f20e9828700 RCX: 000000000045a899
[  828.486358][T11277] RDX: 00007f20e98289d0 RSI: 00007f20e9827db0 RDI: 00000000003d0f00
[  828.494324][T11277] RBP: 00007ffcc2973580 R08: 00007f20e9828700 R09: 00007f20e9828700
[  828.502286][T11277] R10: 00007f20e98289d0 R11: 0000000000000202 R12: 0000000000000000
[  828.510244][T11277] R13: 00007ffcc297342f R14: 00007f20e98289c0 R15: 000000000073bfac
[  828.524001][T11277] memory: usage 304872kB, limit 307200kB, failcnt 3678
[  828.531222][T11277] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  828.540348][T11277] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  828.548868][T11277] Memory cgroup stats for /syz4: cache:120KB rss:210492KB rss_huge:161792KB shmem:168KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:16KB active_anon:210552KB inactive_file:0KB active_file:0KB unevictable:0KB
[  828.571162][T11277] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor4,pid=21377,uid=0
[  828.586871][T11277] Memory cgroup out of memory: Kill process 21377 (syz-executor4) score 1106 or sacrifice child
[  828.597593][T11277] Killed process 21377 (syz-executor4) total-vm:70532kB, anon-rss:2196kB, file-rss:33736kB, shmem-rss:0kB
[  828.610764][ T1043] oom_reaper: reaped process 21377 (syz-executor4), now anon-rss:0kB, file-rss:32776kB, shmem-rss:0kB
17:49:01 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000]}, 0x2c8)

17:49:01 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x2)

17:49:01 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
ioctl$VIDIOC_SUBDEV_ENUM_DV_TIMINGS(r0, 0xc0945662, &(0x7f0000000080)={0x9, 0x0, [], {0x0, @reserved}})
accept4$packet(r0, &(0x7f0000000000)={0x11, 0x0, <r1=>0x0}, &(0x7f0000000140)=0x14, 0x80800)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000240)='/proc/self/net/pfkey\x00', 0x101, 0x0)
setsockopt$inet6_mreq(r0, 0x29, 0x14, &(0x7f0000000180)={@local, r1}, 0x14)

17:49:01 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300, 0xffffff7f]}}, 0x1c)

17:49:01 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x12)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:49:01 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
truncate(&(0x7f0000000080)='./file0\x00', 0x3ff)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x200, 0x0)
close(r0)

17:49:01 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x8)

17:49:01 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x301, 0xffffff7f]}}, 0x1c)

17:49:01 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3e8, 0xffffff7f]}}, 0x1c)

17:49:01 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x4000)

17:49:01 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5000000]}, 0x2c8)

17:49:01 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500, 0xffffff7f]}}, 0x1c)

17:49:01 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x1000000)

17:49:01 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5a0, 0xffffff7f]}}, 0x1c)

17:49:02 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f0000000080)=""/82, 0x27}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
close(r0)
unlinkat(r0, &(0x7f0000000000)='./file0\x00', 0x0)

17:49:02 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x2000000)

17:49:02 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c8, 0xffffff7f]}}, 0x1c)

17:49:02 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000]}, 0x2c8)

17:49:02 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
close(r1)

17:49:02 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x14)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:49:02 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600, 0xffffff7f]}}, 0x1c)

17:49:02 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x8000000)

17:49:02 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0xffffff7f]}}, 0x1c)

17:49:02 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x40000000)

17:49:02 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000]}, 0x2c8)

17:49:02 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0xf4ffffff)

17:49:02 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000000)=<r1=>0x0)
mq_notify(r0, &(0x7f0000000080)={0x0, 0x2c, 0x2, @tid=r1})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r0, 0x80045301, &(0x7f00000000c0))
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
close(r0)

17:49:02 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900, 0xffffff7f]}}, 0x1c)

17:49:02 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0xfdfdffff)

17:49:02 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000]}, 0x2c8)

17:49:02 executing program 1:
socketpair$unix(0x1, 0x7, 0x0, &(0x7f0000000000))
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:49:02 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x18)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:49:02 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0xfffffdfd)

17:49:02 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00, 0xffffff7f]}}, 0x1c)

17:49:02 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9000000]}, 0x2c8)

17:49:02 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe00, 0xffffff7f]}}, 0x1c)

17:49:02 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0xfffffff4)

17:49:03 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1100, 0xffffff7f]}}, 0x1c)

17:49:03 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
close(r0)

17:49:03 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000]}, 0x2c8)

17:49:03 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x7ffffffffffff)

17:49:03 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1800, 0xffffff7f]}}, 0x1c)

17:49:03 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
prctl$PR_GET_FPEXC(0xb, &(0x7f0000000000))
ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r0, 0x80045700, &(0x7f0000000180))
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
close(r0)
getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f00000000c0)={<r3=>0x0, 0x757}, &(0x7f0000000100)=0x8)
write$P9_RVERSION(r0, &(0x7f0000000240)={0x15, 0x65, 0xffff, 0x6, 0x8, '9P2000.L'}, 0x15)
setsockopt$inet_sctp6_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000140)={r3, 0x2d5, 0x4, 0x9, 0x8, 0xffffffff}, 0x14)
ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)={0x8, 0x6, 0x10001})

17:49:03 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x1e)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:49:03 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x100000000000000)

17:49:03 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, 0xffffff7f]}}, 0x1c)

[  830.932210][T11490] syz-executor4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000
[  830.957246][T11490] CPU: 0 PID: 11490 Comm: syz-executor4 Not tainted 5.0.0-rc1-next-20190108 #7
[  830.966190][T11490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  830.976243][T11490] Call Trace:
17:49:03 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00, 0xffffff7f]}}, 0x1c)

[  830.979549][T11490]  dump_stack+0x1db/0x2d0
[  830.983892][T11490]  ? dump_stack_print_info.cold+0x20/0x20
[  830.989630][T11490]  ? check_preemption_disabled+0x48/0x290
[  830.995391][T11490]  dump_header+0x1e6/0x116c
[  830.999910][T11490]  ? add_lock_to_list.isra.0+0x450/0x450
[  831.005550][T11490]  ? perf_trace_lock+0x750/0x750
[  831.010491][T11490]  ? print_usage_bug+0xd0/0xd0
[  831.015264][T11490]  ? pagefault_out_of_memory+0x1a1/0x1a1
[  831.020905][T11490]  ? ___ratelimit+0x37c/0x686
[  831.025602][T11490]  ? mark_held_locks+0xb1/0x100
17:49:03 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0xffffff7f]}}, 0x1c)

[  831.030463][T11490]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  831.036282][T11490]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  831.042096][T11490]  ? lockdep_hardirqs_on+0x415/0x5d0
[  831.047394][T11490]  ? trace_hardirqs_on+0xbd/0x310
[  831.052422][T11490]  ? kasan_check_read+0x11/0x20
[  831.057281][T11490]  ? ___ratelimit+0x37c/0x686
[  831.061971][T11490]  ? trace_hardirqs_off_caller+0x300/0x300
[  831.067785][T11490]  ? do_raw_spin_trylock+0x270/0x270
[  831.073075][T11490]  ? trace_hardirqs_on_caller+0x310/0x310
[  831.078804][T11490]  ? lock_acquire+0x1db/0x570
[  831.083515][T11490]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  831.089358][T11490]  ? ___ratelimit+0xac/0x686
[  831.093958][T11490]  ? idr_get_free+0xee0/0xee0
[  831.098647][T11490]  ? lockdep_hardirqs_on+0x415/0x5d0
[  831.103959][T11490]  oom_kill_process.cold+0x10/0x9ca
[  831.109175][T11490]  ? cgroup_procs_next+0x70/0x70
[  831.114129][T11490]  ? _raw_spin_unlock_irq+0x5e/0x90
[  831.119357][T11490]  ? oom_badness+0xa50/0xa50
[  831.123993][T11490]  ? oom_evaluate_task+0x540/0x540
17:49:03 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5800, 0xffffff7f]}}, 0x1c)

[  831.129136][T11490]  ? mem_cgroup_iter_break+0x30/0x30
[  831.134447][T11490]  ? mutex_trylock+0x2d0/0x2d0
[  831.139212][T11490]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  831.145474][T11490]  ? rcu_read_unlock_special+0x380/0x380
[  831.145502][T11490]  out_of_memory+0x885/0x1420
[  831.145523][T11490]  ? mem_cgroup_iter+0x4f4/0xf50
[  831.145546][T11490]  ? oom_killer_disable+0x340/0x340
[  831.145565][T11490]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[  831.145585][T11490]  ? lock_acquire+0x1db/0x570
[  831.166010][T11490]  mem_cgroup_out_of_memory+0x160/0x210
[  831.166030][T11490]  ? do_raw_spin_unlock+0xa0/0x330
[  831.166048][T11490]  ? memory_oom_group_write+0x160/0x160
[  831.166062][T11490]  ? do_raw_spin_trylock+0x270/0x270
[  831.166091][T11490]  ? _raw_spin_unlock+0x2d/0x50
[  831.166112][T11490]  try_charge+0x1457/0x1d00
[  831.166140][T11490]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  831.166159][T11490]  ? find_held_lock+0x35/0x120
[  831.182155][T11490]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[  831.182178][T11490]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  831.182207][T11490]  ? lock_downgrade+0xbe0/0xbe0
[  831.207480][T11490]  ? kasan_check_read+0x11/0x20
[  831.207502][T11490]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  831.207522][T11490]  ? rcu_read_unlock_special+0x380/0x380
[  831.207551][T11490]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[  831.207573][T11490]  __memcg_kmem_charge_memcg+0x7c/0x130
[  831.207589][T11490]  ? memcg_kmem_put_cache+0xb0/0xb0
[  831.207602][T11490]  ? lock_release+0xc40/0xc40
[  831.207630][T11490]  __memcg_kmem_charge+0x136/0x300
[  831.207656][T11490]  __alloc_pages_nodemask+0x7b8/0xdc0
[  831.282364][T11490]  ? __alloc_pages_slowpath+0x2c60/0x2c60
[  831.288099][T11490]  ? rcu_pm_notify+0xd0/0xd0
[  831.292710][T11490]  ? rcu_read_lock_sched_held+0x110/0x130
[  831.298439][T11490]  ? kmem_cache_alloc_node+0x347/0x710
[  831.303904][T11490]  ? pci_mmcfg_check_reserved+0x170/0x170
[  831.309643][T11490]  copy_process+0x847/0x8720
[  831.314306][T11490]  ? ___might_sleep+0x1e7/0x310
[  831.319187][T11490]  ? arch_local_save_flags+0x50/0x50
[  831.324478][T11490]  ? __schedule+0x1e60/0x1e60
[  831.329166][T11490]  ? do_raw_spin_trylock+0x270/0x270
[  831.334475][T11490]  ? __cleanup_sighand+0x70/0x70
[  831.339421][T11490]  ? futex_wait_queue_me+0x539/0x810
[  831.344716][T11490]  ? refill_pi_state_cache.part.0+0x310/0x310
[  831.350792][T11490]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  831.356535][T11490]  ? handle_futex_death+0x230/0x230
[  831.361739][T11490]  ? lock_acquire+0x1db/0x570
[  831.366428][T11490]  ? __sanitizer_cov_trace_switch+0x49/0x80
[  831.372350][T11490]  ? drop_futex_key_refs.isra.0+0x6f/0xf0
[  831.378092][T11490]  ? futex_wait+0x6e6/0xa40
[  831.382614][T11490]  ? print_usage_bug+0xd0/0xd0
[  831.387390][T11490]  ? futex_wait_setup+0x430/0x430
[  831.392427][T11490]  ? drop_futex_key_refs.isra.0+0x6f/0xf0
[  831.398163][T11490]  ? __lock_acquire+0x572/0x4a10
[  831.403126][T11490]  ? mark_held_locks+0x100/0x100
[  831.408066][T11490]  ? trace_hardirqs_on_caller+0x310/0x310
[  831.413828][T11490]  ? kfree+0x173/0x230
[  831.417910][T11490]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  831.424196][T11490]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  831.430448][T11490]  ? check_preemption_disabled+0x48/0x290
[  831.436183][T11490]  ? debug_smp_processor_id+0x1c/0x20
[  831.441557][T11490]  ? perf_trace_lock_acquire+0x138/0x7d0
[  831.447202][T11490]  ? add_lock_to_list.isra.0+0x450/0x450
[  831.452845][T11490]  ? perf_trace_lock+0x750/0x750
[  831.457800][T11490]  ? exit_robust_list+0x290/0x290
[  831.462848][T11490]  ? __might_fault+0x12b/0x1e0
[  831.467613][T11490]  ? find_held_lock+0x35/0x120
[  831.472394][T11490]  ? __might_fault+0x12b/0x1e0
[  831.477156][T11490]  ? lock_acquire+0x1db/0x570
[  831.481832][T11490]  ? lock_downgrade+0xbe0/0xbe0
[  831.486693][T11490]  ? lock_release+0xc40/0xc40
[  831.491423][T11490]  ? trace_hardirqs_off_caller+0x300/0x300
[  831.497236][T11490]  _do_fork+0x1a9/0x1170
[  831.501489][T11490]  ? fork_idle+0x1d0/0x1d0
[  831.505902][T11490]  ? kasan_check_read+0x11/0x20
[  831.510749][T11490]  ? _copy_to_user+0xc9/0x120
[  831.515425][T11490]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  831.521669][T11490]  ? put_timespec64+0x115/0x1b0
[  831.526523][T11490]  ? nsecs_to_jiffies+0x30/0x30
[  831.531373][T11490]  ? do_syscall_64+0x8c/0x800
[  831.536067][T11490]  ? do_syscall_64+0x8c/0x800
[  831.540749][T11490]  ? lockdep_hardirqs_on+0x415/0x5d0
[  831.546041][T11490]  ? trace_hardirqs_on+0xbd/0x310
[  831.551075][T11490]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  831.557314][T11490]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  831.563392][T11490]  ? trace_hardirqs_off_caller+0x300/0x300
[  831.569212][T11490]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  831.575459][T11490]  __x64_sys_clone+0xbf/0x150
[  831.580146][T11490]  do_syscall_64+0x1a3/0x800
[  831.584734][T11490]  ? syscall_return_slowpath+0x5f0/0x5f0
[  831.590372][T11490]  ? prepare_exit_to_usermode+0x232/0x3b0
[  831.596098][T11490]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  831.601651][T11490]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  831.607539][T11490] RIP: 0033:0x457ec9
[  831.611436][T11490] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
17:49:03 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000, 0xffffff7f]}}, 0x1c)

[  831.631035][T11490] RSP: 002b:00007f20e9848c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[  831.639440][T11490] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457ec9
[  831.647410][T11490] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000002102001ffc
[  831.655381][T11490] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000
[  831.663372][T11490] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f20e98496d4
[  831.671366][T11490] R13: 00000000004be2a0 R14: 00000000004ce600 R15: 00000000ffffffff
[  831.698422][T11490] memory: usage 307200kB, limit 307200kB, failcnt 3715
[  831.742925][T11490] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  831.757463][T11490] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  831.775054][T11490] Memory cgroup stats for /syz4: cache:120KB rss:212548KB rss_huge:163840KB shmem:168KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:16KB active_anon:212728KB inactive_file:0KB active_file:0KB unevictable:0KB
[  831.806176][T11490] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor4,pid=11443,uid=0
[  831.823315][T11490] Memory cgroup out of memory: Kill process 11443 (syz-executor4) score 1106 or sacrifice child
17:49:04 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
ioctl$EVIOCGABS3F(r0, 0x8018457f, &(0x7f0000000080)=""/188)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000000)=0x2)
close(r0)

[  831.834981][T11490] Killed process 11443 (syz-executor4) total-vm:70532kB, anon-rss:2196kB, file-rss:33740kB, shmem-rss:0kB
[  831.893690][T11489] syz-executor4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000
[  831.913112][T11489] CPU: 1 PID: 11489 Comm: syz-executor4 Not tainted 5.0.0-rc1-next-20190108 #7
[  831.922070][T11489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  831.932103][T11489] Call Trace:
[  831.935379][T11489]  dump_stack+0x1db/0x2d0
[  831.939691][T11489]  ? dump_stack_print_info.cold+0x20/0x20
[  831.945389][T11489]  ? check_preemption_disabled+0x48/0x290
[  831.951098][T11489]  dump_header+0x1e6/0x116c
[  831.955581][T11489]  ? add_lock_to_list.isra.0+0x450/0x450
[  831.961202][T11489]  ? perf_trace_lock+0x750/0x750
[  831.966143][T11489]  ? print_usage_bug+0xd0/0xd0
[  831.970886][T11489]  ? pagefault_out_of_memory+0x1a1/0x1a1
[  831.976529][T11489]  ? ___ratelimit+0x37c/0x686
[  831.981186][T11489]  ? mark_held_locks+0xb1/0x100
[  831.986027][T11489]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  831.991806][T11489]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  831.997590][T11489]  ? lockdep_hardirqs_on+0x415/0x5d0
[  832.002856][T11489]  ? trace_hardirqs_on+0xbd/0x310
[  832.007877][T11489]  ? kasan_check_read+0x11/0x20
[  832.012721][T11489]  ? ___ratelimit+0x37c/0x686
[  832.017379][T11489]  ? trace_hardirqs_off_caller+0x300/0x300
[  832.023163][T11489]  ? do_raw_spin_trylock+0x270/0x270
[  832.028426][T11489]  ? trace_hardirqs_on_caller+0x310/0x310
[  832.034125][T11489]  ? lock_acquire+0x1db/0x570
[  832.038787][T11489]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  832.044571][T11489]  ? ___ratelimit+0xac/0x686
[  832.049140][T11489]  ? idr_get_free+0xee0/0xee0
[  832.053800][T11489]  ? lockdep_hardirqs_on+0x415/0x5d0
[  832.059073][T11489]  oom_kill_process.cold+0x10/0x9ca
[  832.064252][T11489]  ? cgroup_procs_next+0x70/0x70
[  832.069171][T11489]  ? _raw_spin_unlock_irq+0x5e/0x90
[  832.074364][T11489]  ? oom_badness+0xa50/0xa50
[  832.078954][T11489]  ? oom_evaluate_task+0x540/0x540
[  832.084047][T11489]  ? mem_cgroup_iter_break+0x30/0x30
[  832.089335][T11489]  ? mutex_trylock+0x2d0/0x2d0
[  832.094086][T11489]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  832.100313][T11489]  ? rcu_read_unlock_special+0x380/0x380
[  832.105988][T11489]  out_of_memory+0x885/0x1420
[  832.110659][T11489]  ? mem_cgroup_iter+0x4f4/0xf50
[  832.115588][T11489]  ? oom_killer_disable+0x340/0x340
[  832.120785][T11489]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[  832.126585][T11489]  ? lock_acquire+0x1db/0x570
[  832.131248][T11489]  mem_cgroup_out_of_memory+0x160/0x210
[  832.136772][T11489]  ? do_raw_spin_unlock+0xa0/0x330
[  832.141863][T11489]  ? memory_oom_group_write+0x160/0x160
[  832.147391][T11489]  ? do_raw_spin_trylock+0x270/0x270
[  832.152663][T11489]  ? _raw_spin_unlock+0x2d/0x50
[  832.157508][T11489]  try_charge+0xd42/0x1d00
[  832.161942][T11489]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[  832.167632][T11489]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  832.173172][T11489]  ? lock_downgrade+0xbe0/0xbe0
[  832.178012][T11489]  ? kasan_check_read+0x11/0x20
[  832.182853][T11489]  ? rcu_read_unlock_special+0x380/0x380
[  832.188474][T11489]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[  832.194000][T11489]  ? get_mem_cgroup_from_page+0x190/0x190
[  832.199722][T11489]  ? rcu_read_lock_sched_held+0x110/0x130
[  832.205436][T11489]  mem_cgroup_try_charge+0x43a/0xdb0
[  832.210738][T11489]  ? mem_cgroup_protected+0xa10/0xa10
[  832.216109][T11489]  ? __anon_vma_prepare+0x36d/0x760
[  832.221289][T11489]  ? anon_vma_fork+0x880/0x880
[  832.226049][T11489]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  832.232268][T11489]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  832.238494][T11489]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  832.244135][T11489]  __handle_mm_fault+0x2594/0x55a0
[  832.249242][T11489]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  832.254769][T11489]  ? check_preemption_disabled+0x48/0x290
[  832.260471][T11489]  ? handle_mm_fault+0x3cc/0xc80
[  832.265399][T11489]  ? lock_downgrade+0xbe0/0xbe0
[  832.270239][T11489]  ? kasan_check_read+0x11/0x20
[  832.275071][T11489]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  832.281047][T11489]  ? rcu_read_unlock_special+0x380/0x380
[  832.286670][T11489]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  832.292888][T11489]  ? check_preemption_disabled+0x48/0x290
[  832.298593][T11489]  handle_mm_fault+0x4ec/0xc80
[  832.303346][T11489]  ? __handle_mm_fault+0x55a0/0x55a0
[  832.308711][T11489]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  832.314930][T11489]  ? vmacache_update+0x114/0x140
[  832.319858][T11489]  __do_page_fault+0x5da/0xd60
[  832.324608][T11489]  ? do_futex+0x2910/0x2910
[  832.329113][T11489]  do_page_fault+0xe6/0x7d8
[  832.333597][T11489]  ? trace_hardirqs_on_caller+0xc0/0x310
[  832.339210][T11489]  ? vmalloc_sync_all+0x30/0x30
[  832.344037][T11489]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  832.350170][T11489]  ? syscall_return_slowpath+0x5f0/0x5f0
[  832.355802][T11489]  ? prepare_exit_to_usermode+0x232/0x3b0
[  832.361507][T11489]  ? page_fault+0x8/0x30
[  832.365734][T11489]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  832.371261][T11489]  ? page_fault+0x8/0x30
[  832.375500][T11489]  page_fault+0x1e/0x30
[  832.379662][T11489] RIP: 0033:0x40f8ef
[  832.383536][T11489] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41
[  832.403134][T11489] RSP: 002b:00007ffcc29733c0 EFLAGS: 00010206
[  832.409179][T11489] RAX: 00007f20e97e7000 RBX: 0000000000020000 RCX: 0000000000457f1a
[  832.417141][T11489] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000
[  832.425089][T11489] RBP: 00007ffcc29734a0 R08: ffffffffffffffff R09: 0000000000000000
[  832.433039][T11489] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc2973580
[  832.440984][T11489] R13: 00007f20e9807700 R14: 000000000073c04c R15: 000000000073c04c
[  832.452750][T11489] memory: usage 304880kB, limit 307200kB, failcnt 3715
[  832.460439][T11489] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  832.468309][T11489] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  832.475167][T11489] Memory cgroup stats for /syz4: cache:120KB rss:210484KB rss_huge:161792KB shmem:168KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:16KB active_anon:210568KB inactive_file:0KB active_file:0KB unevictable:0KB
[  832.497564][T11489] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor4,pid=21411,uid=0
[  832.513186][T11489] Memory cgroup out of memory: Kill process 21411 (syz-executor4) score 1106 or sacrifice child
[  832.523769][T11489] Killed process 21411 (syz-executor4) total-vm:70532kB, anon-rss:2196kB, file-rss:33736kB, shmem-rss:0kB
[  832.536721][ T1043] oom_reaper: reaped process 21411 (syz-executor4), now anon-rss:0kB, file-rss:32776kB, shmem-rss:0kB
17:49:05 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb000000]}, 0x2c8)

17:49:05 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6100, 0xffffff7f]}}, 0x1c)

17:49:05 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x200000000000000)

17:49:05 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000100)=<r1=>0x0)
ioprio_set$pid(0x1, r1, 0x4)
ioctl$int_in(r0, 0x800000c0045004, &(0x7f0000000380)=0x3f)
getsockopt$netrom_NETROM_IDLE(r0, 0x103, 0x7, &(0x7f0000000080)=0xff, &(0x7f00000000c0)=0x4)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
close(r0)
syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x7, 0x2000)

17:49:05 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x25)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:49:05 executing program 3:
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000000)=<r0=>0x0)
process_vm_writev(r0, &(0x7f0000000080)=[{&(0x7f0000000400)=""/4096, 0x1000}], 0x1, &(0x7f0000002500)=[{&(0x7f00000000c0)=""/230, 0xe6}, {&(0x7f0000000240)=""/21, 0x15}, {&(0x7f0000000280)=""/241, 0xf1}, {&(0x7f0000001400)=""/221, 0xdd}, {&(0x7f0000001500)=""/4096, 0x1000}], 0x5, 0x0)
r1 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000002580)={'gre0\x00', <r2=>0x0})
bind$xdp(r1, &(0x7f00000025c0)={0x2c, 0x1, r2, 0x3a, r1}, 0x10)
readv(r1, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r1, 0x800000c0045009, &(0x7f0000000380)=0x2)
close(r1)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f0000002600)={<r3=>0x0}, &(0x7f0000002640)=0x8)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f0000002680)={r3, 0xde, "49b590b5f50b1905da8c3a04d9d01fcb01de0fa9335a6b9215143783a28d864d818ce466151ca7e408276945adbb5a280b564f9076cfaeaedb70ec146d71991c7eeaf1b6919f73403fed35ebb6bfd87fb9d9e54d7f0efc23c87b050a929c8d1b78dbe9fb591ea19700ee41b427c6cb745a0350122601358a149e8ebe66bf3ae3e36b04a55ea56a83d06f1a2f3e23475aed87fea1f9c4eeadcfabd1dc3187e9a31a749ede863861b5aa83d5b8ba3fbccfc378bfe3ff6fa6db4e9b48a74977c0f7f61410fc28e494912437a919eee3a0d96fc80169dd7acf28506e713af975"}, &(0x7f0000002780)=0xe6)

17:49:05 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x800000000000000)

17:49:05 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
write$P9_RFLUSH(r0, &(0x7f0000000000)={0x7, 0x6d, 0x2}, 0x7)

17:49:05 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7800, 0xffffff7f]}}, 0x1c)

17:49:05 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc000000]}, 0x2c8)

17:49:05 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80fe, 0xffffff7f]}}, 0x1c)

17:49:05 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x4000000000000000)

17:49:05 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa005, 0xffffff7f]}}, 0x1c)

17:49:05 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0xf4ffffff00000000)

17:49:05 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0fe, 0xffffff7f]}}, 0x1c)

17:49:05 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd000000]}, 0x2c8)

[  833.220026][T11591] syz-executor4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000
[  833.237793][T11591] CPU: 0 PID: 11591 Comm: syz-executor4 Not tainted 5.0.0-rc1-next-20190108 #7
[  833.246723][T11591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  833.256778][T11591] Call Trace:
[  833.260067][T11591]  dump_stack+0x1db/0x2d0
[  833.264408][T11591]  ? dump_stack_print_info.cold+0x20/0x20
[  833.270148][T11591]  ? check_preemption_disabled+0x48/0x290
[  833.275877][T11591]  dump_header+0x1e6/0x116c
[  833.280370][T11591]  ? add_lock_to_list.isra.0+0x450/0x450
[  833.285989][T11591]  ? perf_trace_lock+0x750/0x750
[  833.290906][T11591]  ? print_usage_bug+0xd0/0xd0
[  833.295666][T11591]  ? pagefault_out_of_memory+0x1a1/0x1a1
[  833.301280][T11591]  ? ___ratelimit+0x37c/0x686
[  833.305964][T11591]  ? mark_held_locks+0xb1/0x100
[  833.310828][T11591]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
17:49:05 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x27)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

[  833.316621][T11591]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  833.322421][T11591]  ? lockdep_hardirqs_on+0x415/0x5d0
[  833.327711][T11591]  ? trace_hardirqs_on+0xbd/0x310
[  833.332743][T11591]  ? kasan_check_read+0x11/0x20
[  833.337594][T11591]  ? ___ratelimit+0x37c/0x686
[  833.342294][T11591]  ? trace_hardirqs_off_caller+0x300/0x300
[  833.348135][T11591]  ? do_raw_spin_trylock+0x270/0x270
[  833.353434][T11591]  ? trace_hardirqs_on_caller+0x310/0x310
[  833.359162][T11591]  ? lock_acquire+0x1db/0x570
[  833.363862][T11591]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  833.369682][T11591]  ? ___ratelimit+0xac/0x686
[  833.374281][T11591]  ? idr_get_free+0xee0/0xee0
[  833.378979][T11591]  ? lockdep_hardirqs_on+0x415/0x5d0
[  833.384346][T11591]  oom_kill_process.cold+0x10/0x9ca
[  833.389558][T11591]  ? cgroup_procs_next+0x70/0x70
[  833.394505][T11591]  ? _raw_spin_unlock_irq+0x5e/0x90
[  833.394524][T11591]  ? oom_badness+0xa50/0xa50
[  833.394546][T11591]  ? oom_evaluate_task+0x540/0x540
[  833.409483][T11591]  ? mem_cgroup_iter_break+0x30/0x30
[  833.414774][T11591]  ? mutex_trylock+0x2d0/0x2d0
[  833.419575][T11591]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  833.425853][T11591]  ? rcu_read_unlock_special+0x380/0x380
[  833.431502][T11591]  out_of_memory+0x885/0x1420
[  833.436206][T11591]  ? mem_cgroup_iter+0x4f4/0xf50
[  833.441148][T11591]  ? oom_killer_disable+0x340/0x340
[  833.446364][T11591]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[  833.446383][T11591]  ? lock_acquire+0x1db/0x570
[  833.446413][T11591]  mem_cgroup_out_of_memory+0x160/0x210
[  833.446429][T11591]  ? do_raw_spin_unlock+0xa0/0x330
[  833.446448][T11591]  ? memory_oom_group_write+0x160/0x160
[  833.446478][T11591]  ? do_raw_spin_trylock+0x270/0x270
[  833.446514][T11591]  ? _raw_spin_unlock+0x2d/0x50
[  833.456992][T11591]  try_charge+0x1457/0x1d00
[  833.457020][T11591]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  833.457033][T11591]  ? find_held_lock+0x35/0x120
[  833.457050][T11591]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[  833.457068][T11591]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  833.457088][T11591]  ? lock_downgrade+0xbe0/0xbe0
[  833.457103][T11591]  ? kasan_check_read+0x11/0x20
[  833.457120][T11591]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  833.457156][T11591]  ? rcu_read_unlock_special+0x380/0x380
[  833.531227][T11591]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[  833.536785][T11591]  __memcg_kmem_charge_memcg+0x7c/0x130
[  833.542368][T11591]  ? memcg_kmem_put_cache+0xb0/0xb0
[  833.547564][T11591]  ? lock_release+0xc40/0xc40
[  833.552228][T11591]  __memcg_kmem_charge+0x136/0x300
[  833.557352][T11591]  __alloc_pages_nodemask+0x7b8/0xdc0
[  833.562729][T11591]  ? __alloc_pages_slowpath+0x2c60/0x2c60
17:49:06 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer\x00', 0x3ffc, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
close(r0)
ioctl$BLKPG(r0, 0x1269, &(0x7f0000000000)={0x0, 0xfffffffffffff801, 0x99, &(0x7f0000000080)="29c7d426fcc74a7b115ae638a8c32e896dccccff98093d575a86db0a3d6d9362b5c14e1d0c2ff150fa63d3260d3a5d3c2a046c596c44271e29fc5794efed8d91b3aaa646c20f6a5649401fa169fc050a9955730302ed586134f456a0d6a13ab57f9498e9bea1df8d740a3ca2434258b9befebda981e45ebccd921f5ed56dbabf4ee5b731896ff5a42463751e141305bb0d8b5a258bd071651e"})
ioctl$ASHMEM_GET_NAME(r0, 0x81007702, &(0x7f0000000400)=""/4096)

17:49:06 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc805, 0xffffff7f]}}, 0x1c)

17:49:06 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0xfdfdffff00000000)

17:49:06 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
lstat(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, <r1=>0x0})
r2 = getegid()
write$P9_RGETATTR(r0, &(0x7f0000000240)={0xa0, 0x19, 0x1, {0x0, {0xb0, 0x0, 0x4}, 0x62, r1, r2, 0x1, 0x0, 0x400, 0x65, 0x7, 0x8, 0xa5, 0x0, 0x1, 0xb4, 0x7ff, 0x800, 0x7, 0x6, 0x2}}, 0xa0)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
setsockopt$nfc_llcp_NFC_LLCP_MIUX(r0, 0x118, 0x1, &(0x7f0000000080)=0x7, 0x4)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
close(r0)

[  833.568453][T11591]  ? rcu_pm_notify+0xd0/0xd0
[  833.573057][T11591]  ? rcu_read_lock_sched_held+0x110/0x130
[  833.578800][T11591]  ? kmem_cache_alloc_node+0x347/0x710
[  833.584263][T11591]  ? pci_mmcfg_check_reserved+0x170/0x170
[  833.589994][T11591]  copy_process+0x847/0x8720
[  833.594602][T11591]  ? ___might_sleep+0x1e7/0x310
[  833.599469][T11591]  ? arch_local_save_flags+0x50/0x50
[  833.604755][T11591]  ? __schedule+0x1e60/0x1e60
[  833.609437][T11591]  ? do_raw_spin_trylock+0x270/0x270
[  833.614740][T11591]  ? __cleanup_sighand+0x70/0x70
[  833.619685][T11591]  ? futex_wait_queue_me+0x539/0x810
[  833.624977][T11591]  ? refill_pi_state_cache.part.0+0x310/0x310
[  833.624993][T11591]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  833.625018][T11591]  ? handle_futex_death+0x230/0x230
[  833.641969][T11591]  ? lock_acquire+0x1db/0x570
[  833.641984][T11591]  ? __sanitizer_cov_trace_switch+0x49/0x80
[  833.642004][T11591]  ? drop_futex_key_refs.isra.0+0x6f/0xf0
[  833.642021][T11591]  ? futex_wait+0x6e6/0xa40
[  833.642048][T11591]  ? print_usage_bug+0xd0/0xd0
[  833.667601][T11591]  ? futex_wait_setup+0x430/0x430
[  833.672673][T11591]  ? drop_futex_key_refs.isra.0+0x6f/0xf0
[  833.678406][T11591]  ? __lock_acquire+0x572/0x4a10
[  833.683388][T11591]  ? mark_held_locks+0x100/0x100
[  833.688384][T11591]  ? trace_hardirqs_on_caller+0x310/0x310
[  833.694109][T11591]  ? kfree+0x173/0x230
[  833.698186][T11591]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  833.704438][T11591]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  833.710687][T11591]  ? check_preemption_disabled+0x48/0x290
[  833.716430][T11591]  ? debug_smp_processor_id+0x1c/0x20
[  833.721833][T11591]  ? perf_trace_lock_acquire+0x138/0x7d0
[  833.727486][T11591]  ? add_lock_to_list.isra.0+0x450/0x450
[  833.733138][T11591]  ? perf_trace_lock+0x750/0x750
[  833.738071][T11591]  ? exit_robust_list+0x290/0x290
[  833.743081][T11591]  ? __might_fault+0x12b/0x1e0
[  833.747836][T11591]  ? find_held_lock+0x35/0x120
[  833.752610][T11591]  ? __might_fault+0x12b/0x1e0
[  833.757394][T11591]  ? lock_acquire+0x1db/0x570
[  833.762087][T11591]  ? lock_downgrade+0xbe0/0xbe0
[  833.766963][T11591]  ? lock_release+0xc40/0xc40
17:49:06 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe803, 0xffffff7f]}}, 0x1c)

[  833.771651][T11591]  ? trace_hardirqs_off_caller+0x300/0x300
[  833.777470][T11591]  _do_fork+0x1a9/0x1170
[  833.781722][T11591]  ? fork_idle+0x1d0/0x1d0
[  833.786151][T11591]  ? kasan_check_read+0x11/0x20
[  833.791006][T11591]  ? _copy_to_user+0xc9/0x120
[  833.795681][T11591]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  833.801928][T11591]  ? put_timespec64+0x115/0x1b0
[  833.806808][T11591]  ? nsecs_to_jiffies+0x30/0x30
[  833.806828][T11591]  ? do_syscall_64+0x8c/0x800
[  833.806842][T11591]  ? do_syscall_64+0x8c/0x800
[  833.806858][T11591]  ? lockdep_hardirqs_on+0x415/0x5d0
[  833.806874][T11591]  ? trace_hardirqs_on+0xbd/0x310
[  833.806889][T11591]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  833.806907][T11591]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  833.806923][T11591]  ? trace_hardirqs_off_caller+0x300/0x300
[  833.806937][T11591]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  833.806959][T11591]  __x64_sys_clone+0xbf/0x150
[  833.806979][T11591]  do_syscall_64+0x1a3/0x800
[  833.806998][T11591]  ? syscall_return_slowpath+0x5f0/0x5f0
17:49:06 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf401, 0xffffff7f]}}, 0x1c)

[  833.807020][T11591]  ? prepare_exit_to_usermode+0x232/0x3b0
[  833.816528][T11591]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  833.816572][T11591]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  833.816586][T11591] RIP: 0033:0x457ec9
[  833.816603][T11591] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  833.816627][T11591] RSP: 002b:00007f20e9848c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[  833.816643][T11591] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457ec9
[  833.816652][T11591] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000002102001ffc
[  833.816662][T11591] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000
[  833.816671][T11591] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f20e98496d4
[  833.816681][T11591] R13: 00000000004be2a0 R14: 00000000004ce600 R15: 00000000ffffffff
[  833.841808][T11591] memory: usage 307184kB, limit 307200kB, failcnt 3745
[  833.969780][T11591] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  833.977711][T11591] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  833.984649][T11591] Memory cgroup stats for /syz4: cache:120KB rss:212592KB rss_huge:163840KB shmem:168KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:16KB active_anon:212716KB inactive_file:0KB active_file:0KB unevictable:0KB
[  834.008277][T11591] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor4,pid=21435,uid=0
17:49:06 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0xffffffffffff0700)

17:49:06 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x0, 0x805)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
close(r0)

17:49:06 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfc00, 0xffffff7f]}}, 0x1c)

17:49:06 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x34)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

[  834.065049][T11591] Memory cgroup out of memory: Kill process 21435 (syz-executor4) score 1106 or sacrifice child
[  834.083065][T11591] Killed process 21435 (syz-executor4) total-vm:70532kB, anon-rss:2196kB, file-rss:33736kB, shmem-rss:0kB
[  834.157745][ T1043] oom_reaper: reaped process 21435 (syz-executor4), now anon-rss:0kB, file-rss:32776kB, shmem-rss:0kB
[  834.198477][T11588] syz-executor4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000
[  834.320742][T11588] CPU: 0 PID: 11588 Comm: syz-executor4 Not tainted 5.0.0-rc1-next-20190108 #7
[  834.329699][T11588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  834.339754][T11588] Call Trace:
[  834.343057][T11588]  dump_stack+0x1db/0x2d0
[  834.347400][T11588]  ? dump_stack_print_info.cold+0x20/0x20
[  834.353200][T11588]  ? check_preemption_disabled+0x48/0x290
[  834.358948][T11588]  dump_header+0x1e6/0x116c
[  834.363472][T11588]  ? add_lock_to_list.isra.0+0x450/0x450
[  834.369114][T11588]  ? perf_trace_lock+0x750/0x750
[  834.374052][T11588]  ? print_usage_bug+0xd0/0xd0
[  834.378817][T11588]  ? pagefault_out_of_memory+0x1a1/0x1a1
[  834.384454][T11588]  ? ___ratelimit+0x37c/0x686
[  834.389144][T11588]  ? mark_held_locks+0xb1/0x100
[  834.389179][T11588]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  834.389196][T11588]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  834.389211][T11588]  ? lockdep_hardirqs_on+0x415/0x5d0
[  834.389229][T11588]  ? trace_hardirqs_on+0xbd/0x310
[  834.389245][T11588]  ? kasan_check_read+0x11/0x20
[  834.389259][T11588]  ? ___ratelimit+0x37c/0x686
[  834.389275][T11588]  ? trace_hardirqs_off_caller+0x300/0x300
[  834.389290][T11588]  ? do_raw_spin_trylock+0x270/0x270
[  834.389309][T11588]  ? trace_hardirqs_on_caller+0x310/0x310
[  834.399961][T11588]  ? lock_acquire+0x1db/0x570
[  834.399986][T11588]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  834.400001][T11588]  ? ___ratelimit+0xac/0x686
[  834.400018][T11588]  ? idr_get_free+0xee0/0xee0
[  834.400033][T11588]  ? lockdep_hardirqs_on+0x415/0x5d0
[  834.400062][T11588]  oom_kill_process.cold+0x10/0x9ca
[  834.472783][T11588]  ? cgroup_procs_next+0x70/0x70
[  834.477731][T11588]  ? _raw_spin_unlock_irq+0x5e/0x90
[  834.482935][T11588]  ? oom_badness+0xa50/0xa50
[  834.487533][T11588]  ? oom_evaluate_task+0x540/0x540
[  834.492662][T11588]  ? mem_cgroup_iter_break+0x30/0x30
[  834.497941][T11588]  ? mutex_trylock+0x2d0/0x2d0
[  834.502690][T11588]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  834.508942][T11588]  ? rcu_read_unlock_special+0x380/0x380
[  834.514578][T11588]  out_of_memory+0x885/0x1420
[  834.519242][T11588]  ? mem_cgroup_iter+0x4f4/0xf50
[  834.524163][T11588]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  834.529980][T11588]  ? oom_killer_disable+0x340/0x340
[  834.535175][T11588]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[  834.540965][T11588]  ? lock_acquire+0x1db/0x570
[  834.545651][T11588]  mem_cgroup_out_of_memory+0x160/0x210
[  834.551198][T11588]  ? do_raw_spin_unlock+0xa0/0x330
[  834.556314][T11588]  ? memory_oom_group_write+0x160/0x160
[  834.561850][T11588]  ? do_raw_spin_trylock+0x270/0x270
[  834.567177][T11588]  ? _raw_spin_unlock+0x2d/0x50
[  834.572048][T11588]  try_charge+0xd42/0x1d00
[  834.576477][T11588]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  834.582012][T11588]  ? find_held_lock+0x35/0x120
[  834.586768][T11588]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[  834.592340][T11588]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  834.598576][T11588]  ? lock_downgrade+0xbe0/0xbe0
[  834.603408][T11588]  ? kasan_check_read+0x11/0x20
[  834.608250][T11588]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  834.614238][T11588]  ? rcu_read_unlock_special+0x380/0x380
[  834.619875][T11588]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[  834.625403][T11588]  __memcg_kmem_charge_memcg+0x7c/0x130
[  834.630965][T11588]  ? memcg_kmem_put_cache+0xb0/0xb0
[  834.636174][T11588]  ? lock_release+0xc40/0xc40
[  834.640847][T11588]  __memcg_kmem_charge+0x136/0x300
[  834.645973][T11588]  __alloc_pages_nodemask+0x7b8/0xdc0
[  834.651370][T11588]  ? __alloc_pages_slowpath+0x2c60/0x2c60
[  834.657080][T11588]  ? rcu_pm_notify+0xd0/0xd0
[  834.661659][T11588]  ? rcu_read_lock_sched_held+0x110/0x130
[  834.667371][T11588]  ? kmem_cache_alloc_node+0x347/0x710
[  834.672824][T11588]  ? print_usage_bug+0xd0/0xd0
[  834.677587][T11588]  copy_process+0x847/0x8720
[  834.682157][T11588]  ? print_usage_bug+0xd0/0xd0
[  834.686916][T11588]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  834.693157][T11588]  ? check_preemption_disabled+0x48/0x290
[  834.698886][T11588]  ? __lock_acquire+0x572/0x4a10
[  834.703831][T11588]  ? mark_held_locks+0x100/0x100
[  834.708774][T11588]  ? __cleanup_sighand+0x70/0x70
[  834.713716][T11588]  ? mark_held_locks+0x100/0x100
[  834.718656][T11588]  ? find_held_lock+0x35/0x120
[  834.723429][T11588]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  834.729671][T11588]  ? check_preemption_disabled+0x48/0x290
[  834.735383][T11588]  ? debug_smp_processor_id+0x1c/0x20
[  834.740739][T11588]  ? perf_trace_lock_acquire+0x138/0x7d0
[  834.746373][T11588]  ? delayacct_end+0xc9/0x100
[  834.751053][T11588]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  834.757288][T11588]  ? add_lock_to_list.isra.0+0x450/0x450
[  834.762901][T11588]  ? perf_trace_lock+0x750/0x750
[  834.767833][T11588]  ? perf_trace_lock_acquire+0x138/0x7d0
[  834.773476][T11588]  ? add_lock_to_list.isra.0+0x450/0x450
[  834.779108][T11588]  ? find_held_lock+0x35/0x120
[  834.783897][T11588]  ? print_usage_bug+0xd0/0xd0
[  834.788672][T11588]  ? psi_memstall_leave+0x1f8/0x280
[  834.793863][T11588]  ? find_held_lock+0x35/0x120
[  834.798617][T11588]  ? __lock_acquire+0x572/0x4a10
[  834.803541][T11588]  ? _raw_spin_unlock_irq+0x28/0x90
[  834.808729][T11588]  ? _raw_spin_unlock_irq+0x28/0x90
[  834.813923][T11588]  ? lockdep_hardirqs_on+0x415/0x5d0
[  834.819190][T11588]  ? trace_hardirqs_on+0xbd/0x310
[  834.824217][T11588]  ? mark_held_locks+0x100/0x100
[  834.829154][T11588]  ? check_preemption_disabled+0x48/0x290
[  834.834867][T11588]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  834.841098][T11588]  ? check_preemption_disabled+0x48/0x290
[  834.846813][T11588]  ? debug_smp_processor_id+0x1c/0x20
[  834.852186][T11588]  ? perf_trace_lock_acquire+0x138/0x7d0
[  834.857816][T11588]  ? add_lock_to_list.isra.0+0x450/0x450
[  834.863433][T11588]  ? perf_trace_lock+0x750/0x750
[  834.868368][T11588]  ? lockdep_hardirqs_on+0x415/0x5d0
[  834.873662][T11588]  ? try_to_free_pages+0xb70/0xb70
[  834.878779][T11588]  ? percpu_ref_put_many+0x129/0x270
[  834.884065][T11588]  ? blkcg_maybe_throttle_current+0x75e/0x13c0
[  834.890213][T11588]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  834.896454][T11588]  _do_fork+0x1a9/0x1170
[  834.900721][T11588]  ? fork_idle+0x1d0/0x1d0
[  834.905142][T11588]  ? trace_hardirqs_off+0xb8/0x310
[  834.910283][T11588]  ? get_mctgt_type_thp.isra.0+0x4c0/0x4c0
[  834.916094][T11588]  ? prepare_exit_to_usermode+0x32e/0x3b0
[  834.921837][T11588]  ? do_syscall_64+0x8c/0x800
[  834.926503][T11588]  ? do_syscall_64+0x8c/0x800
[  834.931182][T11588]  ? lockdep_hardirqs_on+0x415/0x5d0
[  834.936462][T11588]  ? trace_hardirqs_on+0xbd/0x310
[  834.941471][T11588]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  834.947533][T11588]  ? trace_hardirqs_off_caller+0x300/0x300
[  834.953364][T11588]  __x64_sys_clone+0xbf/0x150
[  834.958047][T11588]  do_syscall_64+0x1a3/0x800
[  834.962644][T11588]  ? syscall_return_slowpath+0x5f0/0x5f0
[  834.968276][T11588]  ? prepare_exit_to_usermode+0x232/0x3b0
[  834.974003][T11588]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  834.979544][T11588]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  834.985424][T11588] RIP: 0033:0x45a899
[  834.989343][T11588] Code: ff 48 85 f6 0f 84 97 8d fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 6e 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75
[  835.008949][T11588] RSP: 002b:00007ffcc2973378 EFLAGS: 00000202 ORIG_RAX: 0000000000000038
[  835.017382][T11588] RAX: ffffffffffffffda RBX: 00007f20e9828700 RCX: 000000000045a899
[  835.025375][T11588] RDX: 00007f20e98289d0 RSI: 00007f20e9827db0 RDI: 00000000003d0f00
[  835.033376][T11588] RBP: 00007ffcc2973580 R08: 00007f20e9828700 R09: 00007f20e9828700
[  835.041347][T11588] R10: 00007f20e98289d0 R11: 0000000000000202 R12: 0000000000000000
[  835.049336][T11588] R13: 00007ffcc297342f R14: 00007f20e98289c0 R15: 000000000073bfac
[  835.063622][T11588] memory: usage 304864kB, limit 307200kB, failcnt 3747
[  835.070696][T11588] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  835.078673][T11588] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  835.085894][T11588] Memory cgroup stats for /syz4: cache:120KB rss:210564KB rss_huge:161792KB shmem:168KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:16KB active_anon:210564KB inactive_file:0KB active_file:0KB unevictable:0KB
[  835.108533][T11588] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor4,pid=21541,uid=0
[  835.136537][T11588] Memory cgroup out of memory: Kill process 21541 (syz-executor4) score 1106 or sacrifice child
[  835.160287][T11588] Killed process 21541 (syz-executor4) total-vm:70532kB, anon-rss:2196kB, file-rss:33736kB, shmem-rss:0kB
17:49:07 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe000000]}, 0x2c8)

17:49:07 executing program 0:
r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x8400, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000040)={0xffffffff, 0x800, 0x8004, 0x800000, 0x20, 0xfffffffffffffff7, 0x101, 0x7, <r1=>0x0}, &(0x7f0000000080)=0x20)
setsockopt$inet_sctp_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f00000000c0)={r1, 0x7, 0x4, [0x1f, 0x800, 0x4, 0x1000]}, 0x10)
r2 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r2, 0x1261, 0x0)

17:49:07 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
close(r0)

17:49:07 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe80, 0xffffff7f]}}, 0x1c)

17:49:07 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
close(r1)

17:49:07 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x35)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:49:08 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
ioctl$BLKALIGNOFF(r0, 0x127a, &(0x7f0000000000))

17:49:08 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfec0, 0xffffff7f]}}, 0x1c)

17:49:08 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0xff)

17:49:08 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf000000]}, 0x2c8)

17:49:08 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff00, 0xffffff7f]}}, 0x1c)

17:49:08 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20480, 0xffffff7f]}}, 0x1c)

17:49:08 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
pipe(&(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$VHOST_SET_VRING_BASE(r1, 0x4008af12, &(0x7f0000000040)={0x3, 0x20})
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r2, 0x8916, &(0x7f0000000080)={'veth0\x00', {0x2, 0x4e21, @local}})

17:49:08 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
r1 = gettid()
fcntl$setownex(r0, 0xf, &(0x7f0000000080)={0x4, r1})

17:49:08 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
close(r0)

17:49:08 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0xffffff7f]}}, 0x1c)

17:49:08 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cachefiles\x00', 0x101000, 0x0)
ioctl$VIDIOC_G_OUTPUT(r1, 0x8004562e, &(0x7f0000000040))
time(&(0x7f0000000080))
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)

17:49:08 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x300)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:49:08 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000]}, 0x2c8)

17:49:08 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000000)=<r2=>0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REPLACE(r0, 0xc1105518, &(0x7f0000000240)={{0x1, 0x6, 0xa0, 0x8, '\x00', 0x1000}, 0x0, 0x57d, 0x0, r2, 0x4, 0x80000000, 'syz0\x00', &(0x7f0000000080)=['eth1\x00', 'vmnet0-\x00', '/dev/dsp#\x00', '/dev/dsp#\x00'], 0x21, [], [0x101, 0x40, 0x0, 0x10000]})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:49:08 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0xffffff7f]}}, 0x1c)

17:49:08 executing program 0:
r0 = syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x8, 0x80040)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x100000000)
r1 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x200)
ioctl$LOOP_SET_BLOCK_SIZE(r1, 0x1261, 0x0)

17:49:08 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11000000]}, 0x2c8)

17:49:08 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1030000, 0xffffff7f]}}, 0x1c)

17:49:08 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0xffffff7f]}}, 0x1c)

17:49:08 executing program 0:
ioctl$LOOP_SET_BLOCK_SIZE(0xffffffffffffffff, 0x1261, 0x0)
r0 = open(&(0x7f0000000000)='./file0\x00', 0x400900, 0x80)
setsockopt$IP_VS_SO_SET_EDIT(r0, 0x0, 0x483, &(0x7f0000000040)={0x33, @multicast1, 0x4e20, 0x3, 'lc\x00', 0xc, 0x1000, 0x7c}, 0x2c)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100)='IPVS\x00')
sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0xc810}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x70, r1, 0x900, 0x70bd2a, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x80}, @IPVS_CMD_ATTR_DAEMON={0x20, 0x3, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e21}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'eql\x00'}]}, @IPVS_CMD_ATTR_DEST={0x1c, 0x2, [@IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e22}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0xffffffffffffffff}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xfffffffffffffffd}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x5}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xc1}]}, 0x70}, 0x1, 0x0, 0x0, 0x4000000}, 0x40)
setsockopt$inet_sctp_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f00000000c0)={0x80000000009, 0x2, 0x1, 0x100000000}, 0x8)
socket$inet_smc(0x2b, 0x1, 0x0)

