(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x3a98]}, 0x6) 03:04:49 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x3000000]}, 0x6) 03:04:49 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x2000]}, 0x6) 03:04:49 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x4002]}, 0x6) 03:04:49 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x1f4]}, 0x6) 03:04:49 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0xc02]}, 0x6) 03:04:49 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x3075000000000000]}, 0x6) 03:04:49 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x3f00000000000000]}, 0x6) [ 656.975913] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=1, oom_score_adj=0 [ 657.009733] syz-executor1 cpuset=syz1 mems_allowed=0 [ 657.027373] CPU: 1 PID: 25229 Comm: syz-executor1 Not tainted 4.19.0-rc6+ #265 [ 657.034754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 657.044107] Call Trace: [ 657.046723] dump_stack+0x1c4/0x2b4 [ 657.050372] ? dump_stack_print_info.cold.2+0x52/0x52 [ 657.055581] ? mark_held_locks+0x130/0x130 [ 657.059828] ? mark_held_locks+0x130/0x130 [ 657.064079] dump_header+0x27b/0xf72 [ 657.067815] ? pagefault_out_of_memory+0x197/0x197 [ 657.072755] ? check_preemption_disabled+0x48/0x200 [ 657.077781] ? check_preemption_disabled+0x48/0x200 [ 657.082821] ? graph_lock+0x170/0x170 [ 657.086639] ? graph_lock+0x170/0x170 [ 657.090463] ? print_usage_bug+0xc0/0xc0 [ 657.094542] ? find_held_lock+0x36/0x1c0 [ 657.098616] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 657.104181] ? find_held_lock+0x36/0x1c0 [ 657.108247] ? mark_held_locks+0xc7/0x130 [ 657.112384] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 657.117473] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 657.122561] ? lockdep_hardirqs_on+0x421/0x5c0 [ 657.127130] ? trace_hardirqs_on+0xbd/0x310 [ 657.131445] ? kasan_check_read+0x11/0x20 [ 657.135577] ? ___ratelimit+0x36f/0x655 [ 657.139539] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 657.144974] ? trace_hardirqs_on+0x310/0x310 [ 657.149370] ? lock_downgrade+0x900/0x900 [ 657.153512] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 657.158601] ? ___ratelimit+0xaa/0x655 [ 657.162491] ? idr_get_free+0xec0/0xec0 [ 657.166464] ? kasan_check_write+0x14/0x20 [ 657.170683] ? do_raw_spin_lock+0xc1/0x200 [ 657.174918] oom_kill_process.cold.27+0x10/0x903 [ 657.179673] ? kasan_check_write+0x14/0x20 [ 657.183908] ? do_raw_spin_lock+0xc1/0x200 [ 657.188151] ? oom_evaluate_task+0x540/0x540 [ 657.192572] ? cgroup_procs_next+0x70/0x70 [ 657.196793] ? _raw_spin_unlock_irq+0x60/0x80 [ 657.201279] ? oom_badness+0xaa0/0xaa0 [ 657.205166] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 657.209924] ? mem_cgroup_iter_break+0x30/0x30 [ 657.214499] ? mark_held_locks+0xc7/0x130 [ 657.218635] out_of_memory+0xa84/0x1430 [ 657.222598] ? lockdep_hardirqs_on+0x421/0x5c0 [ 657.227172] ? kasan_check_read+0x11/0x20 [ 657.231306] ? oom_killer_disable+0x3a0/0x3a0 [ 657.235785] ? kasan_check_write+0x14/0x20 [ 657.240007] ? do_raw_spin_lock+0xc1/0x200 [ 657.244235] mem_cgroup_out_of_memory+0x15e/0x210 [ 657.249074] ? memcg_memory_event+0x40/0x40 [ 657.253392] ? mem_cgroup_charge_skmem+0x1e4/0x390 [ 657.258313] ? page_counter_try_charge+0x1c1/0x220 [ 657.263232] try_charge+0xc43/0x1690 [ 657.266948] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 657.273003] ? mark_held_locks+0xc7/0x130 [ 657.277144] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 657.282063] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 657.286985] ? lockdep_hardirqs_on+0x421/0x5c0 [ 657.291556] ? trace_hardirqs_on+0xbd/0x310 [ 657.295865] ? check_preemption_disabled+0x48/0x200 [ 657.300879] ? __sk_mem_raise_allocated+0x642/0x1800 [ 657.305981] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 657.311419] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 657.316952] ? mark_held_locks+0xc7/0x130 [ 657.321104] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 657.326021] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 657.330938] ? lockdep_hardirqs_on+0x421/0x5c0 [ 657.335509] ? __sk_mem_raise_allocated+0x642/0x1800 [ 657.340598] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 657.346046] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 657.351586] ? check_preemption_disabled+0x48/0x200 [ 657.356602] ? __sk_mem_raise_allocated+0x721/0x1800 [ 657.361706] mem_cgroup_charge_skmem+0x1e4/0x390 [ 657.366462] ? mem_cgroup_sk_free+0x90/0x90 [ 657.370796] __sk_mem_raise_allocated+0x642/0x1800 [ 657.375721] ? sk_busy_loop_end+0x1c0/0x1c0 [ 657.380028] ? sk_alloc_sg+0xa00/0xa00 [ 657.383900] ? arch_local_save_flags+0x40/0x40 [ 657.388474] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 657.393478] ? skb_page_frag_refill+0x1eb/0x6a0 [ 657.398142] ? sock_kzfree_s+0x60/0x60 [ 657.402021] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 657.407544] ? sk_stream_alloc_skb+0x34b/0x970 [ 657.412112] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 657.417641] ? skb_entail+0x618/0x8c0 [ 657.421437] ? tcp_rate_check_app_limited+0x121/0x460 [ 657.426614] ? tcp_splice_data_recv+0x1b0/0x1b0 [ 657.431271] __sk_mem_schedule+0x6d/0xe0 [ 657.435318] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 657.440842] tcp_sendmsg_locked+0x1c86/0x3f00 [ 657.445337] ? tcp_sendpage+0x60/0x60 [ 657.449127] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 657.454664] ? aa_label_sk_perm+0x46d/0x8e0 [ 657.458978] ? find_held_lock+0x36/0x1c0 [ 657.463042] ? mark_held_locks+0xc7/0x130 [ 657.467185] ? __local_bh_enable_ip+0x160/0x260 [ 657.471842] ? __local_bh_enable_ip+0x160/0x260 [ 657.476512] ? trace_hardirqs_on+0xbd/0x310 [ 657.480832] ? lock_release+0x970/0x970 [ 657.484791] ? lock_sock_nested+0xe2/0x120 [ 657.489010] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 657.494455] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 657.499993] ? check_preemption_disabled+0x48/0x200 [ 657.504997] ? lock_sock_nested+0x9a/0x120 [ 657.509218] ? lock_sock_nested+0x9a/0x120 [ 657.513440] ? __local_bh_enable_ip+0x160/0x260 [ 657.518113] tcp_sendmsg+0x2f/0x50 [ 657.521670] inet_sendmsg+0x1a1/0x690 [ 657.525461] ? ipip_gro_receive+0x100/0x100 [ 657.529769] ? apparmor_socket_sendmsg+0x29/0x30 [ 657.534512] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 657.540039] ? security_socket_sendmsg+0x94/0xc0 [ 657.544778] ? ipip_gro_receive+0x100/0x100 [ 657.549088] sock_sendmsg+0xd5/0x120 [ 657.552789] __sys_sendto+0x3d7/0x670 [ 657.556578] ? __ia32_sys_getpeername+0xb0/0xb0 [ 657.561232] ? lock_release+0x970/0x970 [ 657.565195] ? arch_local_save_flags+0x40/0x40 [ 657.569762] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 657.575199] ? aa_af_perm+0x5a0/0x5a0 [ 657.579016] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 657.584551] ? put_timespec64+0x10f/0x1b0 [ 657.588698] ? nsecs_to_jiffies+0x30/0x30 [ 657.592834] ? do_syscall_64+0x9a/0x820 [ 657.596794] ? do_syscall_64+0x9a/0x820 [ 657.600756] ? lockdep_hardirqs_on+0x421/0x5c0 [ 657.605323] ? trace_hardirqs_on+0xbd/0x310 [ 657.609631] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 657.615166] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 657.620516] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 657.625957] __x64_sys_sendto+0xe1/0x1a0 [ 657.630005] do_syscall_64+0x1b9/0x820 [ 657.633881] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 657.639234] ? syscall_return_slowpath+0x5e0/0x5e0 [ 657.644160] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 657.649001] ? trace_hardirqs_on_caller+0x310/0x310 [ 657.654025] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 657.659051] ? prepare_exit_to_usermode+0x291/0x3b0 [ 657.664055] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 657.668911] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 657.674100] RIP: 0033:0x457579 [ 657.677279] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 657.696169] RSP: 002b:00007f2ad8052c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 657.703870] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457579 [ 657.711144] RDX: fffffffffffffe4e RSI: 0000000020000000 RDI: 0000000000000003 [ 657.718405] RBP: 000000000072bf00 R08: 00000000200000c0 R09: 0000000000000006 [ 657.725673] R10: 00000000000000c0 R11: 0000000000000246 R12: 00007f2ad80536d4 [ 657.732926] R13: 00000000004c3929 R14: 00000000004d57c0 R15: 00000000ffffffff [ 657.753109] Task in /syz1 killed as a result of limit of /syz1 03:04:50 executing program 5: syz_emit_ethernet(0x3e, &(0x7f0000000140)={@local, @link_local={0x1, 0x80, 0xc2, 0xe80}, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, @remote, @dev}, @icmp=@parameter_prob={0x3, 0x6, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local, @dev}}}}}}, &(0x7f0000000000)) syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0x200, 0x101400) 03:04:50 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x200000000000000]}, 0x6) 03:04:50 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x983a0000]}, 0x6) 03:04:50 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xa805]}, 0x6) 03:04:50 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x20c]}, 0x6) [ 657.777010] memory: usage 204772kB, limit 204800kB, failcnt 3394 [ 657.783174] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 657.837160] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 03:04:50 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0xc02000000000000]}, 0x6) [ 657.869868] Memory cgroup stats for /syz1: cache:224KB rss:2184KB rss_huge:2048KB shmem:224KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2212KB inactive_file:0KB active_file:0KB unevictable:0KB [ 657.947096] Memory cgroup out of memory: Kill process 25228 (syz-executor1) score 171 or sacrifice child [ 657.969944] Killed process 25228 (syz-executor1) total-vm:70472kB, anon-rss:2156kB, file-rss:32768kB, shmem-rss:0kB [ 657.997180] oom_reaper: reaped process 25228 (syz-executor1), now anon-rss:0kB, file-rss:32000kB, shmem-rss:0kB 03:04:50 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x240]}, 0x6) 03:04:50 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x1000000]}, 0x6) 03:04:50 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x983a0000]}, 0x6) 03:04:50 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x4002000000000000]}, 