[  836.271022][T11739] syz-executor4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000
[  836.325733][T11739] CPU: 1 PID: 11739 Comm: syz-executor4 Not tainted 5.0.0-rc1-next-20190108 #7
[  836.334690][T11739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  836.344749][T11739] Call Trace:
[  836.348048][T11739]  dump_stack+0x1db/0x2d0
[  836.352393][T11739]  ? dump_stack_print_info.cold+0x20/0x20
[  836.358115][T11739]  ? check_preemption_disabled+0x48/0x290
[  836.363862][T11739]  dump_header+0x1e6/0x116c
[  836.368379][T11739]  ? add_lock_to_list.isra.0+0x450/0x450
[  836.374017][T11739]  ? perf_trace_lock+0x750/0x750
[  836.378967][T11739]  ? print_usage_bug+0xd0/0xd0
[  836.383744][T11739]  ? pagefault_out_of_memory+0x1a1/0x1a1
[  836.389388][T11739]  ? ___ratelimit+0x37c/0x686
[  836.394079][T11739]  ? mark_held_locks+0xb1/0x100
[  836.399135][T11739]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  836.404952][T11739]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  836.410768][T11739]  ? lockdep_hardirqs_on+0x415/0x5d0
[  836.416063][T11739]  ? trace_hardirqs_on+0xbd/0x310
[  836.421095][T11739]  ? kasan_check_read+0x11/0x20
[  836.425953][T11739]  ? ___ratelimit+0x37c/0x686
[  836.425972][T11739]  ? trace_hardirqs_off_caller+0x300/0x300
[  836.425988][T11739]  ? do_raw_spin_trylock+0x270/0x270
[  836.426005][T11739]  ? trace_hardirqs_on_caller+0x310/0x310
[  836.426019][T11739]  ? lock_acquire+0x1db/0x570
[  836.426045][T11739]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  836.426061][T11739]  ? ___ratelimit+0xac/0x686
[  836.426079][T11739]  ? idr_get_free+0xee0/0xee0
[  836.426099][T11739]  ? lockdep_hardirqs_on+0x415/0x5d0
[  836.437082][T11739]  oom_kill_process.cold+0x10/0x9ca
[  836.437105][T11739]  ? cgroup_procs_next+0x70/0x70
[  836.437128][T11739]  ? _raw_spin_unlock_irq+0x5e/0x90
[  836.437147][T11739]  ? oom_badness+0xa50/0xa50
[  836.437170][T11739]  ? oom_evaluate_task+0x540/0x540
[  836.437187][T11739]  ? mem_cgroup_iter_break+0x30/0x30
[  836.437203][T11739]  ? mutex_trylock+0x2d0/0x2d0
[  836.437217][T11739]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  836.437248][T11739]  ? rcu_read_unlock_special+0x380/0x380
[  836.437278][T11739]  out_of_memory+0x885/0x1420
[  836.524719][T11739]  ? mem_cgroup_iter+0x4f4/0xf50
[  836.529672][T11739]  ? oom_killer_disable+0x340/0x340
[  836.534876][T11739]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[  836.540693][T11739]  ? lock_acquire+0x1db/0x570
[  836.545381][T11739]  mem_cgroup_out_of_memory+0x160/0x210
[  836.550909][T11739]  ? do_raw_spin_unlock+0xa0/0x330
[  836.556019][T11739]  ? memory_oom_group_write+0x160/0x160
[  836.561557][T11739]  ? do_raw_spin_trylock+0x270/0x270
[  836.566854][T11739]  ? _raw_spin_unlock+0x2d/0x50
[  836.571707][T11739]  try_charge+0x1457/0x1d00
[  836.576220][T11739]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  836.581760][T11739]  ? find_held_lock+0x35/0x120
[  836.586515][T11739]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[  836.592072][T11739]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  836.598336][T11739]  ? lock_downgrade+0xbe0/0xbe0
[  836.603194][T11739]  ? kasan_check_read+0x11/0x20
[  836.608042][T11739]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  836.614010][T11739]  ? rcu_read_unlock_special+0x380/0x380
[  836.619651][T11739]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[  836.625195][T11739]  __memcg_kmem_charge_memcg+0x7c/0x130
[  836.630733][T11739]  ? memcg_kmem_put_cache+0xb0/0xb0
[  836.635936][T11739]  ? lock_release+0xc40/0xc40
[  836.640627][T11739]  __memcg_kmem_charge+0x136/0x300
[  836.645751][T11739]  __alloc_pages_nodemask+0x7b8/0xdc0
[  836.651140][T11739]  ? __alloc_pages_slowpath+0x2c60/0x2c60
[  836.656921][T11739]  ? rcu_pm_notify+0xd0/0xd0
[  836.661531][T11739]  ? rcu_read_lock_sched_held+0x110/0x130
[  836.667255][T11739]  ? kmem_cache_alloc_node+0x347/0x710
[  836.672736][T11739]  copy_process+0x847/0x8720
[  836.677345][T11739]  ? pmd_devmap_trans_unstable+0x1d0/0x1d0
[  836.683165][T11739]  ? add_lock_to_list.isra.0+0x450/0x450
[  836.688809][T11739]  ? reacquire_held_locks+0xfb/0x520
[  836.694138][T11739]  ? alloc_set_pte+0x134a/0x1df0
[  836.694160][T11739]  ? find_held_lock+0x60/0x120
[  836.694192][T11739]  ? __cleanup_sighand+0x70/0x70
[  836.694208][T11739]  ? lock_downgrade+0xbe0/0xbe0
[  836.694230][T11739]  ? kasan_check_read+0x11/0x20
[  836.708843][T11739]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  836.724475][T11739]  ? rcu_read_unlock_special+0x380/0x380
[  836.730132][T11739]  ? filemap_map_pages+0xe50/0x1cc0
[  836.735361][T11739]  ? print_usage_bug+0xd0/0xd0
[  836.740138][T11739]  ? print_usage_bug+0xd0/0xd0
[  836.744899][T11739]  ? mark_held_locks+0x100/0x100
[  836.749855][T11739]  ? __lock_acquire+0x572/0x4a10
[  836.754805][T11739]  ? __handle_mm_fault+0x3fde/0x55a0
[  836.760117][T11739]  ? mark_held_locks+0x100/0x100
[  836.765071][T11739]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  836.771331][T11739]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  836.777582][T11739]  ? check_preemption_disabled+0x48/0x290
[  836.783404][T11739]  ? debug_smp_processor_id+0x1c/0x20
[  836.788782][T11739]  ? perf_trace_lock_acquire+0x138/0x7d0
[  836.794411][T11739]  ? add_lock_to_list.isra.0+0x450/0x450
[  836.800035][T11739]  ? perf_trace_lock+0x750/0x750
[  836.804971][T11739]  ? __handle_mm_fault+0x955/0x55a0
[  836.810171][T11739]  ? __might_fault+0x12b/0x1e0
[  836.814926][T11739]  ? find_held_lock+0x35/0x120
[  836.819674][T11739]  ? __might_fault+0x12b/0x1e0
[  836.824421][T11739]  ? lock_acquire+0x1db/0x570
[  836.829095][T11739]  ? lock_downgrade+0xbe0/0xbe0
[  836.833983][T11739]  ? lock_release+0xc40/0xc40
[  836.838682][T11739]  ? trace_hardirqs_off_caller+0x300/0x300
[  836.844498][T11739]  _do_fork+0x1a9/0x1170
[  836.848766][T11739]  ? fork_idle+0x1d0/0x1d0
[  836.853192][T11739]  ? kasan_check_read+0x11/0x20
[  836.858073][T11739]  ? _copy_to_user+0xc9/0x120
[  836.862807][T11739]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  836.869052][T11739]  ? put_timespec64+0x115/0x1b0
[  836.873908][T11739]  ? nsecs_to_jiffies+0x30/0x30
[  836.878759][T11739]  ? vmacache_update+0x114/0x140
[  836.883707][T11739]  ? do_syscall_64+0x8c/0x800
[  836.888413][T11739]  ? do_syscall_64+0x8c/0x800
[  836.893096][T11739]  ? lockdep_hardirqs_on+0x415/0x5d0
[  836.898398][T11739]  ? trace_hardirqs_on+0xbd/0x310
[  836.903427][T11739]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  836.909675][T11739]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  836.915759][T11739]  ? trace_hardirqs_off_caller+0x300/0x300
[  836.921578][T11739]  __x64_sys_clone+0xbf/0x150
[  836.926264][T11739]  do_syscall_64+0x1a3/0x800
[  836.930868][T11739]  ? syscall_return_slowpath+0x5f0/0x5f0
[  836.936508][T11739]  ? prepare_exit_to_usermode+0x232/0x3b0
[  836.942249][T11739]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  836.947815][T11739]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  836.953719][T11739] RIP: 0033:0x457ec9
[  836.957620][T11739] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
17:49:09 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
ioctl$SIOCX25GSUBSCRIP(r0, 0x89e0, &(0x7f0000000080)={'dummy0\x00', 0xea, 0x1000})
ioctl$SIOCX25GSUBSCRIP(r0, 0x89e0, &(0x7f0000000240)={'gre0\x00', 0x4, 0x6})
close(r0)

17:49:09 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x101000, 0x0)
ioctl$SIOCAX25NOUID(r1, 0x89e3, &(0x7f0000000100))
r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/btrfs-control\x00', 0x1, 0x0)
accept4$nfc_llcp(r2, 0x0, &(0x7f0000000080), 0x80000)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-control\x00', 0x800, 0x0)
ioctl$TIOCNXCL(r1, 0x540d)

17:49:09 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000, 0xffffff7f]}}, 0x1c)

17:49:09 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x80000)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:49:09 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0xffffffffffffff6c}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
ioctl$BLKRRPART(r0, 0x125f, 0x0)
connect$x25(r0, &(0x7f0000000000)={0x9, @null='               \x00'}, 0x12)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)
socket$pppoe(0x18, 0x1, 0x0)

[  836.977246][T11739] RSP: 002b:00007f20e9848c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[  836.985659][T11739] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457ec9
[  836.993640][T11739] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000002102001ffc
[  837.001614][T11739] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000
[  837.009590][T11739] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f20e98496d4
[  837.017567][T11739] R13: 00000000004be2a0 R14: 00000000004ce600 R15: 00000000ffffffff
17:49:09 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0xffffff7f]}}, 0x1c)

[  837.083887][T11739] memory: usage 307196kB, limit 307200kB, failcnt 3787
[  837.111053][T11739] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
17:49:09 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
ioctl$TIOCSSOFTCAR(r0, 0x541a, &(0x7f0000000000))
close(r0)

[  837.131804][T11739] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
17:49:09 executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x28006)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)

[  837.154909][T11739] Memory cgroup stats for /syz4: cache:120KB rss:212588KB rss_huge:163840KB shmem:168KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:16KB active_anon:212688KB inactive_file:4KB active_file:0KB unevictable:0KB
[  837.240104][T11739] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor4,pid=11661,uid=0
[  837.275328][T11739] Memory cgroup out of memory: Kill process 11661 (syz-executor4) score 1106 or sacrifice child
[  837.309040][T11739] Killed process 11661 (syz-executor4) total-vm:70532kB, anon-rss:2196kB, file-rss:33740kB, shmem-rss:0kB
[  837.328195][T11735] syz-executor4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000
[  837.342779][T11735] CPU: 1 PID: 11735 Comm: syz-executor4 Not tainted 5.0.0-rc1-next-20190108 #7
[  837.351718][T11735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  837.361751][T11735] Call Trace:
[  837.365035][T11735]  dump_stack+0x1db/0x2d0
[  837.369379][T11735]  ? dump_stack_print_info.cold+0x20/0x20
[  837.375113][T11735]  ? check_preemption_disabled+0x48/0x290
[  837.380843][T11735]  dump_header+0x1e6/0x116c
[  837.385339][T11735]  ? add_lock_to_list.isra.0+0x450/0x450
[  837.390953][T11735]  ? perf_trace_lock+0x750/0x750
[  837.395913][T11735]  ? print_usage_bug+0xd0/0xd0
[  837.400669][T11735]  ? pagefault_out_of_memory+0x1a1/0x1a1
[  837.406292][T11735]  ? ___ratelimit+0x37c/0x686
[  837.410976][T11735]  ? mark_held_locks+0xb1/0x100
[  837.415858][T11735]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  837.421673][T11735]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  837.427485][T11735]  ? lockdep_hardirqs_on+0x415/0x5d0
[  837.432762][T11735]  ? trace_hardirqs_on+0xbd/0x310
[  837.437790][T11735]  ? kasan_check_read+0x11/0x20
[  837.442655][T11735]  ? ___ratelimit+0x37c/0x686
[  837.447336][T11735]  ? trace_hardirqs_off_caller+0x300/0x300
[  837.453158][T11735]  ? do_raw_spin_trylock+0x270/0x270
[  837.458434][T11735]  ? trace_hardirqs_on_caller+0x310/0x310
[  837.464336][T11735]  ? lock_acquire+0x1db/0x570
[  837.469020][T11735]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  837.474818][T11735]  ? ___ratelimit+0xac/0x686
[  837.479408][T11735]  ? idr_get_free+0xee0/0xee0
[  837.484094][T11735]  ? lockdep_hardirqs_on+0x415/0x5d0
[  837.489393][T11735]  oom_kill_process.cold+0x10/0x9ca
[  837.494617][T11735]  ? cgroup_procs_next+0x70/0x70
[  837.499570][T11735]  ? _raw_spin_unlock_irq+0x5e/0x90
[  837.504774][T11735]  ? oom_badness+0xa50/0xa50
[  837.509375][T11735]  ? oom_evaluate_task+0x540/0x540
[  837.514491][T11735]  ? mem_cgroup_iter_break+0x30/0x30
[  837.519809][T11735]  ? mutex_trylock+0x2d0/0x2d0
[  837.524580][T11735]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  837.530823][T11735]  ? rcu_read_unlock_special+0x380/0x380
[  837.536459][T11735]  out_of_memory+0x885/0x1420
[  837.541151][T11735]  ? mem_cgroup_iter+0x4f4/0xf50
[  837.546096][T11735]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  837.551896][T11735]  ? oom_killer_disable+0x340/0x340
[  837.557101][T11735]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[  837.562900][T11735]  ? lock_acquire+0x1db/0x570
[  837.567588][T11735]  mem_cgroup_out_of_memory+0x160/0x210
[  837.573126][T11735]  ? do_raw_spin_unlock+0xa0/0x330
[  837.578229][T11735]  ? memory_oom_group_write+0x160/0x160
[  837.583765][T11735]  ? do_raw_spin_trylock+0x270/0x270
[  837.589054][T11735]  ? _raw_spin_unlock+0x2d/0x50
[  837.593916][T11735]  try_charge+0xd42/0x1d00
[  837.598348][T11735]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  837.603895][T11735]  ? find_held_lock+0x35/0x120
[  837.608676][T11735]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[  837.614212][T11735]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  837.620433][T11735]  ? lock_downgrade+0xbe0/0xbe0
[  837.625379][T11735]  ? kasan_check_read+0x11/0x20
[  837.630239][T11735]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  837.636214][T11735]  ? rcu_read_unlock_special+0x380/0x380
[  837.641863][T11735]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[  837.647428][T11735]  __memcg_kmem_charge_memcg+0x7c/0x130
[  837.652971][T11735]  ? memcg_kmem_put_cache+0xb0/0xb0
[  837.658164][T11735]  ? lock_release+0xc40/0xc40
[  837.662853][T11735]  __memcg_kmem_charge+0x136/0x300
[  837.667967][T11735]  __alloc_pages_nodemask+0x7b8/0xdc0
[  837.673349][T11735]  ? __alloc_pages_slowpath+0x2c60/0x2c60
[  837.679065][T11735]  ? rcu_pm_notify+0xd0/0xd0
[  837.683664][T11735]  ? rcu_read_lock_sched_held+0x110/0x130
[  837.689383][T11735]  ? kmem_cache_alloc_node+0x347/0x710
[  837.694839][T11735]  ? print_usage_bug+0xd0/0xd0
[  837.699610][T11735]  copy_process+0x847/0x8720
[  837.704199][T11735]  ? print_usage_bug+0xd0/0xd0
[  837.708960][T11735]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  837.715197][T11735]  ? check_preemption_disabled+0x48/0x290
[  837.720921][T11735]  ? __lock_acquire+0x572/0x4a10
[  837.725860][T11735]  ? mark_held_locks+0x100/0x100
[  837.730842][T11735]  ? __cleanup_sighand+0x70/0x70
[  837.735789][T11735]  ? mark_held_locks+0x100/0x100
[  837.740723][T11735]  ? find_held_lock+0x35/0x120
[  837.745502][T11735]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  837.751759][T11735]  ? check_preemption_disabled+0x48/0x290
[  837.757475][T11735]  ? debug_smp_processor_id+0x1c/0x20
[  837.762843][T11735]  ? perf_trace_lock_acquire+0x138/0x7d0
[  837.768486][T11735]  ? delayacct_end+0xc9/0x100
[  837.773153][T11735]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  837.779387][T11735]  ? add_lock_to_list.isra.0+0x450/0x450
[  837.785012][T11735]  ? perf_trace_lock+0x750/0x750
[  837.789958][T11735]  ? perf_trace_lock_acquire+0x138/0x7d0
[  837.795592][T11735]  ? add_lock_to_list.isra.0+0x450/0x450
[  837.801220][T11735]  ? find_held_lock+0x35/0x120
[  837.805980][T11735]  ? print_usage_bug+0xd0/0xd0
[  837.810745][T11735]  ? psi_memstall_leave+0x1f8/0x280
[  837.815951][T11735]  ? find_held_lock+0x35/0x120
[  837.820714][T11735]  ? __lock_acquire+0x572/0x4a10
[  837.825653][T11735]  ? _raw_spin_unlock_irq+0x28/0x90
[  837.830864][T11735]  ? _raw_spin_unlock_irq+0x28/0x90
[  837.836080][T11735]  ? lockdep_hardirqs_on+0x415/0x5d0
[  837.841378][T11735]  ? trace_hardirqs_on+0xbd/0x310
[  837.846407][T11735]  ? mark_held_locks+0x100/0x100
[  837.851349][T11735]  ? check_preemption_disabled+0x48/0x290
[  837.857071][T11735]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  837.863309][T11735]  ? check_preemption_disabled+0x48/0x290
[  837.869066][T11735]  ? debug_smp_processor_id+0x1c/0x20
[  837.874461][T11735]  ? perf_trace_lock_acquire+0x138/0x7d0
[  837.880101][T11735]  ? add_lock_to_list.isra.0+0x450/0x450
[  837.885726][T11735]  ? perf_trace_lock+0x750/0x750
[  837.890695][T11735]  ? lockdep_hardirqs_on+0x415/0x5d0
[  837.896015][T11735]  ? try_to_free_pages+0xb70/0xb70
[  837.901139][T11735]  ? percpu_ref_put_many+0x129/0x270
[  837.906427][T11735]  ? blkcg_maybe_throttle_current+0x75e/0x13c0
[  837.912576][T11735]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  837.918838][T11735]  _do_fork+0x1a9/0x1170
[  837.923113][T11735]  ? fork_idle+0x1d0/0x1d0
[  837.927551][T11735]  ? trace_hardirqs_off+0xb8/0x310
[  837.932675][T11735]  ? get_mctgt_type_thp.isra.0+0x4c0/0x4c0
[  837.938476][T11735]  ? prepare_exit_to_usermode+0x32e/0x3b0
[  837.944190][T11735]  ? do_syscall_64+0x8c/0x800
[  837.948881][T11735]  ? do_syscall_64+0x8c/0x800
[  837.953568][T11735]  ? lockdep_hardirqs_on+0x415/0x5d0
[  837.958854][T11735]  ? trace_hardirqs_on+0xbd/0x310
[  837.963882][T11735]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  837.969945][T11735]  ? trace_hardirqs_off_caller+0x300/0x300
[  837.975787][T11735]  __x64_sys_clone+0xbf/0x150
[  837.980466][T11735]  do_syscall_64+0x1a3/0x800
[  837.985055][T11735]  ? syscall_return_slowpath+0x5f0/0x5f0
[  837.990684][T11735]  ? prepare_exit_to_usermode+0x232/0x3b0
[  837.996410][T11735]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  838.001959][T11735]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  838.007852][T11735] RIP: 0033:0x45a899
[  838.011747][T11735] Code: ff 48 85 f6 0f 84 97 8d fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 6e 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75
[  838.031358][T11735] RSP: 002b:00007ffcc2973378 EFLAGS: 00000202 ORIG_RAX: 0000000000000038
[  838.039792][T11735] RAX: ffffffffffffffda RBX: 00007f20e9828700 RCX: 000000000045a899
[  838.047785][T11735] RDX: 00007f20e98289d0 RSI: 00007f20e9827db0 RDI: 00000000003d0f00
[  838.055755][T11735] RBP: 00007ffcc2973580 R08: 00007f20e9828700 R09: 00007f20e9828700
[  838.063722][T11735] R10: 00007f20e98289d0 R11: 0000000000000202 R12: 0000000000000000
[  838.071692][T11735] R13: 00007ffcc297342f R14: 00007f20e98289c0 R15: 000000000073bfac
[  838.082770][T11735] memory: usage 304868kB, limit 307200kB, failcnt 3787
[  838.089729][T11735] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  838.097911][T11735] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  838.105085][T11735] Memory cgroup stats for /syz4: cache:120KB rss:210480KB rss_huge:161792KB shmem:168KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:16KB active_anon:210528KB inactive_file:4KB active_file:0KB unevictable:0KB
[  838.127968][T11735] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor4,pid=21588,uid=0
[  838.157759][T11735] Memory cgroup out of memory: Kill process 21588 (syz-executor4) score 1106 or sacrifice child
[  838.170157][T11735] Killed process 21588 (syz-executor4) total-vm:70532kB, anon-rss:2196kB, file-rss:33736kB, shmem-rss:0kB
17:49:11 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
syz_open_dev$loop(&(0x7f0000000140)='/dev/loop#\x00', 0x14ab, 0x400001)
r1 = syz_open_dev$vbi(&(0x7f0000000080)='/dev/vbi#\x00', 0x3, 0x2)
ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f00000000c0))
r2 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x2, 0x800)
ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000100))
write$P9_RSTATFS(r2, &(0x7f0000000180)={0x43, 0x9, 0x2, {0x81, 0x9, 0x3, 0x20, 0x4, 0x8e, 0x3ff, 0x3, 0x1}}, 0x43)
ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r2, 0xc0045520, &(0x7f0000000040)=0xac7)

17:49:11 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5000000, 0xffffff7f]}}, 0x1c)

17:49:11 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f0000000080)=0x9d)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
syz_open_dev$mice(&(0x7f0000000240)='/dev/input/mice\x00', 0x0, 0x6104)
syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x6, 0x309000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380))
close(r0)

17:49:11 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12000000]}, 0x2c8)

17:49:11 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0xffffefffffffff7f)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:49:11 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
write$P9_ROPEN(r0, &(0x7f0000000080)={0x13f, 0x71, 0x1, {{0x20, 0x0, 0x6}, 0x9}}, 0x4e)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
close(r0)
bind$netlink(r0, &(0x7f0000000000)={0x10, 0x0, 0x25dfdbfb, 0x102160}, 0xc)

17:49:11 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000, 0xffffff7f]}}, 0x1c)

17:49:11 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000, 0xffffff7f]}}, 0x1c)

17:49:11 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x28a)
r1 = socket$inet6_dccp(0xa, 0x6, 0x0)
ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000000)=<r2=>0x0)
lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, <r3=>0x0})
getresgid(&(0x7f0000000100)=<r4=>0x0, &(0x7f0000000140)=<r5=>0x0, &(0x7f0000000180))
setsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000001c0)={r2, r3, r4}, 0xc)
r6 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dlm-control\x00', 0x2, 0x0)
fchownat(r6, &(0x7f0000000240)='./file0\x00', r3, r5, 0x800)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000280), &(0x7f00000002c0)=0xc)
shutdown(r1, 0x0)

17:49:11 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x13000000]}, 0x2c8)

17:49:11 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0xffffff7f]}}, 0x1c)

17:49:11 executing program 0:
ioctl$LOOP_SET_BLOCK_SIZE(0xffffffffffffffff, 0x1261, 0x20000)
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x80006, 0x0)
connect$bt_l2cap(r0, &(0x7f00000001c0)={0x1f, 0x1d9c, {0x20, 0x0, 0x100000001, 0x1, 0xfffffffffffeffff, 0x8}, 0x0, 0xffffffff}, 0xe)
sync_file_range(r0, 0x5, 0x2, 0x20000004)
getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000040)=ANY=[@ANYRES32=<r1=>0x0, @ANYBLOB="fb00000038bbd3937e627914e479e4cb826078bf7db88ae81792c9867eb14ae5462ea00d24e8671a7fea040effe7b2994905404108c23d8eaeca4b46f3289ff4bb5c32d80a97b15f8cc33514d96ac15b07711b30b4ba94c59d8c4c13cdf62b3531a888aeed4bdb4af28c9252592bab0d4607d9d05edd02cd488327336c365d370e615b8d5761dc6f467d9fc81a0daa7fe3aab1aee8434e8c3ba53f07a105d56b1308bcca38ae902f01819678232ccaaefe323db77d895ddc809f0ab54ac36fefce4924188a449a24ba98a433ed2d655530c48e06ba67094cee80d47901e0133b08640be25207008f2d75b5a6abd50669e7e023c435e8b8a0d4a8ed36597446"], &(0x7f0000000180)=0x103)
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000003c0)={r1, @in6={{0xa, 0x4e22, 0x4, @empty, 0x800}}, 0x800, 0x6620000, 0x2, 0x81}, &(0x7f00000002c0)=0x73)
fsetxattr$security_smack_transmute(r0, &(0x7f0000000200)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000240)='TRUE', 0x4, 0x2)

17:49:11 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x14000000]}, 0x2c8)

17:49:11 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9000000, 0xffffff7f]}}, 0x1c)

[  838.814467][T11836] syz-executor4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000
[  838.834462][T11836] CPU: 0 PID: 11836 Comm: syz-executor4 Not tainted 5.0.0-rc1-next-20190108 #7
[  838.843412][T11836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  838.853467][T11836] Call Trace:
[  838.853491][T11836]  dump_stack+0x1db/0x2d0
[  838.853513][T11836]  ? dump_stack_print_info.cold+0x20/0x20
[  838.853535][T11836]  ? check_preemption_disabled+0x48/0x290
[  838.861137][T11836]  dump_header+0x1e6/0x116c
[  838.861157][T11836]  ? add_lock_to_list.isra.0+0x450/0x450
[  838.861174][T11836]  ? perf_trace_lock+0x750/0x750
[  838.887647][T11836]  ? print_usage_bug+0xd0/0xd0
[  838.892411][T11836]  ? pagefault_out_of_memory+0x1a1/0x1a1
[  838.898061][T11836]  ? ___ratelimit+0x37c/0x686
[  838.902736][T11836]  ? mark_held_locks+0xb1/0x100
[  838.907571][T11836]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  838.913385][T11836]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  838.919185][T11836]  ? lockdep_hardirqs_on+0x415/0x5d0
[  838.924459][T11836]  ? trace_hardirqs_on+0xbd/0x310
[  838.929479][T11836]  ? kasan_check_read+0x11/0x20
[  838.934308][T11836]  ? ___ratelimit+0x37c/0x686
[  838.938992][T11836]  ? trace_hardirqs_off_caller+0x300/0x300
[  838.944790][T11836]  ? do_raw_spin_trylock+0x270/0x270
[  838.950085][T11836]  ? trace_hardirqs_on_caller+0x310/0x310
[  838.955783][T11836]  ? lock_acquire+0x1db/0x570
[  838.960458][T11836]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  838.966268][T11836]  ? ___ratelimit+0xac/0x686
[  838.970845][T11836]  ? idr_get_free+0xee0/0xee0
[  838.975521][T11836]  ? lockdep_hardirqs_on+0x415/0x5d0
[  838.980814][T11836]  oom_kill_process.cold+0x10/0x9ca
[  838.986008][T11836]  ? cgroup_procs_next+0x70/0x70
[  838.990931][T11836]  ? _raw_spin_unlock_irq+0x5e/0x90
[  838.996114][T11836]  ? oom_badness+0xa50/0xa50
[  839.000688][T11836]  ? oom_evaluate_task+0x540/0x540
[  839.005781][T11836]  ? mem_cgroup_iter_break+0x30/0x30
[  839.011045][T11836]  ? mutex_trylock+0x2d0/0x2d0
[  839.015791][T11836]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  839.022024][T11836]  ? rcu_read_unlock_special+0x380/0x380
[  839.027644][T11836]  out_of_memory+0x885/0x1420
[  839.032329][T11836]  ? mem_cgroup_iter+0x4f4/0xf50
[  839.037275][T11836]  ? oom_killer_disable+0x340/0x340
[  839.042456][T11836]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[  839.048252][T11836]  ? lock_acquire+0x1db/0x570
[  839.052937][T11836]  mem_cgroup_out_of_memory+0x160/0x210
[  839.058467][T11836]  ? do_raw_spin_unlock+0xa0/0x330
[  839.063582][T11836]  ? memory_oom_group_write+0x160/0x160
[  839.069126][T11836]  ? do_raw_spin_trylock+0x270/0x270
[  839.074408][T11836]  ? _raw_spin_unlock+0x2d/0x50
[  839.079272][T11836]  try_charge+0x1457/0x1d00
[  839.083772][T11836]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  839.089311][T11836]  ? find_held_lock+0x35/0x120
[  839.094064][T11836]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[  839.099605][T11836]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  839.105858][T11836]  ? lock_downgrade+0xbe0/0xbe0
[  839.110689][T11836]  ? kasan_check_read+0x11/0x20
[  839.115519][T11836]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  839.121491][T11836]  ? rcu_read_unlock_special+0x380/0x380
[  839.127175][T11836]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[  839.132719][T11836]  __memcg_kmem_charge_memcg+0x7c/0x130
[  839.138258][T11836]  ? memcg_kmem_put_cache+0xb0/0xb0
[  839.143435][T11836]  ? lock_release+0xc40/0xc40
[  839.148098][T11836]  __memcg_kmem_charge+0x136/0x300
[  839.153194][T11836]  __alloc_pages_nodemask+0x7b8/0xdc0
[  839.158553][T11836]  ? __alloc_pages_slowpath+0x2c60/0x2c60
[  839.164251][T11836]  ? preempt_schedule_notrace+0xa0/0x130
[  839.169869][T11836]  ? copy_process+0x40bc/0x8720
[  839.174721][T11836]  ? kmem_cache_alloc_node+0x320/0x710
[  839.180193][T11836]  copy_process+0x847/0x8720
[  839.184789][T11836]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  839.191024][T11836]  ? __lock_acquire+0x572/0x4a10
[  839.195960][T11836]  ? add_lock_to_list.isra.0+0x450/0x450
[  839.201605][T11836]  ? __lock_is_held+0xb6/0x140
[  839.206374][T11836]  ? __cleanup_sighand+0x70/0x70
[  839.211288][T11836]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  839.217519][T11836]  ? check_preemption_disabled+0x48/0x290
[  839.223233][T11836]  ? debug_smp_processor_id+0x1c/0x20
[  839.228586][T11836]  ? perf_trace_lock_acquire+0x138/0x7d0
[  839.234210][T11836]  ? select_task_rq_fair+0x3b60/0x3b60
[  839.239664][T11836]  ? add_lock_to_list.isra.0+0x450/0x450
[  839.245355][T11836]  ? check_preemption_disabled+0x48/0x290
[  839.251059][T11836]  ? finish_task_switch+0x1e9/0xac0
[  839.256276][T11836]  ? find_held_lock+0x35/0x120
[  839.261021][T11836]  ? finish_task_switch+0x1e9/0xac0
[  839.266201][T11836]  ? print_usage_bug+0xd0/0xd0
[  839.270960][T11836]  ? _raw_spin_unlock_irq+0x28/0x90
[  839.276137][T11836]  ? lockdep_hardirqs_on+0x415/0x5d0
[  839.281409][T11836]  ? trace_hardirqs_on+0xbd/0x310
[  839.286420][T11836]  ? kasan_check_read+0x11/0x20
[  839.291262][T11836]  ? finish_task_switch+0x1e9/0xac0
[  839.296444][T11836]  ? __lock_acquire+0x572/0x4a10
[  839.301375][T11836]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  839.307598][T11836]  ? _raw_spin_unlock_irq+0x5e/0x90
[  839.312780][T11836]  ? mark_held_locks+0x100/0x100
[  839.317698][T11836]  ? __switch_to_asm+0x34/0x70
[  839.322448][T11836]  ? __switch_to_asm+0x40/0x70
[  839.327196][T11836]  ? __switch_to_asm+0x34/0x70
[  839.331959][T11836]  ? __switch_to_asm+0x34/0x70
[  839.336718][T11836]  ? __switch_to_asm+0x34/0x70
[  839.341503][T11836]  ? __switch_to_asm+0x40/0x70
[  839.346267][T11836]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  839.352512][T11836]  ? check_preemption_disabled+0x48/0x290
[  839.358227][T11836]  ? __switch_to_asm+0x40/0x70
[  839.362973][T11836]  ? debug_smp_processor_id+0x1c/0x20
[  839.368336][T11836]  ? perf_trace_lock_acquire+0x138/0x7d0
[  839.373997][T11836]  ? add_lock_to_list.isra.0+0x450/0x450
[  839.379703][T11836]  ? perf_trace_lock+0x750/0x750
[  839.384640][T11836]  ? retint_kernel+0x2d/0x2d
[  839.389213][T11836]  ? trace_hardirqs_on_caller+0xc0/0x310
[  839.394828][T11836]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  839.400283][T11836]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  839.406437][T11836]  ? __might_fault+0x12b/0x1e0
[  839.411206][T11836]  ? find_held_lock+0x35/0x120
[  839.415965][T11836]  ? __might_fault+0x12b/0x1e0
[  839.420711][T11836]  ? lock_acquire+0x1db/0x570
[  839.425393][T11836]  ? lock_downgrade+0xbe0/0xbe0
[  839.430229][T11836]  ? lock_release+0xc40/0xc40
[  839.434898][T11836]  _do_fork+0x1a9/0x1170
[  839.439147][T11836]  ? fork_idle+0x1d0/0x1d0
[  839.443563][T11836]  ? kasan_check_read+0x11/0x20
[  839.448409][T11836]  ? _copy_to_user+0xc9/0x120
[  839.453081][T11836]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  839.459300][T11836]  ? put_timespec64+0x115/0x1b0
[  839.464157][T11836]  ? nsecs_to_jiffies+0x30/0x30
[  839.469009][T11836]  ? vmacache_update+0x114/0x140
[  839.473948][T11836]  ? do_syscall_64+0x8c/0x800
[  839.478611][T11836]  ? do_syscall_64+0x8c/0x800
[  839.483299][T11836]  ? lockdep_hardirqs_on+0x415/0x5d0
[  839.488578][T11836]  ? trace_hardirqs_on+0xbd/0x310
[  839.493596][T11836]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  839.499814][T11836]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  839.505919][T11836]  ? trace_hardirqs_off_caller+0x300/0x300
[  839.511710][T11836]  __x64_sys_clone+0xbf/0x150
[  839.516393][T11836]  do_syscall_64+0x1a3/0x800
[  839.520986][T11836]  ? syscall_return_slowpath+0x5f0/0x5f0
[  839.526633][T11836]  ? prepare_exit_to_usermode+0x232/0x3b0
[  839.532354][T11836]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  839.537887][T11836]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  839.543780][T11836] RIP: 0033:0x457ec9
[  839.547670][T11836] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  839.567250][T11836] RSP: 002b:00007f20e9848c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[  839.575635][T11836] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457ec9
[  839.583602][T11836] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000002102001ffc
[  839.591578][T11836] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000
[  839.599536][T11836] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f20e98496d4
[  839.607504][T11836] R13: 00000000004be2a0 R14: 00000000004ce600 R15: 00000000ffffffff
[  839.648464][T11836] memory: usage 307196kB, limit 307200kB, failcnt 3806
[  839.655761][T11836] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  839.663459][T11836] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  839.671315][T11836] Memory cgroup stats for /syz4: cache:120KB rss:212560KB rss_huge:163840KB shmem:168KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:16KB active_anon:212680KB inactive_file:0KB active_file:0KB unevictable:0KB
[  839.695604][T11836] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor4,pid=21700,uid=0
[  839.719142][T11836] Memory cgroup out of memory: Kill process 21700 (syz-executor4) score 1106 or sacrifice child
[  839.734437][T11836] Killed process 21700 (syz-executor4) total-vm:70532kB, anon-rss:2196kB, file-rss:33736kB, shmem-rss:0kB
[  839.756032][ T1043] oom_reaper: reaped process 21700 (syz-executor4), now anon-rss:0kB, file-rss:32776kB, shmem-rss:0kB
[  839.783860][T11835] syz-executor4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000
[  839.802050][T11835] CPU: 0 PID: 11835 Comm: syz-executor4 Not tainted 5.0.0-rc1-next-20190108 #7
[  839.810988][T11835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  839.821053][T11835] Call Trace:
[  839.824377][T11835]  dump_stack+0x1db/0x2d0
[  839.828721][T11835]  ? dump_stack_print_info.cold+0x20/0x20
[  839.834434][T11835]  ? check_preemption_disabled+0x48/0x290
[  839.840137][T11835]  dump_header+0x1e6/0x116c
[  839.844621][T11835]  ? add_lock_to_list.isra.0+0x450/0x450
[  839.850248][T11835]  ? perf_trace_lock+0x750/0x750
[  839.855182][T11835]  ? print_usage_bug+0xd0/0xd0
[  839.859929][T11835]  ? pagefault_out_of_memory+0x1a1/0x1a1
[  839.865542][T11835]  ? ___ratelimit+0x37c/0x686
[  839.870200][T11835]  ? mark_held_locks+0xb1/0x100
[  839.875037][T11835]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  839.880844][T11835]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  839.886642][T11835]  ? lockdep_hardirqs_on+0x415/0x5d0
[  839.891945][T11835]  ? trace_hardirqs_on+0xbd/0x310
[  839.896972][T11835]  ? kasan_check_read+0x11/0x20
[  839.901842][T11835]  ? ___ratelimit+0x37c/0x686
[  839.906542][T11835]  ? trace_hardirqs_off_caller+0x300/0x300
[  839.912345][T11835]  ? do_raw_spin_trylock+0x270/0x270
[  839.917628][T11835]  ? trace_hardirqs_on_caller+0x310/0x310
[  839.923359][T11835]  ? lock_acquire+0x1db/0x570
[  839.928064][T11835]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  839.933848][T11835]  ? ___ratelimit+0xac/0x686
[  839.938420][T11835]  ? idr_get_free+0xee0/0xee0
[  839.943077][T11835]  ? lockdep_hardirqs_on+0x415/0x5d0
[  839.948355][T11835]  oom_kill_process.cold+0x10/0x9ca
[  839.953537][T11835]  ? cgroup_procs_next+0x70/0x70
[  839.958455][T11835]  ? _raw_spin_unlock_irq+0x5e/0x90
[  839.963633][T11835]  ? oom_badness+0xa50/0xa50
[  839.968203][T11835]  ? oom_evaluate_task+0x540/0x540
[  839.973295][T11835]  ? mem_cgroup_iter_break+0x30/0x30
[  839.978576][T11835]  ? mutex_trylock+0x2d0/0x2d0
[  839.983347][T11835]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  839.989577][T11835]  ? rcu_read_unlock_special+0x380/0x380
[  839.995206][T11835]  out_of_memory+0x885/0x1420
[  839.999875][T11835]  ? mem_cgroup_iter+0x4f4/0xf50
[  840.004811][T11835]  ? oom_killer_disable+0x340/0x340
[  840.010006][T11835]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[  840.015791][T11835]  ? lock_acquire+0x1db/0x570
[  840.020491][T11835]  mem_cgroup_out_of_memory+0x160/0x210
[  840.026019][T11835]  ? do_raw_spin_unlock+0xa0/0x330
[  840.031147][T11835]  ? memory_oom_group_write+0x160/0x160
[  840.036715][T11835]  ? do_raw_spin_trylock+0x270/0x270
[  840.042008][T11835]  ? _raw_spin_unlock+0x2d/0x50
[  840.046863][T11835]  try_charge+0xd42/0x1d00
[  840.051285][T11835]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[  840.056854][T11835]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  840.062398][T11835]  ? lock_downgrade+0xbe0/0xbe0
[  840.067256][T11835]  ? kasan_check_read+0x11/0x20
[  840.072112][T11835]  ? rcu_read_unlock_special+0x380/0x380
[  840.077742][T11835]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[  840.083268][T11835]  ? get_mem_cgroup_from_page+0x190/0x190
[  840.088985][T11835]  ? rcu_read_lock_sched_held+0x110/0x130
[  840.094686][T11835]  mem_cgroup_try_charge+0x43a/0xdb0
[  840.099964][T11835]  ? mem_cgroup_protected+0xa10/0xa10
[  840.105336][T11835]  ? __anon_vma_prepare+0x36d/0x760
[  840.110525][T11835]  ? anon_vma_fork+0x880/0x880
[  840.115267][T11835]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  840.121503][T11835]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  840.127742][T11835]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  840.133363][T11835]  __handle_mm_fault+0x2594/0x55a0
[  840.138479][T11835]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  840.144000][T11835]  ? check_preemption_disabled+0x48/0x290
[  840.149705][T11835]  ? handle_mm_fault+0x3cc/0xc80
[  840.154651][T11835]  ? lock_downgrade+0xbe0/0xbe0
[  840.159499][T11835]  ? kasan_check_read+0x11/0x20
[  840.164359][T11835]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  840.170365][T11835]  ? rcu_read_unlock_special+0x380/0x380
[  840.175995][T11835]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  840.182231][T11835]  ? check_preemption_disabled+0x48/0x290
[  840.187951][T11835]  handle_mm_fault+0x4ec/0xc80
[  840.192696][T11835]  ? __handle_mm_fault+0x55a0/0x55a0
[  840.197980][T11835]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  840.204200][T11835]  ? vmacache_update+0x114/0x140
[  840.209127][T11835]  __do_page_fault+0x5da/0xd60
[  840.213884][T11835]  ? do_futex+0x2910/0x2910
[  840.218376][T11835]  do_page_fault+0xe6/0x7d8
[  840.222858][T11835]  ? trace_hardirqs_on_caller+0xc0/0x310
[  840.228472][T11835]  ? vmalloc_sync_all+0x30/0x30
[  840.233308][T11835]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  840.239457][T11835]  ? syscall_return_slowpath+0x5f0/0x5f0
[  840.245071][T11835]  ? prepare_exit_to_usermode+0x232/0x3b0
[  840.250773][T11835]  ? page_fault+0x8/0x30
[  840.254996][T11835]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  840.260521][T11835]  ? page_fault+0x8/0x30
[  840.264745][T11835]  page_fault+0x1e/0x30
[  840.268885][T11835] RIP: 0033:0x40f8ef
[  840.272761][T11835] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41
[  840.292363][T11835] RSP: 002b:00007ffcc29733c0 EFLAGS: 00010206
[  840.298423][T11835] RAX: 00007f20e9808000 RBX: 0000000000020000 RCX: 0000000000457f1a
17:49:12 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000, 0xffffff7f]}}, 0x1c)

17:49:12 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
arch_prctl$ARCH_SET_CPUID(0x1012, 0x0)
r1 = syz_open_dev$usbmon(&(0x7f00000000c0)='/dev/usbmon#\x00', 0x7949, 0x0)
ioctl$sock_inet6_udp_SIOCOUTQ(r1, 0x5411, &(0x7f0000000100))
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x800007f)
r2 = accept$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000040)=0x14)
setsockopt$packet_buf(r2, 0x107, 0x2, &(0x7f0000000080)="51a2a0c71470dcebca17faf2f3fec9ba359874676643e7a8399bc0a6ff0d4eeaa7330f6922b0ce888b8d4ef1e601764c9fabee6f9cb66dde81cfddb9", 0x3c)

17:49:12 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
open(&(0x7f0000000000)='\x00', 0x42001, 0x80)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:49:12 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
close(r0)

17:49:12 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
getsockname$netrom(r0, &(0x7f0000000240)={{0x3, @netrom}, [@default, @bcast, @bcast, @rose, @default, @netrom, @rose, @bcast]}, &(0x7f0000000180)=0x48)
r1 = getpgid(0x0)
fcntl$setown(r0, 0x8, r1)
close(r0)
close(r0)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/snmp6\x00')
ioctl$SNDRV_TIMER_IOCTL_STATUS(r2, 0x80605414, &(0x7f0000000080)=""/253)

[  840.306406][T11835] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000
[  840.314411][T11835] RBP: 00007ffcc29734a0 R08: ffffffffffffffff R09: 0000000000000000
[  840.322368][T11835] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc2973580
[  840.330343][T11835] R13: 00007f20e9828700 R14: 000000000073bfac R15: 000000000073bfac
[  840.374553][T11835] memory: usage 304876kB, limit 307200kB, failcnt 3806
[  840.405157][T11835] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  840.415648][T11835] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
17:49:13 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0xffffffffffffffff)

17:49:13 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe000000, 0xffffff7f]}}, 0x1c)

[  840.432752][T11835] Memory cgroup stats for /syz4: cache:120KB rss:210452KB rss_huge:161792KB shmem:168KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:16KB active_anon:210520KB inactive_file:0KB active_file:0KB unevictable:0KB
[  840.485987][T11835] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor4,pid=21901,uid=0
[  840.520823][T11835] Memory cgroup out of memory: Kill process 21901 (syz-executor4) score 1106 or sacrifice child
17:49:13 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0xffffff7f]}}, 0x1c)

17:49:13 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x8000000000020000)

[  840.536231][T11835] Killed process 21901 (syz-executor4) total-vm:70532kB, anon-rss:2196kB, file-rss:33736kB, shmem-rss:0kB
[  840.564664][ T1043] oom_reaper: reaped process 21901 (syz-executor4), now anon-rss:0kB, file-rss:32776kB, shmem-rss:0kB
17:49:13 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000120, 0xffffff7f]}}, 0x1c)

17:49:13 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x15000000]}, 0x2c8)

17:49:13 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11000000, 0xffffff7f]}}, 0x1c)

17:49:13 executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000100)='/dev/loop#\x00', 0x800000000003, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x101040, 0x0)
getpeername$llc(r1, &(0x7f0000000040)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @link_local}, &(0x7f0000000080)=0x10)

17:49:13 executing program 0:
r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-control\x00', 0x400300, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x12)
r1 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r1, 0x1261, 0x0)
prctl$PR_GET_THP_DISABLE(0x2a)
openat(r0, &(0x7f0000000080)='./file0\x00', 0x200100, 0x148)

17:49:13 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18000000, 0xffffff7f]}}, 0x1c)

17:49:13 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f0000000000)=0x1, 0x4)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
close(r0)

17:49:13 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0xfffffffffffffffd, 0x0, 0x0)
close(r0)

17:49:13 executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000100)='/dev/loop#\x00', 0x4, 0x2000)
r1 = add_key(&(0x7f0000000240)='.request_key_auth\x00', &(0x7f0000000280)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
r2 = add_key(&(0x7f0000000340)='blacklist\x00', &(0x7f0000000380)={'syz', 0x2}, &(0x7f00000003c0)="d78dd583fa54f118a5ad5787c299ee6ab7cae8c82356afdd86fd150794b6754fe171ca9b36f22c6543117d7f41c61b268a0d7cc1094bf3421f329e885c63fc900329e5539c27639428bc7c066d7486144e13e54f77f51babe5d68c7c3aefaa73dc2d83c521c9903431f2a1", 0x6b, 0xfffffffffffffff8)
r3 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000440)='/dev/mixer\x00', 0x10800, 0x0)
getsockopt$inet_int(r3, 0x0, 0x1e, &(0x7f0000000480), &(0x7f00000004c0)=0x4)
keyctl$search(0xa, r1, &(0x7f00000002c0)='id_legacy\x00', &(0x7f0000000300)={'syz', 0x1}, r2)
r4 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x101000, 0x0)
statx(r4, &(0x7f0000000040)='./file0\x00', 0x4800, 0x2, &(0x7f0000000140))
ioctl$LOOP_SET_FD(r0, 0x4c00, r0)
bind$unix(0xffffffffffffffff, &(0x7f0000000080)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x80b)

17:49:13 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
ioctl$sock_SIOCBRADDBR(r0, 0x89a0, &(0x7f0000000280)='vcan0\x00')
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$inet_MCAST_LEAVE_GROUP(r0, 0x0, 0x2d, &(0x7f0000000080)={0x8, {{0x2, 0x4e20, @local}}}, 0x88)
link(&(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='./file0\x00')
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x1f)
ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000240))
close(r0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(r0, 0xc0305602, &(0x7f0000000180)={0x0, 0x2, 0x201e})

17:49:13 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18000000]}, 0x2c8)

17:49:13 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20010010, 0xffffff7f]}}, 0x1c)

17:49:13 executing program 0:
r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x80000, 0x0)
write$UHID_CREATE2(r0, &(0x7f0000000040)={0xb, 'syz0\x00', 'syz0\x00', 'syz0\x00', 0xe6, 0x9, 0x9, 0x7, 0xffffffffffffa9aa, 0x100000000, "9af200ffea688f2e6171cc983b8a2059e0f156543d3528619fc9fdd47ebe762c84f853359d0644318f4c722d53dc8683c5630c0b64f4bc99970adb5db61a2df3e4e96cbfe133c8663516272198057fa1816cbf17229d2a72add491035520cb6655c989ac797365239ab977f29ce9c757f87dacae95acce965e572aebf4d180f6771059962eab627884e2bb044e2f369a7db7350e293278c565a0c65f8cdd059614ac749674e9e3a02ef6d57051fe8a066109def00f8b4325fa791573c2c45942ef614e2598d2805bba86078e2006be66abc8d39f6b7bec70e653c3dfc95a469cd44796e859c1"}, 0x1fe)
openat$smack_task_current(0xffffffffffffff9c, &(0x7f0000000240)='/proc/self/attr/current\x00', 0x2, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(0xffffffffffffffff, 0x1261, 0x0)

17:49:13 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000]}, 0x2c8)

17:49:13 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000000, 0xffffff7f]}}, 0x1c)

[  841.287670][T11928] syz-executor4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000
[  841.321689][T11928] CPU: 0 PID: 11928 Comm: syz-executor4 Not tainted 5.0.0-rc1-next-20190108 #7
[  841.330632][T11928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  841.330639][T11928] Call Trace:
[  841.330662][T11928]  dump_stack+0x1db/0x2d0
[  841.330683][T11928]  ? dump_stack_print_info.cold+0x20/0x20
[  841.330698][T11928]  ? check_preemption_disabled+0x48/0x290
[  841.330725][T11928]  dump_header+0x1e6/0x116c
[  841.344072][T11928]  ? add_lock_to_list.isra.0+0x450/0x450
[  841.370009][T11928]  ? perf_trace_lock+0x750/0x750
[  841.374938][T11928]  ? print_usage_bug+0xd0/0xd0
[  841.379694][T11928]  ? pagefault_out_of_memory+0x1a1/0x1a1
[  841.385365][T11928]  ? ___ratelimit+0x37c/0x686
[  841.385388][T11928]  ? mark_held_locks+0xb1/0x100
[  841.385410][T11928]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  841.400719][T11928]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  841.406532][T11928]  ? lockdep_hardirqs_on+0x415/0x5d0
[  841.411831][T11928]  ? trace_hardirqs_on+0xbd/0x310
[  841.416868][T11928]  ? kasan_check_read+0x11/0x20
[  841.421732][T11928]  ? ___ratelimit+0x37c/0x686
[  841.426411][T11928]  ? trace_hardirqs_off_caller+0x300/0x300
[  841.432215][T11928]  ? do_raw_spin_trylock+0x270/0x270
[  841.437517][T11928]  ? trace_hardirqs_on_caller+0x310/0x310
[  841.443240][T11928]  ? lock_acquire+0x1db/0x570
[  841.447961][T11928]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  841.453777][T11928]  ? ___ratelimit+0xac/0x686
[  841.458385][T11928]  ? idr_get_free+0xee0/0xee0
[  841.463062][T11928]  ? lockdep_hardirqs_on+0x415/0x5d0
[  841.468372][T11928]  oom_kill_process.cold+0x10/0x9ca
[  841.473581][T11928]  ? cgroup_procs_next+0x70/0x70
[  841.478539][T11928]  ? _raw_spin_unlock_irq+0x5e/0x90
[  841.483734][T11928]  ? oom_badness+0xa50/0xa50
17:49:13 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-control\x00', 0x100, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x40000000003)

17:49:14 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000, 0xffffff7f]}}, 0x1c)

17:49:14 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0xffffff7f]}}, 0x1c)