0x6) 03:04:50 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x1100]}, 0x6) 03:04:50 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x4]}, 0x6) 03:04:50 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x983a0000]}, 0x6) [ 658.183128] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=3, oom_score_adj=0 [ 658.217378] syz-executor1 cpuset=syz1 mems_allowed=0 [ 658.222794] CPU: 0 PID: 25278 Comm: syz-executor1 Not tainted 4.19.0-rc6+ #265 [ 658.230181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 658.239540] Call Trace: [ 658.242163] dump_stack+0x1c4/0x2b4 [ 658.245813] ? dump_stack_print_info.cold.2+0x52/0x52 [ 658.251024] ? mark_held_locks+0x130/0x130 [ 658.255273] ? mark_held_locks+0x130/0x130 [ 658.259527] dump_header+0x27b/0xf72 [ 658.263273] ? pagefault_out_of_memory+0x197/0x197 [ 658.268214] ? check_preemption_disabled+0x48/0x200 [ 658.273245] ? check_preemption_disabled+0x48/0x200 [ 658.278279] ? graph_lock+0x170/0x170 [ 658.282101] ? graph_lock+0x170/0x170 [ 658.285927] ? print_usage_bug+0xc0/0xc0 [ 658.289996] ? find_held_lock+0x36/0x1c0 [ 658.290016] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 658.290036] ? find_held_lock+0x36/0x1c0 [ 658.290059] ? mark_held_locks+0xc7/0x130 [ 658.290081] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 658.312971] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 658.318091] ? lockdep_hardirqs_on+0x421/0x5c0 [ 658.322690] ? trace_hardirqs_on+0xbd/0x310 [ 658.327017] ? kasan_check_read+0x11/0x20 [ 658.331186] ? ___ratelimit+0x36f/0x655 [ 658.335185] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 658.340641] ? trace_hardirqs_on+0x310/0x310 [ 658.340658] ? lock_downgrade+0x900/0x900 [ 658.340681] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 658.340696] ? ___ratelimit+0xaa/0x655 [ 658.340712] ? idr_get_free+0xec0/0xec0 [ 658.340726] ? kasan_check_write+0x14/0x20 [ 658.340743] ? do_raw_spin_lock+0xc1/0x200 [ 658.340765] oom_kill_process.cold.27+0x10/0x903 [ 658.375445] ? kasan_check_write+0x14/0x20 [ 658.379694] ? do_raw_spin_lock+0xc1/0x200 03:04:51 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0xffffffff00000000]}, 0x6) 03:04:51 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x983a0000]}, 0x6) 03:04:51 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x1d4c]}, 0x6) [ 658.383948] ? oom_evaluate_task+0x540/0x540 [ 658.388372] ? cgroup_procs_next+0x70/0x70 [ 658.392622] ? _raw_spin_unlock_irq+0x60/0x80 [ 658.397127] ? oom_badness+0xaa0/0xaa0 [ 658.401044] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 658.405811] ? mem_cgroup_iter_break+0x30/0x30 [ 658.410422] ? mark_held_locks+0xc7/0x130 [ 658.414588] out_of_memory+0xa84/0x1430 [ 658.418573] ? lockdep_hardirqs_on+0x421/0x5c0 [ 658.423187] ? kasan_check_read+0x11/0x20 [ 658.427351] ? oom_killer_disable+0x3a0/0x3a0 03:04:51 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x3]}, 0x6) [ 658.431860] ? kasan_check_write+0x14/0x20 [ 658.436107] ? do_raw_spin_lock+0xc1/0x200 [ 658.440383] mem_cgroup_out_of_memory+0x15e/0x210 [ 658.445238] ? memcg_memory_event+0x40/0x40 [ 658.449567] ? mem_cgroup_charge_skmem+0x1e4/0x390 [ 658.454512] ? page_counter_try_charge+0x1c1/0x220 [ 658.454533] try_charge+0xc43/0x1690 [ 658.454559] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 658.469226] ? tcp_sendmsg+0x2f/0x50 [ 658.469243] ? sock_sendmsg+0xd5/0x120 [ 658.469258] ? __sys_sendto+0x3d7/0x670 [ 658.469274] ? graph_lock+0x170/0x170 03:04:51 executing program 5: socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = syz_open_dev$sndpcmp(&(0x7f0000000100)='/dev/snd/pcmC#D#p\x00', 0x4, 0x100) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000200)=0x3, 0x4) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffc000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000080)={&(0x7f0000000000)='./file0\x00', 0x0, 0x10}, 0x10) ioctl$KVM_SET_SIGNAL_MASK(r0, 0x4004ae8b, &(0x7f0000000140)={0xaa, "d51a2f46ca18552c83340ac9d247a3dee4ef72f412fa4190eec05abfcfaaa367c5975ddd8f8912b04d10e3a7b07750501904bab658124199d79fb21c0ca53ab8ce8115f6e286e6454431ec644582ba25d83d335a5fe198d21142d10196949223b0b6bc9cdb921015611ac75f19aa38dddf1627df14c18e169acc485e6fdfe2876c5c45fc68678732686cbde507a4858de23436d137aa72e7a92724119284751ccaba4737f46b8faca368"}) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000280)={0x77, 0x0, [0x4b564d03, 0x1, 0x3a], [0x0, 0x2]}) [ 658.469288] ? graph_lock+0x170/0x170 [ 658.469307] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 658.469326] ? check_preemption_disabled+0x48/0x200 [ 658.469346] ? check_preemption_disabled+0x48/0x200 [ 658.504026] ? mark_held_locks+0xc7/0x130 [ 658.508203] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 658.513163] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 658.518103] ? lockdep_hardirqs_on+0x421/0x5c0 [ 658.518124] ? rcu_read_lock_sched_held+0x108/0x120 [ 658.518153] ? __sk_mem_raise_allocated+0x642/0x1800 [ 658.518180] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 658.518201] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 658.543869] ? check_preemption_disabled+0x48/0x200 [ 658.548908] mem_cgroup_charge_skmem+0x1e4/0x390 [ 658.553682] ? mem_cgroup_sk_free+0x90/0x90 [ 658.553714] __sk_mem_raise_allocated+0x642/0x1800 [ 658.553736] ? sk_busy_loop_end+0x1c0/0x1c0 [ 658.567284] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 658.572857] ? alloc_pages_current+0x114/0x210 [ 658.577461] ? skb_page_frag_refill+0x1eb/0x6a0 [ 658.582165] ? sock_kzfree_s+0x60/0x60 [ 658.586069] ? _copy_from_iter_full+0x2b3/0xd20 [ 658.590756] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 658.596304] ? tcp_rate_check_app_limited+0x121/0x460 [ 658.596326] ? iov_iter_advance+0x1460/0x1460 [ 658.596347] __sk_mem_schedule+0x6d/0xe0 [ 658.596368] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 658.615614] tcp_sendmsg_locked+0x1c86/0x3f00 [ 658.620170] ? tcp_sendpage+0x60/0x60 [ 658.623988] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 658.629535] ? aa_label_sk_perm+0x46d/0x8e0 [ 658.629563] ? find_held_lock+0x36/0x1c0 [ 658.629585] ? mark_held_locks+0xc7/0x130 [ 658.629606] ? __local_bh_enable_ip+0x160/0x260 [ 658.629622] ? __local_bh_enable_ip+0x160/0x260 [ 658.629643] ? trace_hardirqs_on+0xbd/0x310 [ 658.629661] ? lock_release+0x970/0x970 [ 658.659767] ? lock_sock_nested+0xe2/0x120 [ 658.659787] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 658.659804] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 658.659823] ? check_preemption_disabled+0x48/0x200 [ 658.659840] ? lock_sock_nested+0x9a/0x120 [ 658.659860] ? lock_sock_nested+0x9a/0x120 [ 658.680054] ? __local_bh_enable_ip+0x160/0x260 [ 658.680080] tcp_sendmsg+0x2f/0x50 [ 658.680100] inet_sendmsg+0x1a1/0x690 [ 658.680120] ? ipip_gro_receive+0x100/0x100 [ 658.680150] ? apparmor_socket_sendmsg+0x29/0x30 [ 658.680174] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 658.680196] ? security_socket_sendmsg+0x94/0xc0 [ 658.719952] ? ipip_gro_receive+0x100/0x100 [ 658.724772] sock_sendmsg+0xd5/0x120 [ 658.728498] __sys_sendto+0x3d7/0x670 [ 658.728520] ? __ia32_sys_getpeername+0xb0/0xb0 [ 658.728537] ? lock_release+0x970/0x970 [ 658.728553] ? arch_local_save_flags+0x40/0x40 [ 658.728571] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 658.728584] ? aa_af_perm+0x5a0/0x5a0 [ 658.728622] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 658.737054] ? put_timespec64+0x10f/0x1b0 [ 658.737071] ? nsecs_to_jiffies+0x30/0x30 [ 658.737091] ? do_syscall_64+0x9a/0x820 [ 658.737106] ? do_syscall_64+0x9a/0x820 [ 658.737125] ? lockdep_hardirqs_on+0x421/0x5c0 [ 658.764564] ? trace_hardirqs_on+0xbd/0x310 [ 658.764581] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 658.764598] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 658.764618] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 658.785569] __x64_sys_sendto+0xe1/0x1a0 [ 658.785593] do_syscall_64+0x1b9/0x820 [ 658.785612] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 658.806131] ? syscall_return_slowpath+0x5e0/0x5e0 [ 658.806165] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 658.806185] ? trace_hardirqs_on_caller+0x310/0x310 [ 658.815419] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 658.815439] ? prepare_exit_to_usermode+0x291/0x3b0 [ 658.815463] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 658.830228] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 658.830242] RIP: 0033:0x457579 [ 658.830258] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 658.830267] RSP: 002b:00007f2ad8052c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 658.830284] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457579 [ 658.830293] RDX: fffffffffffffe4e RSI: 0000000020000000 RDI: 0000000000000003 [ 658.830307] RBP: 000000000072bf00 R08: 00000000200000c0 R09: 0000000000000006 [ 658.840319] R10: 00000000000000c0 R11: 0000000000000246 R12: 00007f2ad80536d4 [ 658.840329] R13: 00000000004c3929 R14: 00000000004d57c0 R15: 00000000ffffffff [ 658.859391] Task in [ 658.888128] /syz1 [ 658.902816] killed as a result of limit of /syz1 [ 658.927613] memory: usage 204788kB, limit 204800kB, failcnt 3410 [ 658.933892] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 658.940862] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 658.947236] Memory cgroup stats for /syz1: cache:224KB rss:2208KB rss_huge:2048KB shmem:224KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2212KB inactive_file:0KB active_file:0KB unevictable:0KB [ 658.969057] Memory cgroup out of memory: Kill process 25277 (syz-executor1) score 171 or sacrifice child 03:04:51 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x9]}, 0x6) 03:04:51 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x9000000]}, 0x6) 03:04:51 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xc02000000000000]}, 0x6) 03:04:51 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x59a5]}, 0x6) 03:04:51 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x100000000000000]}, 0x6) 03:04:51 executing program 5: r0 = socket$inet6(0xa, 0x804, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00003dd000)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f0000000400)=""/246) ioctl$EVIOCGREP(r1, 0x80047441, &(0x7f0000d1df52)=""/174) getpeername$packet(r1, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000240)=0x14) setsockopt$inet_mreqn(r1, 