[  841.488330][T11928]  ? oom_evaluate_task+0x540/0x540
[  841.493444][T11928]  ? mem_cgroup_iter_break+0x30/0x30
[  841.498722][T11928]  ? mutex_trylock+0x2d0/0x2d0
[  841.503512][T11928]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  841.509758][T11928]  ? rcu_read_unlock_special+0x380/0x380
[  841.515432][T11928]  out_of_memory+0x885/0x1420
[  841.520132][T11928]  ? mem_cgroup_iter+0x4f4/0xf50
[  841.525087][T11928]  ? oom_killer_disable+0x340/0x340
[  841.530289][T11928]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[  841.536133][T11928]  ? lock_acquire+0x1db/0x570
[  841.540867][T11928]  mem_cgroup_out_of_memory+0x160/0x210
[  841.546448][T11928]  ? do_raw_spin_unlock+0xa0/0x330
[  841.551555][T11928]  ? memory_oom_group_write+0x160/0x160
[  841.557125][T11928]  ? do_raw_spin_trylock+0x270/0x270
[  841.562438][T11928]  ? _raw_spin_unlock+0x2d/0x50
[  841.567318][T11928]  try_charge+0x1457/0x1d00
[  841.571828][T11928]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[  841.577379][T11928]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  841.582916][T11928]  ? lock_downgrade+0xbe0/0xbe0
[  841.587741][T11928]  ? kasan_check_read+0x11/0x20
[  841.592568][T11928]  ? rcu_read_unlock_special+0x380/0x380
[  841.598183][T11928]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[  841.603708][T11928]  ? get_mem_cgroup_from_page+0x190/0x190
[  841.609423][T11928]  ? rcu_read_lock_sched_held+0x110/0x130
[  841.615120][T11928]  mem_cgroup_try_charge+0x43a/0xdb0
[  841.620387][T11928]  ? mem_cgroup_protected+0xa10/0xa10
[  841.625743][T11928]  ? __anon_vma_prepare+0x36d/0x760
[  841.630923][T11928]  ? anon_vma_fork+0x880/0x880
[  841.635686][T11928]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  841.641900][T11928]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  841.648138][T11928]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  841.653752][T11928]  __handle_mm_fault+0x2594/0x55a0
[  841.658865][T11928]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  841.664411][T11928]  ? check_preemption_disabled+0x48/0x290
[  841.670135][T11928]  ? handle_mm_fault+0x3cc/0xc80
[  841.675073][T11928]  ? lock_downgrade+0xbe0/0xbe0
[  841.679903][T11928]  ? kasan_check_read+0x11/0x20
[  841.684731][T11928]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  841.690734][T11928]  ? rcu_read_unlock_special+0x380/0x380
[  841.696353][T11928]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  841.702570][T11928]  ? check_preemption_disabled+0x48/0x290
[  841.708274][T11928]  handle_mm_fault+0x4ec/0xc80
[  841.713018][T11928]  ? __handle_mm_fault+0x55a0/0x55a0
[  841.718280][T11928]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  841.724498][T11928]  ? vmacache_update+0x114/0x140
[  841.729421][T11928]  __do_page_fault+0x5da/0xd60
[  841.734179][T11928]  ? do_futex+0x2910/0x2910
[  841.738680][T11928]  do_page_fault+0xe6/0x7d8
[  841.743162][T11928]  ? trace_hardirqs_on_caller+0xc0/0x310
[  841.748775][T11928]  ? vmalloc_sync_all+0x30/0x30
[  841.753604][T11928]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  841.759756][T11928]  ? syscall_return_slowpath+0x5f0/0x5f0
[  841.765391][T11928]  ? prepare_exit_to_usermode+0x232/0x3b0
[  841.771093][T11928]  ? page_fault+0x8/0x30
[  841.775316][T11928]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  841.780856][T11928]  ? page_fault+0x8/0x30
[  841.785077][T11928]  page_fault+0x1e/0x30
[  841.789209][T11928] RIP: 0033:0x40f8ef
[  841.793098][T11928] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41
[  841.812724][T11928] RSP: 002b:00007ffcc29733c0 EFLAGS: 00010206
[  841.818765][T11928] RAX: 00007f20e9829000 RBX: 0000000000020000 RCX: 0000000000457f1a
[  841.826711][T11928] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000
[  841.834663][T11928] RBP: 00007ffcc29734a0 R08: ffffffffffffffff R09: 0000000000000000
[  841.842611][T11928] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc2973580
[  841.850561][T11928] R13: 00007f20e9849700 R14: 000000000073bf0c R15: 000000000073bf0c
[  841.867899][T11928] memory: usage 307200kB, limit 307200kB, failcnt 3835
[  841.885604][T11928] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  841.896134][T11928] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  841.902990][T11928] Memory cgroup stats for /syz4: cache:120KB rss:212572KB rss_huge:163840KB shmem:168KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:16KB active_anon:212660KB inactive_file:0KB active_file:0KB unevictable:0KB
[  841.925123][T11928] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor4,pid=22623,uid=0
17:49:14 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x2, 0x200000)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x5473, &(0x7f0000000000)=0x1000)
close(r0)

[  841.947620][T11928] Memory cgroup out of memory: Kill process 22623 (syz-executor4) score 1106 or sacrifice child
17:49:14 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
close(r0)

17:49:14 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58000000, 0xffffff7f]}}, 0x1c)

17:49:14 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.stat\x00', 0x0, 0x0)
connect$vsock_dgram(r1, &(0x7f0000000040)={0x28, 0x0, 0xfffffffffffffffe, @reserved}, 0x10)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f0000000080)=0x200000, 0x4)

17:49:14 executing program 1:
r0 = syz_open_dev$vcsn(&(0x7f0000000100)='/dev/vcs#\x00', 0x8250, 0x206080)
ioctl$KVM_SET_NESTED_STATE(r0, 0x4080aebf, &(0x7f0000000400)={0x2, 0x0, 0x2080, {0x0, 0x6000, 0x1}, [], "9e220751bbc9832f7675fff66835e7d088789a2266023f11cfbc856b99225c08a9c19468b4a31a623e5df57dbf918c290de0fef6918efae4b1833a7fa8b21f9a5d023d748174f6a9a74e6ef671a7eb2472841acde7460459e324cab5ee8418f5514326a278c21bb718d62079bbfc36c3713ffc17291ec3424124e5314599c85b20a2d02fc2eb2765022ff6b72f84a10be181ed64839d8d695f75c4d92a2984eec050e14832d9efff19488605236657327bd0f3109b0df740fd181714c0671450f59cf8fad4f97e46c47b58117958cb7f4e0c98b3ababc14303cbc8f2b84b9af6765a4da98eba8a0c73d38a5d9c0b668395e369055b3be77ecd2c1af75ca79f43ca7067a0c6d3f9e9518b013b0c51d94f00f70aac15af2ccbddc366b9d4aa259158020903349e7bdb1298b6e09e485a0907b1665615fc4d37a7d55b3014021cf00ed08e573cdab0bf2e21288141f3495825bcc5791173569365ef71a8da4a503c74cccb42f64a18a51fd270c36370c7ef0f7b09f123c2b0983fab7b986b5b064ceabd6f588c766f4a65761130b41226d7d2d87c16b85d483e6fd3168d7c0e4e3af0ecad2b7d8939a224fb9e7744a030ce83675f24d432141c608b9dff2e9871e38d6d23d2d04508aefdd64c3bb5f338309a5254fe35a0671a837227acca03adaae462805da303f254c714b1ed355a812786644713395af90b043f2d8a6209dda1f6e134cf7efae54d14d7519d84f876f773474a3272f049454fcea9e9a7f1cedf515726fe47dbcedebae305c966c66e6591bc8e5fd9f1680e357c7cec5eca31cff187e70aa64ee0e5405219c67a26c36e7709921930ccf644f5a8e273597ddae77a2c0d814295a2cc0864e5d9dec21bd9b40eee3144365be761a53d09e5c07971b0a3e4bd943d25eef634293a29f784132de9b401e7875b20ce9ff5b9e2d3ac84da104cfd8bae07f08cdec987346833c1bf0bb9957281e21cc7efb18dfc5c968211aa0ad8e7efea2df3810559fc645be3228a854cf093884ad3e30892d47e4f59d36b8116ea5d056a4a7a2957306c0e8e2bd1c603fa316d51ca8ceddc16ba49427868ad7aed295a13548a4550f0ba3c5972e9f2d0dc753be3662ceb120498486b946b411e2bf0370dc0a7e0224173701debea0ad2a9091ed1a982d6be1401bde5c0df651d1a63fedbe2bfd919f7c44dc7b25a8c42458ecdae125b4a756d196a8ddedea958ec2ab647d0f6e4eec533cddadf84d923306f6180906e1dba83035373dbbe1222d0bf116e801886dc5240c9802317f9f9bae274ccc451653e3d46e793e3bb40f1db97468942f62036ad2c2bd1419f8a5e71e1416cdffd87a3d285a4a78d8b4db0df8a2602ee37b214fec44ca6fd1b9b2e9b97882ad96e1970b403b146a192e312c360deeec0e514bda4fb5622314f823974339b753d6008a6667fa6ff7bd9fd438c33d4924d6803317d4788cda9d78c81ad0145ba9ef18a73e9629dcac695bcc316e52438bab267a1053dc9e3bde86a76be930bba7fe853aa26ef1e557f6c47aed69b5de6e65b6f0b199528434a08f29f77136f031a104a3b22d46644a9e6290b3d2bdbe28563f9ce6de410ddd529101b493670051679df8cdf93121e31068220fefe4e1b6396378480f269e52f6a1eeb1438ce47eafc04e4a7830fbb080a21a0489bc7b51fdd18df6501b45e9c76d570bed1dc3b32246a7ab48714a6fe4e20ccf314ae49d1c4d76665ed5e59b67bbc92e63a7188a72c4198d57735fd49e2d9306bc0867e5f02a943683917df2f5693ca991e81ad8eb59ff791507f30327e4d0de87b23275407e83c0e9940660b346e6fc56f509b82fef6008e14ca9977b4b07371972e393ba44b87d84445bf544ce2ac579e2ff81cc3453c1f54979c4e3ffe54d4c4fd5635a9408416357d4a26456f42e044ec2772d33886c563d7a0abf782dfc8d126c38e5f603af65e2dd82d9cb60680790e410e7076fe67b54fa44916473b0c804330adf69c210050b0fd093cd92c2a1dd0f89d39544b853ed829c49588384f1214b106c315fba9f54bc115954d662e1549da11695386f9cf8f933d46cfc29b7519ac3217132fad8161f42bd772513c54953eb8ee7f5a69b9613a18c89e8d52f8a9f1a02e0993d99ff8581443db9312e08d4ad0c441e68a50ccfb9b70476e61e0a8c3a4aeec4d23bc22c0cfbdddbfef29e70225dcaabac2b341cdf159e54dfaec713ed33513f4c4dbbbc7b412e24b0bfac208a75515ff8a8a8be752375ea50c368cefdd3080e9377576c8ecd17973876f3a3bb63d4fa604bd34f8232489fc76b4d63a907605b6ce4d30817838782fe10e8cc5b518d3499d9329f46eea5fcceba5b1c9f475127c3b30990d8cb38d06ce173bc31900a1c2101ea52f6951ebafc78703b7540d456ee1ae812231b635ff4cbe152ec150ff38d00f39f5a83fa08b920af7cf3e0a37c06a09ad64bc4d6118f80b7b2f2611a4f2c2bfa093faaef871508a6ff9d4f073004dd29e91a536b3b2c6213f93eea512b017e85a006336e4232fda96ac28e9a4a6e83eae697170e1063f3d1cdae70e29a1d43863200ff089d0d49d73b8c7fc4210a8210cf749aeebcb886c74196a14cee86bf9d804a98d434d0b9179210b51997d38a169ba3de501f8c48ee31aa57d27113ab6a5a94739df61eeaa978f429f7a5e4044233f2d92944f6bc64f5938867694cb98e7a83528aceac61047c86a00a0ab8ee3537d405096b76b1a9dce8c39b231d1d3cce84c8b0761cbcc6d706c5985b8f78e68cc75d993cbf3b4af768a8c940ad1b84e2d19b496fdd17382a38e228bf597fee767915f452004a04b053fb4089f76b9aef67b04886e993c3c2826c233a54373bdaad0d3da228e21820d32293cf93e25fc62262d6e03c5dad2455704a0bca563aa6f95b09d123878b4a7157b6f9d7677d2ebaf40337c7b59ea4ef2fa3dd623362c8ef78141c62569db2ca74657acc9095b24c0e73b3dc3315e154773a7a7876351ec488521552e98dc49e64c3823cd059c042a845363d86c5187c992ca4bce5c77756624f9ce8bd6adbc6ced5a3c118112159912df8f3bdd04228e4c7a3a6f865f9cba1773b7e48918ee1d7f002b351acaa5b59ef6a3edf8097bfe0d22e9a7479bb8b9c5fe8fd1060724aebc0089762c878cf0ffd5097fcaee3fec90436258023ac66592e3770b5d3937bc616c2989c0f25651f12c30c6b66a3f7b523144cf0fc73baa080b5786d4ff5529c88543c3e8a327fbbb83a2a992d8d61b78971da7bf472e195b2cbbc1db099396563d71cbdf5852af353c2f1c3047f2b14d3cd9a723db8e3911592c87f689106096ed0096c3ca263df0f392519562b01c1b46a47f679a015a749a015e02c54cba5a24bf8fe164b4232ca85030c44505328af220627c6e0e750b8b93a1f5473995f3339e83327c8665f0f5cd6bfe8f75b9aefd025e1d795cc384de68fbb0f66f375c35e633478b092afe657f495daa2340b7fd38cc9ed4078ab797ba31d012aff8251f5da04cf1e3f29827ed3a68954ac4281a40ce9a6bb41e854e41d0cf2327c662240efa40aa6fef117daa875225a3385d0cfb0cdc3d33a6e8a9974b6384f6792d8302179cf813c6b26ad623f3456bafae817cd12cb519008e87775659096363af8269d6f5ec61e2af59fe2e437f97b6224cd46fb246eab2f45640d0683687a7baedb292551a5693c27ff268c41eb0d3933b3174536d9bfa171282b3d3a395d9581484ca7ccac12ec97760dc31481c515b16ca223a51f965c03fe1c9e56c5b80a128689734681d4fa98806ec8b443934d3c956d5afc17408a6b71a36472b37bb115bc70cba423a43ffc2a19959c53ee3df04bc4a8534d48f4c53941825a7916f78dacb3e69a3ff8cde1a70278357dc41c270eeba18c25807eb67b2c3e82501371e652bc2e0af05c7fe14891ed4f2b273419c93955adc658762c86133a041432338884215d682f3d29d8c968f54de82049c172b4ab355b1d9c5413bdd2b18f327af37f8a859b9a618d59806414598f5f3a711db6b10bc52f3c626655b677b3cf8224bd594620898dbde251cf63aa8b1d9d8febcc25990c45f9e1905c7671a477858d7ff1a177a69577eb9bc148baabe0d7175bb4411abe31d5b84393be5c5df738ecce2a97a8d002fa1ef5c1211d71da8bc7bcf8c73c2a12fa8d510fd759ca4d022d3601aa0d6fe64fb3808b099f7475202b5da2fa7bb9caede0121a45fa68099079e939eae3a5700379d84585d2ada1b62983c47ac77190b1772bb656ebcedcf7461f420379e2749fdb9d3b1535ddfb03520c3493c3c7389a5660f3a1544290fa827d0da20630763ede111bfdec381fa207154e1eade0daa6958bd67a203d7a823f9b8783b96474a00b37ca37276dc1c41f00592140dd82b661768d6656c5f5817b50c1b167fab637170aeb7810ab399051e58b1d295af80857570807b3121df5dda1659ba6d5777c9753df90cd3c9f6fad5a92ccf307bf7def510151dee0e6e90db4bb131728e927759b37cbb7c7b02bf633c94f0643ff586e2c0c448987fd8956f0e25a6c95663ae9b3ed41b2670380c5347b3883bd016777decdc532ed19f66868057f968e966263edd53ed7bf8dbb0d2c0ceefa8a01740196669c5b8ab7c44cb2f70b0cac7c2931e5f47a9a8f1c099cb37a3e2aba7ce0017ef1adc8a18f00cfc2d7d8b7680724c470069ff532808136571560ff4f353b781fa37666f33fad5ebafbe85e96aecc4d97f41bf7f45991911b3d03a949e33b2b37764c974adfb816db3e64219d5d640f0353dc817e0a0f5ab4b66f87b070e2cd2a34ef9c52dec2147332e34c6674d0c1b05c45ffe35bdf78824c9ae6c471db90453691200fb792df37d02e575495190e53655ae13e1b57f6b465b6e836654b9dcb51af8f7759e4d94f89e9d88401d1aa3d9fa6cf97258d6523268b56b28f57db462a6ee639fc90f0b6d5f2ef1924ed033927786123c421522cb9102dd8644eb5f7ac318ccee86a8927b3b5bf0d742079c2b7741e26167f71457a23351f96f98a31bd5e34e791394fae6d779e010a30709c8881223dd1aa6e72cd43828255f736deb600f80ed2fa7a704209066f52af03bda5761418b959211335c369ef5825e803eedfeac4fb9fb0d32ea6f61dd9bec8564cac1a825e31c44b6ef23b5a37a3d502a4a82f22689c8c5856ccaffdef4f03d9282127bbf4e5e76291d0d4170d1a5ca82a8c836a758b7af006060f6b747d035a8c5dfef1c3d6a3385920fbda1af68f9bb9cc10d6bf96b8c875ddb1ae6d7c568943625ac907bbca546cb344d09c5938a24542c8ed9cf32ecabedd50de2f26bbaae6f7ab859999eb8383c90a9e97144e049b0669480cc1d60d3fc049070fd9d9edc363f94cfadeae4276ca09be55e24c860730fc0bbf7d70539fd6c89b5a80bd77837fb54868566dbad6e1349f78821f3e51cb7e3c343a1263e263d228e4b9e51c0d8db075b9d026775f4c8307e364457a49f100cbdcf60c282e327fd6188a0bdc7e896ef6ce98532b11496172fdeb3dca04055da9831e049c24166a428efc13eb92a9daafa39ef3a1b9560bd539575ea75f9f14575953a0e34ae07782d34aa240b41280dd0c16a6b803af5ff2969fa4799713a8cea9daa1d1ac8abe594e19f9d3684b3a2ae60a4b6f280d8e32813aa68b78dfb5399b2c2f0d47a919c9a16e1994f8352614bd05857b659591d2a9bf6be23c16f7532878c1bba1db2d9fa79567b35f8c4484a003864bc417f6be529d953b9d42db5321c42e283c4f5e0b8", "c2cd6d821891490a6def69957f325c6e7d669a9a1d9591d43bdc60a598c7bbb46b6b2ef426d8656cb84003c36679ab1914d9a5ca8e042f7da2d1e4a07386d270cee6827174b4e3b765b635206dfa2cbc93aa360f0201e36c092af5a7ba36e77c65b36432f43f180c1efb698b049b5dad9ec8aa8bdaa1e0f35aacfb56e844d14f42d73a7dda08a76d6a6a4cfcfa8cb4e91209ee77c7cbcf9c56ef9bd39a16ef5f115b195f7007e2600d3e7e4e5fd131cae7b876da2b76262a22bc7fb7d719513debc909bba1f728ec0de1bb016d40e0644118baf9b9038058b816501165fad09f8403b08bb29cbb12adcadb538862721117f7063041b58cc0c1985b6642aa926d89df81be30efc288aeb712fea64c8a2552ee5b47514b7ef5f743fc4b87eaed0bddf71ff434bb4ec911cb864916dca80565d100afc044383968bcd173c10418874f546d747878e956ea426ccafe974e33e4dea73d694cb91db5d13febc978d1a4f38efebd9469dc91da1c74ec2fdc2acc981c972776956556325b1df8d7a2ec1e867ad00628dc0956e722dd7a8c2c9b76ef52e3f74d3bca29519267ae859b4a7bd2a9f95b604dfd80b0ec06cbb24ef28f9f6735b2905050a5a273e3a63e2110ebf4856370141ab042bf8379d34d4d03c636dd0f7f50db055c9a1559e9361764eca669268abb236e0093ae15797a60416a10be909b295dbad6db59af6f3428ffa995cb99b491e56c7e409a7b8479ed1349fb85321a70f3df97023f53ad1488e5d9a9a550a717a9a3344f516026e77ea811cc4d6c517cc0d709e7c3a480c36d58ddfd29194baff9a8f57ae827b79d9b57d25c7c09a091ba5b6c1bdf2325caff9511005260bfcfb256270c1f67bf1d26e64f0b8e281b53263e186d3ac20db4eb909538c610bdffdc021d97351f847282bb00f72b455e0a585aac27ccc250005f9d695c71c458ac31f22fdf86b2d4a8b257dd2608b8fc5c43b907aaa593c10299ca574304992af1a85c6ea00cffe7429bceafb49e103d12f40d0beebada61171e9d469d715ae987f74970c7e6125475ea0177f694e1ed558ac0c5f02f81b08f69bf53c62a1d00a20cbec71459a80f4166f2e7620ba5c52bb70f8f3bc051539dcb2afe130540d41198dfed78be41c0edf5ec27f2639f0aaa98025c4b9f62c520b81d2c147dd91fee38d385d3c2162de3357f6fd504595a003cb96a8ed64e6a612f09e1b1dd3b3a8f544309232edeca715525e8005b99b20b4da84d6a086aefa90b31c4462a835cd7a1ef4fe3f384d9e95cf0f5663975d10138156ad969a9e0888a0a0b5564a0bed7f3af44ef9496c1e74f92814803ae2da4664ea8011f717c4d7a574b6b25c64d6539d494241e91c39d2c666274da2b10c057ff8fcabe04d7892fb9542984a539191c4bf42dcb35678eb2948c998168a72451219a022f9598f0c066d320eff0423b530a70b1f7fa33ff82f95fbbfbddad50f3b1603bf700e6305151e76cc57cb9dfdcface12b5939ea1a19161db228491b016f57903d2a877d852e1929118ed5a2d1998950a6019dc2562232eeba418027da80eaede83314b56e3df143a6fb8ea406dbbfa040a5ac85875790466e4f7ac2e6feb454977dbf352572fce8d5003b15baf82f79fca2f526d521cfe11b37cff1daeaad61288744746413aee1f808425cbaa2e90520120467ce05c66885e0532793360ca2413b961c17d6092d3a9c37de0fb8d5ac768de8fa233c962da94411973a35142cfe72b45ae2dc19f2985972aecc27496c5e942765a4530b1806fe3af9173c872c1f01c36c62c1cf1fd5dd915d817810021b4043e4a489d8ddcd9eb4c85f55ab41545b8fccdc9da3c635525ce56ad62526c3bde4381fe0006857d028faeede7e889ed17aabd3ee72ed2360c0b88f987bd6015271e62d9c9d827720643e4eede89c48b11a846e5b6e95808a4ba0f3b702208869273b248ca4120df34e4a250fcf6ba565df79382738c09a6b809450e5d64048a38c8e93f7f21322c5aad495e0bcd970190500a8b7f317bead36a37f1337e9828b5587dc6b10ff278da85618514bc66a16c827585c10e44c3999586bc3d83f902dd2bb6e66560ee6d5bcfcb8849f7633258889ad3f7108d5df119ba63f2353653c015a29e2328d99f579963022d4e006ecacb0164508515212dbba340b8b80657b1038558ad64f5ac8b7e7b27c08320933151b8a19308b3a22751855a897fd3a7085529342c4e168e65e526553d2c10701268723b532a8a2bb61bacfae215b4bf54a65d52ca80b03add315da99489ecf6ad17dec8adeac717b54197ee5e9080bebf102b404471e435b6f5aec19bab1a086cc3c5042f37069d9913c09c1e0fab4ef5fe9925e34faf8e3869203a886036ac01101acad110391f8788c7e2f3152eb0deb5b22db96ad593ed5012469f1102ca740b3b5cdbeb7eab631bf21c7f19c6c06ac4f7ef8a28f23c6fc704710286fbd4f63082e5b5f3b0f11eb77e4d80e8c29284c5dab7d209c3095d0ec7653a05bdab9b0757dc8d42a85ec422439192805021b546ab5dcad8e41b53a6ee030bdccbc0b87381e6eb810db82a6b7a088287ebfe22d38582046d9df4bb9bf5d79d5866feedb683ebd356d4aeb952a79bec021652e76caea3ecd39a6ddb488f756ca305d1f51ad27943c8de8a50b649dfaab53ef034f85f7b5689c3b2643a36f1a374d638bb8cda057ca7c60a040da2101308e6f94beec2c60ab5b5092d4800a785a8fcc2f9b23d8153b585bb99c063a7f7e9765eca64eae4a3f9833f636b76a66bb7a13f59259b691612727a4efc8b8268a798953e2654069efccbb28f066bef133a7024b8fd476b7b94cfaa45b4d562d60611339cdf6f0206e7200b9f68158a1b18e952e38e5159e84df3967394fffae4d22d730318cd08eb80bb83e326a8584df821bca32bcc6d6c0f9c7db0da622b8704dea9eb6f59e747d9ef6987f5f4c3ffe5ba4486bda77d9291cb8e0d76fee80cd4ac27148f55a713acf52b471c54d5eaed71e01de8d1ff2802f4c7287e89472d73fab7d47b7380de38756909cbdd0962ca496f42ed99f384092beb04ea95c071761cdf8ee4c0065393362cf02a63df3c2379f962be2a15f194e16c25d942e2bc3a6851685604080104f062edf76af730e4df2475a92c97ce6a113880fa5ad536eb76604f8465dfdafb47296ffcbd272e83b00558032a843ea49a65c650a38afebe88652352222bba2a22071466ef5dc30db31344b7aa41133f07a793674b08a049c8c80895bb0ac3bee1e0e785da9f0ce69da27f3f75a8f46a2c1f9ed642277214b98b819a1a56955e4b0c44b54c65b283d8d4d96e540fdbf8ca0d20064275acc2783e0a61757986559a289dd5db38edca7f472e6b6be3e9bc0bba4e8aaee7553a0e2627c9469cd80d1d486e17829424f934b32a56615e01ecf19fd583d35f914ec96b42c76f9e6121fee686f9c13318d774099612d0945d2842ef7e98c64fe253766066116116e88b02bcb5b44faf85c20b5d6b3bd047d0e08e401936d615ad6ed4141cd5248321921d7573b7ecfd490d2432ec2a89e287a1054c36120dd030157dfcf31ac9343af4adc7adc6f72932fb81811760d376e13fe6bcc8770de746396b7e772f9c4d3a967f6b13090db6c0418922eda3ffd21d36392fdd72084347a57bdcc8d44613a4bf1cbc2509c65562e2387289c80595ea640990c01a17226bc4b775b348705bf7fb036a7635905d8d95155bcd5bba5ec679ec0ebd9cd0c00b1b3d8360fc745764a53feee0f7e3fbe076f7b151f336b2ab758acd22d1430a9902a21f23843ea937f1557994c947d3444b925029ea44022f2cb00c5d85e1ce07c5fe8899ebb9e3415254890cd36db03d5334944937108a18dd522b3a3efc7c238079e0d9dfbbae804649970cf63f38dff7de1601b5c9a88c4c7d216009775d7365ecb217ad30dd75bdcdf57799f24af4a90edfbb1d2fbac91b60d2a1f0a9b4649a4cead71b68d47ad1a2d3b3326f3ecb265ee127a4c76bb74ccf00656dde44a237a2d9a65283d9cd645fa82c9a9a36c7f7aad4dff35885b83e24e30cc993c414ea485bc4acf3c0c00c6b1df7af77da2f1fd8fb2d5e89839bfea396d1c13e31a7555e1df188667e1ca75ad394983cdda6a9bdbdc3d6a568c290c4dec5231f550f9a02784c6b4acc10f681cf836e36f68d72d77c8e779319a102ff757fd73ef395bd8a9cb19e63ca57ca544de138bdce98860d2df405cfa29f4c0da314babac2ea4b795b5d8fd3e9973625c142bdd320765734a4373b3dbd9a71e51e1bdf55d186a96220de71542aca8b33041b213c9035e86f82c4e7418e06b8ad4b8d3de9d49d6b0a75f01c341846cbd71587f09f2f766ff8b825a76339b40912bb0989481dada03a7ab74c27e8fdd5c243b7526b2851c6698f0330340a7bd3b196bb3a6bcb4c44f49eeea92793796606d2aa04f2c6bf956c5fbb9723d400a7c833940497be149a9d4f2bcaabc41a1a6ab7a0de78fe7230784bc1f05a83b455d737469cdc8382228585910aea4a28df4ceae88b788137480c8c4152013430198741e99a91a2ba44e88bc4ffd38a14a56d75ab1035cb89aa1857f76cfc2a4444d811e9b2f9c9e9d60a6e2a685d3347df3bed9af7b69b39e2fdca4f94427e5e2104479285c76c231876572875e475aef0ea7ae862b39a1c18f98c0a227383567a979089fcef43553471096e7dca82e05a41ba1efaed2628d1ff54ac01a74df699f71254846dc2b0f050d197e056e37ffea11eb149c228148bb63c3080f5b4347bf7224c2fb0de8e3d79803c330eaac748c8282fae8460755b23afbc1e64f1afda39a8c253b856610b80447b246c9ea6a27a7b66044362e4727cc4f4f2356210ea1acf247f231a3515091e9d44ca28e814fe04d2e1d3a37b2df66578ea8fa3894dc259b37b508d6c80a3d1393512c1419c377ef16075c0c1924016e94e836e89b83c3e37ea41dc21e7c80adf5eea19d29f186ca9268f9f73a694cd44cfd11fc40cbd0011b94cc6353b5b493699605375dff187b6c97c55dffb9505cfbc8e8578ad666a5226564857a7b5aa2a6eeccb4daac779c947cb88ca6362650e3d206acfeefd5674d9bdd872a12d5de480ea3f841b5a39d027a4e319e494880cd59df155651dbcfe071b48d177ab95ad84aabf3f6880124489c0e6c7fec03d687ec2146275935665198221cb7fd014ccf137aabc87f0c09962832fc65ac3a5ecdf5d21a7b95e8405ae21f0021eed33101cdb3338d32ed22290a874e19fa40c4fd24e45fb99aaba3e3dac20e86fcce40fa07e090990206c5da6421022d8df5f685c09126909cfcc83881f8a5b5ee26be094129d89f36fdc1dafe8b40d993289fa3ae19f6faad65f0985a912c1f82c25d82f1afafe10f6a58c893a840e42c89c9b37ce916dfc21da22476b3699c8865904a246a32ae523117a87f2dff370feac162798311026bcb12bc211b55fd4d18cce6c7167490adc974d2b75f6bb6f6c7df226ff48618863edbf9794c8fc903bbdfdf14a4ce13fdf051fb1a23861ca03b6b72107003ad7f8090f33cc151a38072ebb3301a36fa42fb2515340aaf3cbd47d15743e2d44b49a44440624331f172b5b8642c2dd2048d810cec8d6367bb95a1db305d010ae2ff57a01d26f36b15a20e1405d7d168dc4c1da68c29d217b0b1f880374912de44238e3bf16fda31ba21c5b83d5fab0b5e48536d0c6eb03fdd723d75e15f72388a4c3945c40ca1eca17b8d0cec462c9b46eaea940dd29243fb85ea41067d2a347c0"})
r1 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f0000000000)={0xfffffffffffffffe, 0x8, 0x3ff, 0x817})
readv(r1, &(0x7f00000003c0)=[{&(0x7f0000000080)=""/82, 0x2f}], 0x1)
ioctl$int_in(r1, 0x800000c0045005, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
close(r1)

[  842.001627][T11928] Killed process 22623 (syz-executor4) total-vm:70532kB, anon-rss:2196kB, file-rss:33736kB, shmem-rss:0kB
17:49:14 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60000000, 0xffffff7f]}}, 0x1c)

17:49:14 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_NEW_SERVICE(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x210}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x18, r1, 0x100, 0x70bd28, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_DAEMON={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x4000}, 0x4000)
close(r0)

17:49:14 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}, 0x2c8)

17:49:14 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
r1 = syz_open_dev$vbi(&(0x7f0000001bc0)='/dev/vbi#\x00', 0x1, 0x2)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000001c00)={<r2=>0x0, @in={{0x2, 0x4e22, @rand_addr=0x2}}, 0x8, 0x8}, &(0x7f0000001cc0)=0x90)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f0000001d00)={r2, @in6={{0xa, 0x4e20, 0x0, @remote, 0xffffffffffffffff}}}, &(0x7f0000001dc0)=0x84)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x3)

17:49:14 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61000000, 0xffffff7f]}}, 0x1c)

17:49:14 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x3)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000080)=0x7)
r1 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x7, 0x800)
ioctl$SIOCX25SFACILITIES(r1, 0x89e3, &(0x7f0000000040)={0x34, 0x101, 0x4, 0x9, 0x0, 0x81})

17:49:15 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x78000000, 0xffffff7f]}}, 0x1c)

17:49:15 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x480400, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r1, 0xc02c5341, &(0x7f0000000040))

17:49:15 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f0000000080)=[{&(0x7f00000000c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x0, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)
setrlimit(0x3, &(0x7f0000000180)={0x9, 0x4a1b})
ioctl$PPPIOCDISCONN(r0, 0x7439)

17:49:15 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000]}, 0x2c8)

17:49:15 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80040200, 0xffffff7f]}}, 0x1c)

17:49:15 executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0xfffffffffffffff7, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x1)

17:49:15 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ioctl$int_in(r1, 0x5421, &(0x7f0000000000)=0x61)
close(r0)
ppoll(&(0x7f0000000080)=[{r0, 0x200}, {r2, 0x4}, {r1, 0xa2}, {r1, 0x8000}], 0x4, &(0x7f00000000c0)={0x0, 0x1c9c380}, &(0x7f0000000100)={0x5}, 0x8)

17:49:15 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
setsockopt$packet_int(r0, 0x107, 0x1f, &(0x7f0000000000)=0x8, 0x4)
close(r0)

17:49:15 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x2)
syz_open_dev$media(&(0x7f0000000140)='/dev/media#\x00', 0x5, 0x14000)
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x4080, 0x0)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
setsockopt$bt_hci_HCI_TIME_STAMP(r1, 0x0, 0x3, &(0x7f0000000040)=0x2, 0x4)
setsockopt$inet6_MRT6_ADD_MFC(r1, 0x29, 0xcc, &(0x7f00000000c0)={{0xa, 0x4e24, 0x3, @loopback, 0x3}, {0xa, 0x4e21, 0x1, @mcast1, 0x2}, 0x5, [0x1000, 0x3fffffff8000000, 0x1ef6, 0x8001, 0x5, 0x28cc, 0x0, 0x392]}, 0x5c)

17:49:15 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8dffffff, 0xffffff7f]}}, 0x1c)

17:49:15 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000]}, 0x2c8)

17:49:15 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
fsetxattr$security_smack_transmute(r0, &(0x7f0000000080)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000040)='TRUE', 0x396, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)

17:49:15 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0050000, 0xffffff7f]}}, 0x1c)

17:49:15 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000]}, 0x2c8)

17:49:15 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000000)=0x5)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:49:15 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
setsockopt$inet_udp_int(r1, 0x11, 0x6f, &(0x7f0000000000)=0xff, 0x4)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
getsockopt$inet_udp_int(r1, 0x11, 0x66, &(0x7f0000000040), &(0x7f0000000080)=0x4)

17:49:15 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc8050000, 0xffffff7f]}}, 0x1c)

17:49:15 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000]}, 0x2c8)

17:49:16 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x0, 0x0)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:49:16 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
write(r0, &(0x7f0000000080)="28dbccb3debb0e627a272032dad8ef3b2da185732d94a895ef66730083c84a6fbd110c499b135ecf1d1d029aee5b080a807a5bec5e9f813ba95a7130eae447d1f09a3563ef00311423715b07a4c4ab712a39ef6cc0f6052ac64099ae21d424a6c9f3cbf596451c14e720ee4c4c944c45d5f7c7317a516170d8f79dca155fb29a3c5c4b22ec6dc8272aaf9ab15e22d48fb8136b82e69ba45649c449f575f37303cc229ba732fb981b1f8a121f51c8e6dd753f751f856d0da28876f4ad89c0197372139ef2e298b87ae831e7b1cc4bdb414f8377e552fc65306eb3d28dfba9", 0xde)
ioctl$PIO_UNISCRNMAP(r0, 0x4b6a, &(0x7f0000000240)="aadaee9ecf9d26d3de47903f76f58cf6145260d3566c3b1b476fd336d70ee587ae53272cb71a4afa1fda141ddff0f9d5197d269591758f78166edce48c20ff5be97601eada87375c5c82c5444c9e7768692c347ee73267fb67572309")
close(r0)

17:49:16 executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x10000, 0x4000000000)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
r1 = syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0x3ffc0000, 0x400400)
ioctl$KVM_SET_VAPIC_ADDR(r1, 0x4008ae93, &(0x7f0000000080)=0x1)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f00000000c0)={<r2=>0x0, 0x5}, &(0x7f0000000100)=0xc)
setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r1, 0x84, 0x23, &(0x7f0000000140)={r2, 0xffff}, 0x8)

17:49:16 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8030000, 0xffffff7f]}}, 0x1c)

17:49:16 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500000000000000]}, 0x2c8)

17:49:16 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0xfffffffffffffffd)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)

17:49:16 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xeffdffff, 0xffffff7f]}}, 0x1c)

17:49:16 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf4010000, 0xffffff7f]}}, 0x1c)

17:49:16 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x0, 0x0)
close(r0)

17:49:16 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600000000000000]}, 0x2c8)

17:49:16 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
pipe(&(0x7f0000000000)={<r1=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_SETCRTC(r1, 0xc06864a2, &(0x7f0000000080)={&(0x7f0000000040)=[0x2851], 0x1, 0x3, 0x7ff, 0x100000001, 0x10000, 0x4, {0xfa, 0xe5f5, 0x1f, 0x33, 0x0, 0x401, 0xffffffff, 0x400, 0x6, 0x5, 0x3, 0xbb, 0x7, 0x8, "a94d585c9b7fb455405b6e65954a079b8bcefe519bf17a8570799561b55ce6df"}})
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x7fffffff)

17:49:16 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf5ffffff, 0xffffff7f]}}, 0x1c)

17:49:16 executing program 1:
r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x40, 0x0)
getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffff9c, 0x84, 0x75, &(0x7f0000000080)={<r1=>0x0, 0x3}, &(0x7f0000000180)=0x8)
setsockopt$inet_sctp_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000240)={r1, 0x7fff, 0xe5, "2404b4abbe6e2307a31d0a5e625f29ede6edfd11940b9d6e458e71db34682cc85063ec397ee4117c5edbc16218fd70fe9c5a22638aab45be05bb259bc3cb43410ae47172adf9457518eca0b115a7879cec81cd237d88197944769a89466aad97778b1fffecfab354d9e5e3e770492c32612172863c49eb99adc030a1a81c5924ba1f54ed6addc38c56bdd5fd7c67b37c85618f1c6a4a096d82dd43e7da6d0449cf0105e721b89e1bdffd48144bac8bae0200b1e7ce53719d297a70155722432487b9227272b1de062aa95dffe77138506dd0d8d36f3ca054bb61a5e184bad46c7a3496d835"}, 0xed)
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x8000, 0x200000000)
readv(r2, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r2, 0x800000c0045005, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
close(r3)
ioctl$VIDIOC_ENUM_DV_TIMINGS(r2, 0xc0945662, &(0x7f00000000c0)={0x5, 0x0, [], {0x0, @reserved}})

17:49:16 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x1, 0x0)
renameat(r0, &(0x7f0000000000)='./file0\x00', r0, &(0x7f0000000040)='./file0\x00')
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
close(r0)

17:49:16 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfc000000, 0xffffff7f]}}, 0x1c)

17:49:16 executing program 0:
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x102, 0x0)
ioctl$KVM_GET_DEBUGREGS(r0, 0x8080aea1, &(0x7f0000000040))
r1 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r1, 0x1261, 0x0)

17:49:16 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
connect$rds(r0, &(0x7f0000000280)={0x2, 0x4e22, @loopback}, 0x10)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="a30000601aba9420bf908d08cc7755e11f00", @ANYRES16=r2, @ANYBLOB="000028bd7000fddbdf25070000003000030008000400a15100000800040009000000140002006e72300000000000000000000000000008000500ac1e00011c000200080005000900000008000400030000000800070000020000380003001400020076657468305f746f5f7465616d00000008000800fb00000008000500e0000001080007004e20000008000500e0000001"], 0x98}, 0x1, 0x0, 0x0, 0x80}, 0x800)
close(r0)

17:49:16 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000]}, 0x2c8)

[  844.347906][T12134] syz-executor4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000
[  844.358654][T12134] CPU: 1 PID: 12134 Comm: syz-executor4 Not tainted 5.0.0-rc1-next-20190108 #7
[  844.367598][T12134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  844.377655][T12134] Call Trace:
[  844.377678][T12134]  dump_stack+0x1db/0x2d0
[  844.377699][T12134]  ? dump_stack_print_info.cold+0x20/0x20
[  844.377719][T12134]  ? check_preemption_disabled+0x48/0x290
17:49:17 executing program 0:
openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x460040, 0x0)
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)

[  844.385362][T12134]  dump_header+0x1e6/0x116c
[  844.401284][T12134]  ? add_lock_to_list.isra.0+0x450/0x450
[  844.406954][T12134]  ? perf_trace_lock+0x750/0x750
[  844.411906][T12134]  ? print_usage_bug+0xd0/0xd0
[  844.416694][T12134]  ? pagefault_out_of_memory+0x1a1/0x1a1
[  844.422368][T12134]  ? ___ratelimit+0x37c/0x686
[  844.427072][T12134]  ? mark_held_locks+0xb1/0x100
[  844.431942][T12134]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  844.438258][T12134]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
17:49:17 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
r1 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x3, 0x200)
getsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000000040), &(0x7f0000000080)=0x4)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)

[  844.444081][T12134]  ? lockdep_hardirqs_on+0x415/0x5d0
[  844.449388][T12134]  ? trace_hardirqs_on+0xbd/0x310
[  844.454426][T12134]  ? kasan_check_read+0x11/0x20
[  844.459290][T12134]  ? ___ratelimit+0x37c/0x686
[  844.464006][T12134]  ? trace_hardirqs_off_caller+0x300/0x300
[  844.469816][T12134]  ? do_raw_spin_trylock+0x270/0x270
[  844.469840][T12134]  ? trace_hardirqs_on_caller+0x310/0x310
[  844.469854][T12134]  ? lock_acquire+0x1db/0x570
[  844.469882][T12134]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  844.491364][T12134]  ? ___ratelimit+0xac/0x686
[  844.495975][T12134]  ? idr_get_free+0xee0/0xee0
[  844.500666][T12134]  ? lockdep_hardirqs_on+0x415/0x5d0
[  844.505978][T12134]  oom_kill_process.cold+0x10/0x9ca
[  844.511194][T12134]  ? cgroup_procs_next+0x70/0x70
[  844.516147][T12134]  ? _raw_spin_unlock_irq+0x5e/0x90
[  844.521381][T12134]  ? oom_badness+0xa50/0xa50
[  844.526023][T12134]  ? oom_evaluate_task+0x540/0x540
[  844.531151][T12134]  ? mem_cgroup_iter_break+0x30/0x30
[  844.536449][T12134]  ? mutex_trylock+0x2d0/0x2d0
[  844.541229][T12134]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  844.547503][T12134]  ? rcu_read_unlock_special+0x380/0x380
[  844.553145][T12134]  out_of_memory+0x885/0x1420
[  844.557815][T12134]  ? mem_cgroup_iter+0x4f4/0xf50
[  844.562747][T12134]  ? oom_killer_disable+0x340/0x340
[  844.567947][T12134]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[  844.573772][T12134]  ? lock_acquire+0x1db/0x570
[  844.578463][T12134]  mem_cgroup_out_of_memory+0x160/0x210
[  844.584036][T12134]  ? do_raw_spin_unlock+0xa0/0x330
[  844.589140][T12134]  ? memory_oom_group_write+0x160/0x160
[  844.594672][T12134]  ? do_raw_spin_trylock+0x270/0x270
[  844.599992][T12134]  ? _raw_spin_unlock+0x2d/0x50
[  844.604839][T12134]  try_charge+0x1457/0x1d00
[  844.609354][T12134]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[  844.614896][T12134]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  844.620429][T12134]  ? lock_downgrade+0xbe0/0xbe0
[  844.625286][T12134]  ? kasan_check_read+0x11/0x20
[  844.630175][T12134]  ? rcu_read_unlock_special+0x380/0x380
[  844.635817][T12134]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[  844.641373][T12134]  ? get_mem_cgroup_from_page+0x190/0x190
[  844.647085][T12134]  ? rcu_read_lock_sched_held+0x110/0x130
[  844.652844][T12134]  mem_cgroup_try_charge+0x43a/0xdb0
[  844.658124][T12134]  ? mem_cgroup_protected+0xa10/0xa10
[  844.663552][T12134]  ? check_preemption_disabled+0x48/0x290
[  844.669278][T12134]  ? __lock_acquire+0x572/0x4a10
[  844.674226][T12134]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  844.680463][T12134]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  844.686696][T12134]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  844.692340][T12134]  wp_page_copy+0x45a/0x1c70
[  844.696922][T12134]  ? __lock_acquire+0x572/0x4a10
[  844.701851][T12134]  ? find_held_lock+0x35/0x120
[  844.706609][T12134]  ? pmd_pfn+0x1d0/0x1d0
[  844.710845][T12134]  ? find_held_lock+0x35/0x120
[  844.715618][T12134]  ? do_wp_page+0x894/0x1e80
[  844.720226][T12134]  ? delayacct_end+0xc9/0x100
[  844.724915][T12134]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  844.731162][T12134]  ? kasan_check_read+0x11/0x20
[  844.736003][T12134]  ? do_raw_spin_unlock+0xa0/0x330
[  844.741101][T12134]  ? _vm_normal_page+0x15d/0x3d0
[  844.746028][T12134]  ? do_raw_spin_trylock+0x270/0x270
[  844.751317][T12134]  ? print_usage_bug+0xd0/0xd0
[  844.756117][T12134]  do_wp_page+0x89c/0x1e80
[  844.760535][T12134]  ? finish_mkwrite_fault+0x4f0/0x4f0
[  844.765896][T12134]  ? __lock_acquire+0x572/0x4a10
[  844.770822][T12134]  ? find_held_lock+0x35/0x120
[  844.775581][T12134]  ? lock_acquire+0x1db/0x570
[  844.780247][T12134]  ? __handle_mm_fault+0x1d80/0x55a0
[  844.785527][T12134]  ? kasan_check_write+0x14/0x20
[  844.790471][T12134]  ? do_raw_spin_lock+0x156/0x360
[  844.795490][T12134]  ? lock_release+0xc40/0xc40
[  844.800161][T12134]  ? rwlock_bug.part.0+0x90/0x90
[  844.805088][T12134]  ? pmd_devmap_trans_unstable+0x1d0/0x1d0
[  844.810883][T12134]  ? add_mm_counter_fast.part.0+0x40/0x40
[  844.816599][T12134]  __handle_mm_fault+0x2c8e/0x55a0
[  844.821707][T12134]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  844.827241][T12134]  ? check_preemption_disabled+0x48/0x290
[  844.832985][T12134]  ? handle_mm_fault+0x3cc/0xc80
[  844.837923][T12134]  ? lock_downgrade+0xbe0/0xbe0
[  844.842767][T12134]  ? kasan_check_read+0x11/0x20
[  844.847606][T12134]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  844.853577][T12134]  ? rcu_read_unlock_special+0x380/0x380
[  844.859199][T12134]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  844.865440][T12134]  ? check_preemption_disabled+0x48/0x290
[  844.871178][T12134]  handle_mm_fault+0x4ec/0xc80
[  844.875932][T12134]  ? __handle_mm_fault+0x55a0/0x55a0
[  844.881231][T12134]  __do_page_fault+0x5da/0xd60
[  844.886007][T12134]  do_page_fault+0xe6/0x7d8
[  844.890501][T12134]  ? trace_hardirqs_on_caller+0xc0/0x310
[  844.896123][T12134]  ? vmalloc_sync_all+0x30/0x30
[  844.900962][T12134]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  844.907103][T12134]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  844.913480][T12134]  ? prepare_exit_to_usermode+0x232/0x3b0
[  844.919210][T12134]  ? page_fault+0x8/0x30
[  844.923458][T12134]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  844.928993][T12134]  ? page_fault+0x8/0x30
[  844.933233][T12134]  page_fault+0x1e/0x30
[  844.937394][T12134] RIP: 0033:0x40d130
[  844.941277][T12134] Code: 89 f8 49 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 74 ff ff ff bf 19 d5 4b 00 31 c0 e8 08 49 ff ff 31 ff e8 41 45 ff ff 90 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d 36 33 64 00
[  844.960873][T12134] RSP: 002b:00007ffcc29733e0 EFLAGS: 00010246
[  844.966938][T12134] RAX: 000000008628c573 RBX: 00000000a095056c RCX: 0000001b2e320000
[  844.974900][T12134] RDX: 0000000000000000 RSI: 0000000000000573 RDI: ffffffff8628c573
[  844.982860][T12134] RBP: 0000000000000006 R08: 000000008628c573 R09: 000000008628c577
[  844.990819][T12134] R10: 00007ffcc2973570 R11: 0000000000000246 R12: 000000000073bf00
[  844.998830][T12134] R13: 0000000080000000 R14: 00007f20eb64a008 R15: 0000000000000006
[  845.006844][T12134]  ? __linkwatch_run_queue+0x4f3/0x8c0
[  845.027613][T12134] memory: usage 307168kB, limit 307200kB, failcnt 3857
[  845.045654][T12134] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  845.068951][T12134] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  845.076114][T12134] Memory cgroup stats for /syz4: cache:120KB rss:211232KB rss_huge:161792KB shmem:168KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:16KB active_anon:211360KB inactive_file:0KB active_file:4KB unevictable:0KB
17:49:17 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:49:17 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
inotify_init()
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x8, 0x202)

17:49:17 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdffffff, 0xffffff7f]}}, 0x1c)

17:49:17 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
dup2(r0, r0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
openat$uhid(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uhid\x00', 0x802, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)
syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0xffffffffffffffd4, 0x80000)

[  845.098439][T12134] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor4,pid=22812,uid=0
[  845.126068][T12134] Memory cgroup out of memory: Kill process 22812 (syz-executor4) score 1106 or sacrifice child
17:49:17 executing program 3:
readv(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(0xffffffffffffffff, 0x800000c0045009, &(0x7f0000000380)=0x2)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000080)={{{@in6=@ipv4={[], [], @initdev}, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r0=>0x0}}, {{@in=@multicast2}, 0x0, @in6=@mcast1}}, &(0x7f0000000000)=0xe8)
epoll_ctl$EPOLL_CTL_DEL(0xffffffffffffffff, 0x2, 0xffffffffffffffff)
r1 = getgid()
r2 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x4000)
getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f0000000180)={<r3=>0x0, 0xda}, &(0x7f0000000300)=0x8)
getsockopt$inet_sctp6_SCTP_RTOINFO(r2, 0x84, 0x0, &(0x7f0000000340)={r3, 0x8, 0xe412, 0x2}, &(0x7f0000000400)=0x10)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000480)={r2, 0x7, 0x1, 0x7, &(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0], 0x3}, 0x20)
ioctl$EXT4_IOC_PRECACHE_EXTENTS(0xffffffffffffffff, 0x6612)
write$FUSE_ENTRY(0xffffffffffffffff, &(0x7f0000000240)={0x90, 0x0, 0x2, {0x1, 0x3, 0x0, 0x7, 0x3ff, 0x4, {0x5, 0x7f, 0x3, 0x20, 0x6, 0x1ff, 0x1, 0x1, 0xfffffffffffffffa, 0x8, 0x3, r0, r1, 0xff, 0x3}}}, 0x90)
close(0xffffffffffffffff)

[  845.144318][T12134] Killed process 22812 (syz-executor4) total-vm:70532kB, anon-rss:2196kB, file-rss:33736kB, shmem-rss:0kB
17:49:17 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe800000, 0xffffff7f]}}, 0x1c)

17:49:17 executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x80000000002, 0x10001)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x9)
r1 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x68e3, 0x200000)
getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000240)={<r2=>0x0, 0x80000001}, &(0x7f0000000280)=0x8)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f00000002c0)=ANY=[@ANYRES32=r2, @ANYBLOB="53000000acaf5129b4cc8335cd4d2cdecc3756ca21250993697bf75b5e84210f6d9c552bfe2b491599b848d823e3817cda45631d9d1b66558792262154d5bc1095c49cfd74c772225bb5b1bf10c9020966142d6d220385"], &(0x7f0000000340)=0x5b)
sendmsg$netlink(r1, &(0x7f0000000200)={&(0x7f0000000100)=@proc={0x10, 0x0, 0x25dfdbff, 0x10000}, 0xc, &(0x7f00000001c0)=[{&(0x7f0000000140)=ANY=[@ANYBLOB="180000002a0028002dbd7000fddb5f2508009100ac1e0101"], 0x18}, {&(0x7f0000000180)=ANY=[@ANYBLOB="240000001500200029bd7000fcdbdf251400480000000000000000bb0000000000000000"], 0x24}], 0x2}, 0x4000)
r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/rfkill\x00', 0x20000, 0x0)
getsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000040), &(0x7f0000000080)=0x4)
openat$tun(0xffffffffffffff9c, &(0x7f0000001500)='/dev/net/tun\x00', 0x62d38a7acb9d380f, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000003c0)={r3, &(0x7f0000000380)="819d41de9baac51a1198c547c665e64cdd2ceba8e3ab441a42899c00b890b13341bb81ecb98a5dd584df7ff7d5250aabfd440891e214b85db78ea68d284b5ef2", &(0x7f0000000440)="89767725620fec15c01e1a3f21fd59947cb081b7e07e80eabcaede3ac58e987f000ed10a75212affc51db7bc0f1cd75b3e142370a4fc20f67bd3758bef724dac14417f4daabbf4e559cf7d6086a10a584a1631821b3f14f36c80d68beaa29a91390ffabe1cc30af39fb6cf9f2925bec23a92775956789d8f158595c3087d8b7c166565e9139678f0dc40ae47e9522e178f416dc74f791febd3c1fa94e1624e65af40e86cdf65168f30e423540858fe33390f9977602e85cbb3cafdf30a02eef0a0324a562e6d3b151f39cb285f762d763c43aacf5cbdd718880a342cdd6ba0ce161b65b3a6dceb9433e5268212e1a373b842ed41e0330fa9a8ce29d2b9fc26f9d41417e2068a965bdee4f26c84fceb9c7d80d2d6aa831f59b11549196b6a13f34dc589a5a261fb5b301fcb7b552ce31f1127307bb7e847bfc3611a2b83823e3110be374e695e870431a941988f74cbbc5181981997f29f75d079e754c61feb3ef018dda6b5452f100440c1461cedfb710edcb84d06555d861182f32650471c622faad889047422697ef3ca9e63bed0f35164baf699d40e86d462251ab85a021d9f2ada65363165a0adb02d377223e607a85013f91a6079389cdda6828075d7ce941bdb1d66e8ebdd7b032aff83681a382deab8437a6ef73eac1b2b9c052592b8bcb456f235637ba178297bd47042262dea23217615917d1f6af07af9118f8640e5db9b13c43bf2ea0aa1c61a12f820d09ca3f475a0f52672b6ded933ed223ec9372745ece74249662017fb96f69756bbd6f809a4e82cfdfc13c0d1febd11adcfd89c8406ff97683e95e96bc528c88ad01325779405f705152c7c0733f0c2765432c9a7fb2984075f93eab908511fb468ee72cfbd25362fecbee27a86d5b46cfc7fe0e62d6e315522a4c83f034227a25a76531b7d86256a9e3df47fb910b06ae435d0b165b18db9675552c3abbbc3b34d33d1adf5a54a25d221833c17d90db41f17a20f30bd245418ee6b7dd0a73f3811600b7531960477016311c6327d0fe4319e92d4ccdaf35fd47f5b6315ef343c21fa297ba66c554e4e6273be5c37bea7d56dd29001dc2c21ad038e44825110c3c0507f52fc424906a5b50895d11d00e9c002e7fa23e3dc0b46ab810638a91a987a0de2f7a2aabe5bd1715543d80196666cd73babaf80d3c031e13a42e3e061856612c6de64390f41100dbebb25c24fc25fe42a077d1e9c52e3f91fe98b30db5ef3d5049f527f48ddb975dd0425736413012e7817721e20915f0b895ed0b3b8d47e23b05c9e16b5f01884bef3c3858158b319ada184db0d299c477e8c0e2ddc6cbc66cde94958510289e13da689caa701a3651177623ad55a2a13e3ca5905d57ec3fbcff016861bab659be292cd17c3a167bc39957aa5b96df5f42daf2af14d02359659886da0e8793336a4751b6ff151dc4cd48fb2d8d2f6fcff90aa307f1ec64f2681ccaa615565bd8aaa10c5f829de58dc2b9db9e52e2782a8df071939383916abbb2b7592da1bb761d71d0c5e3cd3542e63d52c05265fd3fbec2ab41b27c45090f9b2c141fdf22b215b33547367a16b41aedaa2a02bfa4cb2d4d9cd1ee31f5e03d9a0a872450e09c2d353d6ad6ea4961a1bf18795c8aefed07073fabdc920e9f9371d009e1b1ca520dc881ce26088ad1aa7b65c357ef48601ef831c8c10516bd99042a77be12256194eb27dd0a3309f850ec812cd5fb196749b45f7a97f10f01535ce9c996ac1190d8e699f0d72d1fea4e2fd5e47db3d4f2ddbe5d4f4ba1e17bad7b61b9f1057abe973e6c0da5b32380647be3afb5a50cf85f94f30df223f85adf9ca34fdfda517803ca8843e343ddef235b18aceb56e5329077bb804303b3f63515d34be5c2f8a936f1185281e6ad8a87f870668f1af9a12c4ec0d409a5ecd7eaa0941825475c247b9496173c2fd312320fa8eed63abf6ba66de85643627f1ea94ab1ceba7d1af5448a5f6ce07a32246fdfd83847d8bba8ac80bfdf146e9b27811bd9c46f09a2054144975912336f725a4e79dd35f4dfddf63c0697d68c69b73f80cf06c768f0244bc14456b4e6f3596e00e6143cec41c7602dae2582f9706a32560485bab19267378c0b95cbc803e692da8edbc2bcacda26c5f1c58e1f0f5ae0080131438f3c10d219e6b564c6e38c55b5b9229c9ad9e297682149c46189805f091168bfee3320d2b831ad8e1c6a497245c05095828b8fa4a95ad59bcf839aee24b37a57a1b0a36bbd4927ba597f778f9cb03ed2c5224b8439903d22b54003131ed28efe225e53e88e05cfe9177aaa20d5de11478507453f2eac97f391223b2efca5be4522036a1cb2cd6ae428e041c884d904b1329798e5c61de2f081d4fdd72728f5e9f35ed91a8d46a39c49a17164d3ec3c2a6c4950d7ec9649d5574c6f1d865289bc68b6e5913b734d01fd3084a4d9bad1c66c241d61e8a32288bad730f378881a752d887efc9d98850fdc5b12195acf5100aa9ea97e7727d827da67975862d4609d9d0eaaa2b88427de18f0b9c655cb59108bef4b1913d2a7ba7b847c90703d7734c20c6eddbf352b8cde59ea6ce035e763d9558cd52232c99e8d1dbda65c1f66fca71354764eaa3202bba9c1bab419312e3c948e51c8fc94d9abd51ce2f146b1445d73c989f04735e04635b48ef6be9823fb1aadf8eb8bf7f3e1724a46d415adfb98fd0b1fb7628fdbd1805596479991153a6493d1c833006e981f2557abc0bec7b9dbde9a0e18afd99e1c5cf6478db810d3948b17db51504979218c2208fc01738690b4f56df3c279a8797e6eb66538c46bc45d537981b6bf810bd9cf56a8754ed15168a7b155939ccadf3700cba0dff330c634ffbc6cace39af3dc3df32f3e6aa2afdfee05c04a1b875cb1e5d2400a656d7b04e6a9406aa447c0204a956c92c200a03b1c6d7a878ebdd4f27d76946a5386996c8c7be4c814fd489c307165e098f6409d08e0c7fe91a273b0982537e213a9714a1a78143851120699c9cbe55cb05a5d7698387e615bbd282ad2ac13e34c1e300b21ab3a1ba779d694bd906f7e86672bfd662a991a045e2ae4901724bb208728a1b47a9d0e4f5f7c6e8a49b1f132c5ddd0512afffd69ee1faeb217da9373f9f550182a3b4b6519912f6bd8d68bda6f378d091d9b4a77c4235251f02a33868adbcfe391f5f763abe3a87b1474ba6ac7c5e10010d475ef9fc2d46e986b69a7e67a473eb5a4461571c8a66e39c19ad34209d0c2465008f6951c68a02a2f599aa3f387bc745f959167f66a48486bfc732c530c4059f64267d4cc650a056732fef62e0213bf80033255eed86b05810987ebf5860a24f0e494601f51f70fc2769b279fbf0430c8efd8f949dc136c95d57f124423f2ae9fe24141cbdcff952505e89fa5668a6ae038ece029b8ab001358b5487d1dca66c6c6fa01544384f377c347dbe3f12f98f437a7221bd140bf7e116233dbaee06eac9fc9f9112712937ae02dc7542f994dbfc9993efb029008c91ee0f7b37f405f602b919ace10262a60fa86f51d207895159f3bea0e7a26779e15cc8385eb874621d1d8e3f179e014a589e4cf6ba7a94321430dfec52a802f57232373c5044547657de431cebefdfbf1d27e77dd11ac23a6a98228113e619c2b92d02b68f8e5b046c94e0ad65520ad8120683779b675c210a5c363be8bcbb27ab614506ec5c379532cde119cff941be5843a4e10f54276d1e48f984c4d45163e3d193b078db4d47ae47725bb2fae5376fb32ea273add4319442a116216725c27e70698dac1c404f27ee6b1e2a73f4f7a76df4eb50989af2eebc432ad84b4fae400c98878ece1e79785da1ad2a3f6889181bae38df616f4a6fdb1d082eaf307f03b4a7b4dfc5807bf1b76c169ddaea3fc053d20f2e52a8a6b1795683f8bb08598f751a2e2735b01bf29ed66deae814b32ceacf5254a662454713145427bc39205d85fb29fbcd299308b212dad87325ac2db2d18d3dd3e7082ca9775513a87c477cc41a5f4e63f476e1e6da57a733e8bcfb22dabfb4c9aebb7aa6521a351699567ebf83e1889d75a37f04596481d14271c129c8e979d8b67cf789e96b80b3955a6b8c6342ed34ba27fc8799bf0ec67747fd8d11cb2c402147a1c4c6d9ff3780a5fea1795e66794c3957118f6867c1bd98f26ed34aafe81540834c4c59a4dbcc0490252d4d4bf2e8a93c35bd394949487617f3869478d2daac7608f13e6f6108c5e00a40f077094b6e6e84f8dad8280180de8daefe1c86748409c0ba08a04edb1fca15daa3ecd4bf1516518f9bbb47f2858e0d335a4021c4f49564bf9382f5e0f6c9502789415b902b41e7a527c651f4e8223afb3d2390a8262d9ba2c203d9ffb79a3c2d098243caeac146555958754f8cefeb15ed67d8b44d6a9f87c1fa0fadca19c45a3977292bccd809e66ab93660f2f5cbb53e5c1ccf89d45ff1ab0c83c7b5a3f966192dcd4e0e5a3aa6d55a5f72b382530a355caf6e24bf1f09ada528893175ff43a05a88448edb82712c2b0a0f92ac821914c6c39a56958e4d772422e969f93774bfa6e67d480d64661c52e699244835063da1725f07f136b9820e9bad2b47aaa3fe70c51a89f4e963a439559878790fadb39d4c3adfb1109a1942fdea80f1471a5a1b5cd69b7275dee47c9445828dbe012a3c87c6add1597c68e70af532912794c2285e9a3d513612ead2ea7ef912778806ebb0a500075ff0d3d6f7d1f79ccaeedb03a40b9ade99b13f9cee18c00a6d4c5b5b2aea7b6418c94e1560cfdf0109193d2218f3a6ec400d71aa0fc2d9b4e916afdfd96e73dfec5d0e26f356be77f0f4b10b86b0d83ce739c91e3230f4677587a3ec15d67bb7d28fba7ed7a7ee779cb358985126500b9a77b1e18ee585534fbef76a0943bf352e9da742c4618d512f63a2b23c661a5beff2cf496794ab92c220ed975d6274d2f7d0e6cfe74105b1ac77f3725c9a5c8e8bf5c84985e3aab95976d03f910cbb4dbac263dcb9fb961af26e132ce98592f0407802db0096ddeec492c943319d59e8bfce83c04899d5a7ba0b4d1d253103e38f92c5b130800d2617bb0c95030b11454375824bdaaf5f035367ff10361f1484ff3ac8fbd877af844bc90a617828155a98a2528d780de3d6e511392f1a3f00cdf3b3859507e55dec35635a5ee70c880bacd38f678b068b29db73570a7005b05a8513245f1adb79f8732e1742b3acdd74dea93da31eeacb30947f09e7b70098c20d2ce830ce6396d98d891a304d9f90f0935c71c18e58ff49ae89362195d51cc81b9856dda3b65658076dc0bf81c63b7a4c9aff53101c38a5f8db4ebae66cbdae79cd2b46419bc358bbe1d4a3e0815a7b98389bf0d3b658aafdfad158841fe73dbfe6ed6deb4ca718330735d6c7401b203eb79d25c5699015628338b0c07aabbe4fdc2069596ce10baef8adc07d2c23399d12a0615e5cc8b8c9162bd1af8cfffba8e8aed8e353286fb006044b4b15d1241f187cc5e65868f69ea6e46737139b8a397d1ee7d3fa9ba2d7104dc0f6c8115a495b9a908b3a778580f88cb8f9245ebf1e97a679e6841803b1e25e08b0710c0f4a58ea1b31127744e64e32bb4e4e8a77261e462bbcdff4387cf0db34d13264b08c5b4148ffad65a0f3caab3224f38cd0fd05078183680ce8605d680f8f08b5092629bf4934622e474db878466f5a0222b416b932830484ae2c9cc8649161238f3e334b02ed30125f0b147a26c9308cf4f3491a29d55809a768f564da9b435416db6629b2cf799dd67cd6b9713de19c0a130d0104", 0x1}, 0x20)
sendfile(r0, r3, 0x0, 0x4)
setsockopt$inet_sctp_SCTP_SET_PEER_PRIMARY_ADDR(r3, 0x84, 0x5, &(0x7f0000001440)={r2, @in6={{0xa, 0x4e23, 0x4, @loopback, 0x11}}}, 0x84)

17:49:17 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="ac1e0001ac1e0001010000000a000000ac1e0001ac14aa7f000001e0000001e0000001ac1e0001ac1e0101ac14142ae00000010000000000"], 0x38)
close(r0)

17:49:17 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfec00000, 0xffffff7f]}}, 0x1c)

17:49:18 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000000000]}, 0x2c8)

17:49:18 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
r1 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x7, 0x10800)
getsockopt$inet_opts(r1, 0x0, 0x9, &(0x7f0000000180)=""/153, &(0x7f0000000240)=0x99)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00')
ioctl$DRM_IOCTL_GEM_OPEN(r1, 0xc010640b, &(0x7f0000000280)={<r3=>0x0, 0x0, 0xffff})
ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f00000002c0)={0x0, r3})
sendmsg$TIPC_NL_MON_GET(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000001}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x34, r2, 0x100, 0x70bd2c, 0x25dfdbfc, {}, [@TIPC_NLA_MEDIA={0x20, 0x5, [@TIPC_NLA_MEDIA_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7ff}]}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x40010}, 0x2054b39fd18f8f3a)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)

17:49:18 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'ip6erspan0\x00', 0x20})
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
close(r0)

[  845.631476][T12207] syz-executor4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000
[  845.643974][T12207] CPU: 1 PID: 12207 Comm: syz-executor4 Not tainted 5.0.0-rc1-next-20190108 #7
[  845.652912][T12207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  845.662963][T12207] Call Trace:
[  845.666270][T12207]  dump_stack+0x1db/0x2d0
[  845.670621][T12207]  ? dump_stack_print_info.cold+0x20/0x20
[  845.676362][T12207]  ? check_preemption_disabled+0x48/0x290
[  845.682079][T12207]  dump_header+0x1e6/0x116c
[  845.686579][T12207]  ? add_lock_to_list.isra.0+0x450/0x450
[  845.692211][T12207]  ? perf_trace_lock+0x750/0x750
[  845.697165][T12207]  ? print_usage_bug+0xd0/0xd0
[  845.701940][T12207]  ? pagefault_out_of_memory+0x1a1/0x1a1
[  845.707587][T12207]  ? ___ratelimit+0x37c/0x686
[  845.712273][T12207]  ? mark_held_locks+0xb1/0x100
[  845.717130][T12207]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  845.722957][T12207]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  845.728763][T12207]  ? lockdep_hardirqs_on+0x415/0x5d0
[  845.734040][T12207]  ? trace_hardirqs_on+0xbd/0x310
[  845.739066][T12207]  ? kasan_check_read+0x11/0x20
[  845.743927][T12207]  ? ___ratelimit+0x37c/0x686
[  845.748624][T12207]  ? trace_hardirqs_off_caller+0x300/0x300
[  845.754448][T12207]  ? do_raw_spin_trylock+0x270/0x270
[  845.759744][T12207]  ? trace_hardirqs_on_caller+0x310/0x310
[  845.765476][T12207]  ? lock_acquire+0x1db/0x570
[  845.770172][T12207]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  845.775991][T12207]  ? ___ratelimit+0xac/0x686
[  845.780599][T12207]  ? idr_get_free+0xee0/0xee0
[  845.785291][T12207]  ? lockdep_hardirqs_on+0x415/0x5d0
[  845.790607][T12207]  oom_kill_process.cold+0x10/0x9ca
[  845.795811][T12207]  ? cgroup_procs_next+0x70/0x70
[  845.800773][T12207]  ? _raw_spin_unlock_irq+0x5e/0x90
[  845.805989][T12207]  ? oom_badness+0xa50/0xa50
[  845.810586][T12207]  ? oom_evaluate_task+0x540/0x540
[  845.815706][T12207]  ? mem_cgroup_iter_break+0x30/0x30
[  845.820987][T12207]  ? mutex_trylock+0x2d0/0x2d0
[  845.825749][T12207]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  845.831989][T12207]  ? rcu_read_unlock_special+0x380/0x380
[  845.837616][T12207]  out_of_memory+0x885/0x1420
[  845.842294][T12207]  ? mem_cgroup_iter+0x4f4/0xf50
[  845.847244][T12207]  ? oom_killer_disable+0x340/0x340
[  845.852441][T12207]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[  845.858238][T12207]  ? lock_acquire+0x1db/0x570
[  845.862925][T12207]  mem_cgroup_out_of_memory+0x160/0x210
[  845.868488][T12207]  ? do_raw_spin_unlock+0xa0/0x330
[  845.873619][T12207]  ? memory_oom_group_write+0x160/0x160
[  845.879169][T12207]  ? do_raw_spin_trylock+0x270/0x270
[  845.884454][T12207]  ? _raw_spin_unlock+0x2d/0x50
[  845.889383][T12207]  try_charge+0x1457/0x1d00
[  845.893916][T12207]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  845.899458][T12207]  ? find_held_lock+0x35/0x120
[  845.904213][T12207]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[  845.909749][T12207]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  845.916080][T12207]  ? lock_downgrade+0xbe0/0xbe0
[  845.920943][T12207]  ? kasan_check_read+0x11/0x20
[  845.925825][T12207]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  845.931827][T12207]  ? rcu_read_unlock_special+0x380/0x380
[  845.937477][T12207]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[  845.943030][T12207]  __memcg_kmem_charge_memcg+0x7c/0x130
[  845.948588][T12207]  ? memcg_kmem_put_cache+0xb0/0xb0
[  845.953797][T12207]  ? lock_release+0xc40/0xc40
[  845.958502][T12207]  __memcg_kmem_charge+0x136/0x300
[  845.963648][T12207]  __alloc_pages_nodemask+0x7b8/0xdc0
[  845.969030][T12207]  ? __alloc_pages_slowpath+0x2c60/0x2c60
[  845.974749][T12207]  ? rcu_pm_notify+0xd0/0xd0
[  845.979370][T12207]  ? rcu_read_lock_sched_held+0x110/0x130
[  845.985081][T12207]  ? kmem_cache_alloc_node+0x347/0x710
[  845.990541][T12207]  ? pci_mmcfg_check_reserved+0x170/0x170
[  845.996288][T12207]  copy_process+0x847/0x8720
[  846.000933][T12207]  ? ___might_sleep+0x1e7/0x310
[  846.005807][T12207]  ? arch_local_save_flags+0x50/0x50
[  846.011103][T12207]  ? __schedule+0x1e60/0x1e60
[  846.015770][T12207]  ? do_raw_spin_trylock+0x270/0x270
[  846.021053][T12207]  ? __cleanup_sighand+0x70/0x70
[  846.025981][T12207]  ? futex_wait_queue_me+0x539/0x810
[  846.031257][T12207]  ? refill_pi_state_cache.part.0+0x310/0x310
[  846.037347][T12207]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  846.043093][T12207]  ? handle_futex_death+0x230/0x230
[  846.048312][T12207]  ? unwind_get_return_address+0x61/0xa0
[  846.053984][T12207]  ? __sanitizer_cov_trace_switch+0x49/0x80
[  846.059899][T12207]  ? drop_futex_key_refs.isra.0+0x6f/0xf0
[  846.065621][T12207]  ? futex_wait+0x6e6/0xa40
[  846.070117][T12207]  ? print_usage_bug+0xd0/0xd0
[  846.074904][T12207]  ? futex_wait_setup+0x430/0x430
[  846.079946][T12207]  ? drop_futex_key_refs.isra.0+0x6f/0xf0
[  846.085688][T12207]  ? __lock_acquire+0x572/0x4a10
[  846.090643][T12207]  ? kasan_check_read+0x11/0x20
[  846.095525][T12207]  ? mark_held_locks+0x100/0x100
[  846.100459][T12207]  ? trace_hardirqs_on_caller+0x310/0x310
[  846.106168][T12207]  ? kfree+0x173/0x230
[  846.110229][T12207]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  846.116474][T12207]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  846.122722][T12207]  ? check_preemption_disabled+0x48/0x290
[  846.128450][T12207]  ? debug_smp_processor_id+0x1c/0x20
[  846.133847][T12207]  ? perf_trace_lock_acquire+0x138/0x7d0
[  846.139522][T12207]  ? add_lock_to_list.isra.0+0x450/0x450
[  846.145146][T12207]  ? perf_trace_lock+0x750/0x750
[  846.150075][T12207]  ? exit_robust_list+0x290/0x290
[  846.155098][T12207]  ? __might_fault+0x12b/0x1e0
[  846.159865][T12207]  ? find_held_lock+0x35/0x120
[  846.164627][T12207]  ? __might_fault+0x12b/0x1e0
[  846.169413][T12207]  ? lock_acquire+0x1db/0x570
[  846.174113][T12207]  ? lock_downgrade+0xbe0/0xbe0
[  846.178981][T12207]  ? lock_release+0xc40/0xc40
17:49:18 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x0)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:49:18 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeffffff, 0xffffff7f]}}, 0x1c)

17:49:18 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000000000)={0x10, 0x0, 0x25dfdbfd, 0x10010000}, 0xc)
r1 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r1, 0x1261, 0x0)

[  846.183662][T12207]  ? trace_hardirqs_off_caller+0x300/0x300
[  846.189463][T12207]  _do_fork+0x1a9/0x1170
[  846.193774][T12207]  ? fork_idle+0x1d0/0x1d0
[  846.198204][T12207]  ? kasan_check_read+0x11/0x20
[  846.203073][T12207]  ? _copy_to_user+0xc9/0x120
[  846.207769][T12207]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  846.214024][T12207]  ? put_timespec64+0x115/0x1b0
[  846.218893][T12207]  ? nsecs_to_jiffies+0x30/0x30
[  846.223763][T12207]  ? do_syscall_64+0x8c/0x800
[  846.228454][T12207]  ? do_syscall_64+0x8c/0x800
17:49:18 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
close(r1)

[  846.233148][T12207]  ? lockdep_hardirqs_on+0x415/0x5d0
[  846.238450][T12207]  ? trace_hardirqs_on+0xbd/0x310
[  846.243491][T12207]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  846.249751][T12207]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  846.255844][T12207]  ? trace_hardirqs_off_caller+0x300/0x300
[  846.261667][T12207]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  846.267929][T12207]  __x64_sys_clone+0xbf/0x150
[  846.272627][T12207]  do_syscall_64+0x1a3/0x800
[  846.277235][T12207]  ? syscall_return_slowpath+0x5f0/0x5f0
[  846.282906][T12207]  ? prepare_exit_to_usermode+0x232/0x3b0
[  846.288648][T12207]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  846.294225][T12207]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  846.300128][T12207] RIP: 0033:0x457ec9
[  846.304218][T12207] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  846.323842][T12207] RSP: 002b:00007f20e9848c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
17:49:19 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x1a}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x1)
readv(r0, &(0x7f0000000000)=[{&(0x7f0000000080)=""/102, 0x66}, {&(0x7f0000000400)=""/4096, 0x1000}, {&(0x7f0000000240)=""/195, 0xc3}, {&(0x7f0000000100)=""/146, 0x92}], 0x4)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

[  846.332268][T12207] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457ec9
[  846.340252][T12207] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000002102001ffc
[  846.348232][T12207] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000
[  846.356216][T12207] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f20e98496d4
[  846.364198][T12207] R13: 00000000004be2a0 R14: 00000000004ce600 R15: 00000000ffffffff
[  846.415687][T12207] memory: usage 307196kB, limit 307200kB, failcnt 3907
[  846.426054][T12207] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  846.446285][T12207] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
17:49:19 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$BLKGETSIZE(r0, 0x1260, &(0x7f0000000000))
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)

17:49:19 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f0000000000), 0x0)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:49:19 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff000000, 0xffffff7f]}}, 0x1c)

[  846.453182][T12207] Memory cgroup stats for /syz4: cache:120KB rss:211288KB rss_huge:161792KB shmem:168KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:16KB active_anon:211376KB inactive_file:4KB active_file:0KB unevictable:0KB
[  846.496429][T12207] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor4,pid=22922,uid=0
17:49:19 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000100)='/dev/dsp#\x00', 0x6, 0x80000)
clock_gettime(0x0, &(0x7f0000000080)={<r1=>0x0, <r2=>0x0})
mq_timedsend(r0, &(0x7f0000000000)="6424aed77bda12689ce23e650883cec68a31d78afa1bc94f1ceb47a3580a54d12bc2ab017ce6abc6e5", 0x29, 0x7ff, &(0x7f00000000c0)={r1, r2+10000000})
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
close(r0)

[  846.543030][T12207] Memory cgroup out of memory: Kill process 22922 (syz-executor4) score 1106 or sacrifice child
[  846.554001][T12207] Killed process 22922 (syz-executor4) total-vm:70532kB, anon-rss:2196kB, file-rss:33736kB, shmem-rss:0kB
[  846.714914][T12206] syz-executor4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000
[  846.754105][T12206] CPU: 1 PID: 12206 Comm: syz-executor4 Not tainted 5.0.0-rc1-next-20190108 #7
[  846.763061][T12206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  846.773125][T12206] Call Trace:
[  846.776432][T12206]  dump_stack+0x1db/0x2d0
[  846.780780][T12206]  ? dump_stack_print_info.cold+0x20/0x20
[  846.786516][T12206]  ? check_preemption_disabled+0x48/0x290
[  846.792267][T12206]  dump_header+0x1e6/0x116c
[  846.796788][T12206]  ? add_lock_to_list.isra.0+0x450/0x450
[  846.802438][T12206]  ? perf_trace_lock+0x750/0x750
[  846.807531][T12206]  ? print_usage_bug+0xd0/0xd0
[  846.812304][T12206]  ? pagefault_out_of_memory+0x1a1/0x1a1
[  846.817968][T12206]  ? ___ratelimit+0x37c/0x686
[  846.822641][T12206]  ? mark_held_locks+0xb1/0x100
[  846.827486][T12206]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  846.833352][T12206]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  846.839299][T12206]  ? lockdep_hardirqs_on+0x415/0x5d0
[  846.844696][T12206]  ? trace_hardirqs_on+0xbd/0x310
[  846.849709][T12206]  ? kasan_check_read+0x11/0x20
[  846.854547][T12206]  ? ___ratelimit+0x37c/0x686
[  846.859222][T12206]  ? trace_hardirqs_off_caller+0x300/0x300
[  846.865031][T12206]  ? do_raw_spin_trylock+0x270/0x270
[  846.870303][T12206]  ? trace_hardirqs_on_caller+0x310/0x310
[  846.876030][T12206]  ? lock_acquire+0x1db/0x570
[  846.880713][T12206]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  846.886532][T12206]  ? ___ratelimit+0xac/0x686
[  846.891115][T12206]  ? idr_get_free+0xee0/0xee0
[  846.895793][T12206]  ? lockdep_hardirqs_on+0x415/0x5d0
[  846.901078][T12206]  oom_kill_process.cold+0x10/0x9ca
[  846.906269][T12206]  ? cgroup_procs_next+0x70/0x70
[  846.911228][T12206]  ? _raw_spin_unlock_irq+0x5e/0x90
[  846.916447][T12206]  ? oom_badness+0xa50/0xa50
[  846.921042][T12206]  ? oom_evaluate_task+0x540/0x540
[  846.926157][T12206]  ? mem_cgroup_iter_break+0x30/0x30
[  846.931444][T12206]  ? mutex_trylock+0x2d0/0x2d0
[  846.936195][T12206]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  846.942441][T12206]  ? rcu_read_unlock_special+0x380/0x380
[  846.948072][T12206]  out_of_memory+0x885/0x1420
[  846.952745][T12206]  ? mem_cgroup_iter+0x4f4/0xf50
[  846.957671][T12206]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  846.963521][T12206]  ? oom_killer_disable+0x340/0x340
[  846.968712][T12206]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[  846.974549][T12206]  ? lock_acquire+0x1db/0x570
[  846.979221][T12206]  mem_cgroup_out_of_memory+0x160/0x210
[  846.984755][T12206]  ? do_raw_spin_unlock+0xa0/0x330
[  846.989884][T12206]  ? memory_oom_group_write+0x160/0x160
[  846.995446][T12206]  ? do_raw_spin_trylock+0x270/0x270
[  847.000745][T12206]  ? _raw_spin_unlock+0x2d/0x50
[  847.005589][T12206]  try_charge+0xd42/0x1d00
[  847.010002][T12206]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  847.015545][T12206]  ? find_held_lock+0x35/0x120
[  847.020306][T12206]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[  847.025892][T12206]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  847.032125][T12206]  ? lock_downgrade+0xbe0/0xbe0
[  847.037002][T12206]  ? kasan_check_read+0x11/0x20
[  847.041860][T12206]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  847.047829][T12206]  ? rcu_read_unlock_special+0x380/0x380
[  847.053478][T12206]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[  847.059036][T12206]  __memcg_kmem_charge_memcg+0x7c/0x130
[  847.064579][T12206]  ? memcg_kmem_put_cache+0xb0/0xb0
[  847.069776][T12206]  ? lock_release+0xc40/0xc40
[  847.074449][T12206]  __memcg_kmem_charge+0x136/0x300
[  847.079554][T12206]  __alloc_pages_nodemask+0x7b8/0xdc0
[  847.084925][T12206]  ? __alloc_pages_slowpath+0x2c60/0x2c60
[  847.090653][T12206]  ? rcu_pm_notify+0xd0/0xd0
[  847.095270][T12206]  ? rcu_read_lock_sched_held+0x110/0x130
[  847.101002][T12206]  ? kmem_cache_alloc_node+0x347/0x710
[  847.106465][T12206]  ? print_usage_bug+0xd0/0xd0
[  847.111239][T12206]  copy_process+0x847/0x8720
[  847.115845][T12206]  ? print_usage_bug+0xd0/0xd0
[  847.120640][T12206]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  847.126896][T12206]  ? check_preemption_disabled+0x48/0x290
[  847.132608][T12206]  ? __lock_acquire+0x572/0x4a10
[  847.137540][T12206]  ? mark_held_locks+0x100/0x100
[  847.142526][T12206]  ? __cleanup_sighand+0x70/0x70
[  847.147457][T12206]  ? mark_held_locks+0x100/0x100
[  847.152405][T12206]  ? find_held_lock+0x35/0x120
[  847.157205][T12206]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  847.163446][T12206]  ? check_preemption_disabled+0x48/0x290
[  847.169156][T12206]  ? debug_smp_processor_id+0x1c/0x20
[  847.174515][T12206]  ? perf_trace_lock_acquire+0x138/0x7d0
[  847.180136][T12206]  ? delayacct_end+0xc9/0x100
[  847.184799][T12206]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  847.191037][T12206]  ? add_lock_to_list.isra.0+0x450/0x450
[  847.196670][T12206]  ? perf_trace_lock+0x750/0x750
[  847.201599][T12206]  ? perf_trace_lock_acquire+0x138/0x7d0
[  847.207237][T12206]  ? add_lock_to_list.isra.0+0x450/0x450
[  847.212863][T12206]  ? find_held_lock+0x35/0x120
[  847.217614][T12206]  ? print_usage_bug+0xd0/0xd0
[  847.222389][T12206]  ? psi_memstall_leave+0x1f8/0x280
[  847.227577][T12206]  ? find_held_lock+0x35/0x120
[  847.232361][T12206]  ? __lock_acquire+0x572/0x4a10
[  847.237288][T12206]  ? _raw_spin_unlock_irq+0x28/0x90
[  847.242486][T12206]  ? _raw_spin_unlock_irq+0x28/0x90
[  847.247730][T12206]  ? lockdep_hardirqs_on+0x415/0x5d0
[  847.253012][T12206]  ? trace_hardirqs_on+0xbd/0x310
[  847.258027][T12206]  ? mark_held_locks+0x100/0x100
[  847.262958][T12206]  ? check_preemption_disabled+0x48/0x290
[  847.268693][T12206]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  847.274935][T12206]  ? check_preemption_disabled+0x48/0x290
[  847.280645][T12206]  ? debug_smp_processor_id+0x1c/0x20
[  847.286008][T12206]  ? perf_trace_lock_acquire+0x138/0x7d0
[  847.291634][T12206]  ? add_lock_to_list.isra.0+0x450/0x450
[  847.297255][T12206]  ? perf_trace_lock+0x750/0x750
[  847.302187][T12206]  ? lockdep_hardirqs_on+0x415/0x5d0
[  847.307491][T12206]  ? try_to_free_pages+0xb70/0xb70
[  847.312596][T12206]  ? percpu_ref_put_many+0x129/0x270
[  847.317874][T12206]  ? blkcg_maybe_throttle_current+0x75e/0x13c0
[  847.324015][T12206]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  847.330247][T12206]  _do_fork+0x1a9/0x1170
[  847.334483][T12206]  ? fork_idle+0x1d0/0x1d0
[  847.338908][T12206]  ? trace_hardirqs_off+0xb8/0x310
[  847.344023][T12206]  ? get_mctgt_type_thp.isra.0+0x4c0/0x4c0
[  847.349850][T12206]  ? prepare_exit_to_usermode+0x32e/0x3b0
[  847.355571][T12206]  ? do_syscall_64+0x8c/0x800
[  847.360235][T12206]  ? do_syscall_64+0x8c/0x800
[  847.364900][T12206]  ? lockdep_hardirqs_on+0x415/0x5d0
[  847.370173][T12206]  ? trace_hardirqs_on+0xbd/0x310
[  847.375189][T12206]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  847.381242][T12206]  ? trace_hardirqs_off_caller+0x300/0x300
[  847.387040][T12206]  __x64_sys_clone+0xbf/0x150
[  847.391764][T12206]  do_syscall_64+0x1a3/0x800
[  847.396376][T12206]  ? syscall_return_slowpath+0x5f0/0x5f0
[  847.402004][T12206]  ? prepare_exit_to_usermode+0x232/0x3b0
[  847.407715][T12206]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  847.413274][T12206]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  847.419164][T12206] RIP: 0033:0x45a899
[  847.423061][T12206] Code: ff 48 85 f6 0f 84 97 8d fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 6e 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75
[  847.442664][T12206] RSP: 002b:00007ffcc2973378 EFLAGS: 00000202 ORIG_RAX: 0000000000000038
[  847.451067][T12206] RAX: ffffffffffffffda RBX: 00007f20e9828700 RCX: 000000000045a899
[  847.459041][T12206] RDX: 00007f20e98289d0 RSI: 00007f20e9827db0 RDI: 00000000003d0f00
[  847.467003][T12206] RBP: 00007ffcc2973580 R08: 00007f20e9828700 R09: 00007f20e9828700
[  847.475002][T12206] R10: 00007f20e98289d0 R11: 0000000000000202 R12: 0000000000000000
[  847.482961][T12206] R13: 00007ffcc297342f R14: 00007f20e98289c0 R15: 000000000073bfac
[  847.505811][T12206] memory: usage 304872kB, limit 307200kB, failcnt 3907
[  847.512921][T12206] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  847.520779][T12206] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  847.528493][T12206] Memory cgroup stats for /syz4: cache:120KB rss:209184KB rss_huge:159744KB shmem:168KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:16KB active_anon:209216KB inactive_file:4KB active_file:0KB unevictable:0KB
[  847.552294][T12206] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor4,pid=23008,uid=0
[  847.567661][T12206] Memory cgroup out of memory: Kill process 23008 (syz-executor4) score 1106 or sacrifice child
[  847.578256][T12206] Killed process 23008 (syz-executor4) total-vm:70532kB, anon-rss:2196kB, file-rss:33736kB, shmem-rss:0kB
[  847.591170][ T1043] oom_reaper: reaped process 23008 (syz-executor4), now anon-rss:0kB, file-rss:32776kB, shmem-rss:0kB
17:49:20 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900000000000000]}, 0x2c8)

17:49:20 executing program 0:
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x802, 0x0)
ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000040)={0x6, 0xca14, 0x7, 0x729, 0x4, [{0x401, 0x8001, 0x81, 0x0, 0x0, 0x800}, {0x1, 0x4, 0x1f, 0x0, 0x0, 0x86}, {0xfffffffffffffffb, 0xf7, 0x9, 0x0, 0x0, 0x8}, {0x6, 0x5, 0x1ff, 0x0, 0x0, 0x800}]})
r1 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r1, 0x1261, 0x0)

17:49:20 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff0000, 0xffffff7f]}}, 0x1c)

17:49:20 executing program 1:
r0 = dup2(0xffffffffffffff9c, 0xffffffffffffff9c)
ioctl$SIOCX25GDTEFACILITIES(r0, 0x89ea, &(0x7f0000000000))
r1 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r1, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r1, 0x800000c0045005, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
close(r1)

17:49:20 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c004500c, &(0x7f00000000c0)=0xd23d)
openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x4100, 0x0)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/vcs\x00', 0x40000, 0x0)
close(r0)

17:49:20 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
ioctl$TCSETAF(r0, 0x5408, &(0x7f0000000000)={0x8001, 0x7, 0x1000, 0x81, 0x5, 0x6, 0x1000, 0x7, 0x3, 0x228})
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:49:20 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdef, 0xffffff7f]}}, 0x1c)

17:49:20 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x4, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x7fff)
r1 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/full\x00', 0x400000, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x7)
r2 = accept$packet(0xffffffffffffff9c, 0x0, &(0x7f0000000100))
setsockopt$RDS_GET_MR_FOR_DEST(r1, 0x114, 0x7, &(0x7f0000000180)={@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x2, 0x1, 0x2, 0x2, {0xa, 0x4e21, 0x8, @remote, 0x78c7}}}, {&(0x7f0000000400)=""/4096, 0x1000}, &(0x7f0000000140), 0x8}, 0xa0)
getsockopt$inet6_int(r1, 0x29, 0x50, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x100, 0x0)
ioctl$BLKROGET(r3, 0x125e, &(0x7f00000002c0))
getsockopt$netrom_NETROM_N2(r3, 0x103, 0x3, &(0x7f0000000040)=0xffffffff, &(0x7f0000000080)=0x4)

17:49:20 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00000000000000]}, 0x2c8)

17:49:20 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0xffffff7f]}}, 0x1c)

17:49:20 executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x3)
r1 = syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0x9, 0x40)
ioctl$KVM_CHECK_EXTENSION_VM(r1, 0xae03, 0x2)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
setsockopt$l2tp_PPPOL2TP_SO_REORDERTO(r0, 0x111, 0x5, 0x3, 0x4)

17:49:20 executing program 0:
r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x8000, 0x0)
ioctl$sock_inet_udp_SIOCINQ(r0, 0x541b, &(0x7f0000001100))
recvfrom$llc(r0, &(0x7f00000000c0)=""/4096, 0x1000, 0x120, &(0x7f00000010c0)={0x1a, 0x32e, 0x9, 0x220, 0x8, 0x52, @local}, 0x10)
ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000080)=0x3)
r1 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0xfffffffffffffffd)
ioctl$LOOP_SET_BLOCK_SIZE(r1, 0x1261, 0x0)

17:49:20 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff8d, 0xffffff7f]}}, 0x1c)

17:49:20 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb00000000000000]}, 0x2c8)

17:49:20 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)

[  848.191584][T12310] syz-executor4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000
[  848.203855][T12310] CPU: 1 PID: 12310 Comm: syz-executor4 Not tainted 5.0.0-rc1-next-20190108 #7
[  848.212809][T12310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  848.222879][T12310] Call Trace:
[  848.226172][T12310]  dump_stack+0x1db/0x2d0
[  848.230509][T12310]  ? dump_stack_print_info.cold+0x20/0x20
[  848.236241][T12310]  ? check_preemption_disabled+0x48/0x290
[  848.242021][T12310]  dump_header+0x1e6/0x116c
[  848.246538][T12310]  ? add_lock_to_list.isra.0+0x450/0x450
[  848.252159][T12310]  ? perf_trace_lock+0x750/0x750
[  848.257085][T12310]  ? print_usage_bug+0xd0/0xd0
[  848.261849][T12310]  ? pagefault_out_of_memory+0x1a1/0x1a1
[  848.267480][T12310]  ? ___ratelimit+0x37c/0x686
[  848.272167][T12310]  ? mark_held_locks+0xb1/0x100
[  848.277035][T12310]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  848.282855][T12310]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  848.288665][T12310]  ? lockdep_hardirqs_on+0x415/0x5d0
[  848.293962][T12310]  ? trace_hardirqs_on+0xbd/0x310
[  848.298998][T12310]  ? kasan_check_read+0x11/0x20
[  848.304023][T12310]  ? ___ratelimit+0x37c/0x686
[  848.308690][T12310]  ? trace_hardirqs_off_caller+0x300/0x300
[  848.314484][T12310]  ? do_raw_spin_trylock+0x270/0x270
[  848.319767][T12310]  ? trace_hardirqs_on_caller+0x310/0x310
[  848.325485][T12310]  ? lock_acquire+0x1db/0x570
[  848.330179][T12310]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  848.335987][T12310]  ? ___ratelimit+0xac/0x686
[  848.340568][T12310]  ? idr_get_free+0xee0/0xee0
[  848.345435][T12310]  ? lockdep_hardirqs_on+0x415/0x5d0
[  848.350756][T12310]  oom_kill_process.cold+0x10/0x9ca
[  848.356002][T12310]  ? cgroup_procs_next+0x70/0x70
[  848.360946][T12310]  ? _raw_spin_unlock_irq+0x5e/0x90
[  848.366192][T12310]  ? oom_badness+0xa50/0xa50
[  848.370777][T12310]  ? oom_evaluate_task+0x540/0x540
[  848.375966][T12310]  ? mem_cgroup_iter_break+0x30/0x30
[  848.381241][T12310]  ? mutex_trylock+0x2d0/0x2d0
[  848.386008][T12310]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  848.392264][T12310]  ? rcu_read_unlock_special+0x380/0x380
[  848.397892][T12310]  out_of_memory+0x885/0x1420
[  848.402574][T12310]  ? mem_cgroup_iter+0x4f4/0xf50
[  848.407534][T12310]  ? oom_killer_disable+0x340/0x340
[  848.412735][T12310]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[  848.418541][T12310]  ? lock_acquire+0x1db/0x570
[  848.423235][T12310]  mem_cgroup_out_of_memory+0x160/0x210
[  848.428806][T12310]  ? do_raw_spin_unlock+0xa0/0x330
[  848.433918][T12310]  ? memory_oom_group_write+0x160/0x160
[  848.439446][T12310]  ? do_raw_spin_trylock+0x270/0x270
[  848.444765][T12310]  ? _raw_spin_unlock+0x2d/0x50
[  848.449726][T12310]  try_charge+0x1457/0x1d00
[  848.454247][T12310]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  848.459800][T12310]  ? find_held_lock+0x35/0x120
[  848.464543][T12310]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[  848.470076][T12310]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  848.476309][T12310]  ? lock_downgrade+0xbe0/0xbe0
[  848.481219][T12310]  ? kasan_check_read+0x11/0x20
[  848.486065][T12310]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  848.492043][T12310]  ? rcu_read_unlock_special+0x380/0x380
[  848.498230][T12310]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[  848.503784][T12310]  __memcg_kmem_charge_memcg+0x7c/0x130
[  848.509379][T12310]  ? memcg_kmem_put_cache+0xb0/0xb0
[  848.514581][T12310]  ? lock_release+0xc40/0xc40
[  848.519449][T12310]  __memcg_kmem_charge+0x136/0x300
[  848.524590][T12310]  __alloc_pages_nodemask+0x7b8/0xdc0
[  848.529987][T12310]  ? __alloc_pages_slowpath+0x2c60/0x2c60
[  848.535731][T12310]  ? rcu_pm_notify+0xd0/0xd0
[  848.540357][T12310]  ? rcu_read_lock_sched_held+0x110/0x130
[  848.546084][T12310]  ? kmem_cache_alloc_node+0x347/0x710
[  848.551554][T12310]  ? pci_mmcfg_check_reserved+0x170/0x170
[  848.557294][T12310]  copy_process+0x847/0x8720
[  848.561914][T12310]  ? ___might_sleep+0x1e7/0x310
[  848.566779][T12310]  ? arch_local_save_flags+0x50/0x50
[  848.572073][T12310]  ? __schedule+0x1e60/0x1e60
[  848.576775][T12310]  ? do_raw_spin_trylock+0x270/0x270
[  848.582081][T12310]  ? __cleanup_sighand+0x70/0x70
[  848.587030][T12310]  ? futex_wait_queue_me+0x539/0x810
[  848.592321][T12310]  ? refill_pi_state_cache.part.0+0x310/0x310
[  848.598405][T12310]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  848.604148][T12310]  ? handle_futex_death+0x230/0x230
[  848.609360][T12310]  ? lock_acquire+0x1db/0x570
[  848.614047][T12310]  ? __sanitizer_cov_trace_switch+0x49/0x80
[  848.619948][T12310]  ? drop_futex_key_refs.isra.0+0x6f/0xf0
[  848.625673][T12310]  ? futex_wait+0x6e6/0xa40
[  848.625699][T12310]  ? print_usage_bug+0xd0/0xd0
[  848.625720][T12310]  ? futex_wait_setup+0x430/0x430
17:49:21 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1000001, 0x101004)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

[  848.634970][T12310]  ? drop_futex_key_refs.isra.0+0x6f/0xf0
[  848.645683][T12310]  ? __lock_acquire+0x572/0x4a10
[  848.650666][T12310]  ? mark_held_locks+0x100/0x100
[  848.655634][T12310]  ? trace_hardirqs_on_caller+0x310/0x310
[  848.661372][T12310]  ? kfree+0x173/0x230
[  848.665451][T12310]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  848.671688][T12310]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  848.677935][T12310]  ? check_preemption_disabled+0x48/0x290
[  848.683660][T12310]  ? debug_smp_processor_id+0x1c/0x20
[  848.689013][T12310]  ? perf_trace_lock_acquire+0x138/0x7d0
[  848.694659][T12310]  ? add_lock_to_list.isra.0+0x450/0x450
[  848.700337][T12310]  ? perf_trace_lock+0x750/0x750
[  848.705281][T12310]  ? exit_robust_list+0x290/0x290
[  848.710388][T12310]  ? __might_fault+0x12b/0x1e0
[  848.715158][T12310]  ? find_held_lock+0x35/0x120
[  848.719941][T12310]  ? __might_fault+0x12b/0x1e0
[  848.724744][T12310]  ? lock_acquire+0x1db/0x570
[  848.729455][T12310]  ? lock_downgrade+0xbe0/0xbe0
[  848.734303][T12310]  ? lock_release+0xc40/0xc40
17:49:21 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
close(r0)
ioctl$SIOCAX25CTLCON(r0, 0x89e8, &(0x7f0000000080)={@null, @default, @null, 0x63, 0x9, 0x8, [@null, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @bcast]})

17:49:21 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff5, 0xffffff7f]}}, 0x1c)

17:49:21 executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x1ffffffd, 0x40002)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
accept4(0xffffffffffffff9c, &(0x7f0000000080)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, &(0x7f0000000000)=0x80, 0x800)

17:49:21 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$EVIOCSABS0(r0, 0x401845c0, &(0x7f0000000140)={0x9, 0x2, 0xb8, 0x0, 0xee0f, 0x4})
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380))
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x100000000)
getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000000)={0x5, 0x1ff, 0x2, 0x1, 0x7, 0x4, 0x7f1257fb, 0x40, <r1=>0x0}, &(0x7f0000000080)=0x20)
getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f00000000c0)={r1, 0xc37}, &(0x7f0000000100)=0x8)

17:49:21 executing program 2:
r0 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vfio/vfio\x00', 0x141202, 0x0)
ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r0, 0x80045700, &(0x7f0000000080))
syz_open_dev$ndb(&(0x7f0000000200)='/dev/nbd#\x00', 0x0, 0x2000)
r1 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
ioctl$int_in(r1, 0x800000c0045009, &(0x7f0000000380)=0x1)
ioctl$EXT4_IOC_GROUP_EXTEND(r1, 0x40086607, &(0x7f0000000140)=0x1)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f0000000240)={<r2=>0x0, @in6={{0xa, 0x4e22, 0xfff, @empty, 0x7ff}}, 0x100000000, 0x4}, &(0x7f0000000300)=0x90)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000400), &(0x7f0000000440)=0xc)
getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000340)={r2, 0x8b}, &(0x7f00000003c0)=0x8)
accept4$inet(r1, &(0x7f00000000c0), &(0x7f0000000100)=0x10, 0x800)
clock_adjtime(0x6, &(0x7f0000000480)={0x5, 0x7, 0x498, 0x1000, 0x46c, 0x80200000000000, 0x3, 0x8c2, 0x9, 0x6, 0x6, 0x0, 0xffffffffffffffff, 0x3f, 0x3, 0x4, 0x2, 0x401, 0x490, 0x4, 0x3ff, 0x4, 0x7, 0x7, 0xffffffffffffff7f, 0x74})
socketpair$unix(0x1, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_G_FMT(r0, 0xc0585604, &(0x7f0000000180)={0x0, 0x0, {0x2, 0x7fff, 0x3011, 0x9, 0x7, 0xa, 0x0, 0x4}})
close(r1)

[  848.738989][T12310]  ? trace_hardirqs_off_caller+0x300/0x300
[  848.744802][T12310]  _do_fork+0x1a9/0x1170
[  848.749060][T12310]  ? fork_idle+0x1d0/0x1d0
[  848.753510][T12310]  ? kasan_check_read+0x11/0x20
[  848.758389][T12310]  ? _copy_to_user+0xc9/0x120
[  848.763074][T12310]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  848.769318][T12310]  ? put_timespec64+0x115/0x1b0
[  848.774200][T12310]  ? nsecs_to_jiffies+0x30/0x30
[  848.779056][T12310]  ? do_syscall_64+0x8c/0x800
[  848.783747][T12310]  ? do_syscall_64+0x8c/0x800
[  848.788436][T12310]  ? lockdep_hardirqs_on+0x415/0x5d0
[  848.793723][T12310]  ? trace_hardirqs_on+0xbd/0x310
[  848.793738][T12310]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  848.793757][T12310]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  848.793773][T12310]  ? trace_hardirqs_off_caller+0x300/0x300
[  848.793787][T12310]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  848.793810][T12310]  __x64_sys_clone+0xbf/0x150
[  848.805070][T12310]  do_syscall_64+0x1a3/0x800
[  848.805091][T12310]  ? syscall_return_slowpath+0x5f0/0x5f0
[  848.805109][T12310]  ? prepare_exit_to_usermode+0x232/0x3b0
[  848.805132][T12310]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  848.805156][T12310]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  848.855222][T12310] RIP: 0033:0x457ec9
[  848.859123][T12310] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  848.878730][T12310] RSP: 002b:00007f20e9848c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
17:49:21 executing program 0:
r0 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x3f, 0x400200)
ioctl$VIDIOC_DQEVENT(r0, 0x80885659, &(0x7f0000000040)={0x0, @src_change})
r1 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r1, 0x1261, 0x0)

[  848.887141][T12310] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457ec9
[  848.895122][T12310] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000002102001ffc
[  848.903098][T12310] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000
[  848.911070][T12310] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f20e98496d4
[  848.911080][T12310] R13: 00000000004be2a0 R14: 00000000004ce600 R15: 00000000ffffffff
17:49:21 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0xffffff7f]}}, 0x1c)

[  848.951434][T12310] memory: usage 307200kB, limit 307200kB, failcnt 3944
[  848.958393][T12310] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  848.976458][T12310] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  848.985547][T12310] Memory cgroup stats for /syz4: cache:120KB rss:211324KB rss_huge:161792KB shmem:168KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:16KB active_anon:211368KB inactive_file:0KB active_file:0KB unevictable:0KB
17:49:21 executing program 3:
readv(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x80400, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x800000c0045009, &(0x7f0000000380)=0x2)
close(0xffffffffffffffff)