0x0, 0x24, &(0x7f00000002c0)={@empty, @empty, r2}, 0xc) syz_open_dev$usb(&(0x7f0000000100)='/dev/bus/usb/00#/00#\x00', 0x400, 0x3) syncfs(r1) [ 658.979001] Killed process 25277 (syz-executor1) total-vm:70472kB, anon-rss:2156kB, file-rss:32768kB, shmem-rss:0kB [ 658.991303] oom_reaper: reaped process 25277 (syz-executor1), now anon-rss:0kB, file-rss:32000kB, shmem-rss:0kB [ 659.078763] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=3, oom_score_adj=0 [ 659.107513] syz-executor1 cpuset=syz1 mems_allowed=0 [ 659.116465] CPU: 1 PID: 25317 Comm: syz-executor1 Not tainted 4.19.0-rc6+ #265 [ 659.123850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 659.133213] Call Trace: [ 659.135825] dump_stack+0x1c4/0x2b4 [ 659.139475] ? dump_stack_print_info.cold.2+0x52/0x52 [ 659.144687] ? mark_held_locks+0x130/0x130 [ 659.148937] ? mark_held_locks+0x130/0x130 [ 659.153188] dump_header+0x27b/0xf72 [ 659.156928] ? pagefault_out_of_memory+0x197/0x197 [ 659.161875] ? check_preemption_disabled+0x48/0x200 [ 659.166928] ? check_preemption_disabled+0x48/0x200 [ 659.171968] ? graph_lock+0x170/0x170 03:04:51 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x481c0000]}, 0x6) [ 659.175782] ? graph_lock+0x170/0x170 [ 659.179593] ? print_usage_bug+0xc0/0xc0 [ 659.183673] ? find_held_lock+0x36/0x1c0 [ 659.187746] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 659.187769] ? find_held_lock+0x36/0x1c0 [ 659.187793] ? mark_held_locks+0xc7/0x130 [ 659.187812] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 659.187830] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 659.197414] ? lockdep_hardirqs_on+0x421/0x5c0 [ 659.197432] ? trace_hardirqs_on+0xbd/0x310 [ 659.197445] ? kasan_check_read+0x11/0x20 [ 659.197461] ? ___ratelimit+0x36f/0x655 [ 659.197480] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 659.234233] ? trace_hardirqs_on+0x310/0x310 [ 659.238654] ? lock_downgrade+0x900/0x900 [ 659.242831] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 659.247951] ? ___ratelimit+0xaa/0x655 [ 659.251854] ? idr_get_free+0xec0/0xec0 [ 659.255841] ? kasan_check_write+0x14/0x20 [ 659.260092] ? do_raw_spin_lock+0xc1/0x200 [ 659.264346] oom_kill_process.cold.27+0x10/0x903 [ 659.269118] ? kasan_check_write+0x14/0x20 [ 659.273375] ? do_raw_spin_lock+0xc1/0x200 [ 659.277636] ? oom_evaluate_task+0x540/0x540 [ 659.282080] ? cgroup_procs_next+0x70/0x70 [ 659.286330] ? _raw_spin_unlock_irq+0x60/0x80 [ 659.290837] ? oom_badness+0xaa0/0xaa0 [ 659.294738] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 659.299508] ? mem_cgroup_iter_break+0x30/0x30 [ 659.304117] ? mark_held_locks+0xc7/0x130 [ 659.308285] out_of_memory+0xa84/0x1430 [ 659.312269] ? lockdep_hardirqs_on+0x421/0x5c0 [ 659.316866] ? kasan_check_read+0x11/0x20 [ 659.321028] ? oom_killer_disable+0x3a0/0x3a0 [ 659.325535] ? kasan_check_write+0x14/0x20 03:04:52 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x40020000]}, 0x6) [ 659.329782] ? do_raw_spin_lock+0xc1/0x200 [ 659.334040] mem_cgroup_out_of_memory+0x15e/0x210 [ 659.338890] ? memcg_memory_event+0x40/0x40 [ 659.343220] ? mem_cgroup_charge_skmem+0x1e4/0x390 [ 659.348169] ? page_counter_try_charge+0x1c1/0x220 [ 659.353108] try_charge+0xc43/0x1690 [ 659.353149] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 659.353177] ? tcp_sendmsg+0x2f/0x50 [ 659.362928] ? sock_sendmsg+0xd5/0x120 [ 659.362942] ? __sys_sendto+0x3d7/0x670 [ 659.362957] ? graph_lock+0x170/0x170 [ 659.362971] ? graph_lock+0x170/0x170 [ 659.362992] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 659.387648] ? check_preemption_disabled+0x48/0x200 [ 659.392688] ? check_preemption_disabled+0x48/0x200 [ 659.397732] ? mark_held_locks+0xc7/0x130 [ 659.401894] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 659.406835] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 659.411784] ? lockdep_hardirqs_on+0x421/0x5c0 [ 659.416384] ? rcu_read_lock_sched_held+0x108/0x120 [ 659.421414] ? __sk_mem_raise_allocated+0x642/0x1800 [ 659.426532] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 659.432001] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 659.437551] ? check_preemption_disabled+0x48/0x200 [ 659.442593] mem_cgroup_charge_skmem+0x1e4/0x390 [ 659.447364] ? mem_cgroup_sk_free+0x90/0x90 [ 659.451711] __sk_mem_raise_allocated+0x642/0x1800 [ 659.456666] ? sk_busy_loop_end+0x1c0/0x1c0 [ 659.461001] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 659.466644] ? alloc_pages_current+0x114/0x210 [ 659.471256] ? skb_page_frag_refill+0x1eb/0x6a0 [ 659.475943] ? sock_kzfree_s+0x60/0x60 [ 659.479846] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 659.484868] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 659.489880] ? tcp_chrono_start+0x190/0x1e0 [ 659.494202] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 659.499724] ? skb_entail+0x618/0x8c0 [ 659.503520] ? tcp_rate_check_app_limited+0x121/0x460 [ 659.508712] ? tcp_splice_data_recv+0x1b0/0x1b0 [ 659.513368] __sk_mem_schedule+0x6d/0xe0 [ 659.517417] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 659.522941] tcp_sendmsg_locked+0x1c86/0x3f00 [ 659.527442] ? __fget+0x4a0/0x740 [ 659.530903] ? tcp_sendpage+0x60/0x60 [ 659.534705] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 659.540246] ? aa_label_sk_perm+0x46d/0x8e0 [ 659.544572] ? find_held_lock+0x36/0x1c0 [ 659.548624] ? mark_held_locks+0xc7/0x130 [ 659.552762] ? __local_bh_enable_ip+0x160/0x260 [ 659.557424] ? __local_bh_enable_ip+0x160/0x260 [ 659.562098] ? trace_hardirqs_on+0xbd/0x310 [ 659.566411] ? lock_release+0x970/0x970 [ 659.570387] ? lock_sock_nested+0xe2/0x120 [ 659.574618] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 659.580073] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 659.585613] ? check_preemption_disabled+0x48/0x200 [ 659.590627] ? lock_sock_nested+0x9a/0x120 [ 659.594850] ? lock_sock_nested+0x9a/0x120 [ 659.599084] ? __local_bh_enable_ip+0x160/0x260 [ 659.603757] tcp_sendmsg+0x2f/0x50 [ 659.607317] inet_sendmsg+0x1a1/0x690 [ 659.611107] ? ipip_gro_receive+0x100/0x100 [ 659.615417] ? apparmor_socket_sendmsg+0x29/0x30 [ 659.620176] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 659.625718] ? security_socket_sendmsg+0x94/0xc0 [ 659.630487] ? ipip_gro_receive+0x100/0x100 [ 659.634805] sock_sendmsg+0xd5/0x120 [ 659.638510] __sys_sendto+0x3d7/0x670 [ 659.642299] ? __ia32_sys_getpeername+0xb0/0xb0 [ 659.646963] ? lock_release+0x970/0x970 [ 659.650937] ? arch_local_save_flags+0x40/0x40 [ 659.655528] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 659.660964] ? aa_af_perm+0x5a0/0x5a0 [ 659.664784] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 659.670333] ? put_timespec64+0x10f/0x1b0 [ 659.674482] ? nsecs_to_jiffies+0x30/0x30 [ 659.678630] ? do_syscall_64+0x9a/0x820 [ 659.682614] ? do_syscall_64+0x9a/0x820 [ 659.686576] ? lockdep_hardirqs_on+0x421/0x5c0 [ 659.691151] ? trace_hardirqs_on+0xbd/0x310 [ 659.695471] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 659.701020] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 659.706387] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 659.711849] __x64_sys_sendto+0xe1/0x1a0 [ 659.715914] do_syscall_64+0x1b9/0x820 [ 659.719822] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 659.725179] ? syscall_return_slowpath+0x5e0/0x5e0 [ 659.730096] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 659.734935] ? trace_hardirqs_on_caller+0x310/0x310 [ 659.739939] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 659.744950] ? prepare_exit_to_usermode+0x291/0x3b0 [ 659.749961] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 659.754803] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 659.759998] RIP: 0033:0x457579 [ 659.763184] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 03:04:52 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x4002000000000000]}, 0x6) 03:04:52 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x15000000]}, 0x6) 03:04:52 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0xa559]}, 0x6) [ 659.782067] RSP: 002b:00007f2ad8052c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 659.789762] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457579 [ 659.797022] RDX: fffffffffffffe4e RSI: 0000000020000000 RDI: 0000000000000003 [ 659.804278] RBP: 000000000072bf00 R08: 00000000200000c0 R09: 0000000000000006 [ 659.811552] R10: 00000000000000c0 R11: 0000000000000246 R12: 00007f2ad80536d4 [ 659.818809] R13: 00000000004c3929 R14: 00000000004d57c0 R15: 00000000ffffffff 03:04:52 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xf401]}, 0x6) [ 659.951938] Task in /syz1 killed as a result of limit of /syz1 [ 659.967628] memory: usage 204800kB, limit 204800kB, failcnt 3440 [ 659.987526] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 660.028352] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 660.035611] Memory cgroup stats for /syz1: cache:224KB rss:2192KB rss_huge:2048KB shmem:224KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2212KB inactive_file:0KB active_file:0KB unevictable:0KB [ 660.057972] Memory cgroup out of memory: Kill process 25316 (syz-executor1) score 171 or sacrifice child [ 660.068252] Killed process 25316 (syz-executor1) total-vm:70472kB, anon-rss:2156kB, file-rss:32768kB, shmem-rss:0kB 03:04:52 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x11000000]}, 0x6) 03:04:52 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x3000000]}, 0x6) 03:04:52 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x14000000]}, 0x6) 03:04:52 executing program 5: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(&(0x7f00000001c0)=ANY=[@ANYBLOB="886b2626730a4bfe8a6d3fa8ff06c5fe91dd328ed069dc0669804b5e85316d8034c02039b17d4257b2ff5e5fe0455ee41eecfe680bd6ceebb7826ab1e61ee08231"], &(0x7f000002c000)='./file0\x00', &(0x7f0000000140)='ramfs\x00', 0x0, &(0x7f0000000180)) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181401, 0x18) ioctl$TCSETAF(r0, 0x5408, &(0x7f0000000180)={0x3622, 0x6, 0x50f0, 0x8, 0x8, 0x5, 0x8000, 0x0, 0x0, 0x5}) mount(&(0x7f0000d04000), &(0x7f0000903000)='./file0\x00', &(0x7f0000000340)='bdev\x00', 0x100000, &(0x7f00000002c0)) mount(&(0x7f0000000240), &(0x7f0000000080)='.', &(0x7f0000000040)="045b898f73", 0x0, 