17:49:21 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

[  849.137501][T12310] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor4,pid=12273,uid=0
[  849.159958][T12310] Memory cgroup out of memory: Kill process 12273 (syz-executor4) score 1106 or sacrifice child
[  849.171186][T12310] Killed process 12273 (syz-executor4) total-vm:70532kB, anon-rss:2196kB, file-rss:33740kB, shmem-rss:0kB
[  849.260413][T12309] syz-executor4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000
[  849.278805][T12309] CPU: 1 PID: 12309 Comm: syz-executor4 Not tainted 5.0.0-rc1-next-20190108 #7
[  849.287772][T12309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  849.297818][T12309] Call Trace:
[  849.297847][T12309]  dump_stack+0x1db/0x2d0
[  849.297868][T12309]  ? dump_stack_print_info.cold+0x20/0x20
[  849.297888][T12309]  ? check_preemption_disabled+0x48/0x290
[  849.305506][T12309]  dump_header+0x1e6/0x116c
[  849.305528][T12309]  ? add_lock_to_list.isra.0+0x450/0x450
[  849.305543][T12309]  ? perf_trace_lock+0x750/0x750
[  849.305558][T12309]  ? print_usage_bug+0xd0/0xd0
[  849.305586][T12309]  ? pagefault_out_of_memory+0x1a1/0x1a1
[  849.342385][T12309]  ? ___ratelimit+0x37c/0x686
[  849.347088][T12309]  ? mark_held_locks+0xb1/0x100
[  849.351981][T12309]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  849.357809][T12309]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  849.363618][T12309]  ? lockdep_hardirqs_on+0x415/0x5d0
[  849.368903][T12309]  ? trace_hardirqs_on+0xbd/0x310
[  849.373941][T12309]  ? kasan_check_read+0x11/0x20
[  849.378785][T12309]  ? ___ratelimit+0x37c/0x686
[  849.383442][T12309]  ? trace_hardirqs_off_caller+0x300/0x300
[  849.389252][T12309]  ? do_raw_spin_trylock+0x270/0x270
[  849.394528][T12309]  ? trace_hardirqs_on_caller+0x310/0x310
[  849.400226][T12309]  ? lock_acquire+0x1db/0x570
[  849.404902][T12309]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  849.410723][T12309]  ? ___ratelimit+0xac/0x686
[  849.415294][T12309]  ? idr_get_free+0xee0/0xee0
[  849.419949][T12309]  ? lockdep_hardirqs_on+0x415/0x5d0
[  849.425216][T12309]  oom_kill_process.cold+0x10/0x9ca
[  849.430426][T12309]  ? cgroup_procs_next+0x70/0x70
[  849.435366][T12309]  ? _raw_spin_unlock_irq+0x5e/0x90
[  849.440546][T12309]  ? oom_badness+0xa50/0xa50
[  849.445121][T12309]  ? oom_evaluate_task+0x540/0x540
[  849.450224][T12309]  ? mem_cgroup_iter_break+0x30/0x30
[  849.455510][T12309]  ? mutex_trylock+0x2d0/0x2d0
[  849.460273][T12309]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  849.466526][T12309]  ? rcu_read_unlock_special+0x380/0x380
[  849.472144][T12309]  out_of_memory+0x885/0x1420
[  849.476800][T12309]  ? mem_cgroup_iter+0x4f4/0xf50
[  849.481721][T12309]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  849.487525][T12309]  ? oom_killer_disable+0x340/0x340
[  849.492738][T12309]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[  849.498522][T12309]  ? lock_acquire+0x1db/0x570
[  849.503186][T12309]  mem_cgroup_out_of_memory+0x160/0x210
[  849.508728][T12309]  ? do_raw_spin_unlock+0xa0/0x330
[  849.513827][T12309]  ? memory_oom_group_write+0x160/0x160
[  849.519366][T12309]  ? do_raw_spin_trylock+0x270/0x270
[  849.524644][T12309]  ? _raw_spin_unlock+0x2d/0x50
[  849.529485][T12309]  try_charge+0xd42/0x1d00
[  849.533922][T12309]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  849.539464][T12309]  ? find_held_lock+0x35/0x120
[  849.544226][T12309]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[  849.549771][T12309]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  849.555998][T12309]  ? lock_downgrade+0xbe0/0xbe0
[  849.560823][T12309]  ? kasan_check_read+0x11/0x20
[  849.565667][T12309]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  849.571637][T12309]  ? rcu_read_unlock_special+0x380/0x380
[  849.577267][T12309]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[  849.582806][T12309]  __memcg_kmem_charge_memcg+0x7c/0x130
[  849.588339][T12309]  ? memcg_kmem_put_cache+0xb0/0xb0
[  849.593516][T12309]  ? lock_release+0xc40/0xc40
[  849.598203][T12309]  __memcg_kmem_charge+0x136/0x300
[  849.603336][T12309]  __alloc_pages_nodemask+0x7b8/0xdc0
[  849.608718][T12309]  ? __alloc_pages_slowpath+0x2c60/0x2c60
[  849.614433][T12309]  ? rcu_pm_notify+0xd0/0xd0
[  849.619007][T12309]  ? rcu_read_lock_sched_held+0x110/0x130
[  849.624713][T12309]  ? kmem_cache_alloc_node+0x347/0x710
[  849.630170][T12309]  ? print_usage_bug+0xd0/0xd0
[  849.634933][T12309]  copy_process+0x847/0x8720
[  849.639521][T12309]  ? print_usage_bug+0xd0/0xd0
[  849.644267][T12309]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  849.650486][T12309]  ? check_preemption_disabled+0x48/0x290
[  849.656188][T12309]  ? __lock_acquire+0x572/0x4a10
[  849.661100][T12309]  ? mark_held_locks+0x100/0x100
[  849.666020][T12309]  ? __cleanup_sighand+0x70/0x70
[  849.670956][T12309]  ? mark_held_locks+0x100/0x100
[  849.675871][T12309]  ? find_held_lock+0x35/0x120
[  849.680632][T12309]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  849.686857][T12309]  ? check_preemption_disabled+0x48/0x290
[  849.692563][T12309]  ? debug_smp_processor_id+0x1c/0x20
[  849.697941][T12309]  ? perf_trace_lock_acquire+0x138/0x7d0
[  849.703568][T12309]  ? delayacct_end+0xc9/0x100
[  849.708222][T12309]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  849.714461][T12309]  ? add_lock_to_list.isra.0+0x450/0x450
[  849.720096][T12309]  ? perf_trace_lock+0x750/0x750
[  849.725044][T12309]  ? perf_trace_lock_acquire+0x138/0x7d0
[  849.730663][T12309]  ? add_lock_to_list.isra.0+0x450/0x450
[  849.736276][T12309]  ? find_held_lock+0x35/0x120
[  849.741018][T12309]  ? print_usage_bug+0xd0/0xd0
[  849.745765][T12309]  ? psi_memstall_leave+0x1f8/0x280
[  849.750950][T12309]  ? find_held_lock+0x35/0x120
[  849.755717][T12309]  ? __lock_acquire+0x572/0x4a10
[  849.760677][T12309]  ? _raw_spin_unlock_irq+0x28/0x90
[  849.765884][T12309]  ? _raw_spin_unlock_irq+0x28/0x90
[  849.771064][T12309]  ? lockdep_hardirqs_on+0x415/0x5d0
[  849.776347][T12309]  ? trace_hardirqs_on+0xbd/0x310
[  849.781369][T12309]  ? mark_held_locks+0x100/0x100
[  849.786283][T12309]  ? check_preemption_disabled+0x48/0x290
[  849.791994][T12309]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  849.798239][T12309]  ? check_preemption_disabled+0x48/0x290
[  849.803980][T12309]  ? debug_smp_processor_id+0x1c/0x20
[  849.809340][T12309]  ? perf_trace_lock_acquire+0x138/0x7d0
[  849.814957][T12309]  ? add_lock_to_list.isra.0+0x450/0x450
[  849.820582][T12309]  ? perf_trace_lock+0x750/0x750
[  849.825498][T12309]  ? lockdep_hardirqs_on+0x415/0x5d0
[  849.830790][T12309]  ? try_to_free_pages+0xb70/0xb70
[  849.835911][T12309]  ? percpu_ref_put_many+0x129/0x270
[  849.841178][T12309]  ? blkcg_maybe_throttle_current+0x75e/0x13c0
[  849.847312][T12309]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  849.853570][T12309]  _do_fork+0x1a9/0x1170
[  849.857817][T12309]  ? fork_idle+0x1d0/0x1d0
[  849.862228][T12309]  ? trace_hardirqs_off+0xb8/0x310
[  849.867318][T12309]  ? get_mctgt_type_thp.isra.0+0x4c0/0x4c0
[  849.873139][T12309]  ? prepare_exit_to_usermode+0x32e/0x3b0
[  849.878880][T12309]  ? do_syscall_64+0x8c/0x800
[  849.883560][T12309]  ? do_syscall_64+0x8c/0x800
[  849.888217][T12309]  ? lockdep_hardirqs_on+0x415/0x5d0
[  849.893497][T12309]  ? trace_hardirqs_on+0xbd/0x310
[  849.898550][T12309]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  849.904633][T12309]  ? trace_hardirqs_off_caller+0x300/0x300
[  849.910469][T12309]  __x64_sys_clone+0xbf/0x150
[  849.915149][T12309]  do_syscall_64+0x1a3/0x800
[  849.919728][T12309]  ? syscall_return_slowpath+0x5f0/0x5f0
[  849.925353][T12309]  ? prepare_exit_to_usermode+0x232/0x3b0
[  849.931075][T12309]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  849.936613][T12309]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  849.942484][T12309] RIP: 0033:0x45a899
[  849.946362][T12309] Code: ff 48 85 f6 0f 84 97 8d fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 6e 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75
[  849.965949][T12309] RSP: 002b:00007ffcc2973378 EFLAGS: 00000202 ORIG_RAX: 0000000000000038
[  849.974363][T12309] RAX: ffffffffffffffda RBX: 00007f20e9828700 RCX: 000000000045a899
[  849.982348][T12309] RDX: 00007f20e98289d0 RSI: 00007f20e9827db0 RDI: 00000000003d0f00
[  849.990318][T12309] RBP: 00007ffcc2973580 R08: 00007f20e9828700 R09: 00007f20e9828700
[  849.998277][T12309] R10: 00007f20e98289d0 R11: 0000000000000202 R12: 0000000000000000
[  850.006226][T12309] R13: 00007ffcc297342f R14: 00007f20e98289c0 R15: 000000000073bfac
[  850.017534][T12309] memory: usage 304876kB, limit 307200kB, failcnt 3944
[  850.024439][T12309] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  850.031976][T12309] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  850.038938][T12309] Memory cgroup stats for /syz4: cache:120KB rss:209132KB rss_huge:159744KB shmem:168KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:16KB active_anon:209216KB inactive_file:0KB active_file:0KB unevictable:0KB
[  850.061086][T12309] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor4,pid=23029,uid=0
[  850.076506][T12309] Memory cgroup out of memory: Kill process 23029 (syz-executor4) score 1106 or sacrifice child
[  850.087110][T12309] Killed process 23029 (syz-executor4) total-vm:70532kB, anon-rss:2196kB, file-rss:33736kB, shmem-rss:0kB
[  850.088823][ T1043] oom_reaper: reaped process 23029 (syz-executor4), now anon-rss:0kB, file-rss:32776kB, shmem-rss:0kB
17:49:22 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc00000000000000]}, 0x2c8)

17:49:22 executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0)
setsockopt$EBT_SO_SET_COUNTERS(r0, 0x0, 0x81, &(0x7f0000000080)=ANY=[@ANYBLOB="6e61740000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000", @ANYPTR=&(0x7f0000000040)=ANY=[@ANYBLOB="0000048c000000000000000000000000"], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'], 0xd8)
r1 = open(&(0x7f0000000180)='./file0\x00', 0x400, 0x105)
write$P9_RWRITE(r1, &(0x7f00000001c0)={0xb, 0x77, 0x2, 0x4}, 0xb)

17:49:22 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0xffffff7f]}}, 0x1c)

17:49:22 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
accept4$tipc(r0, &(0x7f0000000000)=@name, &(0x7f0000000100)=0x10, 0x80000)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f00000000c0)=0x2)
socketpair$unix(0x1, 0x7fffdffffffffffa, 0x0, 0x0)
write$P9_RXATTRCREATE(r0, &(0x7f0000000300)={0x389, 0x21, 0x2}, 0xfffffffffffffe00)
connect$rose(r0, &(0x7f0000000340)=@short={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x1, @bcast}, 0x1c)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000140)='IPVS\x00')
sendmsg$IPVS_CMD_NEW_DAEMON(r0, &(0x7f00000002c0)={&(0x7f0000000080), 0xc, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYRES16=r1, @ANYBLOB="00002dbd7000fbdbdf2509000000080006004a07000008000600080000000800050074050000280005001f00000008000600050000002400010008000b0073697000080002002e0000000800050003000000080004004e220000"], 0x3}, 0x1, 0x0, 0x0, 0x4008007}, 0x8000)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(r0, 0xc0305602, &(0x7f0000000380)={0x0, 0x2, 0x3008})
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000440)={r0, &(0x7f0000000400)="248609b0e9e0160a372ace"}, 0x10)
close(r0)

17:49:22 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
close(r0)

17:49:22 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x541f, &(0x7f0000000100)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)
getsockname$packet(r0, &(0x7f0000000000)={0x11, 0x0, <r2=>0x0}, &(0x7f0000000080)=0x14)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f00000000c0)={r2, 0x4, 0x40, 0xffffffffffffff81, 0x9, 0x8, 0xe166})

17:49:22 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000000, 0xffffff7f]}}, 0x1c)

17:49:22 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x1000000000000000)

17:49:22 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
ioctl$BLKTRACESTART(r0, 0x1274, 0x0)
close(r0)

17:49:22 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd00000000000000]}, 0x2c8)

17:49:23 executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0)
r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x40000, 0x0)
bind$llc(r1, &(0x7f0000000080)={0x1a, 0x30f, 0x4, 0x2a85, 0x9, 0x1, @broadcast}, 0x10)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)

17:49:23 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffffffff000, 0xffffff7f]}}, 0x1c)

17:49:23 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cachefiles\x00', 0x20040, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0xb)

17:49:23 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000000000, 0xffffff7f]}}, 0x1c)

17:49:23 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe00000000000000]}, 0x2c8)

17:49:23 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x1)
close(r0)

17:49:23 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x400000000000000, 0x100)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)

17:49:23 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0ffffff7f0000, 0xffffff7f]}}, 0x1c)

17:49:23 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x42}], 0x353)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:49:23 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf00000000000000]}, 0x2c8)

17:49:23 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
stat(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=@can_newroute={0x1c, 0x18, 0x300, 0x70bd2c, 0x25dfdbfc, {0x1d, 0x1, 0x4}, [@CGW_MOD_UID={0x8, 0xe, r1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x800)
getsockopt$SO_COOKIE(r0, 0x1, 0x39, &(0x7f0000000000), &(0x7f0000000080)=0x8)
readv(r0, &(0x7f0000000300)=[{&(0x7f00000001c0)=""/82, 0x52}], 0xe66f1af17885c21f)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
close(r0)

17:49:23 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x40000, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)

17:49:23 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000, 0xffffff7f]}}, 0x1c)

17:49:23 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000]}, 0x2c8)

17:49:23 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x103000000000000, 0xffffff7f]}}, 0x1c)

17:49:23 executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x5, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0x10000, 0x0)
setsockopt$bt_BT_CHANNEL_POLICY(r1, 0x112, 0xa, &(0x7f0000000080)=0x1, 0x4)

[  851.187918][T12464] syz-executor4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000
[  851.239745][T12464] CPU: 1 PID: 12464 Comm: syz-executor4 Not tainted 5.0.0-rc1-next-20190108 #7
[  851.248712][T12464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  851.258786][T12464] Call Trace:
[  851.262109][T12464]  dump_stack+0x1db/0x2d0
[  851.266462][T12464]  ? dump_stack_print_info.cold+0x20/0x20
[  851.272184][T12464]  ? check_preemption_disabled+0x48/0x290
[  851.272232][T12464]  dump_header+0x1e6/0x116c
[  851.272251][T12464]  ? add_lock_to_list.isra.0+0x450/0x450
[  851.272272][T12464]  ? perf_trace_lock+0x750/0x750
[  851.288137][T12464]  ? print_usage_bug+0xd0/0xd0
[  851.288160][T12464]  ? pagefault_out_of_memory+0x1a1/0x1a1
[  851.288177][T12464]  ? ___ratelimit+0x37c/0x686
[  851.288200][T12464]  ? mark_held_locks+0xb1/0x100
[  851.288220][T12464]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  851.288243][T12464]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  851.303547][T12464]  ? lockdep_hardirqs_on+0x415/0x5d0
[  851.303567][T12464]  ? trace_hardirqs_on+0xbd/0x310
[  851.303583][T12464]  ? kasan_check_read+0x11/0x20
[  851.303597][T12464]  ? ___ratelimit+0x37c/0x686
[  851.303620][T12464]  ? trace_hardirqs_off_caller+0x300/0x300
[  851.313121][T12464]  ? do_raw_spin_trylock+0x270/0x270
[  851.313139][T12464]  ? trace_hardirqs_on_caller+0x310/0x310
[  851.313154][T12464]  ? lock_acquire+0x1db/0x570
[  851.313180][T12464]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  851.313198][T12464]  ? ___ratelimit+0xac/0x686
[  851.361307][T12464]  ? idr_get_free+0xee0/0xee0
[  851.361333][T12464]  ? lockdep_hardirqs_on+0x415/0x5d0
17:49:24 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x4000, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)

[  851.361361][T12464]  oom_kill_process.cold+0x10/0x9ca
[  851.361382][T12464]  ? cgroup_procs_next+0x70/0x70
[  851.361403][T12464]  ? _raw_spin_unlock_irq+0x5e/0x90
[  851.371859][T12464]  ? oom_badness+0xa50/0xa50
[  851.371883][T12464]  ? oom_evaluate_task+0x540/0x540
[  851.371902][T12464]  ? mem_cgroup_iter_break+0x30/0x30
[  851.371922][T12464]  ? mutex_trylock+0x2d0/0x2d0
[  851.421467][T12464]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  851.427733][T12464]  ? rcu_read_unlock_special+0x380/0x380
[  851.433395][T12464]  out_of_memory+0x885/0x1420
[  851.438091][T12464]  ? mem_cgroup_iter+0x4f4/0xf50
[  851.443050][T12464]  ? oom_killer_disable+0x340/0x340
[  851.448253][T12464]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[  851.448270][T12464]  ? lock_acquire+0x1db/0x570
[  851.448299][T12464]  mem_cgroup_out_of_memory+0x160/0x210
[  851.448319][T12464]  ? do_raw_spin_unlock+0xa0/0x330
[  851.469428][T12464]  ? memory_oom_group_write+0x160/0x160
[  851.474979][T12464]  ? do_raw_spin_trylock+0x270/0x270
[  851.480285][T12464]  ? _raw_spin_unlock+0x2d/0x50
[  851.485162][T12464]  try_charge+0x1457/0x1d00
[  851.489746][T12464]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  851.495304][T12464]  ? find_held_lock+0x35/0x120
[  851.500083][T12464]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[  851.505624][T12464]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  851.511855][T12464]  ? lock_downgrade+0xbe0/0xbe0
[  851.516684][T12464]  ? kasan_check_read+0x11/0x20
[  851.521529][T12464]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  851.527505][T12464]  ? rcu_read_unlock_special+0x380/0x380
[  851.533140][T12464]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[  851.538666][T12464]  __memcg_kmem_charge_memcg+0x7c/0x130
[  851.544190][T12464]  ? memcg_kmem_put_cache+0xb0/0xb0
[  851.549369][T12464]  ? lock_release+0xc40/0xc40
[  851.554030][T12464]  __memcg_kmem_charge+0x136/0x300
[  851.559123][T12464]  __alloc_pages_nodemask+0x7b8/0xdc0
[  851.564479][T12464]  ? __alloc_pages_slowpath+0x2c60/0x2c60
[  851.570174][T12464]  ? rcu_pm_notify+0xd0/0xd0
[  851.574752][T12464]  ? rcu_read_lock_sched_held+0x110/0x130
[  851.580465][T12464]  ? kmem_cache_alloc_node+0x347/0x710
[  851.585912][T12464]  copy_process+0x847/0x8720
[  851.590499][T12464]  ? pmd_devmap_trans_unstable+0x1d0/0x1d0
[  851.596284][T12464]  ? add_lock_to_list.isra.0+0x450/0x450
[  851.601901][T12464]  ? reacquire_held_locks+0xfb/0x520
[  851.607176][T12464]  ? alloc_set_pte+0x134a/0x1df0
[  851.612103][T12464]  ? find_held_lock+0x60/0x120
[  851.616860][T12464]  ? __cleanup_sighand+0x70/0x70
[  851.621776][T12464]  ? lock_downgrade+0xbe0/0xbe0
[  851.626606][T12464]  ? kasan_check_read+0x11/0x20
[  851.631458][T12464]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  851.637474][T12464]  ? rcu_read_unlock_special+0x380/0x380
[  851.643109][T12464]  ? filemap_map_pages+0xe50/0x1cc0
[  851.648349][T12464]  ? print_usage_bug+0xd0/0xd0
[  851.653128][T12464]  ? print_usage_bug+0xd0/0xd0
[  851.657870][T12464]  ? mark_held_locks+0x100/0x100
[  851.662810][T12464]  ? __lock_acquire+0x572/0x4a10
[  851.667766][T12464]  ? __handle_mm_fault+0x3fde/0x55a0
[  851.673050][T12464]  ? mark_held_locks+0x100/0x100
[  851.677995][T12464]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  851.684229][T12464]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  851.690461][T12464]  ? check_preemption_disabled+0x48/0x290
[  851.696183][T12464]  ? debug_smp_processor_id+0x1c/0x20
[  851.701535][T12464]  ? perf_trace_lock_acquire+0x138/0x7d0
[  851.707164][T12464]  ? add_lock_to_list.isra.0+0x450/0x450
[  851.712797][T12464]  ? perf_trace_lock+0x750/0x750
[  851.717730][T12464]  ? __handle_mm_fault+0x955/0x55a0
[  851.722913][T12464]  ? __might_fault+0x12b/0x1e0
[  851.727657][T12464]  ? find_held_lock+0x35/0x120
[  851.732416][T12464]  ? __might_fault+0x12b/0x1e0
[  851.737174][T12464]  ? lock_acquire+0x1db/0x570
17:49:24 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x0, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)
ioctl$DRM_IOCTL_GET_STATS(r0, 0x80f86406, &(0x7f0000000080)=""/177)

17:49:24 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$sock_inet_SIOCGIFADDR(r0, 0x8915, &(0x7f0000000000)={'\x00', {0x2, 0x4e23, @empty}})
ioctl$int_in(r0, 0x800000c0045008, &(0x7f00000000c0)=0x4)
close(r0)

17:49:24 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0xffffff7f]}}, 0x1c)

[  851.741852][T12464]  ? lock_downgrade+0xbe0/0xbe0
[  851.746709][T12464]  ? lock_release+0xc40/0xc40
[  851.751389][T12464]  ? trace_hardirqs_off_caller+0x300/0x300
[  851.757210][T12464]  _do_fork+0x1a9/0x1170
[  851.761465][T12464]  ? fork_idle+0x1d0/0x1d0
[  851.765889][T12464]  ? kasan_check_read+0x11/0x20
[  851.770748][T12464]  ? _copy_to_user+0xc9/0x120
[  851.775435][T12464]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  851.781686][T12464]  ? put_timespec64+0x115/0x1b0
[  851.781703][T12464]  ? nsecs_to_jiffies+0x30/0x30
[  851.781716][T12464]  ? vmacache_update+0x114/0x140
[  851.781733][T12464]  ? do_syscall_64+0x8c/0x800
[  851.781753][T12464]  ? do_syscall_64+0x8c/0x800
[  851.791421][T12464]  ? lockdep_hardirqs_on+0x415/0x5d0
[  851.791439][T12464]  ? trace_hardirqs_on+0xbd/0x310
[  851.791453][T12464]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  851.791478][T12464]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  851.828298][T12464]  ? trace_hardirqs_off_caller+0x300/0x300
[  851.834128][T12464]  __x64_sys_clone+0xbf/0x150
[  851.838830][T12464]  do_syscall_64+0x1a3/0x800
[  851.843449][T12464]  ? syscall_return_slowpath+0x5f0/0x5f0
[  851.849087][T12464]  ? prepare_exit_to_usermode+0x232/0x3b0
[  851.854824][T12464]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  851.860393][T12464]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  851.866290][T12464] RIP: 0033:0x457ec9
[  851.866307][T12464] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  851.866316][T12464] RSP: 002b:00007f20e9848c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[  851.866352][T12464] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457ec9
[  851.866362][T12464] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000002102001ffc
[  851.866372][T12464] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000
[  851.866380][T12464] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f20e98496d4
[  851.866396][T12464] R13: 00000000004be2a0 R14: 00000000004ce600 R15: 00000000ffffffff
17:49:24 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-control\x00', 0x10880, 0x0)
ioctl$RNDCLEARPOOL(r1, 0x5206, &(0x7f0000000080)=0x9)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x7fffd, 0x0)
ioctl$TUNSETLINK(r2, 0x400454cd, 0x33d)
pipe(&(0x7f0000000000))

17:49:24 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x4daed69eeee0a89f}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:49:24 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000, 0xffffff7f]}}, 0x1c)

[  851.939863][T12464] memory: usage 307192kB, limit 307200kB, failcnt 3985
[  852.005848][T12464] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  852.029266][T12464] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
17:49:24 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x30, r1, 0x1, 0x70bd2d, 0x25dfdbfe, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x200, 0x9b, 0x80000001, 0x3}}}, ["", "", "", "", "", "", "", "", "", ""]}, 0x30}}, 0x40)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
close(r0)

17:49:24 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
r1 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x3f, 0x0)
ioctl$DRM_IOCTL_GET_STATS(r1, 0x80f86406, &(0x7f0000000040)=""/51)
remap_file_pages(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4, 0x1, 0x800)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x401)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00')
sendmsg$TIPC_NL_MON_PEER_GET(r1, &(0x7f0000000180)={&(0x7f0000000080), 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x30, r2, 0x302, 0x70bd26, 0x25dfdbfc, {}, [@TIPC_NLA_MON={0x1c, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x1}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x14}, 0x804)

[  852.053560][T12464] Memory cgroup stats for /syz4: cache:120KB rss:211336KB rss_huge:161792KB shmem:168KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:16KB active_anon:211340KB inactive_file:0KB active_file:0KB unevictable:0KB
[  852.108135][T12464] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor4,pid=23188,uid=0
[  852.171125][T12464] Memory cgroup out of memory: Kill process 23188 (syz-executor4) score 1106 or sacrifice child
[  852.207049][T12464] Killed process 23188 (syz-executor4) total-vm:70532kB, anon-rss:2196kB, file-rss:33736kB, shmem-rss:0kB
[  852.254716][T12463] syz-executor4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000
[  852.267795][T12463] CPU: 1 PID: 12463 Comm: syz-executor4 Not tainted 5.0.0-rc1-next-20190108 #7
[  852.276740][T12463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  852.286789][T12463] Call Trace:
[  852.290083][T12463]  dump_stack+0x1db/0x2d0
[  852.294427][T12463]  ? dump_stack_print_info.cold+0x20/0x20
[  852.300165][T12463]  ? check_preemption_disabled+0x48/0x290
[  852.306048][T12463]  dump_header+0x1e6/0x116c
[  852.310550][T12463]  ? add_lock_to_list.isra.0+0x450/0x450
[  852.316173][T12463]  ? perf_trace_lock+0x750/0x750
[  852.321104][T12463]  ? print_usage_bug+0xd0/0xd0
[  852.325857][T12463]  ? pagefault_out_of_memory+0x1a1/0x1a1
[  852.331471][T12463]  ? ___ratelimit+0x37c/0x686
[  852.336133][T12463]  ? mark_held_locks+0xb1/0x100
[  852.340979][T12463]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  852.346813][T12463]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  852.352613][T12463]  ? lockdep_hardirqs_on+0x415/0x5d0
[  852.357883][T12463]  ? trace_hardirqs_on+0xbd/0x310
[  852.362927][T12463]  ? kasan_check_read+0x11/0x20
[  852.367794][T12463]  ? ___ratelimit+0x37c/0x686
[  852.372466][T12463]  ? trace_hardirqs_off_caller+0x300/0x300
[  852.378290][T12463]  ? do_raw_spin_trylock+0x270/0x270
[  852.383572][T12463]  ? trace_hardirqs_on_caller+0x310/0x310
[  852.389314][T12463]  ? lock_acquire+0x1db/0x570
[  852.394001][T12463]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  852.399800][T12463]  ? ___ratelimit+0xac/0x686
[  852.404490][T12463]  ? idr_get_free+0xee0/0xee0
[  852.409150][T12463]  ? lockdep_hardirqs_on+0x415/0x5d0
[  852.414441][T12463]  oom_kill_process.cold+0x10/0x9ca
[  852.419627][T12463]  ? cgroup_procs_next+0x70/0x70
[  852.424576][T12463]  ? _raw_spin_unlock_irq+0x5e/0x90
[  852.429803][T12463]  ? oom_badness+0xa50/0xa50
[  852.434393][T12463]  ? oom_evaluate_task+0x540/0x540
[  852.439527][T12463]  ? mem_cgroup_iter_break+0x30/0x30
[  852.444808][T12463]  ? mutex_trylock+0x2d0/0x2d0
[  852.449589][T12463]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  852.455828][T12463]  ? rcu_read_unlock_special+0x380/0x380
[  852.461485][T12463]  out_of_memory+0x885/0x1420
[  852.466150][T12463]  ? mem_cgroup_iter+0x4f4/0xf50
[  852.471076][T12463]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  852.476907][T12463]  ? oom_killer_disable+0x340/0x340
[  852.482084][T12463]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[  852.487899][T12463]  ? lock_acquire+0x1db/0x570
[  852.492563][T12463]  mem_cgroup_out_of_memory+0x160/0x210
[  852.498086][T12463]  ? do_raw_spin_unlock+0xa0/0x330
[  852.503200][T12463]  ? memory_oom_group_write+0x160/0x160
[  852.508936][T12463]  ? do_raw_spin_trylock+0x270/0x270
[  852.514228][T12463]  ? _raw_spin_unlock+0x2d/0x50
[  852.519068][T12463]  try_charge+0xd42/0x1d00
[  852.523487][T12463]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  852.529038][T12463]  ? find_held_lock+0x35/0x120
[  852.533781][T12463]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[  852.539316][T12463]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  852.545576][T12463]  ? lock_downgrade+0xbe0/0xbe0
[  852.550409][T12463]  ? kasan_check_read+0x11/0x20
[  852.555248][T12463]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  852.561217][T12463]  ? rcu_read_unlock_special+0x380/0x380
[  852.566847][T12463]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[  852.572390][T12463]  __memcg_kmem_charge_memcg+0x7c/0x130
[  852.577925][T12463]  ? memcg_kmem_put_cache+0xb0/0xb0
[  852.583120][T12463]  ? lock_release+0xc40/0xc40
[  852.587789][T12463]  __memcg_kmem_charge+0x136/0x300
[  852.592921][T12463]  __alloc_pages_nodemask+0x7b8/0xdc0
[  852.598294][T12463]  ? __alloc_pages_slowpath+0x2c60/0x2c60
[  852.604042][T12463]  ? rcu_pm_notify+0xd0/0xd0
[  852.608620][T12463]  ? rcu_read_lock_sched_held+0x110/0x130
[  852.614339][T12463]  ? kmem_cache_alloc_node+0x347/0x710
[  852.619777][T12463]  ? print_usage_bug+0xd0/0xd0
[  852.624529][T12463]  copy_process+0x847/0x8720
[  852.629102][T12463]  ? print_usage_bug+0xd0/0xd0
[  852.633871][T12463]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  852.640160][T12463]  ? check_preemption_disabled+0x48/0x290
[  852.645869][T12463]  ? __lock_acquire+0x572/0x4a10
[  852.650784][T12463]  ? mark_held_locks+0x100/0x100
[  852.655707][T12463]  ? __cleanup_sighand+0x70/0x70
[  852.660675][T12463]  ? mark_held_locks+0x100/0x100
[  852.665593][T12463]  ? find_held_lock+0x35/0x120
[  852.670376][T12463]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  852.676647][T12463]  ? check_preemption_disabled+0x48/0x290
[  852.682383][T12463]  ? debug_smp_processor_id+0x1c/0x20
[  852.687742][T12463]  ? perf_trace_lock_acquire+0x138/0x7d0
[  852.693407][T12463]  ? delayacct_end+0xc9/0x100
[  852.698065][T12463]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  852.704285][T12463]  ? add_lock_to_list.isra.0+0x450/0x450
[  852.709897][T12463]  ? perf_trace_lock+0x750/0x750
[  852.714848][T12463]  ? perf_trace_lock_acquire+0x138/0x7d0
[  852.720577][T12463]  ? add_lock_to_list.isra.0+0x450/0x450
[  852.726198][T12463]  ? find_held_lock+0x35/0x120
[  852.730988][T12463]  ? print_usage_bug+0xd0/0xd0
[  852.735776][T12463]  ? psi_memstall_leave+0x1f8/0x280
[  852.740965][T12463]  ? find_held_lock+0x35/0x120
[  852.745710][T12463]  ? __lock_acquire+0x572/0x4a10
[  852.750628][T12463]  ? _raw_spin_unlock_irq+0x28/0x90
[  852.755811][T12463]  ? _raw_spin_unlock_irq+0x28/0x90
[  852.760992][T12463]  ? lockdep_hardirqs_on+0x415/0x5d0
[  852.766265][T12463]  ? trace_hardirqs_on+0xbd/0x310
[  852.771278][T12463]  ? mark_held_locks+0x100/0x100
[  852.776194][T12463]  ? check_preemption_disabled+0x48/0x290
[  852.781911][T12463]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  852.788146][T12463]  ? check_preemption_disabled+0x48/0x290
[  852.793920][T12463]  ? debug_smp_processor_id+0x1c/0x20
[  852.799270][T12463]  ? perf_trace_lock_acquire+0x138/0x7d0
[  852.804886][T12463]  ? add_lock_to_list.isra.0+0x450/0x450
[  852.810500][T12463]  ? perf_trace_lock+0x750/0x750
[  852.815424][T12463]  ? lockdep_hardirqs_on+0x415/0x5d0
[  852.820743][T12463]  ? try_to_free_pages+0xb70/0xb70
[  852.825833][T12463]  ? percpu_ref_put_many+0x129/0x270
[  852.831120][T12463]  ? blkcg_maybe_throttle_current+0x75e/0x13c0
[  852.837279][T12463]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  852.843520][T12463]  _do_fork+0x1a9/0x1170
[  852.847746][T12463]  ? fork_idle+0x1d0/0x1d0
[  852.852168][T12463]  ? trace_hardirqs_off+0xb8/0x310
[  852.857256][T12463]  ? get_mctgt_type_thp.isra.0+0x4c0/0x4c0
[  852.863056][T12463]  ? prepare_exit_to_usermode+0x32e/0x3b0
[  852.868791][T12463]  ? do_syscall_64+0x8c/0x800
[  852.873507][T12463]  ? do_syscall_64+0x8c/0x800
[  852.878165][T12463]  ? lockdep_hardirqs_on+0x415/0x5d0
[  852.883431][T12463]  ? trace_hardirqs_on+0xbd/0x310
[  852.888437][T12463]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  852.894522][T12463]  ? trace_hardirqs_off_caller+0x300/0x300
[  852.900332][T12463]  __x64_sys_clone+0xbf/0x150
[  852.905021][T12463]  do_syscall_64+0x1a3/0x800
[  852.909595][T12463]  ? syscall_return_slowpath+0x5f0/0x5f0
[  852.915234][T12463]  ? prepare_exit_to_usermode+0x232/0x3b0
[  852.920951][T12463]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  852.926484][T12463]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  852.932356][T12463] RIP: 0033:0x45a899
[  852.936231][T12463] Code: ff 48 85 f6 0f 84 97 8d fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 6e 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75
[  852.955820][T12463] RSP: 002b:00007ffcc2973378 EFLAGS: 00000202 ORIG_RAX: 0000000000000038
[  852.964212][T12463] RAX: ffffffffffffffda RBX: 00007f20e9828700 RCX: 000000000045a899
[  852.972166][T12463] RDX: 00007f20e98289d0 RSI: 00007f20e9827db0 RDI: 00000000003d0f00
[  852.980156][T12463] RBP: 00007ffcc2973580 R08: 00007f20e9828700 R09: 00007f20e9828700
[  852.988123][T12463] R10: 00007f20e98289d0 R11: 0000000000000202 R12: 0000000000000000
[  852.996086][T12463] R13: 00007ffcc297342f R14: 00007f20e98289c0 R15: 000000000073bfac
[  853.007417][T12463] memory: usage 304868kB, limit 307200kB, failcnt 3985
[  853.014289][T12463] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  853.022300][T12463] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  853.029538][T12463] Memory cgroup stats for /syz4: cache:120KB rss:209128KB rss_huge:159744KB shmem:168KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:16KB active_anon:209180KB inactive_file:0KB active_file:0KB unevictable:0KB
[  853.051938][T12463] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor4,pid=23285,uid=0
[  853.067617][T12463] Memory cgroup out of memory: Kill process 23285 (syz-executor4) score 1106 or sacrifice child
[  853.079780][T12463] Killed process 23285 (syz-executor4) total-vm:70532kB, anon-rss:2196kB, file-rss:33736kB, shmem-rss:0kB
[  853.093340][ T1043] oom_reaper: reaped process 23285 (syz-executor4), now anon-rss:0kB, file-rss:32776kB, shmem-rss:0kB
17:49:25 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1100000000000000]}, 0x2c8)

17:49:25 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
prctl$PR_SET_THP_DISABLE(0x29, 0x0)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)
ioctl$PPPOEIOCDFWD(r0, 0xb101, 0x0)
getsockname$packet(r0, &(0x7f00000000c0)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000100)=0x14)
ioctl$sock_inet6_SIOCSIFDSTADDR(r0, 0x8918, &(0x7f0000000140)={@empty, 0x76, r2})
connect$bt_rfcomm(r0, &(0x7f0000000000)={0x1f, {0x9, 0x200, 0x5, 0x7b84105d, 0x7f, 0x10001}, 0x3}, 0xa)

17:49:25 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000, 0xffffff7f]}}, 0x1c)

17:49:25 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$VIDIOC_OVERLAY(r0, 0x4004560e, &(0x7f00000000c0)=0x9)
bind$pptp(r0, &(0x7f0000000080)={0x18, 0x2, {0x3, @empty}}, 0x1e)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'yam0\x00', 0x2})
ioctl$TUNGETVNETHDRSZ(r0, 0x800454d7, &(0x7f0000000000))
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={<r1=>0xffffffffffffffff, r0, 0x0, 0x17, &(0x7f0000000100)='posix_acl_accessvmnet0\x00'}, 0x30)
ptrace$peekuser(0x3, r1, 0x7d9c)

17:49:25 executing program 0:
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x200000, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1)
r2 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r2, 0x1261, 0x5)

17:49:25 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f0000000080), 0x0)
ioctl$int_in(r0, 0x800000c004500c, &(0x7f0000000380)=0x2)
ioctl$KVM_PPC_GET_PVINFO(r0, 0x4080aea1, &(0x7f0000000080)=""/212)
ioctl$DRM_IOCTL_AGP_ALLOC(r0, 0xc0206434, &(0x7f0000000180)={0x4, <r1=>0x0, 0x3, 0x9})
ioctl$DRM_IOCTL_SG_FREE(r0, 0x40106439, &(0x7f00000001c0)={0x0, r1})
close(r0)
openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x80000, 0x0)

17:49:25 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500000000000000, 0xffffff7f]}}, 0x1c)

17:49:25 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
close(r0)
ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x2)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000080)={0x1, 0x0, [{0x10f004, 0x1e, &(0x7f0000000000)=""/30}]})

17:49:26 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={<r1=>0x0, 0xffffffffffffffff, 0x0, 0x3, &(0x7f0000000080)='(+\x00'}, 0x30)
r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x521000, 0x0)
perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x6, 0x3d7e, 0x4, 0x10001, 0x0, 0xf48, 0x10208, 0x2, 0x2, 0xc4, 0xffffffff80000001, 0x4, 0x800, 0x9, 0x0, 0x3, 0xcf5, 0x3f, 0x9, 0x0, 0x8, 0x9, 0x4, 0x20, 0x80000001, 0x9, 0x6, 0xffffffff, 0x2, 0xfffffffffffffffc, 0x7, 0x0, 0x3, 0xee, 0x9, 0x189a, 0x0, 0xcad, 0x2, @perf_config_ext={0x1f, 0x8}, 0x10000, 0xffc0000000000, 0xb74d, 0x7, 0x8, 0x54f4, 0x4}, r1, 0xffffffffffffffff, r2, 0x2)

17:49:26 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1200000000000000]}, 0x2c8)

17:49:26 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600000000000000, 0xffffff7f]}}, 0x1c)

17:49:26 executing program 0:
r0 = syz_open_dev$admmidi(&(0x7f0000000080)='/dev/admmidi#\x00', 0x5, 0x4000)
write$FUSE_DIRENT(r0, &(0x7f00000000c0)={0x28, 0x0, 0x4, [{0x1, 0x8, 0x0, 0x100}]}, 0x28)
r1 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r1, 0x1261, 0x8000)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x800, 0x0)
ioctl$KVM_PPC_GET_SMMU_INFO(r2, 0x8250aea6, &(0x7f0000000040)=""/63)
r3 = getpgrp(0x0)
sendmsg$nl_generic(r0, &(0x7f00000001c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000180)={&(0x7f0000000400)={0x244, 0x2f, 0x0, 0x70bd25, 0x25dfdbfc, {0x6}, [@nested={0x204, 0x3f, [@typed={0x8, 0x60, @pid=r3}, @generic="2defb6d596996c2196056b9d87ed368455be7c3bd27d511ba015614d511816e6926c45c4eeea901089bb05640be45e184ec1cbebc4e0147d9290db362b116ea29e0b25a2e51d298dbea27bc3ecf57b82c5d5f9e4afadc85eb91af7467a17d866660c9a7157", @typed={0xc, 0x4d, @u64=0x2}, @typed={0x8, 0x3f, @u32}, @typed={0x14, 0x67, @ipv6=@remote}, @generic="c7d3e9b9ada0b216a11051ec45916be86ba90465ad846843dc17a48ee27513052cb7083e876e87e481ef3bdaf77da7dfc545a50f12adfca5714ffefbbf6c6452de0f3d00525b0ac09f0b0cd12541d0e187aba7aa9c9d35e299425ac99404416cb6d2257b0c89eb7ebddc1557f9b73ca871f94345bee093c66a37b23a63af7f4b6c734c859227c6879fc993f36e4c9988", @generic="8cbac350c89c5b57e164ccebaa4043462399543175344a260f0e7fb34b49b1c2987d3079df9f4d097561a96d93ec6262668b2c153bdebc59f3963f053ab56d69c1f75c70346e78ade7b117b9e7edef55027c6c554c2a02d72bff824fae369e30d0a3343b0617d772381ec2a861464181d0e65c23441355c5e00ef594af0467dc8a36c3432cf8b4ef3b0a34ceaad6264db1ae2ffaabd6dcbde11b05da0e75497b133922076c5aed688e499b0b1579562e885e53f9d9eb5e554b2934f3b8000b7ffdca641e1821cfbfb8801d4912abfa4a", @typed={0x8, 0x37, @u32=0x6}]}, @generic="422cc75d3147408670d5748f86570ce009ecc9307733c2a5b16411462484c52291afe6ab6f9614bc4a43d69b"]}, 0x244}, 0x1, 0x0, 0x0, 0x404c004}, 0x20040815)
ioctl$EXT4_IOC_SETFLAGS(r2, 0x40086602, &(0x7f0000000100)=0x4010)

17:49:26 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000, 0xffffff7f]}}, 0x1c)

17:49:26 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1300000000000000]}, 0x2c8)

17:49:26 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
r1 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x1b7e0000000, 0x801)
ioctl$NBD_DISCONNECT(r1, 0xab08)
setsockopt$netlink_NETLINK_CAP_ACK(r1, 0x10e, 0xa, &(0x7f00000000c0)=0x3, 0x4)
getsockopt$inet_sctp_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000100)={<r2=>0x0, 0xba}, &(0x7f0000000140)=0x8)
getsockopt$inet_sctp_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000180)={r2, 0x8, 0x6, 0x7, 0xffffffffffffffe0, 0xff}, &(0x7f00000001c0)=0x14)
r3 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x7, 0x400)
statx(r1, &(0x7f0000000200)='./file0\x00', 0x1c00, 0x10, &(0x7f0000000240))
pread64(r3, &(0x7f0000000200), 0x0, 0x0)
ioctl$UI_SET_LEDBIT(r3, 0x40045569, 0xa)
setsockopt$inet_mreq(r3, 0x0, 0x23, &(0x7f0000000080)={@local, @empty}, 0x8)
getsockopt$netrom_NETROM_T2(r3, 0x103, 0x2, &(0x7f0000000340)=0x7fffffff, &(0x7f0000000380)=0x4)

17:49:26 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
fremovexattr(r0, &(0x7f0000000000)=@random={'security.', '/dev/dsp#\x00'})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:49:26 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000000000, 0xffffff7f]}}, 0x1c)

17:49:26 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$void(r0, 0xac61eaef4987d167)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
socket$inet6_dccp(0xa, 0x6, 0x0)
close(r0)

17:49:26 executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x81, 0x80)
r1 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x6, 0x4000)
ioctl$KVM_PPC_GET_SMMU_INFO(r1, 0x8250aea6, &(0x7f00000000c0)=""/229)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)

17:49:26 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900000000000000, 0xffffff7f]}}, 0x1c)

17:49:26 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$NBD_DISCONNECT(0xffffffffffffffff, 0xab08)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
r1 = getpid()
ioctl$BLKSECTGET(r0, 0x1267, &(0x7f0000000000))
process_vm_writev(r1, &(0x7f0000001500)=[{&(0x7f0000000040)=""/142, 0x8e}, {&(0x7f0000000100)=""/247, 0xf7}, {&(0x7f0000000200)=""/193, 0xc1}, {&(0x7f0000000400)=""/4096, 0x1000}, {&(0x7f0000000300)=""/136, 0x88}, {&(0x7f0000001400)=""/8, 0x8}, {&(0x7f0000001440)=""/142, 0x8e}], 0x7, &(0x7f0000002640)=[{&(0x7f0000001580)=""/126, 0x7e}, {&(0x7f0000001600)=""/4096, 0x1000}, {&(0x7f0000002600)=""/26, 0x1a}], 0x3, 0x0)

17:49:26 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1400000000000000]}, 0x2c8)

17:49:26 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
ioctl$FS_IOC_ENABLE_VERITY(r0, 0x6685)
close(r0)

17:49:26 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00000000000000, 0xffffff7f]}}, 0x1c)

17:49:26 executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x4)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)

17:49:26 executing program 0:
io_setup(0x4, &(0x7f0000000000)=<r0=>0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x98000, 0x0)
io_submit(r0, 0x1, &(0x7f0000000100)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xdf43, r1, &(0x7f0000000040)="6fa4eca2bb9ca09f0aaa035e31e8a3ca3a4e70929fc047d90ccba6c42f990e13ffed48290a8dde61d90d8eceb928155dd96c31f5dd7dd0aea7ea6ffdd7", 0x3d, 0x0, 0x0, 0x0, r2}])
r3 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r3, 0x1261, 0x0)

17:49:26 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe00000000000000, 0xffffff7f]}}, 0x1c)

17:49:27 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000000)='IPVS\x00')
r1 = socket(0xd, 0x0, 0xd51a)
readv(r1, &(0x7f0000000600)=[{&(0x7f00000000c0)=""/78}, {&(0x7f0000000680)=""/100}, {&(0x7f0000000240)=""/65}, {&(0x7f00000002c0)=""/130}, {&(0x7f0000000400)=""/148}, {&(0x7f00000004c0)=""/156}], 0x40)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$EXT4_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140))
getrlimit(0x9, &(0x7f0000000180))
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
close(r0)

17:49:27 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1500000000000000]}, 0x2c8)

17:49:27 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x1)
close(r0)
getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f0000000080)={<r1=>0x0, 0x65, "0ed80dcf1f6fbb19f9d490da73a41acce84497f0d857a75fc117300be7c691e27dbe3f3b35aa153c4815d59f1eedd2cdb26af66366265f5b03b9639e4e45301b12999b1ae73557594e75302c5a4333305ddd602820a1aec11f5647f12c85cd2b6c82073c2f"}, &(0x7f0000000000)=0x6d)
ioctl$SG_GET_SCSI_ID(r0, 0x2276, &(0x7f0000000180))
getsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000100)={r1, 0x20, 0xfffffffffffffffa, 0x100000000}, &(0x7f0000000140)=0x10)

17:49:27 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000, 0xffffff7f]}}, 0x1c)

17:49:27 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
r1 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/null\x00', 0x4000, 0x0)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000100)=@req={0x7fff, 0x5, 0x6e, 0x2}, 0x10)

17:49:27 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1100000000000000, 0xffffff7f]}}, 0x1c)

17:49:27 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0xc4000)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r0, 0x400c6615, &(0x7f0000000180))
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x2, 0x0)
ioctl$LOOP_GET_STATUS(r1, 0x4c03, &(0x7f0000000300))
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r1, 0xc10c5541, &(0x7f00000001c0)={0x8, 0x2, 0x100000001, 0x0, 0x0, [], [], [], 0x1, 0x5})
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r1, 0xc10c5541, &(0x7f0000000040)={0x8, 0x7, 0x1, 0x0, 0x0, [], [], [], 0x4, 0x100000000})
ioctl$LOOP_CLR_FD(r0, 0x4c01)

17:49:27 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x5, 0x800000000000000)
readv(r0, &(0x7f00000003c0), 0x0)
ioctl$UI_DEV_CREATE(r0, 0x5501)
setsockopt$inet_opts(r0, 0x0, 0xd, &(0x7f0000000400)="fd0c9c020414f6dc51ecfcb623877bd693f01a5c358fa9f85f5b97e6906a8c2f93f38e60d8ac85ebf7afa897ef1ff33aacc7a664780284cb319b42dd12e950c3aa11cdde09f5825f766295f28c39564c400acbee07a7d0052efb0b2a72a3e7e9482e1ca8a2adf44a84ec21d06ef40b1cda7eb95cd86ed21621d9bcf1a4cfc945a6862d8303543a36b2062db0261186f675cd8938b65eabda41d1e0364d2188a397512bf47647867c2482eebc5de48a5dc99e7901634f89404a31a099991c15b7d44f864f824b88f55adba90e015e9f5370f6325c34ce4ce34eca1209a7c934e4d8", 0xe1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
close(r0)
syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x5, 0x400)

17:49:27 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
ioctl$VIDIOC_G_SLICED_VBI_CAP(r0, 0xc0745645, &(0x7f0000000080)={0x1000, [0x5, 0x5, 0x9, 0x0, 0x0, 0x8, 0x0, 0x2, 0x10000, 0xa0f0, 0x4, 0x5d, 0x23d, 0x4b, 0x8, 0x100000000, 0x40000000000, 0x293, 0x9, 0xffffffff, 0x9, 0xffffffffffffffff, 0xffffffffffff807a, 0x81, 0x100, 0x8, 0x4, 0x8, 0x100000000, 0x6, 0x5, 0x2, 0x0, 0xffffffff, 0xa3, 0x6, 0x5, 0x4, 0x1, 0x7fffffff, 0x5, 0x401, 0x5, 0x0, 0xff, 0x6, 0x100000001, 0x1], 0xa})
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:49:27 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1800000000000000, 0xffffff7f]}}, 0x1c)

17:49:27 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1800000000000000]}, 0x2c8)

17:49:27 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2001001000000000, 0xffffff7f]}}, 0x1c)

17:49:27 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
close(r0)
setsockopt$inet6_dccp_int(r0, 0x21, 0x1, &(0x7f0000000000)=0x7, 0x4)
getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000080)={<r1=>0x0, 0x7}, &(0x7f00000000c0)=0x8)
ioctl$VIDIOC_SUBDEV_S_CROP(r0, 0xc038563c, &(0x7f0000000180)={0x1, 0x0, {0xeb, 0x7, 0x5, 0x5}})
getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000100)={r1, 0x10001}, &(0x7f0000000140)=0x8)
syz_kvm_setup_cpu$x86(r0, r0, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000002c0)=[@text64={0x40, &(0x7f0000000240)="67430fc79c130070000066baf80cb8240d6088ef66bafc0cec66460faddb66b83c008ed80f017700b99a0800000f3266ba4300ed0f302e440fc79a0b0000000f01805e740000", 0x46}], 0x1, 0x1, &(0x7f0000000300)=[@vmwrite={0x8, 0x0, 0x2, 0x0, 0x6, 0x0, 0x7, 0x0, 0x47e}, @dstype3={0x7, 0xf}], 0x2)

17:49:27 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x30100, 0x0)
ioctl$EVIOCGPROP(r1, 0x80404509, &(0x7f0000000040)=""/14)

17:49:27 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
perf_event_open(&(0x7f0000000080)={0x0, 0x70, 0x4, 0xfc27, 0x0, 0x9, 0x0, 0x200, 0x1000, 0x4, 0xfffffffffffffff9, 0x8, 0x7, 0x5, 0x7, 0xffffffffffff0001, 0x9, 0x5, 0x240000000000000, 0x200800, 0x1ff, 0x1e4, 0x2, 0x7698, 0x403f, 0x7fffffff, 0x6, 0x9, 0x9, 0x2, 0x0, 0x100, 0x7, 0x7, 0x9, 0x6, 0x10001, 0x3f, 0x0, 0x80000000, 0x2, @perf_config_ext={0x9, 0x80000001}, 0x814, 0xfffffffffffff5c1, 0x2, 0x0, 0x8, 0x10000, 0x56}, 0x0, 0xb, r0, 0x8)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
close(r0)

17:49:27 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000000000000, 0xffffff7f]}}, 0x1c)

17:49:27 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00000000000000]}, 0x2c8)

17:49:27 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
r1 = accept4$rose(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0)
accept4$rose(r1, &(0x7f0000000040)=@full={0xb, @dev, @remote, 0x0, [@bcast, @bcast, @rose, @null, @remote, @null]}, &(0x7f0000000080)=0x40, 0x80800)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)

17:49:27 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00000000000000, 0xffffff7f]}}, 0x1c)

17:49:27 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
getsockname(r0, &(0x7f0000000000)=@tipc, &(0x7f0000000080)=0x80)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/autofs\x00', 0xfffffffffffd, 0x0)
ioctl$DRM_IOCTL_AGP_FREE(r1, 0x40206435, &(0x7f00000001c0)={0x101, 0x0, 0x10003, 0x4})
r2 = openat$mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/mixer\x00', 0x0, 0x0)
sendto$rose(r2, &(0x7f0000000100)="deb007b9e649bfa493ce72ab0a9da1edad15577a4919d8a764b647b90c5deba2a45f8785006264d3cfd726514da36d7458e0978a6af4e9771b7cb0", 0x3b, 0x4804, &(0x7f0000000140)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @null, 0x6, [@bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @default, @bcast]}, 0x40)

17:49:28 executing program 1:
r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x101801, 0x0)
getsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f00000000c0)=0x4)
r1 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r1, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x2cf}], 0x1)
ioctl$int_in(r1, 0x800000c0045005, &(0x7f0000000380)=0x3f)
ioctl$PPPIOCGMRU(r1, 0x80047453, &(0x7f0000000400))
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
getsockopt$bt_BT_SNDMTU(r0, 0x112, 0xc, &(0x7f0000000100)=0x80000001, &(0x7f0000000140)=0x2)
close(r1)
r3 = open(&(0x7f0000000240)='./file0\x00', 0x40540, 0x1)
openat$cgroup_int(r0, &(0x7f0000000180)='cpuset.sched_relax_domain_level\x00', 0x2, 0x0)
ioctl$KVM_SET_PIT(r3, 0x8048ae66, &(0x7f0000000300)={[{0xf12, 0x8, 0x4, 0x0, 0x4, 0xfffffffffffffffe, 0x9, 0x3f, 0x0, 0x5, 0x9, 0x1, 0x808c}, {0x8, 0x13fb, 0x20, 0x8, 0x0, 0x1, 0x100000000, 0xffffffff00000001, 0x8000, 0x2f40, 0xa97, 0x3ff, 0x3}, {0x4, 0xb59, 0x8, 0x2, 0x10001, 0x7, 0x101, 0x2, 0x1, 0x9, 0x0, 0x1, 0xfffffffffffffffc}], 0x9})
getsockopt$TIPC_SRC_DROPPABLE(r3, 0x10f, 0x80, &(0x7f0000000280), &(0x7f00000002c0)=0x4)

17:49:28 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000, 0xffffff7f]}}, 0x1c)

17:49:28 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
readv(r0, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/103, 0x67}, {&(0x7f0000000080)=""/191, 0xbf}, {&(0x7f0000000400)=""/4096, 0x1000}, {&(0x7f0000000140)=""/34, 0x22}, {&(0x7f0000000180)=""/34, 0x22}], 0x5)

17:49:28 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000]}, 0x2c8)

17:49:28 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x5473, &(0x7f0000000000)=0x2)
close(r0)

17:49:28 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)

17:49:28 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5800000000000000, 0xffffff7f]}}, 0x1c)

17:49:28 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1000, 0x4, 0x1b, 0x11, "0818f4458cffc3d768162457325b1b48ba6e9ef4580fd37b185bda77e40a7b7356e883ddea278c1283e1c52883899c9cb8be9587a072d4016d3aa3a0e71a719c", "7820b6df167edfc4827e924ed6e7693f69148e81211a57999c632de9e09f248c", [0x9, 0x6]})
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f00000000c0)=<r1=>0x0)
sched_getattr(r1, &(0x7f0000000100), 0x30, 0x0)
r2 = open(&(0x7f0000000140)='./file0\x00', 0xc0000, 0x56)
ioctl$TIOCMGET(r2, 0x5415, &(0x7f0000000180))
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
ioctl$BLKRRPART(r0, 0x125f, 0x0)

17:49:28 executing program 2:
r0 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x0, 0x6000)
getpeername$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000180)=0x14)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000240)={@local, @local, @loopback, 0x10000, 0x1, 0x2998, 0x400, 0x1cf2, 0x300080, r1})
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r2, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$PPPIOCGCHAN(r0, 0x80047437, &(0x7f00000002c0))
ioctl$SIOCAX25NOUID(r0, 0x89e3, &(0x7f0000000100))
ioctl$int_in(r2, 0x800000c0045009, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
fstat(r2, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, <r3=>0x0})
close(r2)
setsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000400)={{{@in6=@loopback, @in6=@mcast1, 0x4e24, 0x2, 0x4e23, 0x7, 0xa, 0x20, 0x20, 0x1, r1, r3}, {0xb096, 0xfffffffffffffffa, 0x2, 0x8, 0x69c, 0x7, 0x400, 0xffff}, {0x100000001, 0x8, 0x7, 0x4}, 0x0, 0x6e6bb0, 0x3, 0x1, 0x3}, {{@in6=@mcast2, 0x4d4, 0x6f}, 0xa, @in=@loopback, 0x3503, 0x2, 0x0, 0x3, 0x1ff, 0x9}}, 0xe8)

17:49:28 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x2c8)

17:49:28 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000000000000, 0xffffff7f]}}, 0x1c)

17:49:28 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/udplite6\x00')
getsockopt$inet_buf(r1, 0x0, 0x23, &(0x7f0000000080)=""/223, &(0x7f0000000180)=0xdf)
r2 = fcntl$dupfd(r0, 0x0, r0)
ioctl$RTC_SET_TIME(r2, 0x4024700a, &(0x7f0000000000)={0xc, 0x2d, 0xa, 0x1f, 0x8, 0x9e89, 0x0, 0xa0})

17:49:28 executing program 1:
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000300)={0xffffffffffffff9c, 0x10, &(0x7f00000002c0)={&(0x7f0000000400)=""/202, 0xca, <r0=>0x0}}, 0x10)
r1 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000280)=r0, 0x1d)
signalfd4(r1, &(0x7f0000000000)={0x4}, 0x8, 0x0)
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000140)=@req={0x8000, 0x5, 0x5}, 0x10)
readv(r2, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r2, 0x800000c0045005, &(0x7f0000000380)=0xffffffffffffffff)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
clock_getres(0x7, &(0x7f00000000c0))
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$EXT4_IOC_RESIZE_FS(r2, 0x40086610, &(0x7f0000000100)=0x4c4)
close(r2)

17:49:28 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6100000000000000, 0xffffff7f]}}, 0x1c)

17:49:28 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
sendfile(r0, r0, 0x0, 0x44)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x9)
openat$smack_task_current(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/attr/current\x00', 0x2, 0x0)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
r2 = syz_open_dev$cec(&(0x7f0000000100)='/dev/cec#\x00', 0x2, 0x2)
ioctl$KVM_PPC_GET_SMMU_INFO(r2, 0x8250aea6, &(0x7f0000000140)=""/95)
accept4(r1, &(0x7f0000000000)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000080)=0x80, 0x800)

17:49:28 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x2c8)

17:49:28 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f0000000240)=""/82, 0xffffffffffffff2e}], 0xc4363598b6fcd303)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
write$UHID_CREATE2(r0, &(0x7f0000000400)={0xb, 'syz0\x00', 'syz0\x00', 'syz0\x00', 0xac, 0x200, 0x7, 0xffff, 0x20, 0x1, "980f18f09492b889df7075a6b4c596f85fd894b17c390d3a1d420bb9724f81495276bfdb981b623242a542c5d185e8bd7a2702ab1e8c323eed658896939dd4248da4cee054d11701cff855f06eec9254d673f3a83259b8b5defe2a323fcceaaba0978d8e55602a4cfdd10b1294a7f90d109fed8cd5a41fd3408bd9fe89561e36dbae10aaaafc8482c6fa0e7c362d7b0d8855bbf55a7a445bc61cf949daee135ad4722d225d12972be10ebf08"}, 0x1c4)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00')
sendmsg$TIPC_CMD_SET_LINK_TOL(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x68, r1, 0x412, 0x70bd2a, 0x25dfdbfb, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x81, @link='syz0\x00'}}}, ["", "", "", "", "", "", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x10}, 0x80)
close(r0)

17:49:28 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x2c8)

17:49:28 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7800000000000000, 0xffffff7f]}}, 0x1c)

17:49:28 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
ioctl$LOOP_GET_STATUS(r0, 0x4c03, &(0x7f0000000000))

17:49:29 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
fdatasync(r0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:49:29 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8004020000000000, 0xffffff7f]}}, 0x1c)

17:49:29 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x101, 0x0)

17:49:29 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x16)
sendmsg$nl_route_sched(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000200}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=@gettaction={0x14, 0x32, 0x313, 0x70bd2d, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x4000001}, 0x20000010)
r1 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r1, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r1, 0x800000c0045009, &(0x7f0000000380)=0x2)
close(r1)

17:49:29 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
getsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000000), &(0x7f0000000080)=0xb)
close(r0)

17:49:29 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5]}, 0x2c8)

17:49:29 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0xffffffff)
r1 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x5, 0x20000)
ioctl$VHOST_SET_LOG_BASE(r1, 0x4008af04, &(0x7f0000000080)=&(0x7f0000000040))

17:49:29 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8dffffff00000000, 0xffffff7f]}}, 0x1c)

17:49:29 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa005000000000000, 0xffffff7f]}}, 0x1c)

17:49:29 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$EXT4_IOC_PRECACHE_EXTENTS(r0, 0x6612)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
setsockopt$inet6_MRT6_ADD_MFC(r0, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x4e24, 0x3ff, @mcast2, 0x1000}, {0xa, 0x4e22, 0x100, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x3ff}, 0x4, [0x1, 0x1f, 0xffffffff, 0x800, 0x4, 0x2, 0x4, 0x2d]}, 0x5c)

17:49:29 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc805000000000000, 0xffffff7f]}}, 0x1c)

17:49:29 executing program 0:
r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x10200, 0x0)
ioctl$KDGKBDIACR(r0, 0x4b4a, &(0x7f0000000480)=""/128)
r1 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x8000, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r1, 0x1261, 0x63e)
r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000200)='/dev/audio\x00', 0x80000, 0x0)
ioctl$VIDIOC_SUBDEV_DV_TIMINGS_CAP(r2, 0xc0905664, &(0x7f0000000140)={0x0, 0x0, [], @raw_data=[0xf4, 0x4c0, 0x41, 0x200, 0x8, 0x200, 0x7, 0x200, 0x7, 0xfffffffffffffff9, 0x6, 0xfffffffffffffffc, 0x3f, 0x3da865eb, 0xa9, 0x2, 0x4, 0xfffffffffffffffa, 0x3ff, 0x8, 0xe85a, 0x71dd, 0x7, 0x8, 0x80, 0x48b1, 0x7ff, 0x5, 0x3, 0x7, 0x10001, 0x81]})
creat(&(0x7f0000000240)='./file0\x00', 0x24)
fdatasync(r1)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000280)={<r3=>0x0, 0x9, 0x4}, &(0x7f00000002c0)=0x8)
getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f0000000300)={<r4=>0x0, 0xfffffffffffff800, 0x20}, &(0x7f0000000340)=0xc)
getsockopt$inet_sctp6_SCTP_STATUS(r2, 0x84, 0xe, &(0x7f0000000380)={r3, 0x5, 0x8, 0x800, 0x8, 0x7, 0x0, 0x2, {r4, @in6={{0xa, 0x4e22, 0x100000000, @dev={0xfe, 0x80, [], 0x20}, 0x80}}, 0x8, 0xfffffffffffffffc, 0x9, 0x1, 0x6}}, &(0x7f0000000440)=0xb0)
ioctl$VIDIOC_SUBDEV_DV_TIMINGS_CAP(r2, 0xc0905664, &(0x7f0000000080)={0x0, 0x0, [], @bt={0x81, 0x5, 0x8, 0x100, 0x8, 0x1b, 0x16, 0x8}})
ioctl$NBD_SET_BLKSIZE(r2, 0xab01, 0x5)

17:49:29 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
write$uinput_user_dev(r0, &(0x7f0000000400)={'syz1\x00', {0x7fff, 0x80, 0x10000, 0x4}, 0x455, [0x0, 0x38, 0xfffffffffffffff7, 0x0, 0x8, 0x6, 0x1, 0x80, 0xffff, 0x1, 0x4d74, 0x6, 0xe1c7, 0xb9c, 0x2, 0x5, 0x2, 0x7fffffff, 0x6, 0xdcce, 0xffffffff, 0x7ff, 0x4, 0x1f, 0x10001, 0x5947a635, 0x7, 0x20, 0x9, 0x580, 0x4, 0x800, 0x9, 0x8000, 0x3, 0x7fff, 0xf36b, 0x8, 0x800, 0x7f, 0xf0b, 0x3, 0x6, 0x8, 0x5c, 0x2, 0x0, 0x2, 0x6, 0x200, 0x1, 0xde, 0x400000000000, 0x1000, 0x6, 0x5, 0x2, 0x3, 0x9, 0x20, 0x0, 0x9, 0x3, 0x1000], [0xa17, 0x610e, 0x4, 0xad6, 0x200, 0x6ef300000000000, 0x5, 0x0, 0x6, 0x8001, 0x4f1, 0xd4, 0x2, 0x4, 0x10000, 0x7ff, 0x8, 0x40, 0xfff, 0x2, 0x5, 0xffffffffffffffaa, 0x3, 0x7, 0x22a, 0x100000001, 0xc5, 0x3, 0x400, 0x400, 0x0, 0x5, 0x35cd, 0x10001, 0x7, 0x50ce89a, 0xf85, 0xfb5, 0x8, 0xb0d, 0x7, 0x965, 0x400, 0x4, 0x2, 0x84a, 0x0, 0x5, 0x1, 0x100000001, 0xfffffffffffffff8, 0x7, 0x7f, 0x3f, 0x6, 0x2, 0x80, 0x1, 0x7, 0xffffffffa0a7dfe3, 0x401, 0xabb, 0x4, 0x80000001], [0x3, 0x7, 0x200, 0x7ff, 0x6, 0xd8f, 0x1, 0x2, 0x6, 0x5, 0x1, 0x23c6, 0xfffffffffffffffc, 0xa26, 0x3, 0x40, 0xc8b, 0x2, 0x422, 0x2, 0x20, 0xfdbe, 0x4000000000000000, 0x6, 0x9, 0x3ff, 0xfffffffffffffb4d, 0x2, 0x5, 0x8, 0x800, 0x4, 0x3ff, 0x9, 0xa1, 0x3, 0x5, 0x0, 0x7, 0x2, 0x2, 0x9, 0x400, 0x101, 0xfff, 0x7, 0x4, 0x400, 0x2, 0x0, 0xffffffff, 0x2c, 0x1, 0x6, 0x6, 0x3, 0xfffffffffffffffc, 0xfff, 0x1, 0x5, 0x3, 0x80, 0x4, 0x7], [0x3bf2, 0x6, 0xff, 0x100000001, 0x493, 0x1, 0x9, 0x3, 0x200, 0x19c9561, 0xfffffffffffffff7, 0x4, 0x5, 0xc8, 0x0, 0x6, 0x9, 0x5, 0xa90a, 0x8000, 0x5, 0x4, 0x9, 0x101, 0xfffffffffffffffa, 0x3311, 0x9, 0x100, 0x4, 0x4ada, 0x1f, 0x535, 0x200, 0xde, 0x1, 0x6458, 0x9, 0x2b74099b, 0x2, 0x6000, 0x0, 0x101, 0x6, 0x7, 0x3, 0xd90, 0x47e, 0x1ff, 0x800, 0x9, 0x1f, 0x9, 0x0, 0x94c6, 0x1, 0x200, 0x7, 0xfffffffffffffff8, 0x0, 0x9, 0xffffffff00000001, 0x8, 0x2, 0x7c]}, 0x45c)
close(r0)

17:49:29 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6]}, 0x2c8)

17:49:29 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe803000000000000, 0xffffff7f]}}, 0x1c)

17:49:29 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x0, 0x0)
ioctl$KVM_GET_NR_MMU_PAGES(r1, 0xae45, 0x10000)

17:49:29 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
r1 = fcntl$getown(r0, 0x9)
rt_sigqueueinfo(r1, 0x9, &(0x7f0000000080)={0x41, 0x9, 0x7})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
close(r0)

17:49:29 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000000))
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
close(r0)
setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f0000000080)=0xfffffffffffffffe, 0x4)

17:49:30 executing program 0:
r0 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vfio/vfio\x00', 0x80000, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r0, 0x84, 0x7, &(0x7f0000000040), &(0x7f0000000080)=0x4)
ioctl$IMGETCOUNT(r0, 0x80044943, &(0x7f00000000c0))
r1 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r1, 0x1261, 0x0)

17:49:30 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xeffdffff00000000, 0xffffff7f]}}, 0x1c)

17:49:30 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, 0x2c8)

17:49:30 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf401000000000000, 0xffffff7f]}}, 0x1c)

17:49:30 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)

17:49:30 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0xffffffffffffffff, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)

17:49:30 executing program 2:
readv(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-control\x00', 0x80001, 0x0)
write$P9_RVERSION(r0, &(0x7f0000000040)={0x13, 0x65, 0xffff, 0x5, 0x6, '9P2000'}, 0x13)
ioctl$KVM_SET_PIT2(r0, 0x4070aea0, &(0x7f0000000080)={[{0x2, 0x5, 0x1, 0x3, 0x8, 0xfffffffffffffff9, 0x0, 0x7, 0x5, 0x6, 0x1ff, 0x1, 0x7f}, {0x7, 0x6, 0xdbd, 0x1, 0xffffffffffffffff, 0x100, 0xfffffffffffffff9, 0x9d, 0xa8b5, 0x6, 0x1, 0x1, 0x3}, {0x5, 0x3f, 0x1, 0x80, 0x1dd2, 0x4, 0x0, 0xffffffffffff8001, 0x3, 0x3, 0x8, 0x4, 0x8001}], 0x6})
ioctl$int_in(0xffffffffffffffff, 0x800000c0045009, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(0xffffffffffffffff)

17:49:30 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf5ffffff00000000, 0xffffff7f]}}, 0x1c)

17:49:30 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x1)

17:49:30 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}, 0x2c8)

17:49:30 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x2000000000000001, 0xfffffffffffffffc)
write$FUSE_NOTIFY_POLL(r0, &(0x7f0000000000)={0x18, 0x1, 0x0, {0x8}}, 0x18)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, &(0x7f00000005c0)=ANY=[@ANYBLOB="070000000000000000000000000006000000000000000000000000000000000000000000"])
socketpair$unix(0x1, 0x2, 0x0, 0x0)
close(r0)
recvfrom$rxrpc(r0, &(0x7f0000000600)=""/243, 0xf3, 0x40010002, &(0x7f0000000700)=@in6={0x21, 0x3, 0x2, 0x1c, {0xa, 0x4e20, 0x5, @mcast1, 0x7}}, 0x24)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x9f)
ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40042409, 0x1)
vmsplice(r0, &(0x7f0000000540)=[{&(0x7f0000000080)="99e645027879f29c738cb197ae52c99af06ef39c7324c64bbccc2c9bd4cf191c5880c199e8fd0c7a3dd6bd686a885742ab7a1b5eea4cbf4bf670f9331aea2808d3345553b323d1fae71fc4d36df93155ced0f452ed45de2ffd8701e57782eef8e8e9d63f2b43713bc49d5a02fea1da3a0610", 0x72}, {&(0x7f0000000100)="909d8f2b596aac46398bd9ae85c0f6e842a7a2ecd6c333c7b60a0d3afe81920f959baf5e626335314fc8459f4be5e0bc0de11e437b54a182fa408bc7c21f3448535b661865a261e0ea74632a60e05e77d152729a85528bb384f3a6efc0bdca7bd7addfc7a2c3176178920490db", 0x6d}, {&(0x7f0000000240)="bac638ce7a20f184622f21dc170b3f39238a6c8d358276bac522c9e2e516df143a6f601c230b4aed26026915bb4514dab4bb3545a6b8066232b034a30880bfb4bc016fccae5eebe170f2002bef55c3f749079a1f634b5d80308282ae17872d0571f423898c43f5558e4a623320f0386a4ced52fefb19834226f0ec69c2471539d018", 0x82}, {&(0x7f0000000400)="532d1990ac0e62a521ee16de2882cbeddd26f0e4bb88ec38f945eeb1417977c26ef9bfb1af42bce9fea66a93b3bc094499bd033f7a43d12fe6850f09cb38d3aa89b9ce413a823dda7dea4f734acf0afb1cf7e96877e92ce716825ba3638dc633a526e9c8e8acf18791022f4b760735fc950d576a923103cde77e414b4e5093c5cf4d419dc4da8ea5be6ac4fb04eb77b60c50151cd9d48b7c60bf7519d07984bc4acca68658a6dab15e4c938ebc1965216089c19d417b786b71c23423687fe955f43f93e1633144b148254efd817034dc24f04ebb17e7d250c3d4ec4e6a5d9aa2af9f918223", 0xe5}, {&(0x7f0000000300)="6a36ab7e9d1ca5c744c1d4d700e449792269b15ce960deb093c8d50bc0e05a5d5fba3a001bd5054e8027fc33ad058e243f09ec23596659885647af482766020796e492aefd37e970f589e3e8b98376113cb2c93c8e9bdccd1706b634944814c581d3cbed38c9c0d48f003bbc3a226c131aa82ec0af0f6d64fd1b98c4a27df93e0b8412f8338ee630e0ec5f74", 0x8c}, {&(0x7f0000000180)="b17d7945d6ee62ddf82f5cc36178cc308460f614ddfbacb2f7fb019c09e2642573867a77a61a4866cc588f4b56a7a196aa", 0x31}, {&(0x7f0000000500)="d180e9df271d2ab61ae98207ba10d51de60056", 0x13}], 0x7, 0x1)

17:49:30 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r0, 0x4010ae68, &(0x7f0000000000)={0xd000, 0x2000})
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000300)={<r1=>0x0, 0x90, &(0x7f0000000240)=[@in6={0xa, 0x4e21, 0x924, @mcast1, 0x7a}, @in6={0xa, 0x4e24, 0x2, @ipv4={[], [], @rand_addr=0x80000000}, 0x5}, @in6={0xa, 0x4e23, 0x4, @empty, 0xc09c}, @in6={0xa, 0x4e22, 0x5, @local, 0x1}, @in={0x2, 0x4e24, @local}, @in={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1b}}]}, &(0x7f0000000340)=0x10)
setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000400)={r1, 0x1fe, 0xffffffff, 0x1, 0x3ff, 0x53}, 0x14)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
getsockopt$nfc_llcp(r0, 0x118, 0x0, &(0x7f0000000080)=""/100, 0xffffffffffffffa1)
close(r0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={0xffffffffffffffff, r0, 0x0, 0xa, &(0x7f0000000100)='/dev/dsp#\x00', 0xffffffffffffffff}, 0x30)

17:49:30 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfc00000000000000, 0xffffff7f]}}, 0x1c)

17:49:30 executing program 0:
r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x82000, 0xc4)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x2)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000040)={0x800100e, 0x800, 0x3})
r1 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
write$FUSE_NOTIFY_INVAL_INODE(r0, &(0x7f0000000180)={0x28, 0x2, 0x0, {0x1, 0x6, 0x100000001}}, 0x28)
ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f0000000080)={0x5, @vbi={0x8, 0x1, 0x92f, 0x35315241, [0x7f, 0xff], [0xffffffffffffffff, 0x5], 0x1}})
ioctl$LOOP_SET_BLOCK_SIZE(r1, 0x1261, 0x0)

17:49:30 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x7, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fchdir(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
close(r0)
prctl$PR_GET_TSC(0x19, &(0x7f0000000080))

17:49:30 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9]}, 0x2c8)

17:49:30 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:49:30 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdffffff00000000, 0xffffff7f]}}, 0x1c)

17:49:30 executing program 0:
syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x80000000ffe, 0x0)
r0 = syz_open_dev$usb(&(0x7f0000000240)='/dev/bus/usb/00#/00#\x00', 0x5, 0x400001)
setsockopt$ARPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x61, &(0x7f0000000280)={'filter\x00', 0x4}, 0x68)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x800000080000001)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000000c0)={0x0, <r2=>0x0}, &(0x7f0000000100)=0xc)
setsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000140)={{{@in=@broadcast, @in6=@ipv4={[], [], @remote}, 0x4e23, 0x87a, 0x4e24, 0x100000000, 0xa, 0x20, 0x80, 0x11, 0x0, r2}, {0x9, 0x4e13, 0xffffffffffff0000, 0x60000000000000, 0x2, 0xa62, 0x1ff, 0x8e70}, {0x6, 0xffffffffffffff00, 0x5, 0x8001}, 0x8, 0x0, 0x1, 0x0, 0x1}, {{@in=@dev={0xac, 0x14, 0x14, 0x28}, 0x4d3, 0x2b}, 0x2, @in=@loopback, 0x3505, 0x4, 0x2, 0x10001, 0x6, 0x4, 0x3}}, 0xe8)
r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x400, 0x0)
setsockopt$inet_mtu(r3, 0x0, 0xa, &(0x7f0000000080)=0x5, 0x4)

17:49:30 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe80000000000000, 0xffffff7f]}}, 0x1c)

17:49:30 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000480)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb01741a000000000000e8ffffffff170074996ab300000000250a7655bec5df5cac349d136463822e8ca6ae5ded18993c270f565c5c54e321694c6107b1a01ffd2943acc1908e36f21484a51895636a6eab4b5a58410a626ec2f17e1fcabd9405e6e7e62dad1c44b631da3fbe087c2a8ecea5d4c946db7f8653e655d776013bf3e5aa4a228036e41271718544ca2d9e9572f7c541ce4a911a81f9b807cca89db2eb20"], &(0x7f00000003c0)=""/144, 0x1a, 0x90, 0x1}, 0x20)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0xfcf)
r1 = syz_open_dev$vbi(&(0x7f00000000c0)='/dev/vbi#\x00', 0x1, 0x2)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/pfkey\x00', 0x10400, 0x0)
setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000140)=r2, 0x4)

17:49:31 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfec0000000000000, 0xffffff7f]}}, 0x1c)

17:49:31 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa]}, 0x2c8)

17:49:31 executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0x2, 0x10)
readv(r1, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
accept$inet(r0, 0x0, &(0x7f0000000000))
ioctl$int_in(r1, 0x800000c0045009, &(0x7f0000000380)=0x2)
close(r1)

17:49:31 executing program 0:
r0 = openat$md(0xffffffffffffff9c, &(0x7f0000000000)='/dev/md0\x00', 0x250080, 0x0)
ioctl$BLKBSZGET(r0, 0x80081270, &(0x7f0000000040))
r1 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r1, 0x1261, 0x0)

17:49:31 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeffffff00000000, 0xffffff7f]}}, 0x1c)

17:49:31 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb]}, 0x2c8)

17:49:31 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
ioctl$VIDIOC_DBG_G_REGISTER(r0, 0xc0385650, &(0x7f0000000240)={{0x2, @addr=0xd0e}, 0x8, 0x1, 0x6})
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000000080)=ANY=[@ANYBLOB="000000000000000003000000000000000700000000000000", @ANYRES32=r0, @ANYBLOB='\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=r0, @ANYBLOB="00000000020000000000000000000000000008000000000000000000", @ANYRES32=r0, @ANYBLOB="00000000060000000000000000000000000000000000000000000000", @ANYRES32=r0, @ANYBLOB="00000000880900000000000000000000000000000000000000000000", @ANYRES32=r0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=r0, @ANYBLOB='\x00\x00\x00\x00\t\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=r0, @ANYBLOB="00000000060000000000000000000000000000000000000000000000"])
syz_open_dev$mice(&(0x7f0000000180)='/dev/input/mice\x00', 0x0, 0x2000)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
write$selinux_attr(r0, &(0x7f0000000000)='system_u:object_r:framebuf_device_t:s0\x00', 0x27)
close(r0)

17:49:31 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
fcntl$notify(r0, 0x402, 0x4)
fsetxattr$trusted_overlay_upper(r0, &(0x7f0000000140)='trusted.overlay.upper\x00', &(0x7f0000000240)=ANY=[@ANYBLOB="00fbfffd00339b3da549fc16096f00e015ce563bb0d78c4100c240d488ad2d0c4d765e461c844d07f39ec7da0ab1bd3f2093ed355234c4037ea0e546fe24b57738e73297f5f2f9adf31b7bff9ba2c062e8c0e01af3a3764e07ef3a2217139466c6d0fb03e8176c3d2abe2665ee877b5b6a1615bbbfb92daa2f3bfedc3fed5ac10796ee54dfbd9d0354933b3627bb4f974cd716a7328b5c1b45de"], 0x57, 0x3)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x1)
ioctl$sock_inet_SIOCSIFPFLAGS(r0, 0x8934, &(0x7f0000000000)={'veth0_to_bond\x00'})
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:49:31 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff00000000000000, 0xffffff7f]}}, 0x1c)

17:49:31 executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x2000000000001f, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
fcntl$dupfd(r0, 0x0, r0)
r1 = dup3(r0, r0, 0x80000)
ioctl$VIDIOC_G_AUDIO(r1, 0x80345621, &(0x7f0000000000))

17:49:31 executing program 3:
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0xc)
setresuid(0x0, r1, 0x0)
fcntl$setstatus(r0, 0x4, 0x403fd)
r2 = syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0xfffffffffffffffe, 0x0)
r3 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$read(0xb, r3, &(0x7f00000000c0)=""/154, 0x9a)
getpeername$netlink(r2, &(0x7f0000000180), &(0x7f0000000240)=0xc)
readv(r2, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r2, 0x800000c0045009, &(0x7f0000000380)=0x2)
close(r2)

17:49:31 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc]}, 0x2c8)

17:49:31 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff000000000000, 0xffffff7f]}}, 0x1c)

17:49:31 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x6)
r1 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x6, 0x60801)
getsockopt$IP_VS_SO_GET_SERVICES(r1, 0x0, 0x482, &(0x7f0000000080)=""/49, &(0x7f00000000c0)=0x31)
r2 = syz_open_dev$radio(&(0x7f0000000180)='/dev/radio#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_INVAL_INODE(r2, &(0x7f0000000040)={0x28, 0x2, 0x0, {0x3, 0xff, 0x5}}, 0x28)

17:49:31 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f0000000180)=[{&(0x7f0000000100)=""/69, 0xeb}, {&(0x7f0000002400)=""/4096, 0x11e3}], 0x2)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
close(r0)

17:49:31 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f00000000, 0xffffff7f]}}, 0x1c)

17:49:31 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
kexec_load(0x3, 0x8, &(0x7f00000015c0)=[{&(0x7f0000000000)="9915c63a92c5853c80cdc410b1c6b1b901452e4acb2a132993aa622b85e0c08adedb94ccae00d7303134aa23346bcd8967b5e83a9e228de0a2ad733481a8696c90d3f873e087e18ac8a65ca7dc72", 0x4e, 0x87, 0x1f}, {&(0x7f0000000400)="21bedc5869910a3bdcdcee714b2492963ba53cf57e2b3a2a12e1eb0bcb450f8c82c700ff3a98412b9c23f6503df93f7e0cc5295800f5e0f2e0b14e7b56d064157cf2424728d5db026f63c6f8c317025a1b40e78b281aa5c48346084dba09744823307e34c85fb5e0e37364016b0013ddf7b2d77042d8e142faf27a5c7f439c0624b528561494ca8f832f3f1280a8a29999208a589b7c3b4c66afe90f11d9ec3cced1a09a23d376395863f5a1648a8970a85f937f745484420ef0130a25a28d578c45370de89b06c1cc66060e3ef484acbbc4d2fb5061d897db9f6ca229f9ebf27efce80a606ef00746bf40cbc30a665c1e56c4ebc62bf8668fef1915b97a532ea93874af8d93c0565a2937fd61363125791c7ee7b3fe8e2d3bd72769e067034ea9c8e717c2892ede695883bbc9137f78c4219ef503bcdf3064f9b4b32f8d853513179117bf1009c2648d3b10c116e5a5dae4cd5201ae952238843eea3650d9d7cdf44ac786438f5afa3831ac788791287bc1c785f23eb298d7be41298b6e3538fbd35c0a384a2b655de0db9ba7f70cb81b45ce20e8e08b3697f37f7bc1f45cf99a82ed6586f0937cf1c556f70ab6b0beb2dd8f89f945f10a41ae9a59a1dd1eb9198cfbbc03c936dd814460004acf715f5e790e6bd0c67f1702b5a202ef47ff6f45ffdba91f06641d123f64eb3624bd5a24552f3d62ce09bff7013ce326859781386cf0d9b100bdbeebcc70e7d9c92b1adf633abaddd85feb6a83bde15f8cbc11e504fb597c80ac8e046b095c13049b6f1c322f9c00fd27506c4afb302ffd9528e131b172ee769c6611efc15b0fd66af8df0d02687f8a3746d3d005b56644680663b63d37e40ce971ff26f6890ec9e7157d0ae9c8f2c06da23be644fdf2881413f07bc1011d346a4fbbce0e7f23caec42fe242c5d00193c0c16ac5c326b0b0d88ab5e8cf7f5c3e3fa9a5eec4392c34e7839810e15802bb516c2f91310017effd4ee311158e8af26d57da5af0559b4bb166bf0fc3d94e50c30d0fca0e044e7d6951486cf22ff9a55024741c723aa91e19990cf5876265a52cbcdfc4e75c523608c2bc4ef5310d8086222eda3a06daff63fe0cbec642e3643ccaeffd795896721b86017702255e4992b517192fbd6e43977d5b7ff4bbb5417882d700e3356fff61a6b053d8f0bf0056d0fac15be3b9559b37ea61c779ee7dc2c562b047bd56305133054bd90fc3fe192700acd66ec9769e123e19ef03572392549278fd6f1121890dd6421ac52219fd7fabfa10d107101d8358f71c4bdfc64cf4970813e0ca9ff00598f3bec6d0adca19951bd1d4951b1e86d78b08da58be51b7fd84822946c9a1c6c844995580f86af4ef3a58c9892a77a95b5b704969b47fe94bfcf3a738fedb6e9c8fb3588c04a6a11ac9747d8509ff2dbe3a7b7038ad1edf6c7bc8817078b7b1c7d35de66b9d6439023f4592c75e21369ba4de99802e34910bc46447e8c680fcbdc88f02e6514c4110fff2265fbc77f316e8240e9d5fc9be1f4738143d5547e77b1611e511f712ac7925c455713591a6f9a429f5e14affc6e4b8f3c43d21792206e80ce785ca5c8f9c612de44017de5766a0f9a685b2a4b162deb2df3a8a84ee51e3b1b70e2013d905383a3db8c8134c20c0121aa79710b21f5f0d00ba599e309e602603b5a6376bf0bcb911576a1df0e5cf8ba76a550af719f072461b158159faaaf94998ffce542756257ec7b811727564d3c56c6b1c19693f09814ada598f656b7d43801eb03cca33ef20560d2ebda1625fb4ec4cc61176dde0353e6d94a5067da9d7be6856c4be30a4f4c667fc5fc2a92b50a1cd0993da434f5d72b49d0447a123698bfd760efc0c2a0f939a2d4ffc81a1dd53b95e5c1b2f044093b90db06019082db3ed743dda8171d13246fe44ed0278779a4eb3e2615072168b8a084df5fed52786676d2ea11ecfdec3a12f85e0cd3ae04bc2954c7d05c9b4565b9ddfce78d657f02877cbca929c1122c207e06e569f76f876a2fae9e86d9a3d1a6ed39009b0c12afe680b737b42b6664591889265ea0471787b9a2c386a0f41a89d234cbedf4fa5738c0ba3f06f4bbcb937bf73e9be507d3b4460cd14c536a040b5f7c48029f5df59dac8137a001091586db28681b75d19dd034734de14a9b04612b7a160292062a6566b3d48b285404ce47c200f580286102054493069ebbe783ec4946bfebc590cb1f8ce330cd877fa6df86fc7ea9d1e0bd6b20befb3630e6f08c9cfafda2dd20a5a79158fac995a82e6cbfadb8940cad2cce0a9a312f259e9f8b6283ae8e414fe77c621a6e33964bcc093f2c4986545bb0878f31566b8a5549ded4e6fd021318813a64c7f2c1970de5ea4c7f28763a7b9e68712f2b6d9766ab982f6804bb16e0b131c10ae3deedfdec16887c9ffa21c1ac55cc4774f7fe7df77a8709f4d7fdede08080b4a2cba172ff003d4366555025a34eeea66dfa9c641a789a32590cc7091045998f7527e0ec39ce6b7d6aad18ce00bfa27108aba7a3f890c22ac856d034138f3f3edff6c13de46f8873d1793856dad705baf8edd9ac196df272958f0f2546447aa7ebf21a3dfeaa42968215b2765261b27d7b457a2d179d353dd0b7aabce3890f5eb0009702d2cba2c2f64c67a981bc15705b4daf6ef37ed39a4a347b921977b115e97d95a4639cb6f539b9aa11e82520970f465fe01b11845263e1452cbc9f4751d150a52c2a49a6ee03d23da9fd42ec540bfcfd27e9ebebdc0103b511bf7b11894d3e91074bf96857ef7d5f021fd847c92c4c978d81cb7676cf186098949767b8456132117555875ab8f9932641a750dc50e8315a50fce7caa8e558d8a25ff817687f27bde3205e0429c8933138bfe31f6918f886da73ce078a7c5cfe4fb8f7569d6e1001bc82b620cb106e57eeb553c6ded3114a0f193a7568ccd1701694160caeb4b86c2810ac8d579d62c36b5216c7fa55f7269c7bf24535df0a4f23d399537f845b0008400550b3a1547bf156d7f0a94c05f82e4de2a554fc77cd0f3491a098b0527eb5b67fc91b73957d975e0bb7b4a5641891ace275e0fe4976317508516497c506bfa10d03fb34c20398dd5d4288023695b9c644a490e0f3e2518f9ae61da0a52b94a898a4710eb1e1e0ca1543b872dd3192ad7c17e530cd477e82f3b5fdc3976397c1f8bffd2374111f24c8bd23cfb67bef4a3b845ccb111460a56e439ee7f516459c7b0f41e361f641138e248400e6d255128962bf40a94563facac7fe5615e59d62ef6e01ab3e09541bff6b4e9cec077b438babf8c8fd4ed76e6af5918046104b4c5ca0cbb9f174bf053b83064b19d2e5c34305991ea6730804e28beeda4230f408f85df24dae0b0fc645a1fe26285490ca6acea683d6680a3194b6e76a89e967b6c0b31e8c5351a415ef8a8e725c6ceca72815582a98dcc11205f6a9cee263c2d342658b92759bd8e3f38397dec5dda3f5dfddbaa6f1a58ca73c0e421f0408605c883af1f88a759f6600f634cd0f98aa6743e3d8eca0cb5991e0ffc14d1740ce48a2b6d08f42b66c9e1902fc5ca3b3741b135ba1435031b166759a0dc8fbe0c596383f579a750f564dfa7a409b0fde0131797d13f6f42172539cdc62160731cbbe6978e01f42c91eaac3f61495e497b013d9be876244d2a0bbd444cc80ad625c039e43a48bef3ff5284bbbddc2db970d32160586239293d3b71ca3032d09fcf343c76dcd2d50df33ec244ca4e7611ca4c20f83d94f4cfdc3061ce2100f27e4d647eb36df15dac41e5ef7738af8b59802a12c2880f0fd69e6bb229e3e46df857c98357fb3baee032fd7d9004ca1f57fdfb518784596e2986f71367208f2dfcd1da946927f0f21e3fb6498e55a471733564201dd3768c59aaa300799a6864bc54e2a305e566e69382a644894a42665a8edb1be83b41906732b75f07e9ac2636354811f0f906346e90e0fa8fe9c445eb5a7093bc91f4b7cc69ff133171be5c6a3879ad5eb8bc4d8d5ec8896544e40479adf48d54fa9ae66c14b1160c0baacf87b59a8d2d6e2fb7363f66879f81383fc9cac9887fa0fb6a050e4646be9a3d2d82034884258e8e81ad3a762dba1a3ea005f0f7ca687ae7673b3d9fdb422a2baccfe7f9331112f1758a019c3716b7efc17a32861f2e3ffdd63b233895388f3d10901e45f42f7e17164bc6f213e29ea5719c548c09dce9d592ef6081263c8da8fd1e987d8120bc5f3a2f15eb4133598314670988878ed1555772c14901a7f50e3317fe916f6206a8aba6ab09aba950b03f2376c773f8889ee4b2b4b305bf2638789287c2f164a1529b5de571ef8875c5f9f0758345edab58108d3904a1deb1da04dbf1130442cc2aac01b2d9fe868e52a7e710bca7daed72c903166cc8857a2668016e381fea5dfec64d35f65145c1c5d606c976c037419332c24ca6c0287c00f63c133e5d7df9485c5f79ddfdfac84b2b1da51ad05554fdd098d27443e3eb7aa1ccb1d79f586a7f13f915e9cf4c9b787517c125852b87373eaf95ced083eeb2b5e74a6c6a5966fee1c59da7f44314bcf681634fb65c91b740538738bc54256f3540c08102d6afced3961e32c5e08af3bab75ac975bec5a12f165f77b972344c0161cb784bf5702ef1a968a0b03a577067c3421163f761067f4a125d238f9dceb886fd0a2f6f24377f27a032430a893580669de94a75be0f8c225508e91017a3c2dbdb09fc6dee9d76404372930783235d4a301130e7b9588446b4b35388eee30efcd9b3c29d41d4165ba96af602c7d080f6dc7a104b3bfe560904850e3ae1e80c1b5edb77c93d7601c3b34736b9ecc1fc40bca6eaff72a114b65e9d1f6fa914b5638742798911a27b2f516bd988d7eff44fb14f3c89f340db28ba3be5cae76b003aa25e52e35b3e7d7e161d5e51bc1e8c80b0c2ec1b54c103f01bd4669e70423ef9c9e76534db13647ad9a4f2c682c57526389ae97dbe170a1125e984f01c27c3a2a09dda88a04b3b20a2969e715205b643e7eaa67be3565a24e1fde93f77680076093630d21e8752363c364fb2351f5b0d02f6d71934c716efa8c66ed0a3765428e41f0a06d4f82e921da63c32933c0acc545298cdb336104799552a8815c64b4bebaf833780650f2f40506ca4492e1685c44dbc5b2c2686cb0eaf2a2c4b307318b9ddeec1adc75c3b7af41d7400dbe8719e94c913115e033ad85515e883f19ded63b0e9b71a1ea2d7905d139dc2510bd6203f1d670bdab5919c29e153bf4ff15277d1399a78c99e011f0b71b790cd61c9b1729594868e00ca14e645ca62b25a9fcf0e40d553a1207dce09cf2ee9ab5fd414aa4cca22bbbc36ff1d88ee413482370dc7f353ecd2102ffaf5361068813f94c825c951cfeeeac0ff731a7d3417ed00b042340d7ad51be7cce6310dec6de963c5cf82c2995eead97ef88a75216a502b9e15dd86d8186d35127eb6e9c46e2dbee259cddfa7f40e8e19d718708ea49dd644904818ecb4ef78f8499f72087d898d5d4f96f44e0faf218c63effa7301a5038ff3ace0829b5e36fd51a9a361dba700f204539cc129f9a14454043517c3b7b38b8af2a7a097ae46bd6b6ca91be13bde0e9498a31fae65679ae3d60280c15dd589e2cc5f3b12265f0c923ca9343036cdcc982c6588dec292962d3663af9cd8b0a5293bd30a8851c4015b90329c5f030746ba0dc37678578f0aed7978439f1ee7169e235e7caddb1da2c8a660ce358433763a51f6a4c7faca5be0c01d7b78cbe1e31b1914903d5d00ee4dc4d69bb0a89dc3ac5", 0x1000, 0x8fe, 0x190a}, {&(0x7f0000000080)="5fdd9b47e71bf1d3a969098c687839b9de229932ea76ec3118810de4cbcd27e1ad324a114a8487a7644e875b0fb1c3b6f46d9d166d18906da18f382b39e21b58b9045eb57dc261519ce1eb80a570ce1b7a97af6fd6c225d19c5f48b2ffc0b2894ffcc07578096a76122900c161458b5edc0df37abd7f3726f573d178d91dc29082ecda5b7f7982f2097572223363de885b1dd250e26be77e9a748f0abab59ca2ce51a4d96a391374f981e77456e3c5d210dc33a19273424342a3c66b8306127d2294ff7dc2e8b3bd94f753f1633f53f29224f7737842c55a0cf980c14a", 0xdd, 0xd77d, 0x80}, {&(0x7f0000000180)="f9fa2a0f771e724183798e64077ac1471b13a0efc93319b425e6ca00f8c4d97f527199234c8c207500041cccdae50b9eb706dae02248854b7d754511cd8f4161ea25d059424243f257c926345a8b7f4f897108b3ea6b7a7ef7574c38cb9524650bb046679c4d3e241478f79e9accde7ede50a14de9d75b455e6cb4774d6d4fdcbb32c938de5de6ff1154", 0x8a, 0x400, 0x100}, {&(0x7f0000000240)="bffe8d49a6714861a38b7405a19a7f20b30d59ad715c026b073e3e8da76b7ca205380b83b04ff482af426965ea19ad8b90af74b9a023815ece4df54709585c0500570084b0b50d380c63780dadbb2210c0d2724ff11d29320415f814c09643d5095e78d649431155d9972d56f270c31480da39de796a04bba28046508cd7766a4869bed9721b9d7f829918df780bb0395fd7b87261a70f661d4f4afe79168781", 0xa0, 0x2, 0x5}, {&(0x7f0000000300)="85e054862334010430ff41d2aaedfba067261f905c12d4b011945058dd705d5b2faca2c692f90ec66e7e446b436b8de1af83692ff7bde2002b02451837bc733a80d34e477677edc15c193b76be6865134a28e16ea776a3464b9dfc8999c8c44aea0a90a422424e37b982888ca01ba8e92a8263fcd1bd94f8da53e22b1de69feeae6369914e3e65", 0x87, 0x6, 0x5}, {&(0x7f0000001400)="f384239eb9b0361be5afe03adb416f05898f83fa7329785dcd789ebaf93ed48d273d14193544948354fbb28e22e748f62c7ec2707eed8391ffe0b3242a3c07c12c84370d01c1ad345d30d7cb7fb3e8e2001abaadec302a5c782d1aa2179895a260be6dcd562aa9d5a0fb02f84147bd76bbdce18ddddc214f3bd7d50d311624e2bada94d10829da788a3acdd4fd72bfda68a209ea77db2ad2dc6c6b7d5f278e4861c8ac5df9068b48fd97dddc8eda6ecff86934138abce536a0fd1e129c9582051fcbbcbb89bb519d7a259c8ec2a7558d1b3837cdaafed2cbed85faa17b", 0xdd, 0x100000001, 0x3}, {&(0x7f0000001500)="3de782443768a67774c85b2ec5b8d1c17bbe3489c509a8c8fd03b6b3ee0c602c34470a8a60c4dd05d8e38e48fafcfeb9068d0e78b983ba2a4e8188bccfeaa52e1c2a2efedf6f0d47f12173e3b6f185c003f0cdaf8fb373cf83fb7c029ed285828ff68d9026206eb814e782ba62d1b6bcfe25c1c7bd403f051a11ae71e0e06ab0397e1b254550c4707f403fa61cc7ffd3ff17f0", 0x93, 0x2000000000, 0x200}], 0x0)
r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f00000016c0)='/dev/ubi_ctrl\x00', 0x1, 0x0)
getpeername$packet(r1, &(0x7f0000001700), &(0x7f0000001780)=0x14)

17:49:31 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, 0x2c8)

17:49:32 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x800000000000005, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:49:32 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x1)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x418000, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:49:32 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ubi_ctrl\x00', 0x10000, 0x0)
ioctl$KVM_ASSIGN_PCI_DEVICE(r1, 0x8040ae69, &(0x7f0000000040)={0x7, 0x1ff, 0xfffffffffffffe00, 0x0, 0x7})

17:49:32 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000, 0xffffff7f]}}, 0x1c)

17:49:32 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe]}, 0x2c8)

[  859.746381][T13057] syz-executor4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000
[  859.757707][T13057] CPU: 0 PID: 13057 Comm: syz-executor4 Not tainted 5.0.0-rc1-next-20190108 #7
[  859.766649][T13057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  859.776706][T13057] Call Trace:
[  859.780017][T13057]  dump_stack+0x1db/0x2d0
[  859.784384][T13057]  ? dump_stack_print_info.cold+0x20/0x20
[  859.790108][T13057]  ? check_preemption_disabled+0x48/0x290
[  859.795842][T13057]  dump_header+0x1e6/0x116c
[  859.800369][T13057]  ? add_lock_to_list.isra.0+0x450/0x450
[  859.806004][T13057]  ? perf_trace_lock+0x750/0x750
[  859.810947][T13057]  ? print_usage_bug+0xd0/0xd0
[  859.815716][T13057]  ? pagefault_out_of_memory+0x1a1/0x1a1
[  859.821369][T13057]  ? ___ratelimit+0x37c/0x686
[  859.826057][T13057]  ? mark_held_locks+0xb1/0x100
[  859.830928][T13057]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  859.836756][T13057]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  859.842564][T13057]  ? lockdep_hardirqs_on+0x415/0x5d0
[  859.847854][T13057]  ? trace_hardirqs_on+0xbd/0x310
[  859.852887][T13057]  ? kasan_check_read+0x11/0x20
[  859.857739][T13057]  ? ___ratelimit+0x37c/0x686
[  859.862412][T13057]  ? trace_hardirqs_off_caller+0x300/0x300
[  859.868208][T13057]  ? do_raw_spin_trylock+0x270/0x270
[  859.873499][T13057]  ? trace_hardirqs_on_caller+0x310/0x310
[  859.879224][T13057]  ? lock_acquire+0x1db/0x570
[  859.883925][T13057]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  859.889731][T13057]  ? ___ratelimit+0xac/0x686
17:49:32 executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000240)='/dev/loop#\x00', 0x1002, 0x4000)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x9, 0x400000)
getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f0000000080)={<r2=>0x0, 0x5}, &(0x7f00000000c0)=0x8)
getsockopt$inet_sctp_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000100)={r2, 0x20, 0x4, 0x8}, &(0x7f0000000140)=0x10)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x89e2, &(0x7f0000000040)={r3})

17:49:32 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}}, 0x1c)

[  859.889749][T13057]  ? idr_get_free+0xee0/0xee0
[  859.889764][T13057]  ? lockdep_hardirqs_on+0x415/0x5d0
[  859.889789][T13057]  oom_kill_process.cold+0x10/0x9ca
[  859.904305][T13057]  ? cgroup_procs_next+0x70/0x70
[  859.914424][T13057]  ? _raw_spin_unlock_irq+0x5e/0x90
[  859.919662][T13057]  ? oom_badness+0xa50/0xa50
[  859.924285][T13057]  ? oom_evaluate_task+0x540/0x540
[  859.924302][T13057]  ? mem_cgroup_iter_break+0x30/0x30
[  859.924316][T13057]  ? mutex_trylock+0x2d0/0x2d0
[  859.924348][T13057]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  859.924378][T13057]  ? rcu_read_unlock_special+0x380/0x380
[  859.924401][T13057]  out_of_memory+0x885/0x1420
[  859.945731][T13057]  ? mem_cgroup_iter+0x4f4/0xf50
[  859.945754][T13057]  ? oom_killer_disable+0x340/0x340
[  859.945773][T13057]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[  859.945790][T13057]  ? lock_acquire+0x1db/0x570
[  859.945818][T13057]  mem_cgroup_out_of_memory+0x160/0x210
[  859.945832][T13057]  ? do_raw_spin_unlock+0xa0/0x330
[  859.945848][T13057]  ? memory_oom_group_write+0x160/0x160
[  859.945862][T13057]  ? do_raw_spin_trylock+0x270/0x270
[  859.945890][T13057]  ? _raw_spin_unlock+0x2d/0x50
[  859.945909][T13057]  try_charge+0x1457/0x1d00
[  859.945927][T13057]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[  860.013040][T13057]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  860.018595][T13057]  ? lock_downgrade+0xbe0/0xbe0
[  860.023467][T13057]  ? kasan_check_read+0x11/0x20
[  860.028344][T13057]  ? rcu_read_unlock_special+0x380/0x380
[  860.033993][T13057]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[  860.039549][T13057]  ? get_mem_cgroup_from_page+0x190/0x190
17:49:32 executing program 0:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x22100, 0x0)
r1 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0xffffffffffff2d4c, 0x208040)
ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000080)={0x10000, 0x8, 0x0, r1})
r2 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x127, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r2, 0x1261, 0x0)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3)
mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2000000, 0x20010, r2, 0x56)

[  860.045277][T13057]  ? rcu_read_lock_sched_held+0x110/0x130
[  860.051003][T13057]  mem_cgroup_try_charge+0x43a/0xdb0
[  860.056299][T13057]  ? mem_cgroup_protected+0xa10/0xa10
[  860.061696][T13057]  ? check_preemption_disabled+0x48/0x290
[  860.067431][T13057]  ? __lock_acquire+0x572/0x4a10
[  860.072394][T13057]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  860.078637][T13057]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  860.084904][T13057]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  860.090545][T13057]  wp_page_copy+0x45a/0x1c70
[  860.095144][T13057]  ? __lock_acquire+0x572/0x4a10
[  860.100091][T13057]  ? find_held_lock+0x35/0x120
[  860.104862][T13057]  ? pmd_pfn+0x1d0/0x1d0
[  860.109113][T13057]  ? find_held_lock+0x35/0x120
[  860.113881][T13057]  ? do_wp_page+0x894/0x1e80
[  860.118476][T13057]  ? delayacct_end+0xc9/0x100
[  860.123157][T13057]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  860.129419][T13057]  ? kasan_check_read+0x11/0x20
[  860.134277][T13057]  ? do_raw_spin_unlock+0xa0/0x330
[  860.139387][T13057]  ? _vm_normal_page+0x15d/0x3d0
[  860.144344][T13057]  ? do_raw_spin_trylock+0x270/0x270
[  860.149642][T13057]  ? print_usage_bug+0xd0/0xd0
[  860.154439][T13057]  do_wp_page+0x89c/0x1e80
[  860.158865][T13057]  ? finish_mkwrite_fault+0x4f0/0x4f0
[  860.164237][T13057]  ? __lock_acquire+0x572/0x4a10
[  860.169178][T13057]  ? find_held_lock+0x35/0x120
[  860.173975][T13057]  ? lock_acquire+0x1db/0x570
[  860.178650][T13057]  ? __handle_mm_fault+0x1d80/0x55a0
[  860.183942][T13057]  ? kasan_check_write+0x14/0x20
[  860.188883][T13057]  ? do_raw_spin_lock+0x156/0x360
17:49:32 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
r1 = accept4$vsock_stream(r0, &(0x7f0000000000)={0x28, 0x0, 0x2711, @host}, 0x10, 0x80800)
readv(r0, &(0x7f00000003c0), 0x0)
set_thread_area(&(0x7f0000000080)={0x5, 0x100000, 0x0, 0x3, 0x5, 0x800, 0x9, 0x1, 0x1, 0xf5f6})
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
close(r0)
ioctl$int_in(r1, 0x5473, &(0x7f00000000c0))
bind$rds(r0, &(0x7f0000000100)={0x2, 0x4e24, @empty}, 0x10)
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f0000000140)=0x8, 0x4)
fsetxattr$trusted_overlay_redirect(r0, &(0x7f0000000180)='trusted.overlay.redirect\x00', &(0x7f00000001c0)='./file0\x00', 0x8, 0x1)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f00000002c0)={<r2=>0x0, 0x4}, &(0x7f0000000300)=0x8)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f00000003c0)={r2, @in6={{0xa, 0x4e24, 0x80000001}}, 0x8f64, 0xffffffff}, &(0x7f0000000340)=0x90)
getsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000200)={@dev, <r3=>0x0}, &(0x7f0000000240)=0x14)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'ip6gretap0\x00', r3})