0x0) mount(&(0x7f0000000000), &(0x7f00000000c0)='.', &(0x7f0000000140)='vxfs\x00', 0x3080, &(0x7f0000000200)) mount(&(0x7f0000000080), &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5010, &(0x7f0000000580)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(&(0x7f0000000140)=ANY=[], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)="7379736673002a864f4bc00bce1bdb20637213b1e894d120715f9dc1125b042c7226eb0136d9624ea1d23374a660fe5ac173722fd367ad22e8553025a2e8be0bc5514379af7213d32b8d5d06dc8fbf2c849ed9cdefc74b03dfa9cb5a90b28b4b24d7862c3d66fca53167d5424235435a3dbb76bc7d3c42fc2e9c696114a6f888f0da85277683cfc1c4d2bf71c255a3134d64cc3fed8e97798deb8631cbf7682c9fa2ed031465aa191df922f764297cba22a8499d177f49fba940f55bbc8b723fd374f1fed78c8aeec6811d9b5879487387d56594a14c2588274de84fa27610302b3fb54172a8c910a07e7c76ea465aa68402", 0x0, &(0x7f0000000380)="7379736673002a864f4bc00bce1bdb20637213b1e894d120715f9dc1125b042c7226eb0136d9624ea1d23374a660fe5ac173722fd367ad22e8553025a2e8be0bc5514379af7213d32b8d5d06dc8fbf2c849ed9cdefc74b03dfa9cb5a90b28b4b24d7862c3d66fca53167d5424235435a3dbb76bc7d3c42fc2e9c696114a6f888f0da85277683cfc1c4d2bf71c255a3134d64cc3fed8e97798deb8631cbf7682c9fa2ed031465aa191df922f764297cba22a8499d177f49fba940f55bbc8b723fd374f1fed78c8aeec6811d9b5879487387d56594a14c2588274de84fa27610302b3fb54172a8c910a07e7c76ea465aa68402") 03:04:52 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x81b14]}, 0x6) [ 660.080864] oom_reaper: reaped process 25316 (syz-executor1), now anon-rss:0kB, file-rss:32792kB, shmem-rss:0kB 03:04:52 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x800000000000000]}, 0x6) 03:04:52 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xc020000]}, 0x6) 03:04:53 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0xa]}, 0x6) 03:04:53 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x2e00]}, 0x6) 03:04:53 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x300]}, 0x6) [ 660.349888] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=3, oom_score_adj=0 03:04:53 executing program 5: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(&(0x7f00000001c0)=ANY=[@ANYBLOB="886b2626730a4bfe8a6d3fa8ff06c5fe91dd328ed069dc0669804b5e85316d8034c02039b17d4257b2ff5e5fe0455ee41eecfe680bd6ceebb7826ab1e61ee08231"], &(0x7f000002c000)='./file0\x00', &(0x7f0000000140)='ramfs\x00', 0x0, &(0x7f0000000180)) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181401, 0x18) ioctl$TCSETAF(r0, 0x5408, &(0x7f0000000180)={0x3622, 0x6, 0x50f0, 0x8, 0x8, 0x5, 0x8000, 0x0, 0x0, 0x5}) mount(&(0x7f0000d04000), &(0x7f0000903000)='./file0\x00', &(0x7f0000000340)='bdev\x00', 0x100000, &(0x7f00000002c0)) mount(&(0x7f0000000240), &(0x7f0000000080)='.', &(0x7f0000000040)="045b898f73", 0x0, 0x0) mount(&(0x7f0000000000), &(0x7f00000000c0)='.', &(0x7f0000000140)='vxfs\x00', 0x3080, &(0x7f0000000200)) mount(&(0x7f0000000080), &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5010, &(0x7f0000000580)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(&(0x7f0000000140)=ANY=[], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)="7379736673002a864f4bc00bce1bdb20637213b1e894d120715f9dc1125b042c7226eb0136d9624ea1d23374a660fe5ac173722fd367ad22e8553025a2e8be0bc5514379af7213d32b8d5d06dc8fbf2c849ed9cdefc74b03dfa9cb5a90b28b4b24d7862c3d66fca53167d5424235435a3dbb76bc7d3c42fc2e9c696114a6f888f0da85277683cfc1c4d2bf71c255a3134d64cc3fed8e97798deb8631cbf7682c9fa2ed031465aa191df922f764297cba22a8499d177f49fba940f55bbc8b723fd374f1fed78c8aeec6811d9b5879487387d56594a14c2588274de84fa27610302b3fb54172a8c910a07e7c76ea465aa68402", 0x0, &(0x7f0000000380)="7379736673002a864f4bc00bce1bdb20637213b1e894d120715f9dc1125b042c7226eb0136d9624ea1d23374a660fe5ac173722fd367ad22e8553025a2e8be0bc5514379af7213d32b8d5d06dc8fbf2c849ed9cdefc74b03dfa9cb5a90b28b4b24d7862c3d66fca53167d5424235435a3dbb76bc7d3c42fc2e9c696114a6f888f0da85277683cfc1c4d2bf71c255a3134d64cc3fed8e97798deb8631cbf7682c9fa2ed031465aa191df922f764297cba22a8499d177f49fba940f55bbc8b723fd374f1fed78c8aeec6811d9b5879487387d56594a14c2588274de84fa27610302b3fb54172a8c910a07e7c76ea465aa68402") [ 660.398362] syz-executor1 cpuset=syz1 mems_allowed=0 [ 660.420333] CPU: 0 PID: 25380 Comm: syz-executor1 Not tainted 4.19.0-rc6+ #265 [ 660.427722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 660.437079] Call Trace: [ 660.439677] dump_stack+0x1c4/0x2b4 [ 660.443322] ? dump_stack_print_info.cold.2+0x52/0x52 [ 660.448529] ? mark_held_locks+0x130/0x130 [ 660.452778] ? mark_held_locks+0x130/0x130 [ 660.457032] dump_header+0x27b/0xf72 [ 660.460768] ? pagefault_out_of_memory+0x197/0x197 [ 660.465704] ? check_preemption_disabled+0x48/0x200 [ 660.470734] ? check_preemption_disabled+0x48/0x200 [ 660.475767] ? graph_lock+0x170/0x170 [ 660.479582] ? graph_lock+0x170/0x170 [ 660.483393] ? print_usage_bug+0xc0/0xc0 [ 660.487466] ? find_held_lock+0x36/0x1c0 [ 660.491533] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 660.497072] ? find_held_lock+0x36/0x1c0 [ 660.501130] ? mark_held_locks+0xc7/0x130 [ 660.505272] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 660.510361] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 660.515485] ? lockdep_hardirqs_on+0x421/0x5c0 [ 