17:49:32 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff60]}}, 0x1c)

17:49:32 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = open(&(0x7f0000000040)='./file0\x00', 0x309a40, 0x80)
ioctl$KDSKBSENT(r1, 0x4b49, &(0x7f0000000080)="8e5d0ad1234be7b7852127ebb42ecb094bc226b9dfa660b4df06085a9861db2da485bcc243c5c49b6a47e63c094b5ec658304b207d76e41692b6d4008624045220b487711e44884b091174dc743399319c5ebfb47ffbfd973cc4af31c6a32ed28eedc00354787d66cb5cc9a8d40a426cd062b8ee2dc55f1793")
setsockopt$inet6_int(r0, 0x29, 0x3c, &(0x7f0000311ffc)=0x1, 0x4)
setsockopt$inet6_buf(r0, 0x29, 0x3e, &(0x7f00002cef88)="5780d01c", 0x4)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @local, 0x2}, 0x1c)
sendto$inet6(r0, &(0x7f0000adb000)="51e251578851f74182a74b89b27df427aeef44966d202e4138b5a18e75a0424e7fe93b0d32c7abba87b65f97aba1c26a06b6d94c4aefd8fdca10e744391062c8e602721c20051608d9aa6dacf61e1eb331a4daad402b9885599d56130f7149fb1111fa116e94324d585a0569fbd311dad54cb4e32ff7f02216844ef42eeb66c3d526c878d5135ad1c9262239339c18885e2a0a95854d6cde3dd2feeaa50216af6c5760923413af81199a65a6332b02ec7bbf79d557c033cbe032fdc44f66a5c59cc4a3c5d218f5896b359d1efd60baf98df6396567478f7b817ce6e11d59a7def452a0e1d0607f57f626a5b8d476636ef1ee76307524cf9ae49be4db0ab2c8ea0c5ebd1e80fed632155e14da1f7324d97bc61a3c1edc4431ee8a6caa2ed9f85cea5a2a9b263630c7d6fc35dda6002da571a2e51917e7c1019d8ce21a608147e408cc4c7c5f444fab931bda86d977d7c9ccefd881e5ef05b287f41eea526862885881c2cdc687dff02ba9b70a9b08734ac4d62c7f34465c34aa9e9f136c7f796d9eea41aa37f61830508338bb1f887089070567a1dd96cd700e7a098dabedb60f31acd17d487bc8be1a3101d2b5ac1715003793596c6daa93a27f4adb4d6fbea5669c24c206c944317ea18a2c762457f1bc945fec8f849641d44e7e2a24faeee28f3f266395fe18b0dce20c1f64e8896c8ff0e4a44a116fb32462471a0fcde143e551723d57339722765673b4163d66f473ac10f988cb25c89074fcb1bba20c41bddd9ca5cd2f106632f9884a47866d284b4efc6bb1aa74ed48d4a6535795f0873a99907ebc22be2337364cf9acc063e32f7d2ebdfad64d04aa405d2dbdee1128ab1e4761d2dd30885ad37dd168478f10789d172feef4c817a5cd372caade57f23300e45f47e001e3ea09364ab42ee9802477368b9910f4e24037c871cb8251568c792287a6f49fa61b7c2600accaa0e7b40c5912a9e100225c70441144ffa82927fa4802ed9ebb03eea8e945af5f4993f21a7f53baf7ec5bb6cc96b917dde82c18840c3500e9565f68f687b1c73d834c0d99d4acb002dc5682dbcdb1217a98f6c3ef8318b7fa93894e8a097b4511ba5c035e27c9fe8bfe7754741ac21bbc0303b81672e3117e5590fe2d92f912759b9937f64204ec5caa92e218daa5a3ef64617beb30cccb31016b13ed8d7bcabb03e176b1c906a38cbda3bf1c1256ab74ab6f42ed9bafbbd0096263be1a7da1e1c88deec55a653d170e1e13c77dacaa60a37a6ba2383e661ebc9f13dbaade2dd884c9951819fb4608e19e70cd2496ccfb12f24c71f496cfe9bc88fe1bbea1e9a24b1d4664fb0776aca6269b396779680e52f86877d9209988d12ccb137be01ab7496d00547a7d4849d365a18dbb55c429cde87d33c4b74ad2273cdfee88b5418866ef327f25e9cbcd5a64d97184339f7e4cb5f8de171d2779c0f68884ae835e398f982d5749f085628d3608986656ea04b721f828202e9342bd7d19dfa091e772aebf9718030167a8c029df7c58b7f400582bd95e5ad802050d8775ef373e8e2c5bf3525f907add3be426cd5a079c49abffe933e9ee213a3baf34f932d1299312691e1c53e6247ae0989ad66070d51fad22856a8b6b28954e7d41189b11c5321789eec8670de9e8db0b0473ba2e02731e60be632697d61e052c18d4bcc6d1572fdf426f7b2fee6c1dee66c85c497b90facaf63b8ec5cde4a73400f9180bcfc0f81eca9580a7c81462a077f9034026bf72aa7c6de4b3c15d4a2dbd6fd7d87084aea9f25fb4bf5ec83eb56874a760533792dff2695407ccdd6a7375e0007230fd3f6501c152f1c1ff279b1d67cc95f2820762b7927659368e41657bdef2dd15b63498a93b787bdb26809d734aaf98b86fcf9fc643a34d03ebbe072820662d20f4774d66c5ae0a0adade5b8f6242a059b926221ee3d677487471c432b0d6d64dad030703475bb3ecac39b204a814f5ece5961621358e36f8a2cf7196c76959824bbb475a7cad8f57853fe05f59", 0x599, 0x0, 0x0, 0x0)
recvmsg(r0, &(0x7f0000000bc0)={&(0x7f0000000340)=@can, 0x80, 0x0}, 0x0)
r2 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x3d2, 0x400000)
ioctl$EVIOCGEFFECTS(r2, 0x80044584, &(0x7f0000000140)=""/239)
r3 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r3, 0x1261, 0x0)

[  860.193907][T13057]  ? lock_release+0xc40/0xc40
[  860.198585][T13057]  ? rwlock_bug.part.0+0x90/0x90
[  860.203529][T13057]  ? pmd_devmap_trans_unstable+0x1d0/0x1d0
[  860.209354][T13057]  ? add_mm_counter_fast.part.0+0x40/0x40
[  860.215087][T13057]  __handle_mm_fault+0x2c8e/0x55a0
[  860.220210][T13057]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  860.225767][T13057]  ? check_preemption_disabled+0x48/0x290
[  860.225786][T13057]  ? handle_mm_fault+0x3cc/0xc80
[  860.225818][T13057]  ? lock_downgrade+0xbe0/0xbe0
[  860.225832][T13057]  ? kasan_check_read+0x11/0x20
[  860.225846][T13057]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  860.225864][T13057]  ? rcu_read_unlock_special+0x380/0x380
[  860.225879][T13057]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  860.225891][T13057]  ? check_preemption_disabled+0x48/0x290
[  860.225914][T13057]  handle_mm_fault+0x4ec/0xc80
[  860.225933][T13057]  ? __handle_mm_fault+0x55a0/0x55a0
[  860.225960][T13057]  __do_page_fault+0x5da/0xd60
[  860.236643][T13057]  do_page_fault+0xe6/0x7d8
[  860.236658][T13057]  ? trace_hardirqs_on_caller+0xc0/0x310
[  860.236676][T13057]  ? vmalloc_sync_all+0x30/0x30
[  860.236690][T13057]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  860.236708][T13057]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  860.236724][T13057]  ? prepare_exit_to_usermode+0x232/0x3b0
[  860.236742][T13057]  ? page_fault+0x8/0x30
[  860.322612][T13057]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  860.328170][T13057]  ? page_fault+0x8/0x30
[  860.332425][T13057]  page_fault+0x1e/0x30
[  860.336590][T13057] RIP: 0033:0x40d130
[  860.340522][T13057] Code: 89 f8 49 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 74 ff ff ff bf 19 d5 4b 00 31 c0 e8 08 49 ff ff 31 ff e8 41 45 ff ff 90 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d 36 33 64 00
[  860.360128][T13057] RSP: 002b:00007ffcc29733e0 EFLAGS: 00010246
[  860.366351][T13057] RAX: 00000000366e5f39 RBX: 0000000007a0ab86 RCX: 0000001b2e320000
[  860.374335][T13057] RDX: 0000000000000000 RSI: 0000000000001f39 RDI: ffffffff366e5f39
[  860.382313][T13057] RBP: 0000000000000005 R08: 00000000366e5f39 R09: 00000000366e5f3d
[  860.390305][T13057] R10: 00007ffcc2973570 R11: 0000000000000246 R12: 000000000073bf00
17:49:33 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
close(r0)
bind$netlink(r0, &(0x7f0000000000)={0x10, 0x0, 0x25dfdbfe, 0x2004000}, 0xc)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000100)=<r1=>0x0)
syz_open_procfs(r1, &(0x7f00000000c0)='attr/keycreate\x00')

[  860.398293][T13057] R13: 0000000080000000 R14: 00007f20eb64a008 R15: 0000000000000005
[  860.472534][T13057] memory: usage 307164kB, limit 307200kB, failcnt 4028
[  860.479806][T13057] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  860.495693][T13057] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
17:49:33 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x4)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000080)=0x3f)
write$P9_RAUTH(r0, &(0x7f0000000000)={0x14, 0x67, 0x2, {0x1, 0x2, 0x6}}, 0x14)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

[  860.502740][T13057] Memory cgroup stats for /syz4: cache:120KB rss:209840KB rss_huge:159744KB shmem:168KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:16KB active_anon:209956KB inactive_file:4KB active_file:0KB unevictable:0KB
17:49:33 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x5421, &(0x7f0000000140)=0x7)
ioctl$DRM_IOCTL_GEM_OPEN(r0, 0xc010640b, &(0x7f00000000c0)={<r1=>0x0, 0x0, 0x10001})
ioctl$DRM_IOCTL_GEM_FLINK(r0, 0xc008640a, &(0x7f0000000180)={<r2=>0x0, r1})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000080)={r2, 0x80000, r0})
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:49:33 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
r1 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2)
accept4$alg(r1, 0x0, 0x0, 0x80000)

17:49:33 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x2]}}, 0x1c)

[  860.561536][T13057] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor4,pid=23338,uid=0
[  860.577888][T13057] Memory cgroup out of memory: Kill process 23338 (syz-executor4) score 1106 or sacrifice child
[  860.635497][T13057] Killed process 23338 (syz-executor4) total-vm:70532kB, anon-rss:2196kB, file-rss:33736kB, shmem-rss:0kB
[  860.670116][ T1043] oom_reaper: reaped process 23338 (syz-executor4), now anon-rss:0kB, file-rss:32776kB, shmem-rss:0kB
17:49:33 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf]}, 0x2c8)

17:49:33 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x3]}}, 0x1c)

17:49:33 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f00000000c0)={<r1=>0xffffffffffffff9c})
getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000100)={<r2=>0x0}, &(0x7f0000000140)=0xc)
fstat(r0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, <r3=>0x0})
getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000200)={0x0, 0x0, <r4=>0x0}, &(0x7f0000000240)=0xc)
setsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000280)={r2, r3, r4}, 0xc)
r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0)
getpeername$netlink(r5, &(0x7f0000000040), &(0x7f0000000080)=0xc)

17:49:33 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x4]}}, 0x1c)

17:49:33 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000003c0)='/dev/loop#\x00', 0x0, 0x0)
syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0xccc, 0x40)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)

17:49:33 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x5]}}, 0x1c)

17:49:33 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x6]}}, 0x1c)

17:49:33 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x1000000000005451, &(0x7f0000000380)=0x8001)
close(r0)

17:49:33 executing program 1:
readv(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(0xffffffffffffffff, 0x800000c0045005, &(0x7f0000000380)=0x3f)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x540, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f00000000c0)={0xd1a, 0x1, 0x101, 0x10001, <r1=>0x0}, &(0x7f0000000100)=0x10)
setsockopt$inet_sctp6_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000140)=@assoc_id=r1, 0x4)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000400)={'#! ', './file0', [{0x20, 'user'}, {0x20, '/dev/dsp#\x00'}, {0x20, 'bcsf0\x00'}, {0x20, 'bcsf0\x00'}, {}, {0x20, ':ppp1cpuset'}, {0x20, '$nodevwlan1:'}, {0x20, 'trustedbdevkeyring'}], 0xa, "2102252a9ecca8f4fef13bb28411f978c6e3506a2fa8820548b28446e1494479404b0419553b89aa3e78cef7fe010f0e7041a75afc9f7495f8fe039b2c8e6f61612c586aaf2fd867eb5113f31a405a79a4f9b45df640d4c7c892dbb3d2267535760b90f4e1d5c72e6e35897af39c8dd28ec389a30c08cadff67b7c94a543d87cce226fbd65991aa9adbec53f1146510cda1c75146967343d4d454602594b888ddc18ab2e1e0e051089b40f93af657c6619ff0009752f82b48c133c35cfc3ea095f442f5e61caa0ef071c4a7c220181a130e1f2b75d107b4c3281fa93d3beabfe46ee271fdf73c7f21f9852090b8d060f83304b71d80a19f8b43579"}, 0x151)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x20000000007)
ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000080)={0x35ca, 0x3373575b, 0x2, @discrete={0x5d72, 0x7fffffff}})
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000000)='bcsf0\x00', 0x10)
close(0xffffffffffffffff)

17:49:33 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)
fcntl$setflags(r0, 0x2, 0x1)

17:49:33 executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x2)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x101000, 0x0)
ioctl$TIOCSTI(r1, 0x5412, 0x9)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r1, 0x800c6613, &(0x7f0000000080)={0x0, @speck128, 0x1, "e7e5ead711d8875a"})
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x1261, 0x0)

17:49:33 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x7]}}, 0x1c)

17:49:33 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10]}, 0x2c8)

[  861.282077][T13155] QAT: Invalid ioctl
[  861.299582][T13155] QAT: Invalid ioctl
[  861.319263][T13160] QAT: Invalid ioctl
17:49:33 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x8]}}, 0x1c)

17:49:34 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f0000000000), 0x0)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

[  861.335822][T13155] QAT: Invalid ioctl
17:49:34 executing program 0:
mknod(&(0x7f0000000180)='./file0\x00', 0x8006, 0x16e8)
r0 = syz_open_pts(0xffffffffffffffff, 0x0)
read(r0, &(0x7f0000000100)=""/67, 0x43)
r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0x10, r1, 0x0)
msgrcv(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="1e00000000010000000000197f24acc233eeae0750e0369005000000e50fc4909198cc53e0ab49282d676a683568600f172c4d0d167917bd7a810ecc22ddfcf63ba3c7f0cf68535adb55b1af632216b382098c03840ef05d2951ef2f7028072e583d97e4141ebda3dd01585266dbf61a0fb674dc8e254b9ae584d871"], 0x1, 0x0, 0x0)

17:49:34 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11]}, 0x2c8)

17:49:34 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x9]}}, 0x1c)

17:49:34 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)
r2 = shmget$private(0x0, 0x3000, 0xc1, &(0x7f0000ffb000/0x3000)=nil)
shmctl$SHM_INFO(r2, 0xe, &(0x7f0000000080)=""/185)

17:49:34 executing program 3:
r0 = syz_open_dev$swradio(&(0x7f0000000080)='/dev/swradio#\x00', 0x1, 0x2)
write$P9_RUNLINKAT(r0, &(0x7f00000000c0)={0x7, 0x4d, 0x1}, 0x7)
r1 = syz_open_dev$dspn(&(0x7f0000000100)='/dev/dsp#\x00', 0x5, 0x0)
readv(r0, &(0x7f00000003c0), 0x0)
ioctl$int_in(r1, 0x800000c0045009, &(0x7f0000000380)=0x2)
ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x891b, &(0x7f0000000000)={'gre0\x00', {0x2, 0x4e24, @empty}})
close(r1)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r1, 0xc0145401, &(0x7f0000000040)={0x3, 0x2, 0x100, 0x1, 0x1f})

17:49:34 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0xa]}}, 0x1c)

17:49:34 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x3, 0xffffffeffffffffe)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
ioctl$KVM_ASSIGN_PCI_DEVICE(r0, 0x8040ae69, &(0x7f0000000040)={0x8, 0x5, 0x6, 0x4, 0x1f})
close(r0)

17:49:34 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12]}, 0x2c8)

17:49:34 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0xe]}}, 0x1c)

17:49:34 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
close(r0)
getsockopt$inet_sctp6_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000080)={0x0, 0x3, 0x100000000, 0x1, 0x4, 0x3f, 0x10000, 0x9, {<r1=>0x0, @in6={{0xa, 0x4e23, 0xe9b6, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x2}}, 0x8, 0xe59, 0x9, 0x6, 0x5}}, &(0x7f0000000000)=0xb0)
setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000140)={r1, 0x40}, 0x8)
getsockopt$bt_BT_SNDMTU(r0, 0x112, 0xc, &(0x7f0000000180)=0x9, &(0x7f0000000240)=0x2)

17:49:34 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x10]}}, 0x1c)

17:49:34 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={<r1=>0x0}, &(0x7f0000000080)=0xc)
sched_getparam(r1, &(0x7f00000000c0))
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)
r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000140)='nbd\x00')
sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)={0x44, r2, 0x300, 0x70bd2c, 0x25dfdbfc, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0xa838}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x1}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0xfff}]}, 0x44}, 0x1, 0x0, 0x0, 0x40}, 0x4040000)

[  862.048244][T13202] syz-executor4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000
[  862.117998][T13202] CPU: 1 PID: 13202 Comm: syz-executor4 Not tainted 5.0.0-rc1-next-20190108 #7
[  862.126958][T13202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  862.137007][T13202] Call Trace:
[  862.140303][T13202]  dump_stack+0x1db/0x2d0
[  862.144664][T13202]  ? dump_stack_print_info.cold+0x20/0x20
[  862.150390][T13202]  ? check_preemption_disabled+0x48/0x290
[  862.156129][T13202]  dump_header+0x1e6/0x116c
[  862.160645][T13202]  ? add_lock_to_list.isra.0+0x450/0x450
[  862.166282][T13202]  ? perf_trace_lock+0x750/0x750
[  862.171227][T13202]  ? print_usage_bug+0xd0/0xd0
[  862.175993][T13202]  ? pagefault_out_of_memory+0x1a1/0x1a1
[  862.176009][T13202]  ? ___ratelimit+0x37c/0x686
[  862.176044][T13202]  ? mark_held_locks+0xb1/0x100
[  862.176064][T13202]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  862.176096][T13202]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  862.176126][T13202]  ? lockdep_hardirqs_on+0x415/0x5d0
[  862.176159][T13202]  ? trace_hardirqs_on+0xbd/0x310
[  862.176174][T13202]  ? kasan_check_read+0x11/0x20
[  862.176186][T13202]  ? ___ratelimit+0x37c/0x686
[  862.176201][T13202]  ? trace_hardirqs_off_caller+0x300/0x300
[  862.176216][T13202]  ? do_raw_spin_trylock+0x270/0x270
[  862.176231][T13202]  ? trace_hardirqs_on_caller+0x310/0x310
[  862.176243][T13202]  ? lock_acquire+0x1db/0x570
[  862.176265][T13202]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  862.186586][T13202]  ? ___ratelimit+0xac/0x686
[  862.186602][T13202]  ? idr_get_free+0xee0/0xee0
[  862.186617][T13202]  ? lockdep_hardirqs_on+0x415/0x5d0
[  862.186643][T13202]  oom_kill_process.cold+0x10/0x9ca
[  862.186663][T13202]  ? cgroup_procs_next+0x70/0x70
[  862.186683][T13202]  ? _raw_spin_unlock_irq+0x5e/0x90
[  862.186700][T13202]  ? oom_badness+0xa50/0xa50
[  862.186719][T13202]  ? oom_evaluate_task+0x540/0x540
[  862.186738][T13202]  ? mem_cgroup_iter_break+0x30/0x30
[  862.294787][T13202]  ? mutex_trylock+0x2d0/0x2d0
[  862.299555][T13202]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  862.305920][T13202]  ? rcu_read_unlock_special+0x380/0x380
[  862.311566][T13202]  out_of_memory+0x885/0x1420
[  862.316247][T13202]  ? mem_cgroup_iter+0x4f4/0xf50
[  862.321176][T13202]  ? oom_killer_disable+0x340/0x340
[  862.326377][T13202]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[  862.332184][T13202]  ? lock_acquire+0x1db/0x570
[  862.336886][T13202]  mem_cgroup_out_of_memory+0x160/0x210
[  862.342439][T13202]  ? do_raw_spin_unlock+0xa0/0x330
[  862.347549][T13202]  ? memory_oom_group_write+0x160/0x160
[  862.353089][T13202]  ? do_raw_spin_trylock+0x270/0x270
[  862.358385][T13202]  ? _raw_spin_unlock+0x2d/0x50
[  862.363233][T13202]  try_charge+0x1457/0x1d00
[  862.367787][T13202]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  862.373337][T13202]  ? find_held_lock+0x35/0x120
[  862.378095][T13202]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[  862.383655][T13202]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  862.389906][T13202]  ? lock_downgrade+0xbe0/0xbe0
[  862.394742][T13202]  ? kasan_check_read+0x11/0x20
[  862.399599][T13202]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  862.405592][T13202]  ? rcu_read_unlock_special+0x380/0x380
[  862.411252][T13202]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[  862.416819][T13202]  __memcg_kmem_charge_memcg+0x7c/0x130
[  862.422395][T13202]  ? memcg_kmem_put_cache+0xb0/0xb0
[  862.427587][T13202]  ? lock_release+0xc40/0xc40
[  862.432271][T13202]  ? __put_compound_page+0xe0/0xe0
[  862.437393][T13202]  __memcg_kmem_charge+0x136/0x300
[  862.442500][T13202]  __alloc_pages_nodemask+0x7b8/0xdc0
[  862.447869][T13202]  ? put_huge_zero_page+0x50/0x50
[  862.452885][T13202]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  862.459117][T13202]  ? __alloc_pages_slowpath+0x2c60/0x2c60
[  862.464860][T13202]  ? __thp_get_unmapped_area+0x190/0x190
[  862.470486][T13202]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  862.476743][T13202]  alloc_pages_current+0x107/0x210
[  862.481836][T13202]  pte_alloc_one+0x1b/0x1a0
[  862.486343][T13202]  __pte_alloc+0x20/0x310
[  862.490686][T13202]  __handle_mm_fault+0x416e/0x55a0
[  862.495796][T13202]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  862.501319][T13202]  ? check_preemption_disabled+0x48/0x290
[  862.507039][T13202]  ? handle_mm_fault+0x3cc/0xc80
[  862.511975][T13202]  ? lock_downgrade+0xbe0/0xbe0
[  862.516818][T13202]  ? kasan_check_read+0x11/0x20
[  862.521654][T13202]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  862.527631][T13202]  ? rcu_read_unlock_special+0x380/0x380
[  862.533243][T13202]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  862.539478][T13202]  ? check_preemption_disabled+0x48/0x290
[  862.545741][T13202]  handle_mm_fault+0x4ec/0xc80
[  862.550540][T13202]  ? __handle_mm_fault+0x55a0/0x55a0
[  862.555826][T13202]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  862.562091][T13202]  ? vmacache_update+0x114/0x140
[  862.567129][T13202]  __do_page_fault+0x5da/0xd60
[  862.571907][T13202]  do_page_fault+0xe6/0x7d8
[  862.576411][T13202]  ? trace_hardirqs_on_caller+0xc0/0x310
[  862.582064][T13202]  ? vmalloc_sync_all+0x30/0x30
[  862.586902][T13202]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  862.593066][T13202]  ? prepare_exit_to_usermode+0x232/0x3b0
[  862.598792][T13202]  ? page_fault+0x8/0x30
[  862.603045][T13202]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  862.608626][T13202]  ? page_fault+0x8/0x30
[  862.612879][T13202]  page_fault+0x1e/0x30
[  862.617036][T13202] RIP: 0033:0x43f1c1
[  862.620936][T13202] Code: 8d 15 83 57 0a 00 8b 0c 8a 8b 04 82 29 c8 c3 66 2e 0f 1f 84 00 00 00 00 00 48 83 fa 20 48 89 f8 73 77 f6 c2 01 74 0b 0f b6 0e <88> 0f 48 ff c6 48 ff c7 f6 c2 02 74 12 0f b7 0e 66 89 0f 48 83 c6
[  862.640544][T13202] RSP: 002b:00007ffcc29734a8 EFLAGS: 00010202
[  862.646615][T13202] RAX: 0000000020000040 RBX: 000000000073c900 RCX: 000000000000002f
[  862.654592][T13202] RDX: 000000000000000f RSI: 00000000007400b0 RDI: 0000000020000040
[  862.662580][T13202] RBP: 000000000073c900 R08: 000000002ac35c76 R09: 000000002ac35c7a
17:49:35 executing program 0:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000680)=0xfff, 0x4)
bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007f9, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10)
write$binfmt_elf64(r0, &(0x7f00000016c0)=ANY=[@ANYPTR=&(0x7f00000005c0)=ANY=[@ANYPTR=&(0x7f00000004c0)=ANY=[@ANYRES16], @ANYRES32, @ANYRES64=0x0, @ANYPTR=&(0x7f0000000580)=ANY=[@ANYPTR64, @ANYRESHEX, @ANYPTR64, @ANYRES32=0x0]], @ANYRESDEC, @ANYRES16], 0xffffff84)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='hybla\x00', 0x6)
recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000740)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x1ffc}], 0x1, &(0x7f0000000200)=""/20, 0x14}, 0x400100)

17:49:35 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x11]}}, 0x1c)

[  862.670548][T13202] R10: 00007ffcc2973570 R11: 0000000000000246 R12: 00000000000003e8
[  862.678521][T13202] R13: fffffffffffffffe R14: 00000000000d270a R15: 000000000073bf0c
[  862.709682][T13202] memory: usage 307200kB, limit 307200kB, failcnt 4050
[  862.716730][T13202] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  862.730769][T13202] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  862.746165][T13202] Memory cgroup stats for /syz4: cache:120KB rss:209936KB rss_huge:159744KB shmem:168KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:16KB active_anon:209976KB inactive_file:4KB active_file:0KB unevictable:0KB
17:49:35 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x2, 0x2)
readv(r0, &(0x7f00000003c0)=[{&(0x7f0000000040)=""/82, 0x52}], 0x1)
rt_sigtimedwait(&(0x7f00000000c0)={0x81}, &(0x7f0000000100), &(0x7f0000000180)={0x77359400}, 0x8)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x200000, 0x0)
close(r0)

17:49:35 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f0000000900)=[{&(0x7f0000000080)=""/119}, {&(0x7f0000000240)=""/238}, {&(0x7f0000000100)=""/139}, {&(0x7f0000000400)=""/82}, {&(0x7f0000000480)=""/251}, {&(0x7f0000000580)=""/88}, {&(0x7f0000000600)=""/251}, {&(0x7f0000000700)=""/86}, {&(0x7f0000000780)=""/214}, {&(0x7f0000000880)=""/66}], 0x3a8)
getitimer(0x3, &(0x7f0000000000))
getsockopt$nfc_llcp(r0, 0x118, 0x7, &(0x7f00000009c0)=""/4096, 0x1000)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f00000001c0)={0x4, [0x0, <r2=>0x0, 0x0, 0x0]}, &(0x7f0000000200)=0x14)
getsockopt$inet_sctp_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000340)={r2, 0x200, 0x5, [0x9, 0x0, 0x3, 0x8, 0x80000000]}, &(0x7f00000003c0)=0x12)

17:49:35 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x18]}}, 0x1c)

[  862.778005][T13202] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor4,pid=23361,uid=0
[  862.793476][T13202] Memory cgroup out of memory: Kill process 23361 (syz-executor4) score 1106 or sacrifice child
[  862.804422][T13202] Killed process 23361 (syz-executor4) total-vm:70532kB, anon-rss:2196kB, file-rss:33736kB, shmem-rss:0kB
17:49:35 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)
setsockopt$inet6_MRT6_ADD_MFC(r0, 0x29, 0xcc, &(0x7f0000000080)={{0xa, 0x4e23, 0x400, @mcast2, 0x8}, {0xa, 0x4e20, 0x6, @ipv4={[], [], @initdev={0xac, 0x1e, 0x1, 0x0}}, 0xfffffffffffffffb}, 0x101, [0x3, 0x8000, 0x9, 0x1ff, 0x5, 0x8c1, 0xd0, 0x8]}, 0x5c)

17:49:35 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x30]}}, 0x1c)

17:49:35 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x13]}, 0x2c8)

17:49:35 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
ioctl$SIOCGIFHWADDR(r0, 0x8927, &(0x7f0000000000))
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:49:35 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x58]}}, 0x1c)

17:49:35 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x60]}}, 0x1c)

17:49:35 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x61]}}, 0x1c)

17:49:36 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x78]}}, 0x1c)

17:49:36 executing program 0:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000680)=0xfff, 0x4)
bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007f9, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10)
write$binfmt_elf64(r0, &(0x7f00000016c0)=ANY=[@ANYPTR=&(0x7f00000005c0)=ANY=[@ANYPTR=&(0x7f00000004c0)=ANY=[@ANYRES16], @ANYRES32, @ANYRES64=0x0, @ANYPTR=&(0x7f0000000580)=ANY=[@ANYPTR64, @ANYRESHEX, @ANYPTR64, @ANYRES32=0x0]], @ANYRESDEC, @ANYRES16], 0xffffff84)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='hybla\x00', 0x6)
recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000740)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x1ffc}], 0x1, &(0x7f0000000200)=""/20, 0x14}, 0x400100)

17:49:36 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
close(r0)
ioctl$sock_inet_tcp_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000000))

17:49:36 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x14]}, 0x2c8)

17:49:36 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0xfc]}}, 0x1c)

17:49:36 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000080)={0x80000001, {{0xa, 0x4e24, 0x5, @mcast1, 0x3}}, 0x0, 0x1, [{{0xa, 0x4e23, 0x5, @dev={0xfe, 0x80, [], 0xf}, 0x101}}]}, 0x110)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:49:36 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000000000)=0x1002000, 0x4)
close(r0)

17:49:36 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x103]}}, 0x1c)

17:49:36 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x1f4]}}, 0x1c)

17:49:36 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x300]}}, 0x1c)

17:49:36 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x15]}, 0x2c8)

17:49:36 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x301]}}, 0x1c)

17:49:36 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x3e8]}}, 0x1c)

17:49:37 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18]}, 0x2c8)

17:49:37 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
timer_create(0x0, 0x0, &(0x7f0000000200))
ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f00000007c0)={"a523fb9656eb871ffcd7ffeb51d84e738a55eba841ae487e33cdd921e8a51ce6c924020f0ac3562dd8cdeb31deac16f46da4ac16ee8165bce439eddce671c5b0a1103ea3f86a43cbb78504f6f9c77c2f09dc27632ec6036ee52a87e321e707c0cfe15576c26d52d0334c8d4693e127b3a046a5ed7796c9c5017cfd58ec871ed76369846fea9ebfa2f7f96496abf4ef57ed1ecd930eb9e13396875f01e932804ffe8a34c8fbedd97cdfb3176ec59fbbfd20a6ff17795431c3908530e4f5f703480a5211cc6a7e2084e4a9b6aedf60b7b8084b00ca2cbed255b4cc4679c967432fea5e95119f9635e94794aab6ef54f290677fa08d0ee2cc8eae468efd02417055d3f3ccc86b629dfb878c4d115c16c75fe352cffa93648cf49577256b5d2faf0634335c97ffff966ae90cbf81250df3613c25d2789c869c9cc95a6e9d364c4c684059c593f9950e66cf81cd9f36d73fade4f0cbb795010364d13ff32c12efd91d0ebb6533700945f2db6113a630bd521eec89a74c46e1733b72d6e4d2ccee3b40f99809a9a4fb5fc2d1c53e1366d455bcbe81893100ab56b2556b55c1a0c5787356b464c3bf7011488e55f587a6d4420d46d69a74ee5bbfbcb0d6cb00aae8c3dfd6dd2e9f76d7a542f20553207b668dce69f1b463ee9166e81bb109f461b8885f15c9e525d72260ccdbd69e3345612158114780b9409ea856cb724faa6ed27ba836b35c10e7c7d43f2fa34f98f16a00f31565e16a213eaf4a7f438c89733ebe6d16328b930fd942bc64d631dd1f2aa1cc2ccdaff2324076c83e1ba4d2a0e40e010c96b42e7a4a76cd7a89ef592b9b3030f62d9fbd565ee5908ab90b42620b61e5d1e08621a31d21003cd12a450461636472fa64a7e1b98778bfb482fb4b4da31b42ee98b10f9c0f4c085d08c37ee2e3a9e4a5aff72a0ab844fcbfa224842c85f6cdfd25829c44760e3859624f891df4824f7d17938ac2def6721639176fad9512ee9b4c5de1412cf3083e1d5ee2d29b63267ccba535409da7bef05d3fa79a3ef037ee609e01ad345ee17f48b5e8510f767de35df4dfb856f7533ad88866c6b01fe345107ba7191a8809e2e014492acf9c4f35cad664198a65c55f884490f4b30b4526324be842c393f336f16bea2bf6c6b917fdb751e12ff689ab4ffa44625a8b2bc1de4e88682abe5ce9d1942792747681ad23c31046d825140987f19a9cf10323c3f50a20f35a6d1dd8ca6758296b4537a0da1a853011b777623c8774b3689897cf9264a7782470847f36a8093faee04114663438ab39d8a777fb3e10cb4a2402a939a98d387087c5ca5fd8fbc4d96ae698b5bb84a0a8484e2b85743e623a033eb5b1889ccfb4b95885bc69d4c1cb819b95e7923e557c9ec9ec10e94d1e1295fc2f256fa095036f6cfc04c414fc57fc72c120614a586089c93741e97a61c466"})
ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000440)=[@text32={0x20, &(0x7f0000000380)="0f0766b818008ed80f20e035000040000f22e00faea66647000066ba2000b801000000efc4c13565d4b805000000b9f4ce05c80f01d9670f01750c66b8e3000f00d8c4c2e99626", 0x47}], 0x1, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

17:49:37 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x500]}}, 0x1c)

17:49:37 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
bind$vsock_stream(r0, &(0x7f0000000140)={0x28, 0x0, 0x2711, @reserved}, 0x10)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$CAPI_SET_FLAGS(r0, 0x80044324, &(0x7f0000000100))
fsetxattr$trusted_overlay_origin(r0, &(0x7f0000000080)='trusted.overlay.origin\x00', &(0x7f00000000c0)='y\x00', 0x2, 0x3)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
setsockopt$inet6_int(r0, 0x29, 0xfe, &(0x7f0000000000)=0x9, 0x4)
close(r0)

17:49:37 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x129afe24, 0x8000)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
close(r0)

17:49:37 executing program 1:
r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ubi_ctrl\x00', 0x400001, 0x0)
r1 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r1, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r1, 0x800000c0045005, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x81)
close(r1)
epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000080)={0x40000001})

17:49:37 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x5a0]}}, 0x1c)

17:49:37 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300]}, 0x2c8)

17:49:37 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x5c8]}}, 0x1c)

17:49:37 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500]}, 0x2c8)

17:49:37 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x600]}}, 0x1c)

17:49:37 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x700]}}, 0x1c)

17:49:37 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x900]}}, 0x1c)

17:49:37 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
timer_create(0x0, 0x0, &(0x7f0000000200))
ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f00000007c0)={"a523fb9656eb871ffcd7ffeb51d84e738a55eba841ae487e33cdd921e8a51ce6c924020f0ac3562dd8cdeb31deac16f46da4ac16ee8165bce439eddce671c5b0a1103ea3f86a43cbb78504f6f9c77c2f09dc27632ec6036ee52a87e321e707c0cfe15576c26d52d0334c8d4693e127b3a046a5ed7796c9c5017cfd58ec871ed76369846fea9ebfa2f7f96496abf4ef57ed1ecd930eb9e13396875f01e932804ffe8a34c8fbedd97cdfb3176ec59fbbfd20a6ff17795431c3908530e4f5f703480a5211cc6a7e2084e4a9b6aedf60b7b8084b00ca2cbed255b4cc4679c967432fea5e95119f9635e94794aab6ef54f290677fa08d0ee2cc8eae468efd02417055d3f3ccc86b629dfb878c4d115c16c75fe352cffa93648cf49577256b5d2faf0634335c97ffff966ae90cbf81250df3613c25d2789c869c9cc95a6e9d364c4c684059c593f9950e66cf81cd9f36d73fade4f0cbb795010364d13ff32c12efd91d0ebb6533700945f2db6113a630bd521eec89a74c46e1733b72d6e4d2ccee3b40f99809a9a4fb5fc2d1c53e1366d455bcbe81893100ab56b2556b55c1a0c5787356b464c3bf7011488e55f587a6d4420d46d69a74ee5bbfbcb0d6cb00aae8c3dfd6dd2e9f76d7a542f20553207b668dce69f1b463ee9166e81bb109f461b8885f15c9e525d72260ccdbd69e3345612158114780b9409ea856cb724faa6ed27ba836b35c10e7c7d43f2fa34f98f16a00f31565e16a213eaf4a7f438c89733ebe6d16328b930fd942bc64d631dd1f2aa1cc2ccdaff2324076c83e1ba4d2a0e40e010c96b42e7a4a76cd7a89ef592b9b3030f62d9fbd565ee5908ab90b42620b61e5d1e08621a31d21003cd12a450461636472fa64a7e1b98778bfb482fb4b4da31b42ee98b10f9c0f4c085d08c37ee2e3a9e4a5aff72a0ab844fcbfa224842c85f6cdfd25829c44760e3859624f891df4824f7d17938ac2def6721639176fad9512ee9b4c5de1412cf3083e1d5ee2d29b63267ccba535409da7bef05d3fa79a3ef037ee609e01ad345ee17f48b5e8510f767de35df4dfb856f7533ad88866c6b01fe345107ba7191a8809e2e014492acf9c4f35cad664198a65c55f884490f4b30b4526324be842c393f336f16bea2bf6c6b917fdb751e12ff689ab4ffa44625a8b2bc1de4e88682abe5ce9d1942792747681ad23c31046d825140987f19a9cf10323c3f50a20f35a6d1dd8ca6758296b4537a0da1a853011b777623c8774b3689897cf9264a7782470847f36a8093faee04114663438ab39d8a777fb3e10cb4a2402a939a98d387087c5ca5fd8fbc4d96ae698b5bb84a0a8484e2b85743e623a033eb5b1889ccfb4b95885bc69d4c1cb819b95e7923e557c9ec9ec10e94d1e1295fc2f256fa095036f6cfc04c414fc57fc72c120614a586089c93741e97a61c466"})
ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000440)=[@text32={0x20, &(0x7f0000000380)="0f0766b818008ed80f20e035000040000f22e00faea66647000066ba2000b801000000efc4c13565d4b805000000b9f4ce05c80f01d9670f01750c66b8e3000f00d8c4c2e99626", 0x47}], 0x1, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

17:49:37 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0xa00]}}, 0x1c)

17:49:37 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c8)

17:49:37 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
write$eventfd(r0, &(0x7f0000000000)=0xff, 0x8)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r0, 0xc08c5335, &(0x7f0000000080)={0x8, 0x2ed0, 0x10001, 'queue1\x00', 0x7c8})
close(r0)

17:49:37 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f0000000000)=[{&(0x7f0000000080)=""/82, 0x52}], 0x1000000000000255)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:49:37 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0xfffffffffffffec4}], 0x0)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
close(r0)

17:49:38 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0xe00]}}, 0x1c)

17:49:38 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x100, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
close(r0)

17:49:38 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x800000000000008, 0x200080)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40106614, &(0x7f0000000000))
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000080)={'filter\x00'}, &(0x7f0000000100)=0x54)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380))
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x10004)
close(r0)

17:49:38 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700]}, 0x2c8)

17:49:38 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
ioctl$EVIOCGNAME(r0, 0x80404506, &(0x7f0000000280))
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
clock_gettime(0x4, &(0x7f0000000100)={<r1=>0x0, <r2=>0x0})
pselect6(0x40, &(0x7f0000000000)={0x0, 0x1, 0x9, 0x1000, 0x0, 0x3, 0x1, 0x5}, &(0x7f0000000080)={0x8, 0x4, 0x1, 0x5, 0x8, 0xfffffffffffffffd, 0x100, 0x380}, &(0x7f00000000c0)={0x0, 0x9, 0x3, 0x0, 0xfffffffffffffff8, 0x4, 0x8, 0x8}, &(0x7f0000000140)={r1, r2+10000000}, &(0x7f0000000240)={&(0x7f0000000180)={0x4}, 0x8})
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000340)={0x6, r0})
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
write$vhci(r0, &(0x7f0000000280)=@HCI_ACLDATA_PKT={0x2, "83e5d7fd"}, 0x5)
syz_genetlink_get_family_id$team(&(0x7f00000002c0)='team\x00')
close(r0)

17:49:38 executing program 1:
r0 = accept$inet6(0xffffffffffffff9c, &(0x7f0000000600)={0xa, 0x0, 0x0, @loopback}, &(0x7f0000000640)=0x1c)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(0xffffffffffffff9c, 0x84, 0x6c, &(0x7f0000000680)={<r1=>0x0, 0xb6, "93c343cff744fce3c223a7625d1bb34466d1f1a0d73ee67f4a06bf294f4ddb5e7282d2cd45a6322fabac32410f423a9384a74e9fdb84bf4a1d5083edb2f4c4eb3d4e26da6cef1aeabfffce82559e37870c8cd73457c7cd3465e0bc7cffb33e603ddcd081b6781da1006ba0fb4032a1c93d71a8d74de1ac295014221583956fd6299726bca609a9806e3a1fdb90d63f93214253dea984afdc3146710c124d7fdd1d7f19b1d6d8a515d7b94330d2fb81469d0ab4243556"}, &(0x7f0000000740)=0xbe)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000780)={r1, @in6={{0xa, 0x4e23, 0xfffffffffffffffc, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0xc0a2}}, 0x101, 0x9}, 0x90)
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
ioctl$KVM_GET_PIT2(r2, 0x8070ae9f, &(0x7f0000000240))
readv(r2, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
write$FUSE_NOTIFY_INVAL_INODE(r2, &(0x7f00000002c0)={0x28, 0x2, 0x0, {0x6, 0x1, 0x8000}}, 0x28)
ioctl$int_in(r2, 0x800000c0045005, &(0x7f0000000380)=0x3f)
r3 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x0, 0x0)
getsockopt$inet_sctp_SCTP_AUTOCLOSE(r3, 0x84, 0x4, &(0x7f0000000080), &(0x7f00000000c0)=0x4)
ioctl$KVM_S390_UCAS_UNMAP(r3, 0x4018ae51, &(0x7f0000000180)={0xe000000, 0x3, 0x2})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = syz_open_dev$cec(&(0x7f0000000100)='/dev/cec#\x00', 0x1, 0x2)
setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f0000000140)='tls\x00', 0x4)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
close(r2)

17:49:38 executing program 0:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x2e4, 0xf7c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$setstatus(r0, 0x4, 0x2000)
r1 = creat(0x0, 0x2)
ioctl$TIOCGPGRP(r1, 0x540f, 0x0)
sendmsg$nl_generic(r1, &(0x7f00000003c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000380)={&(0x7f0000000780)=ANY=[@ANYBLOB="bc0000003300080b2bbd7000ffdbdfc6c80000000c000c0003000000000000008337577f5ad66164ca0c38a116a1cfd8ca02571865922f13710b4f4d4c97587ddb92bf0fe43f4fcbc5000fe2692bdbf185007937343b4e14d8ae6fc14d170f0d8019a6c33a9725b02f06409b7869743917c5763f5d1d079fffea153daa4d60e1645bbb4c42017b6da0fdcfb660d8cc5d804286c97340a718d24fd7e2410eb867eb04d7644dc79b206f68c969445a6d1f2d143580e4bf17ee0f6d1060ed45ebd6495b063426ba4902489e7e00008e796a4d03680e7cf3cb2e05d69f16a2f555ad8659669a39aa3f9f3059f7209d2e50c58e7d309113d12d53f7f1abdbbd0b9140b32d59cefea37215c1d08b545a0502b989830748815fb35905df3975b61866485744c4588817f4bff0df69bcf1d32d1bf93c72d10201ac0bd84a4f8e11e0392277bf4827e060bd935d735856907dbb7ec364a065f7a18cf90b6c375250fffffb67b8725c4b93e7cd5f7a10480f186575a1611a9b3787525274bca7d480160089a09bd73e11e63b890e31526c4264555adaeb6c287920f1d494aa4fd79ee077dfa8bcad97b1ad7a4b57d08d2f78f8d955b64fc778ae60aeb1c5fdec45a4f3c0c0a3a945f3b1688ea94290ca82188af65ad17699cd101b84567ade4f8c1d7ffa4c2d11186d6a6192015732eb53d4c0e71cc7c16175298d9c30432fc9aa657244032eaf615ec9b0398895b48cbee8bf912c8913b1edfc4f1e678ccb7c1c92a07b04fc769adc8727846dcdd8b244845d2d3d23112b68b34794d26b1b7fe16ca6c72f8fe03650a88620534e8471b08a4a0454454898ed66fa26b960ef304693c185b85e28ebc95c3fe3d4d8dd600a211be54b9dedc2f298270e55c9f6b506c4e93e8b5d37cef89e2da283f491792aaa52850bdddbb56f7d6081050aa8c0650e6d8d87a288cc962242600bd54544b882392af0acae022e5b59d847666999ba804b0857cf00684ac5c3f6aa3746acbaad4a12aaffbb113af6595125cb023198bc7a71ca89f97a1ad82eab14aef2e3bb8da7a016c1630c46c3f04656e0"], 0x1}, 0x1, 0x0, 0x0, 0x4008000}, 0x1)
r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)
r3 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ptype\x00')
sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=ANY=[]}, 0x0)
socket$packet(0x11, 0x3, 0x300)
preadv(r3, &(0x7f0000000000), 0x3a6, 0x400000000000)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0))
syz_open_pts(0xffffffffffffffff, 0x4000000000000002)
dup3(0xffffffffffffffff, r4, 0x0)
ioctl$FS_IOC_FSGETXATTR(r1, 0x801c581f, &(0x7f0000000300)={0x7, 0xd1, 0x3ff, 0x6, 0x2})
creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
getpeername(r5, &(0x7f00000001c0)=@pptp, &(0x7f0000000280)=0x80)
ioctl$ION_IOC_ALLOC(0xffffffffffffff9c, 0xc0184900, 0x0)
writev(0xffffffffffffffff, 0x0, 0xfffffe9a)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000001400)={0x0, 0x4c00007e, &(0x7f00000013c0)={&(0x7f0000000100)={0x14, 0x17, 0x101, 0x0, 0x0, {0x4}}, 0x14}}, 0x0)

17:49:38 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x1100]}}, 0x1c)

17:49:38 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900]}, 0x2c8)

17:49:38 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x2000)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
clone(0x800000, &(0x7f0000000000)="d8acfba4f1e870b1128fb283a0", &(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)="93622809e83bc9fbceaea7e9ad1f3599b383e2033b0e39abba195bf40d65c36159092a65378c6964acb56c2aa0669f3766d7d2")
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
r1 = socket$l2tp(0x18, 0x1, 0x1)
close(r1)

17:49:38 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x1800]}}, 0x1c)

17:49:38 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00]}, 0x2c8)

17:49:38 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x3000]}}, 0x1c)

17:49:38 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x40000000, 0x101200)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:49:39 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x3f00]}}, 0x1c)

17:49:39 executing program 0:
clock_gettime(0x1, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
fsetxattr$security_smack_entry(r0, 0x0, &(0x7f0000000440)='}vm1\n\x00', 0x6, 0x3)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
fsetxattr(0xffffffffffffffff, &(0x7f0000000240)=@known='trusted.overlay.origin\x00', &(0x7f00000000c0)='}vm1\n\x00\x00\x00\x00', 0x8, 0x1)
pipe2(&(0x7f00000001c0), 0x80800)
getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffff9c, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x20, &(0x7f0000000200)=[@in={0x2, 0x4e24, @rand_addr=0x80000000}, @in={0x2, 0x4e24}]}, &(0x7f00000002c0)=0x10)
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, 0x0, &(0x7f00000003c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ptrace$peek(0xffffffffffffffff, 0x0, &(0x7f0000000000))
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, {0x0, 0x0, 0xfffffffffffffffd, 0x7, 0x6}, 0x1}, 0xe)

17:49:39 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0x1, 0xffffffffffffffff)
setsockopt$RXRPC_SECURITY_KEY(r0, 0x110, 0x1, &(0x7f0000000000)='\x00', 0x1)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
close(r0)

17:49:39 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb00]}, 0x2c8)

17:49:39 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)

17:49:39 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x4000]}}, 0x1c)

17:49:39 executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
connect$bt_l2cap(r0, &(0x7f0000000080), 0xe)
ppoll(&(0x7f0000000000)=[{r0}], 0x1, 0x0, 0x0, 0x0)

17:49:39 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)

17:49:39 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x5800]}}, 0x1c)

17:49:39 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x800000000000000)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$sock_SIOCADDDLCI(r0, 0x8980, &(0x7f0000000000)={'bcsf0\x00', 0x401})
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
close(r0)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000000c0)={r0, &(0x7f0000000400)="28a99302ebc1477280db317a67aee2584d6113839ccdfa438abf2077760127ad0d80b9bac1f8bc45cb80c31c2bf43b4e911106025a9659d3706c9fa098f5d9a9b31e78dd0e0c6b827fdf46e0bfed8d3bfe0a927d537eb533b02bdb44e5c0b377d3c44549f9fa60cbdd0892c853ccba3492f64943aae0f74edbdc41c7d806958c9945f04c6ca19bc92a1c343b0fc7ddfa9ed01a57062f5d11a089bc9436c463f1a77dfa6852b0531c6afb110bdb407b74b95340002b274ed3b4f6ba6bf559cf4d95f1e2408cb54a19005c72469b14284a49c2a03a87537e429fd83e0e99710b5543995348c121f70928e343620ec7e3fc3db1003f1f313126a35e909d4646542e6eef770fc352d06ea10cd2238dc1044852535905a0fcb3b20c51191232491ec7400626a0991a7b9e905eacac5aee53130cc3ba43bc31a706502c2885852ba0c09600db106716581002fdd829d187b451325cc9a2e0c599370e956b808c58064eacc1f4f1f4a248177e693d4092acb002f253a132fd325013423c4707b839e3f0f33a480e459a91e1035ae1c5acb003ed18af874467a0a81a8c644b8bee3bd99d3edb6bc5d44572859ff45f8f08aeb54c08cb2492338610828ba21ebf5990dc6262f21b20e8d6cf6456a2dd983006170ba8d3d90848cfa288adde5ab5f6cf6acccd39c615f5bb5945a992af183da8dba313baa61e0675d9b6e1f9bdeae4919690b4266d012fcd8f51e49bef11482e7f7a1984adf3b8a37421272ffd9d13ad2846ed66584d9a95a9b91572bb4a3a0957b47e64aa0550c6776f862d609237a6e586b83930ce31887b6c2a766ea9c0f7249c00c67f843ede6e13a7b70f81998301dcfbc55eb46428381a123f10d22f6fb153b0c04590beeee6d2d79fe1b442b959bd82ac0d632aba781c93065872fbf3887501f93da3a49f6d024da3fb7aba855ab70b918c9650d32328f9d2440a787c77d7a8d158bf44897822b07a394550bb2689114e141d8d9351ed8a1d6b728b13c46f59ac36c500e025ab41976ab69fc692b050992046aae398cca4e21a6a7dd3ca099ce790cc4552ccf9ce6526e6dda09983200e22f8ce599243b1f304982b60064fe3f42799297da043479f06e56b187b146bfbc439a803bd757d997599b13cf872098da1dfa019d74891538154bc465e9b4ed2ad6c2647d0a053ca8f6f591ba32337b9784fff62af1fcbbb14b5ef1525928b77d643d70e4c0f207adb9c429ecc542f54cbffb117db446b2c52421c4d36f259d760dfaa398d7731834c3ca296cd65803cf0ca94d1c1c849bc8bde9d9cb31f75dc0aa4bafcb06fff26cccd016ed78c13d4336d5cea0a32be6453d0637ecb24999cc24d628ca1f78ceebbccf100bd19dcb3801250dea69329d12523ac6e03b8a9a2ba7b5f91c12906225c1666a2b3ab5fd8de87e752fd2530f06d08a6567108e408ad6511b7d86cee2ef52e9492eda24e44a1567fdedb1de6d0b25e2807c26941fe141070f8e2f7e6253837eb822324e845040c094a8b6a53d84f6c681b08c5abcfa3969bfa5e80db416cbefd98e97155f4f0b4e1fffdb19910b57301efab5749a5baa81d8eb493babacd5ce36e903e16386a8ee74c30733f1d17ef4a6be4babb87a266945ad0f1b726778c4b7401b55703dcb1a621a913a4911583e3871c869eb10a21520f3eec3fb7654cd5c138b3e6f5604882291057270ea76551034ad3527289979594041d72ce37823f15d27ce4de2d813c495e78976da2fd864abe3fc5e916aacdc8fa3a9a8244211634e404b2e7465f1acd930fcc019c179cc05abe3cec6e2f5b0a7af7f875fbe6841e2e19da3dc8f1ee8ada88e6287346eabb1bfff063622ee9d1cb663b51423d72ed771b1577c415f095a4238e50dbd7fd7e3374be088baeefa217304d6d43cd403224a5ad3c9be8e968f32de60227495f971b098078edbf0d7443afa59ea9e0d3073f8f4c703fe326bed2fb32c19f38755e83fc3ada721391a4c1ad0db5b6c82b42deee475c67437f6ca36244387b33d3aa0f4f87057002f876c2fcde33006f9f87aa543f17000a83012e09a8536c5562fb53c42bbc383756cf3930d203abea041e577a281d723baf70d8704ac41153cf76072b5345bdd7bac9c08ffce3aa459453b03f7cb5b4aa7c8e9144f62560e1bdc95459e1bc8b015ccb3d933598cf9e86744d6d937059ca19653c385b4b465f655042c7b59d8b2a7e90826777a1f46446a7d4f8b37176b20c9065f5376074eeac76a520bdd0f324a6b1beaa46eb67427ab02a934c9c907200edc74820ba76e923b13b09ad5aa1ada0c1d4e25bdc31bcdc4c396a4e21ce6d9de992297f57fdd1e89670818e6081afdc08b5b8206bf88bbb99836c413ee77b5e1d0f15865d211fe4340889bdebf3033ddeed7ea3b1f678cbbc1c644478b95202f6285c0d94a7015e4adef4f9fabf1e993795e9c475b050c4f23a6afd954b1f838743784eeaf3f656e9d81202ca8307957f618f97c1515dc7d12b5e2f2ff663f963dd652111678dcdb0da4ef087d706baba7bd0fb5c7236a3f67d3a4e41050e2a6c2265a1ddfe21a1d1479fe01d08ef5e1e83ae0793ce867437cc26a5e21ec873dc0919d51a9f7aaf05e799e1ca1c437b07cbff777c818b23907b5808032f0ef23ac18aace3030403d46f6780bbcbeb7d7be4bfbd1ca1fb0752ca1547754c90387b4abb0ace221b77f84c2aceb04fb83e694fcd7bc2956fbf5fb186f852757144812c4309fc42f509ee0d4175cdedd61d754d5c83c92a625109d9b5c658d4dc6c310cd380cbfb550fe7c69cdd3237c6c646a5cdfab6747b099eda2a6539dee6dc6b33c8ab64ad26af48ee75456fa9ddc44534502e05b21f3934d7206f690e037339e1a6c712f52407d721b3649f32eedabb60bc992280061478041966f1915a08e9c4232468b2d431f7baa8f786795bde639df5694dc8023ff84b6fbd5258b75f378ecd7318e79dfc7b631f6b63bad891346c05fc7f5f33ce5f44634f957498d20c4bc225d85e3f5577ea5c1494058cd930cdf6237b818978504202d7d985e451b9b4400b037b064b4a1980b2d2a0ca21bae2c25dfe3369c24bf0ff9b44635c49a35e872ef0b142e565806f57ec761c23022b722f703ebca633825add0540edc4e5bd6e17f9b34e138c1386106806749e411367b0b188d8a2495215beab9fd5af586f2525f8875d117a1f688be6e8bbee91245433a4ef68bf32b42fb42ceb07fad35abbad4f24975341be940b636d4be260b88558be8bc0e1233b652c1df135e502176d504124df51f36cfe13260f2a929dd38898d5b876c66c61b73e43a6fde221dcebdf5d431eeb170b4d3a4159ed37c1c7268fc475af6f28da934e62c7b43c6f998d17640c2de4a8ae35eb269c2f534ddd461f970e0135d2b2389e19a32ff8fc966fd4219c225bc0f02220e0c9e403d468bbd3d98aef3e1770bf63d19a13a72ad3b7dcfc79e26eaae5d2c9b788df6314a2d603b07bd4d360bd887387fb6956e48dd85533744191159a0215a9f1bd69a8a57b8ab8f5bba0dea25afc5cf83eefe8fc1d36d2cdffd0ef7320c60e64dd3ffe26ebe7ba6847bcc30018ba01582d3c1ad52d50759af957cd732afca103097c4830dd85d8b275a12cf684eddf3fd97dee34385153149ba8a7c0199863e3b87b8bcf1223c4bc2d7d2b1ed238f10ceb96c6657fec45fb68beb5e1a727e7206a4217720bf1927c7c53c2377bb74845cc2718688f3884e97c8690dc3e338151a1709d2b33b0976b20a5e9c214267c81a419177001afd16c40f9ef7baabf1775819396f1ffbc9c24dc1ba730ad757898291c92a2dbd3bb77876ba137dc221eaa2c48132fd0363c304841b30d34683e505aebaed7c7ae61efd14cbdbdd21c7813d49924dbb054d7bded91d31872dc9b8e42771de8b07f06be4105b95f552d9d261af9d1ab591c6a3c8f4bc1ef0e65296aad819e8554db98fd4dac3d335804311d7b30688d049d8e32402dd927512f3c8fc7ee3ab748d73826c502b4b306edf354de1a9055e4ead92bb6e4fabc7ec438399310ebb0f40bab21cea79c93a9b920acfa7cba1a9823dbaebb9a73e496d313ee1b3e9cd3205b1529cfbd115743de2494272ddf9ec04dc345caa0c2f6085b25b636a3880b7c74d477bc1412e8d63b35a71442ec9f08d7684733ac5ba7b9ed651458a37081d15d00bb10f327f46befce66cfeae3b832a0486ae7b04634863eead2e79ce1a14635426914f1efe8f95a056ea4a7c9f5f65fbd6325a3fff65becc0a80bd12f93afd2f1fa18ad81f63853a5809117dfd8bc8a09f5fd597578c226c8b0cd44cd888756954cab393194b8c6ed09cdc223748904566dd0ae6ac5a6dfff9a745fbd40e33711cfc356c8db3cfa21faf87094b54100ccf3c6a4a50eb062e63243c716ae8cb7b8d9fca5571b838d2916789137d698af73f3de91a8b44eab114de91552e76b0ebdd405880d9de137d61c6b646f7958f80d8bcafbb49644221efe11156118ef13615fee7261db8e6c3fdd32c1739b2e413001f5e832e420c847213edaa76b8c4ed2d006e88e02cfa00ed05670157b7263d97d0fd32ba2acb3349b8de85272f0b789c5f0778c846807908c4384c81551dea0630efdb3040e76dca987bb17caa4c7ccfd5c141fa9b57261413ba1c22f504cf7cd16bfde2f6bb1ebce9c23babbac770290619e90529be0d0f4f9e1739ebfc486dd8e5e4765fdf71647f57b99eb23eaf428ba8e6b3de21ff2d434983b6e94bbf5ff61976f3ab8d78863711559453448bf0df87f03fa3c4d89002b157270caf6f34725bd946680acf7d69717178bb131acc1a01bc400b980c88d7e51a35685f940fe01dfaf5ecd1ec69e0ba51bb751901ed28d7fafba833776fc18a26b4603c93f1843e82fe09fc6a5d2ee1d7268a6da63fea9927cdc9e4075429ef8f53f8f67fc8e6a79cd24d5e28f290ff34336d6888da83b212a6e81d1485bc86c8613bfb4fc5465b26e94e08dbec630cb8f448925565d7821e68a3f441df0ec745b1fa10d0fffaab8bcd8961b87bae5ab23938c500807c03db4491e3917bab97fdbec5cf4e1e940a7d3169186b3b791db83bad3022d9bce7e4740c00266bbeebe71904be14e19cbb984c629a2c7fea5642beb4085b50dade38da88d5d58197b51ed15cf3e3ebc676ef8c52004fe5744f99efac760439e8156524d2d6db6c498bb8ca190089f7d6f0ae16bdfb91b3cec3b91878e97c90455c9bbec59ee18be0e9f5b5db81d84e476328d5f1d6a6abac32f50f7fdbba33bbe9b04b26dc8dc1e6425f40b1719cd41905247ca87b08e5e58f0e0604d4c3c02167816ae5cacfffa8e7f6d9c2ee31357a4efb76e919fcf5a712a8476262113ebc6c78dfc01206af087a366be85b9274b45aa05065287665cca93e0e76e74de15e839ba8c79a5ecde2afa2696f766ce17dbece061fd52d5a4a20bf1cca3e6bad261cd2c3b1e2112f63c59f0d59973663c99828356b69daced760689165717dfaa2eeb623a398ae4029f68947b373852cbcd8b12f859792cf43d350d9a8dd2ce9f5bf7c194a6f1f9f739b8975dbe4e3ed1fdc9bc4f4544b5ab4032a7af8b8530590cdb47c48ad28d4fd528aa254283962a9bc40473c4e15289d367e490a5782b7c647a2dcaaca66a96d036a01beef003c8f95301845f649f74357cb1a53cc4da6d5d5452004b503d0caffb46665a8e4b3ee2c6d7e3cc224a0aa0a937be2d4cb5a1d754aa3ba6089be8fcdc70883f663a57d4f5a72dc3a7f2580dfa0b0d98e8b8d1dec187a447", &(0x7f0000000080)=""/4}, 0x18)
socket$rds(0x15, 0x5, 0x0)

17:49:39 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x6000]}}, 0x1c)

17:49:39 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc00]}, 0x2c8)

17:49:39 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x6100]}}, 0x1c)

17:49:39 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x7800]}}, 0x1c)

17:49:39 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x80fe]}}, 0x1c)

17:49:39 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd00]}, 0x2c8)

17:49:39 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
fcntl$F_SET_RW_HINT(r0, 0x40c, &(0x7f0000000140)=0x5)
getsockopt$inet_sctp6_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000180)=@assoc_value={<r1=>0x0, 0x1}, &(0x7f0000000240)=0x8)
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000000)={0x3f18, 0x2000000000000004, 0xd9f, 0x81, <r2=>r1}, &(0x7f0000000080)=0xffffffffffffffbd)
ioctl$LOOP_CLR_FD(r0, 0x4c01)
getsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f00000000c0)=@assoc_value={r2, 0x7fffffff}, &(0x7f0000000100)=0x8)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$SNDRV_TIMER_IOCTL_STOP(r0, 0x54a1)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0x40a85323, &(0x7f0000000280)={{0x3, 0x7fffffff}, 'port0\x00', 0x40, 0x40004, 0x9, 0xaa0d, 0x2, 0x81, 0x400, 0x0, 0x6})
close(r0)

17:49:39 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0xa005]}}, 0x1c)

[  867.174093][T13542] syz-executor4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000
[  867.230063][T13542] CPU: 1 PID: 13542 Comm: syz-executor4 Not tainted 5.0.0-rc1-next-20190108 #7
[  867.239010][T13542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  867.249061][T13542] Call Trace:
[  867.252388][T13542]  dump_stack+0x1db/0x2d0
[  867.256734][T13542]  ? dump_stack_print_info.cold+0x20/0x20
[  867.262460][T13542]  ? check_preemption_disabled+0x48/0x290
[  867.262494][T13542]  dump_header+0x1e6/0x116c
[  867.262520][T13542]  ? add_lock_to_list.isra.0+0x450/0x450
[  867.272735][T13542]  ? perf_trace_lock+0x750/0x750
[  867.283293][T13542]  ? print_usage_bug+0xd0/0xd0
[  867.288079][T13542]  ? pagefault_out_of_memory+0x1a1/0x1a1
[  867.293721][T13542]  ? ___ratelimit+0x37c/0x686
[  867.298420][T13542]  ? mark_held_locks+0xb1/0x100
[  867.303272][T13542]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  867.309072][T13542]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  867.314875][T13542]  ? lockdep_hardirqs_on+0x415/0x5d0
[  867.320167][T13542]  ? trace_hardirqs_on+0xbd/0x310
[  867.325186][T13542]  ? kasan_check_read+0x11/0x20
[  867.330019][T13542]  ? ___ratelimit+0x37c/0x686
[  867.334686][T13542]  ? trace_hardirqs_off_caller+0x300/0x300
[  867.340512][T13542]  ? do_raw_spin_trylock+0x270/0x270
[  867.345805][T13542]  ? trace_hardirqs_on_caller+0x310/0x310
[  867.351522][T13542]  ? lock_acquire+0x1db/0x570
[  867.356202][T13542]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  867.362030][T13542]  ? ___ratelimit+0xac/0x686
[  867.366626][T13542]  ? idr_get_free+0xee0/0xee0
[  867.371288][T13542]  ? lockdep_hardirqs_on+0x415/0x5d0
[  867.376592][T13542]  oom_kill_process.cold+0x10/0x9ca
[  867.381814][T13542]  ? cgroup_procs_next+0x70/0x70
[  867.386771][T13542]  ? _raw_spin_unlock_irq+0x5e/0x90
[  867.391974][T13542]  ? oom_badness+0xa50/0xa50
[  867.396573][T13542]  ? oom_evaluate_task+0x540/0x540
[  867.401692][T13542]  ? mem_cgroup_iter_break+0x30/0x30
[  867.406984][T13542]  ? mutex_trylock+0x2d0/0x2d0
[  867.411741][T13542]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  867.417973][T13542]  ? rcu_read_unlock_special+0x380/0x380
[  867.423608][T13542]  out_of_memory+0x885/0x1420
[  867.428265][T13542]  ? mem_cgroup_iter+0x4f4/0xf50
[  867.433199][T13542]  ? oom_killer_disable+0x340/0x340
[  867.438580][T13542]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[  867.444370][T13542]  ? lock_acquire+0x1db/0x570
[  867.449043][T13542]  mem_cgroup_out_of_memory+0x160/0x210
[  867.454580][T13542]  ? do_raw_spin_unlock+0xa0/0x330
[  867.459686][T13542]  ? memory_oom_group_write+0x160/0x160
[  867.465209][T13542]  ? do_raw_spin_trylock+0x270/0x270
[  867.470494][T13542]  ? _raw_spin_unlock+0x2d/0x50
[  867.475400][T13542]  try_charge+0x1457/0x1d00
17:49:40 executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
connect$bt_l2cap(r0, &(0x7f0000000080), 0xe)
ppoll(&(0x7f0000000000)=[{r0}], 0x1, 0x0, 0x0, 0x0)

[  867.479918][T13542]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  867.485473][T13542]  ? find_held_lock+0x35/0x120
[  867.490244][T13542]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[  867.495848][T13542]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  867.495871][T13542]  ? lock_downgrade+0xbe0/0xbe0
[  867.495887][T13542]  ? kasan_check_read+0x11/0x20
[  867.495904][T13542]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  867.495923][T13542]  ? rcu_read_unlock_special+0x380/0x380
[  867.495956][T13542]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[  867.507031][T13542]  __memcg_kmem_charge_memcg+0x7c/0x130
[  867.507049][T13542]  ? memcg_kmem_put_cache+0xb0/0xb0
[  867.507062][T13542]  ? lock_release+0xc40/0xc40
[  867.507089][T13542]  __memcg_kmem_charge+0x136/0x300
[  867.507112][T13542]  __alloc_pages_nodemask+0x7b8/0xdc0
[  867.507135][T13542]  ? __alloc_pages_slowpath+0x2c60/0x2c60
[  867.560775][T13542]  ? rcu_pm_notify+0xd0/0xd0
[  867.565365][T13542]  ? rcu_read_lock_sched_held+0x110/0x130
[  867.571073][T13542]  ? kmem_cache_alloc_node+0x347/0x710
[  867.576543][T13542]  copy_process+0x847/0x8720
[  867.581143][T13542]  ? pmd_devmap_trans_unstable+0x1d0/0x1d0
[  867.586945][T13542]  ? add_lock_to_list.isra.0+0x450/0x450
[  867.592589][T13542]  ? reacquire_held_locks+0xfb/0x520
[  867.597870][T13542]  ? alloc_set_pte+0x134a/0x1df0
[  867.602818][T13542]  ? find_held_lock+0x60/0x120
[  867.607586][T13542]  ? __cleanup_sighand+0x70/0x70
[  867.612501][T13542]  ? lock_downgrade+0xbe0/0xbe0
[  867.617346][T13542]  ? kasan_check_read+0x11/0x20
[  867.622219][T13542]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  867.628192][T13542]  ? rcu_read_unlock_special+0x380/0x380
[  867.633810][T13542]  ? filemap_map_pages+0xe50/0x1cc0
[  867.638997][T13542]  ? print_usage_bug+0xd0/0xd0
[  867.643758][T13542]  ? print_usage_bug+0xd0/0xd0
[  867.648525][T13542]  ? mark_held_locks+0x100/0x100
[  867.653456][T13542]  ? __lock_acquire+0x572/0x4a10
[  867.658393][T13542]  ? __handle_mm_fault+0x3fde/0x55a0
[  867.663673][T13542]  ? mark_held_locks+0x100/0x100
[  867.668645][T13542]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  867.674896][T13542]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  867.681146][T13542]  ? check_preemption_disabled+0x48/0x290
[  867.686852][T13542]  ? debug_smp_processor_id+0x1c/0x20
[  867.692213][T13542]  ? perf_trace_lock_acquire+0x138/0x7d0
[  867.697848][T13542]  ? add_lock_to_list.isra.0+0x450/0x450
[  867.703463][T13542]  ? perf_trace_lock+0x750/0x750
[  867.708390][T13542]  ? __handle_mm_fault+0x955/0x55a0
[  867.713612][T13542]  ? __might_fault+0x12b/0x1e0
[  867.718395][T13542]  ? find_held_lock+0x35/0x120
[  867.723168][T13542]  ? __might_fault+0x12b/0x1e0
17:49:40 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
socket$bt_hidp(0x1f, 0x3, 0x6)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)
epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r0, &(0x7f0000000000)={0x10000000})
r1 = semget$private(0x0, 0x0, 0xd5)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000140)={&(0x7f0000ff9000/0x4000)=nil, 0x4000})
semctl$SETVAL(r1, 0x0, 0x10, &(0x7f0000000080)=0x80000001)
finit_module(r0, &(0x7f00000000c0)='wlan0\x00', 0x2)
syz_open_dev$sndpcmp(&(0x7f0000000100)='/dev/snd/pcmC#D#p\x00', 0x0, 0x1)

17:49:40 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0xc0fe]}}, 0x1c)

[  867.727936][T13542]  ? lock_acquire+0x1db/0x570
[  867.732621][T13542]  ? lock_downgrade+0xbe0/0xbe0
[  867.737477][T13542]  ? lock_release+0xc40/0xc40
[  867.742172][T13542]  ? trace_hardirqs_off_caller+0x300/0x300
[  867.747990][T13542]  _do_fork+0x1a9/0x1170
[  867.748015][T13542]  ? fork_idle+0x1d0/0x1d0
[  867.748046][T13542]  ? kasan_check_read+0x11/0x20
[  867.748076][T13542]  ? _copy_to_user+0xc9/0x120
[  867.748101][T13542]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  867.756742][T13542]  ? put_timespec64+0x115/0x1b0
[  867.756758][T13542]  ? nsecs_to_jiffies+0x30/0x30
[  867.756771][T13542]  ? vmacache_update+0x114/0x140
[  867.756790][T13542]  ? do_syscall_64+0x8c/0x800
[  867.756805][T13542]  ? do_syscall_64+0x8c/0x800
[  867.756820][T13542]  ? lockdep_hardirqs_on+0x415/0x5d0
[  867.756836][T13542]  ? trace_hardirqs_on+0xbd/0x310
[  867.756856][T13542]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  867.756878][T13542]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  867.819089][T13542]  ? trace_hardirqs_off_caller+0x300/0x300
[  867.824880][T13542]  __x64_sys_clone+0xbf/0x150
[  867.829542][T13542]  do_syscall_64+0x1a3/0x800
[  867.834163][T13542]  ? syscall_return_slowpath+0x5f0/0x5f0
[  867.839794][T13542]  ? prepare_exit_to_usermode+0x232/0x3b0
[  867.845520][T13542]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  867.851117][T13542]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  867.857013][T13542] RIP: 0033:0x457ec9
[  867.860917][T13542] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
17:49:40 executing program 3:
r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x3, 0x2)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000080)={<r1=>0x0, @in6={{0xa, 0x4e21, 0x1, @local, 0x4}}, 0x2, 0x1d}, &(0x7f0000000140)=0x90)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000240)={r1, @in6={{0xa, 0x4e22, 0x0, @local, 0x1}}, 0x7f800000, 0x8}, 0x90)
r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r2, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r2, 0x800000c0045009, &(0x7f0000000380)=0x2)
close(r2)

17:49:40 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0xc805]}}, 0x1c)

17:49:40 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400600)
close(r0)

[  867.880555][T13542] RSP: 002b:00007f20e9848c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[  867.888963][T13542] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457ec9
[  867.896982][T13542] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000002102001ffc
[  867.904953][T13542] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000
[  867.904963][T13542] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f20e98496d4
[  867.904973][T13542] R13: 00000000004be2a0 R14: 00000000004ce600 R15: 00000000ffffffff
[  867.960823][T13542] memory: usage 307200kB, limit 307200kB, failcnt 4103
[  867.968043][T13542] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  867.982048][T13542] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  868.020883][T13542] Memory cgroup stats for /syz4: cache:120KB rss:208596KB rss_huge:157696KB shmem:168KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:16KB active_anon:208704KB inactive_file:4KB active_file:4KB unevictable:0KB
17:49:40 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0xe803]}}, 0x1c)

[  868.061388][T13542] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor4,pid=23485,uid=0
[  868.084129][T13542] Memory cgroup out of memory: Kill process 23485 (syz-executor4) score 1106 or sacrifice child
[  868.095120][T13542] Killed process 23485 (syz-executor4) total-vm:70532kB, anon-rss:2196kB, file-rss:33736kB, shmem-rss:0kB
17:49:40 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0xf401]}}, 0x1c)

[  868.152474][T13541] syz-executor4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000
[  868.171674][T13541] CPU: 1 PID: 13541 Comm: syz-executor4 Not tainted 5.0.0-rc1-next-20190108 #7
[  868.180696][T13541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  868.180703][T13541] Call Trace:
[  868.180724][T13541]  dump_stack+0x1db/0x2d0
[  868.180745][T13541]  ? dump_stack_print_info.cold+0x20/0x20
[  868.180759][T13541]  ? check_preemption_disabled+0x48/0x290
[  868.180789][T13541]  dump_header+0x1e6/0x116c
[  868.180808][T13541]  ? add_lock_to_list.isra.0+0x450/0x450
[  868.180822][T13541]  ? perf_trace_lock+0x750/0x750
[  868.180838][T13541]  ? print_usage_bug+0xd0/0xd0
[  868.180868][T13541]  ? pagefault_out_of_memory+0x1a1/0x1a1
[  868.180884][T13541]  ? ___ratelimit+0x37c/0x686
[  868.180908][T13541]  ? mark_held_locks+0xb1/0x100
[  868.180928][T13541]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  868.180951][T13541]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  868.210032][T13541]  ? lockdep_hardirqs_on+0x415/0x5d0
[  868.210049][T13541]  ? trace_hardirqs_on+0xbd/0x310
[  868.210065][T13541]  ? kasan_check_read+0x11/0x20
[  868.210078][T13541]  ? ___ratelimit+0x37c/0x686
[  868.210094][T13541]  ? trace_hardirqs_off_caller+0x300/0x300
[  868.210109][T13541]  ? do_raw_spin_trylock+0x270/0x270
[  868.210125][T13541]  ? trace_hardirqs_on_caller+0x310/0x310
[  868.210138][T13541]  ? lock_acquire+0x1db/0x570
17:49:40 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0xfc00]}}, 0x1c)

[  868.210161][T13541]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  868.210176][T13541]  ? ___ratelimit+0xac/0x686
[  868.210193][T13541]  ? idr_get_free+0xee0/0xee0
[  868.210208][T13541]  ? lockdep_hardirqs_on+0x415/0x5d0
[  868.210238][T13541]  oom_kill_process.cold+0x10/0x9ca
[  868.323705][T13541]  ? cgroup_procs_next+0x70/0x70
[  868.328655][T13541]  ? _raw_spin_unlock_irq+0x5e/0x90
[  868.333878][T13541]  ? oom_badness+0xa50/0xa50
[  868.338475][T13541]  ? oom_evaluate_task+0x540/0x540
[  868.343599][T13541]  ? mem_cgroup_iter_break+0x30/0x30
[  868.348890][T13541]  ? mutex_trylock+0x2d0/0x2d0
[  868.353654][T13541]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  868.353689][T13541]  ? rcu_read_unlock_special+0x380/0x380
[  868.353716][T13541]  out_of_memory+0x885/0x1420
[  868.353735][T13541]  ? mem_cgroup_iter+0x4f4/0xf50
[  868.353751][T13541]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  868.353777][T13541]  ? oom_killer_disable+0x340/0x340
[  868.370300][T13541]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[  868.370318][T13541]  ? lock_acquire+0x1db/0x570
[  868.370363][T13541]  mem_cgroup_out_of_memory+0x160/0x210
[  868.370379][T13541]  ? do_raw_spin_unlock+0xa0/0x330
[  868.370397][T13541]  ? memory_oom_group_write+0x160/0x160
[  868.370411][T13541]  ? do_raw_spin_trylock+0x270/0x270
[  868.370437][T13541]  ? _raw_spin_unlock+0x2d/0x50
[  868.402433][T13541]  try_charge+0xd42/0x1d00
[  868.402461][T13541]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  868.402474][T13541]  ? find_held_lock+0x35/0x120
[  868.402490][T13541]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[  868.402508][T13541]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  868.402526][T13541]  ? lock_downgrade+0xbe0/0xbe0
[  868.402546][T13541]  ? kasan_check_read+0x11/0x20
[  868.423300][T13541]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  868.423320][T13541]  ? rcu_read_unlock_special+0x380/0x380
[  868.423356][T13541]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[  868.423377][T13541]  __memcg_kmem_charge_memcg+0x7c/0x130
[  868.423394][T13541]  ? memcg_kmem_put_cache+0xb0/0xb0
[  868.423406][T13541]  ? lock_release+0xc40/0xc40
[  868.423456][T13541]  __memcg_kmem_charge+0x136/0x300
[  868.497570][T13541]  __alloc_pages_nodemask+0x7b8/0xdc0
[  868.502958][T13541]  ? __alloc_pages_slowpath+0x2c60/0x2c60
[  868.508686][T13541]  ? rcu_pm_notify+0xd0/0xd0
[  868.513301][T13541]  ? rcu_read_lock_sched_held+0x110/0x130
[  868.519037][T13541]  ? kmem_cache_alloc_node+0x347/0x710
[  868.524501][T13541]  ? print_usage_bug+0xd0/0xd0
[  868.529300][T13541]  copy_process+0x847/0x8720
[  868.533918][T13541]  ? print_usage_bug+0xd0/0xd0
[  868.538686][T13541]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  868.544931][T13541]  ? check_preemption_disabled+0x48/0x290
[  868.550671][T13541]  ? __lock_acquire+0x572/0x4a10
[  868.555612][T13541]  ? mark_held_locks+0x100/0x100
[  868.555641][T13541]  ? __cleanup_sighand+0x70/0x70
[  868.555661][T13541]  ? mark_held_locks+0x100/0x100
[  868.555677][T13541]  ? find_held_lock+0x35/0x120
[  868.555695][T13541]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  868.555709][T13541]  ? check_preemption_disabled+0x48/0x290
[  868.555728][T13541]  ? debug_smp_processor_id+0x1c/0x20
[  868.555741][T13541]  ? perf_trace_lock_acquire+0x138/0x7d0
[  868.555773][T13541]  ? delayacct_end+0xc9/0x100
[  868.555801][T13541]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  868.555834][T13541]  ? add_lock_to_list.isra.0+0x450/0x450
[  868.565694][T13541]  ? perf_trace_lock+0x750/0x750
[  868.565711][T13541]  ? perf_trace_lock_acquire+0x138/0x7d0
[  868.565734][T13541]  ? add_lock_to_list.isra.0+0x450/0x450
[  868.565749][T13541]  ? find_held_lock+0x35/0x120
[  868.565766][T13541]  ? print_usage_bug+0xd0/0xd0
[  868.565789][T13541]  ? psi_memstall_leave+0x1f8/0x280
[  868.565803][T13541]  ? find_held_lock+0x35/0x120
[  868.565859][T13541]  ? __lock_acquire+0x572/0x4a10
[  868.625520][T13541]  ? _raw_spin_unlock_irq+0x28/0x90
[  868.625552][T13541]  ? _raw_spin_unlock_irq+0x28/0x90
[  868.625568][T13541]  ? lockdep_hardirqs_on+0x415/0x5d0
[  868.625586][T13541]  ? trace_hardirqs_on+0xbd/0x310
[  868.625623][T13541]  ? mark_held_locks+0x100/0x100
[  868.625635][T13541]  ? check_preemption_disabled+0x48/0x290
[  868.625655][T13541]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  868.625668][T13541]  ? check_preemption_disabled+0x48/0x290
[  868.625687][T13541]  ? debug_smp_processor_id+0x1c/0x20
[  868.625706][T13541]  ? perf_trace_lock_acquire+0x138/0x7d0
[  868.636149][T13541]  ? add_lock_to_list.isra.0+0x450/0x450
[  868.636163][T13541]  ? perf_trace_lock+0x750/0x750
[  868.636176][T13541]  ? lockdep_hardirqs_on+0x415/0x5d0
[  868.636198][T13541]  ? try_to_free_pages+0xb70/0xb70
[  868.636213][T13541]  ? percpu_ref_put_many+0x129/0x270
[  868.636235][T13541]  ? blkcg_maybe_throttle_current+0x75e/0x13c0
[  868.636272][T13541]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  868.725808][T13541]  _do_fork+0x1a9/0x1170
[  868.725832][T13541]  ? fork_idle+0x1d0/0x1d0
[  868.725864][T13541]  ? trace_hardirqs_off+0xb8/0x310
[  868.725878][T13541]  ? get_mctgt_type_thp.isra.0+0x4c0/0x4c0
[  868.725899][T13541]  ? prepare_exit_to_usermode+0x32e/0x3b0
[  868.736265][T13541]  ? do_syscall_64+0x8c/0x800
[  868.736279][T13541]  ? do_syscall_64+0x8c/0x800
[  868.736294][T13541]  ? lockdep_hardirqs_on+0x415/0x5d0
[  868.736309][T13541]  ? trace_hardirqs_on+0xbd/0x310
[  868.736326][T13541]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  868.736349][T13541]  ? trace_hardirqs_off_caller+0x300/0x300
[  868.736369][T13541]  __x64_sys_clone+0xbf/0x150
[  868.799649][T13541]  do_syscall_64+0x1a3/0x800
[  868.810126][T13541]  ? syscall_return_slowpath+0x5f0/0x5f0
[  868.820340][T13541]  ? prepare_exit_to_usermode+0x232/0x3b0
[  868.826088][T13541]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  868.831654][T13541]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  868.837549][T13541] RIP: 0033:0x45a899
[  868.841444][T13541] Code: ff 48 85 f6 0f 84 97 8d fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 6e 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75
[  868.861144][T13541] RSP: 002b:00007ffcc2973378 EFLAGS: 00000202 ORIG_RAX: 0000000000000038
[  868.869556][T13541] RAX: ffffffffffffffda RBX: 00007f20e9828700 RCX: 000000000045a899
[  868.877524][T13541] RDX: 00007f20e98289d0 RSI: 00007f20e9827db0 RDI: 00000000003d0f00
[  868.885482][T13541] RBP: 00007ffcc2973580 R08: 00007f20e9828700 R09: 00007f20e9828700
[  868.893437][T13541] R10: 00007f20e98289d0 R11: 0000000000000202 R12: 0000000000000000
[  868.901403][T13541] R13: 00007ffcc297342f R14: 00007f20e98289c0 R15: 000000000073bfac
[  868.910528][T13541] memory: usage 304876kB, limit 307200kB, failcnt 4103
[  868.917523][T13541] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  868.924970][T13541] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  868.931900][T13541] Memory cgroup stats for /syz4: cache:120KB rss:206468KB rss_huge:155648KB shmem:168KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:16KB active_anon:206544KB inactive_file:4KB active_file:4KB unevictable:0KB
[  868.953973][T13541] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor4,pid=23650,uid=0
[  868.969308][T13541] Memory cgroup out of memory: Kill process 23650 (syz-executor4) score 1106 or sacrifice child
[  868.979931][T13541] Killed process 23650 (syz-executor4) total-vm:70532kB, anon-rss:2196kB, file-rss:33736kB, shmem-rss:0kB
[  868.992870][ T1043] oom_reaper: reaped process 23650 (syz-executor4), now anon-rss:0kB, file-rss:32776kB, shmem-rss:0kB
17:49:41 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe00]}, 0x2c8)

17:49:41 executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
connect$bt_l2cap(r0, &(0x7f0000000080), 0xe)
ppoll(&(0x7f0000000000)=[{r0}], 0x1, 0x0, 0x0, 0x0)

17:49:41 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)
ioctl$KVM_GET_VCPU_EVENTS(r0, 0x8040ae9f, &(0x7f0000000000))
ioctl$RTC_AIE_OFF(r0, 0x7002)

17:49:41 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000000)=<r3=>0x0)
accept4$unix(r2, 0x0, &(0x7f0000000100), 0x80000)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000080)={<r4=>0x0}, &(0x7f00000000c0)=0xc)
kcmp(r3, r4, 0x3, r2, r0)
close(r1)

17:49:41 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0xfe80]}}, 0x1c)

17:49:41 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f0000000000)=[{&(0x7f0000000080)=""/82, 0x52}], 0x1)
setsockopt$kcm_KCM_RECV_DISABLE(r0, 0x119, 0x1, &(0x7f0000000100)=0x8, 0x4)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
close(r0)
setsockopt$netrom_NETROM_IDLE(r0, 0x103, 0x7, &(0x7f0000000140)=0x8, 0x4)

17:49:41 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0xfec0]}}, 0x1c)

17:49:41 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0xff00]}}, 0x1c)

17:49:41 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x20480]}}, 0x1c)

17:49:41 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf00]}, 0x2c8)

17:49:41 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x100000]}}, 0x1c)

17:49:42 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x1000000]}}, 0x1c)

17:49:42 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x1030000]}}, 0x1c)

[  869.778749][ T1049] kasan: CONFIG_KASAN_INLINE enabled
[  869.792167][ T1049] kasan: GPF could be caused by NULL-ptr deref or user memory access
[  869.817285][ T1049] general protection fault: 0000 [#1] PREEMPT SMP KASAN
[  869.824243][ T1049] CPU: 1 PID: 1049 Comm: khugepaged Not tainted 5.0.0-rc1-next-20190108 #7
[  869.832823][ T1049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  869.842868][ T1049] RIP: 0010:try_charge+0x12a8/0x1d00
[  869.848240][ T1049] Code: c0 e8 dc bf fe ff 4c 89 f2 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 c6 04 02 00 49 8d bc 24 40 05 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 20 0a 00 00 4c 89 f2 4d 8b a4 24 40 05 00 00 48
[  869.867833][ T1049] RSP: 0018:ffff8880a78ff3e0 EFLAGS: 00010202
[  869.873895][ T1049] RAX: dffffc0000000000 RBX: ffff888057bd8b40 RCX: 1ffff11014f1fe6a
[  869.881846][ T1049] RDX: 00000000000000a8 RSI: 0000000000000000 RDI: 0000000000000540
[  869.889835][ T1049] RBP: ffff8880a78ff5e8 R08: 1ffff11015ce5b8f R09: ffffed1015ce5b90
[  869.897802][ T1049] R10: ffffed1015ce5b8f R11: ffff8880ae72dc7b R12: 0000000000000000
[  869.905751][ T1049] R13: ffff8880a78ff5c0 R14: ffff8880a78ff580 R15: 0000000000000000
[  869.913700][ T1049] FS:  0000000000000000(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
[  869.922600][ T1049] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  869.929156][ T1049] CR2: 00007ffd07673fd8 CR3: 000000008c8c0000 CR4: 00000000001406e0
[  869.937114][ T1049] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  869.945058][ T1049] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  869.953002][ T1049] Call Trace:
[  869.956265][ T1049]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[  869.961832][ T1049]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  869.967378][ T1049]  ? lock_downgrade+0xbe0/0xbe0
[  869.972200][ T1049]  ? kasan_check_read+0x11/0x20
[  869.977039][ T1049]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  869.983008][ T1049]  ? rcu_read_unlock_special+0x380/0x380
[  869.988616][ T1049]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[  869.994133][ T1049]  ? get_mem_cgroup_from_page+0x190/0x190
[  869.999833][ T1049]  ? high_work_func+0x20/0x20
[  870.004503][ T1049]  ? rcu_read_lock_sched_held+0x110/0x130
[  870.010195][ T1049]  ? __alloc_pages_nodemask+0xaca/0xdc0
[  870.015730][ T1049]  mem_cgroup_try_charge+0x43a/0xdb0
[  870.021000][ T1049]  ? __alloc_pages_slowpath+0x2c60/0x2c60
[  870.026694][ T1049]  ? mem_cgroup_protected+0xa10/0xa10
[  870.032043][ T1049]  ? prep_transhuge_page+0x74/0x160
[  870.037214][ T1049]  ? maybe_pmd_mkwrite+0x100/0x100
[  870.042295][ T1049]  ? up_read+0x212/0x2b0
[  870.046511][ T1049]  ? perf_trace_lock_acquire+0x138/0x7d0
[  870.052132][ T1049]  ? up_read_non_owner+0x100/0x100
[  870.057216][ T1049]  ? check_preemption_disabled+0x48/0x290
[  870.062908][ T1049]  collapse_huge_page+0x17d/0x2280
[  870.067993][ T1049]  ? add_lock_to_list.isra.0+0x450/0x450
[  870.073600][ T1049]  ? print_usage_bug+0xd0/0xd0
[  870.078349][ T1049]  ? prepare_to_wait_event+0x1fa/0xa20
[  870.083788][ T1049]  ? __collapse_huge_page_swapin+0x1570/0x1570
[  870.089936][ T1049]  ? khugepaged_scan_pmd+0x1637/0x1f00
[  870.095367][ T1049]  ? lock_acquire+0x1db/0x570
[  870.100019][ T1049]  ? kasan_check_read+0x11/0x20
[  870.104848][ T1049]  ? do_raw_spin_unlock+0xa0/0x330
[  870.109932][ T1049]  ? _vm_normal_page+0x15d/0x3d0
[  870.114876][ T1049]  ? do_raw_spin_trylock+0x270/0x270
[  870.120135][ T1049]  ? trace_hardirqs_off_caller+0x300/0x300
[  870.125918][ T1049]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  870.132130][ T1049]  ? khugepaged_find_target_node+0x142/0x180
[  870.138085][ T1049]  khugepaged_scan_pmd+0x165f/0x1f00
[  870.143350][ T1049]  ? collapse_huge_page+0x2280/0x2280
[  870.148692][ T1049]  ? perf_trace_lock_acquire+0x138/0x7d0
[  870.154298][ T1049]  ? add_lock_to_list.isra.0+0x450/0x450
[  870.159904][ T1049]  ? add_lock_to_list.isra.0+0x450/0x450
[  870.165521][ T1049]  ? lock_acquire+0x1db/0x570
[  870.170175][ T1049]  ? __lock_is_held+0xb6/0x140
[  870.174914][ T1049]  ? ___might_sleep+0x1e7/0x310
[  870.179735][ T1049]  ? khugepaged+0x83c/0x18a0
[  870.184296][ T1049]  ? arch_local_save_flags+0x50/0x50
[  870.189566][ T1049]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  870.195797][ T1049]  ? is_vma_temporary_stack+0x74/0x90
[  870.201152][ T1049]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  870.207406][ T1049]  khugepaged+0xcfe/0x18a0
[  870.211814][ T1049]  ? khugepaged_scan_pmd+0x1f00/0x1f00
[  870.217242][ T1049]  ? find_held_lock+0x35/0x120
[  870.222034][ T1049]  ? __kthread_parkme+0xc3/0x1b0
[  870.226945][ T1049]  ? lock_acquire+0x1db/0x570
[  870.231596][ T1049]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  870.237375][ T1049]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  870.243153][ T1049]  ? lockdep_hardirqs_on+0x415/0x5d0
[  870.248413][ T1049]  ? trace_hardirqs_on+0xbd/0x310
[  870.253411][ T1049]  ? trace_hardirqs_off_caller+0x300/0x300
[  870.259236][ T1049]  ? schedule+0x108/0x350
[  870.263539][ T1049]  ? do_raw_spin_trylock+0x270/0x270
[  870.268846][ T1049]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  870.274625][ T1049]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  870.280854][ T1049]  ? __kthread_parkme+0xfb/0x1b0
[  870.285794][ T1049]  kthread+0x357/0x430
[  870.289835][ T1049]  ? khugepaged_scan_pmd+0x1f00/0x1f00
[  870.295268][ T1049]  ? kthread_stop+0x920/0x920
[  870.299923][ T1049]  ret_from_fork+0x3a/0x50
[  870.304314][ T1049] Modules linked in:
[  870.311568][ T1049] ---[ end trace 0bcfde89e125b9ba ]---
[  870.317884][ T1049] RIP: 0010:try_charge+0x12a8/0x1d00
17:49:42 executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
connect$bt_l2cap(r0, &(0x7f0000000080), 0xe)
ppoll(&(0x7f0000000000)=[{r0}], 0x1, 0x0, 0x0, 0x0)

17:49:42 executing program 5:
r0 = socket$inet6(0xa, 0x803, 0x1)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x2000000]}}, 0x1c)

17:49:42 executing program 4:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1100]}, 0x2c8)

17:49:42 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x4, 0x1)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
close(r0)

17:49:42 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f0000000240)=[{&(0x7f0000000140)=""/82, 0xfffffd65}], 0x1000000000000193)
ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000380)=0x2)
close(r0)
ioctl$PPPOEIOCSFWD(r0, 0x4008b100, &(0x7f0000000000)={0x18, 0x0, {0x3, @dev={[], 0x12}, 'ip6erspan0\x00'}})

17:49:42 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x401)
readv(r0, &(0x7f0000000080)=[{&(0x7f00000000c0)=""/82, 0x1a}], 0x1181)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
ioctl$EVIOCGPHYS(r0, 0x80404507, &(0x7f0000000180)=""/17)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f00000001c0)=<r1=>0x0)
ioprio_set$pid(0x1, r1, 0x5)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/attr/current\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
close(r2)
ioctl$IMADDTIMER(r0, 0x80044940, &(0x7f0000000140)=0xf4240)

[  870.323235][ T1049] Code: c0 e8 dc bf fe ff 4c 89 f2 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 c6 04 02 00 49 8d bc 24 40 05 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 20 0a 00 00 4c 89 f2 4d 8b a4 24 40 05 00 00 48
[  870.342875][ T1049] RSP: 0018:ffff8880a78ff3e0 EFLAGS: 00010202
[  870.349348][ T3865] kobject: 'loop0' (00000000415aa3b9): kobject_uevent_env
[  870.387515][ T3865] kobject: 'loop0' (00000000415aa3b9): fill_kobj_path: path = '/devices/virtual/block/loop0'
[  870.391717][ T1049] RAX: dffffc0000000000 RBX: ffff888057bd8b40 RCX: 1ffff11014f1fe6a
[  870.420918][T13654] syz-executor4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000
17:49:43 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000380)=0x3f)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
prctl$PR_GET_FPEXC(0xb, &(0x7f0000000000))
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)
accept$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f00000000c0)=0x14)
setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000100)={@empty, @multicast1, r2}, 0xc)

[  870.443009][T13654] CPU: 0 PID: 13654 Comm: syz-executor4 Tainted: G      D           5.0.0-rc1-next-20190108 #7
[  870.453350][T13654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  870.456269][ T1049] RDX: 00000000000000a8 RSI: 0000000000000000 RDI: 0000000000000540
[  870.463416][T13654] Call Trace:
[  870.463435][T13654]  dump_stack+0x1db/0x2d0
[  870.463453][T13654]  ? dump_stack_print_info.cold+0x20/0x20
[  870.463466][T13654]  ? check_preemption_disabled+0x48/0x290
[  870.463485][T13654]  ? perf_trace_lock_acquire+0x138/0x7d0
[  870.490875][ T1049] RBP: ffff8880a78ff5e8 R08: 1ffff11015ce5b8f R09: ffffed1015ce5b90
[  870.496035][T13654]  dump_header+0x1e6/0x116c
[  870.496052][T13654]  ? perf_trace_lock+0x750/0x750
[  870.496087][T13654]  ? pagefault_out_of_memory+0x1a1/0x1a1
[  870.496121][T13654]  ? lock_acquire+0x1db/0x570
[  870.496133][T13654]  ? ___ratelimit+0x16e/0x686
[  870.496150][T13654]  ? trace_hardirqs_on+0xbd/0x310
[  870.496164][T13654]  ? kasan_check_read+0x11/0x20
[  870.496175][T13654]  ? ___ratelimit+0x37c/0x686
[  870.496188][T13654]  ? trace_hardirqs_off_caller+0x300/0x300
[  870.496207][T13654]  ? do_raw_spin_trylock+0x270/0x270
[  870.509263][ T1049] R10: ffffed1015ce5b8f R11: ffff8880ae72dc7b R12: 0000000000000000
[  870.513578][T13654]  ? trace_hardirqs_on_caller+0x310/0x310
[  870.513592][T13654]  ? lock_acquire+0x1db/0x570
[  870.513614][T13654]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  870.513646][T13654]  ? ___ratelimit+0xac/0x686
[  870.520282][ T1049] R13: ffff8880a78ff5c0 R14: ffff8880a78ff580 R15: 0000000000000000
[  870.523948][T13654]  ? idr_get_free+0xee0/0xee0
[  870.523972][T13654]  oom_kill_process.cold+0x10/0x9ca
[  870.523988][T13654]  ? cgroup_procs_next+0x70/0x70
[  870.524006][T13654]  ? _raw_spin_unlock_irq+0x5e/0x90
[  870.532937][ T1049] FS:  0000000000000000(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
[  870.533671][T13654]  ? oom_badness+0xa50/0xa50
[  870.539897][ T1049] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  870.543155][T13654]  ? oom_evaluate_task+0x540/0x540
[  870.543186][T13654]  ? mem_cgroup_iter_break+0x30/0x30
[  870.543200][T13654]  ? mutex_trylock+0x2d0/0x2d0
[  870.543218][T13654]  ? cgroup_get_tree+0xba0/0xba0
[  870.552866][ T1049] CR2: 00000000004cdad0 CR3: 000000009b18d000 CR4: 00000000001406e0
[  870.554279][T13654]  ? rcu_read_unlock_special+0x380/0x380
[  870.554299][T13654]  out_of_memory+0x885/0x1420
[  870.554316][T13654]  ? mem_cgroup_iter+0x4f4/0xf50
[  870.563299][ T1049] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  870.567992][T13654]  ? oom_killer_disable+0x340/0x340
[  870.568008][T13654]  ? mem_cgroup_nr_lru_pages+0x80/0x80
[  870.568022][T13654]  ? lock_acquire+0x1db/0x570
[  870.568043][T13654]  mem_cgroup_out_of_memory+0x160/0x210
[  870.568057][T13654]  ? do_raw_spin_unlock+0xa0/0x330
[  870.568072][T13654]  ? memory_oom_group_write+0x160/0x160
[  870.568085][T13654]  ? do_raw_spin_trylock+0x270/0x270
[  870.568105][T13654]  ? _raw_spin_unlock+0x2d/0x50
[  870.577264][ T1049] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  870.578562][T13654]  try_charge+0x1457/0x1d00
[  870.578584][T13654]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  870.578606][T13654]  ? percpu_ref_tryget_live+0x162/0x420
[  870.583271][ T1049] Kernel panic - not syncing: Fatal exception
[  870.591136][T13654]  ? lock_downgrade+0xbe0/0xbe0
[  870.758398][T13654]  ? lock_release+0xc40/0xc40
[  870.763073][T13654]  ? rcu_read_unlock_special+0x380/0x380
[  870.768701][T13654]  ? save_stack+0xa9/0xd0
[  870.773036][T13654]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[  870.778580][T13654]  __memcg_kmem_charge_memcg+0x7c/0x130
[  870.784165][T13654]  ? memcg_kmem_put_cache+0xb0/0xb0
[  870.789361][T13654]  ? lock_release+0xc40/0xc40
[  870.794051][T13654]  __memcg_kmem_charge+0x136/0x300
[  870.799158][T13654]  __alloc_pages_nodemask+0x7b8/0xdc0
[  870.804531][T13654]  ? __alloc_pages_slowpath+0x2c60/0x2c60
[  870.810244][T13654]  ? get_mctgt_type_thp.isra.0+0x4c0/0x4c0
[  870.816065][T13654]  ? kasan_slab_alloc+0xf/0x20
[  870.820818][T13654]  ? kmem_cache_alloc_node+0x301/0x710
[  870.826815][T13654]  ? debug_smp_processor_id+0x1c/0x20
[  870.832225][T13654]  copy_process+0x847/0x8720
[  870.836826][T13654]  ? mark_held_locks+0x100/0x100
[  870.841764][T13654]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  870.848003][T13654]  ? check_preemption_disabled+0x48/0x290
[  870.853711][T13654]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  870.859944][T13654]  ? debug_smp_processor_id+0x1c/0x20
[  870.865309][T13654]  ? mark_held_locks+0x100/0x100
[  870.870260][T13654]  ? __cleanup_sighand+0x70/0x70
[  870.875190][T13654]  ? mark_held_locks+0x100/0x100
[  870.880125][T13654]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  870.886371][T13654]  ? check_preemption_disabled+0x48/0x290
[  870.892097][T13654]  ? perf_trace_lock+0x750/0x750
[  870.897085][T13654]  ? debug_smp_processor_id+0x1c/0x20
[  870.902483][T13654]  ? perf_trace_lock_acquire+0x138/0x7d0
[  870.908127][T13654]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  870.914377][T13654]  ? perf_trace_lock+0x750/0x750
[  870.919324][T13654]  ? perf_trace_lock_acquire+0x138/0x7d0
[  870.924966][T13654]  ? pvclock_read_flags+0x160/0x160
[  870.930156][T13654]  ? perf_trace_lock+0x750/0x750
[  870.935113][T13654]  ? lock_downgrade+0xbe0/0xbe0
[  870.939976][T13654]  ? sched_clock_cpu+0x1b/0x1b0
[  870.944821][T13654]  ? lock_release+0xc40/0xc40
[  870.949504][T13654]  ? trace_hardirqs_on+0xbd/0x310
[  870.954519][T13654]  ? kasan_check_read+0x11/0x20
[  870.959376][T13654]  ? psi_memstall_leave+0x1f8/0x280
[  870.964580][T13654]  ? trace_hardirqs_off_caller+0x300/0x300
[  870.970476][T13654]  ? mark_held_locks+0x100/0x100
[  870.975413][T13654]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  870.981645][T13654]  ? check_preemption_disabled+0x48/0x290
[  870.987383][T13654]  ? debug_smp_processor_id+0x1c/0x20
[  870.992746][T13654]  ? perf_trace_lock_acquire+0x138/0x7d0
[  870.998421][T13654]  ? perf_trace_lock+0x750/0x750
[  871.003365][T13654]  ? try_to_free_pages+0xb70/0xb70
[  871.008490][T13654]  ? trace_hardirqs_off_caller+0x300/0x300
[  871.014322][T13654]  ? do_raw_spin_trylock+0x270/0x270
[  871.019655][T13654]  ? blkcg_maybe_throttle_current+0x75e/0x13c0
[  871.025814][T13654]  ? lock_acquire+0x1db/0x570
[  871.030505][T13654]  _do_fork+0x1a9/0x1170
[  871.034750][T13654]  ? fork_idle+0x1d0/0x1d0
[  871.039193][T13654]  ? trace_hardirqs_off+0xb8/0x310
[  871.044302][T13654]  ? get_mctgt_type_thp.isra.0+0x4c0/0x4c0
[  871.050124][T13654]  ? prepare_exit_to_usermode+0x32e/0x3b0
[  871.055905][T13654]  ? trace_hardirqs_on_caller+0x310/0x310
[  871.061623][T13654]  ? trace_hardirqs_on+0xbd/0x310
[  871.066659][T13654]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  871.072716][T13654]  ? trace_hardirqs_off_caller+0x300/0x300
[  871.078548][T13654]  __x64_sys_clone+0xbf/0x150
[  871.083223][T13654]  do_syscall_64+0x1a3/0x800
[  871.087810][T13654]  ? syscall_return_slowpath+0x5f0/0x5f0
[  871.093437][T13654]  ? prepare_exit_to_usermode+0x232/0x3b0
[  871.099166][T13654]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  871.104726][T13654]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  871.110620][T13654] RIP: 0033:0x45a899
[  871.114506][T13654] Code: ff 48 85 f6 0f 84 97 8d fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 6e 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75
[  871.134111][T13654] RSP: 002b:00007ffcc2973378 EFLAGS: 00000202 ORIG_RAX: 0000000000000038
[  871.142558][T13654] RAX: ffffffffffffffda RBX: 00007f20e9849700 RCX: 000000000045a899
[  871.150524][T13654] RDX: 00007f20e98499d0 RSI: 00007f20e9848db0 RDI: 00000000003d0f00
[  871.158503][T13654] RBP: 00007ffcc2973580 R08: 00007f20e9849700 R09: 00007f20e9849700
[  871.166462][T13654] R10: 00007f20e98499d0 R11: 0000000000000202 R12: 0000000000000000
[  871.174466][T13654] R13: 00007ffcc297342f R14: 00007f20e98499c0 R15: 000000000073bf0c
[  871.183486][ T1049] Kernel Offset: disabled
[  871.187807][ T1049] Rebooting in 86400 seconds..