660.520055] ? trace_hardirqs_on+0xbd/0x310 [ 660.524364] ? kasan_check_read+0x11/0x20 [ 660.528499] ? ___ratelimit+0x36f/0x655 [ 660.532455] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 660.537929] ? trace_hardirqs_on+0x310/0x310 [ 660.542324] ? lock_downgrade+0x900/0x900 [ 660.546459] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 660.551546] ? ___ratelimit+0xaa/0x655 [ 660.555417] ? idr_get_free+0xec0/0xec0 [ 660.559378] ? kasan_check_write+0x14/0x20 [ 660.563603] ? do_raw_spin_lock+0xc1/0x200 [ 660.567831] oom_kill_process.cold.27+0x10/0x903 [ 660.572571] ? kasan_check_write+0x14/0x20 [ 660.576788] ? do_raw_spin_lock+0xc1/0x200 [ 660.581010] ? oom_evaluate_task+0x540/0x540 [ 660.585408] ? cgroup_procs_next+0x70/0x70 [ 660.589631] ? _raw_spin_unlock_irq+0x60/0x80 [ 660.594108] ? oom_badness+0xaa0/0xaa0 [ 660.597979] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 660.602722] ? mem_cgroup_iter_break+0x30/0x30 [ 660.607297] ? mark_held_locks+0xc7/0x130 [ 660.611435] out_of_memory+0xa84/0x1430 [ 660.615392] ? lockdep_hardirqs_on+0x421/0x5c0 [ 660.619958] ? kasan_check_read+0x11/0x20 [ 660.624091] ? oom_killer_disable+0x3a0/0x3a0 [ 660.628567] ? kasan_check_write+0x14/0x20 [ 660.632786] ? do_raw_spin_lock+0xc1/0x200 [ 660.637014] mem_cgroup_out_of_memory+0x15e/0x210 [ 660.641838] ? memcg_memory_event+0x40/0x40 [ 660.646148] ? mem_cgroup_charge_skmem+0x1e4/0x390 [ 660.651071] ? page_counter_try_charge+0x1c1/0x220 [ 660.655986] try_charge+0xc43/0x1690 [ 660.659692] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 660.665734] ? mark_held_locks+0xc7/0x130 [ 660.669890] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 660.674803] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 660.679718] ? lockdep_hardirqs_on+0x421/0x5c0 [ 660.684285] ? trace_hardirqs_on+0xbd/0x310 [ 660.688615] ? check_preemption_disabled+0x48/0x200 [ 660.693620] ? __sk_mem_raise_allocated+0x642/0x1800 [ 660.698706] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 660.704149] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 660.709681] ? mark_held_locks+0xc7/0x130 [ 660.713816] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 660.718730] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 660.723914] ? lockdep_hardirqs_on+0x421/0x5c0 [ 660.728507] ? __sk_mem_raise_allocated+0x642/0x1800 [ 660.733595] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 660.739030] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 660.744551] ? check_preemption_disabled+0x48/0x200 [ 660.749574] ? __sk_mem_raise_allocated+0x721/0x1800 [ 660.754666] mem_cgroup_charge_skmem+0x1e4/0x390 [ 660.759408] ? mem_cgroup_sk_free+0x90/0x90 [ 660.763722] __sk_mem_raise_allocated+0x642/0x1800 [ 660.768653] ? sk_busy_loop_end+0x1c0/0x1c0 [ 660.772977] ? arch_local_save_flags+0x40/0x40 [ 660.777550] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 660.782552] ? skb_page_frag_refill+0x1eb/0x6a0 [ 660.787208] ? sock_kzfree_s+0x60/0x60 [ 660.791082] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 660.796608] ? sk_stream_alloc_skb+0x34b/0x970 [ 660.801199] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 660.806722] ? skb_entail+0x618/0x8c0 [ 660.810508] ? tcp_rate_check_app_limited+0x121/0x460 [ 660.815685] ? tcp_splice_data_recv+0x1b0/0x1b0 [ 660.820340] __sk_mem_schedule+0x6d/0xe0 [ 660.824385] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 660.829909] tcp_sendmsg_locked+0x1c86/0x3f00 [ 660.834399] ? tcp_sendpage+0x60/0x60 [ 660.838190] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 660.843714] ? aa_label_sk_perm+0x46d/0x8e0 [ 660.848026] ? find_held_lock+0x36/0x1c0 [ 660.852077] ? mark_held_locks+0xc7/0x130 [ 660.856214] ? __local_bh_enable_ip+0x160/0x260 [ 660.860869] ? __local_bh_enable_ip+0x160/0x260 [ 660.865545] ? trace_hardirqs_on+0xbd/0x310 [ 660.869854] ? lock_release+0x970/0x970 [ 660.873834] ? lock_sock_nested+0xe2/0x120 [ 660.878056] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 660.883491] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 660.889017] ? check_preemption_disabled+0x48/0x200 [ 660.894038] ? lock_sock_nested+0x9a/0x120 [ 660.898275] ? lock_sock_nested+0x9a/0x120 [ 660.902497] ? __local_bh_enable_ip+0x160/0x260 [ 660.907186] tcp_sendmsg+0x2f/0x50 [ 660.910735] inet_sendmsg+0x1a1/0x690 [ 660.914522] ? ipip_gro_receive+0x100/0x100 [ 660.918832] ? apparmor_socket_sendmsg+0x29/0x30 [ 660.923569] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 660.929112] ? security_socket_sendmsg+0x94/0xc0 [ 660.933857] ? ipip_gro_receive+0x100/0x100 [ 660.938167] sock_sendmsg+0xd5/0x120 [ 660.941869] __sys_sendto+0x3d7/0x670 [ 660.945655] ? __ia32_sys_getpeername+0xb0/0xb0 [ 660.950337] ? lock_release+0x970/0x970 [ 660.954295] ? arch_local_save_flags+0x40/0x40 [ 660.958863] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 660.964294] ? aa_af_perm+0x5a0/0x5a0 [ 660.968093] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 660.973611] ? put_timespec64+0x10f/0x1b0 [ 660.977743] ? nsecs_to_jiffies+0x30/0x30 [ 660.981876] ? do_syscall_64+0x9a/0x820 [ 660.985833] ? do_syscall_64+0x9a/0x820 [ 660.989792] ? lockdep_hardirqs_on+0x421/0x5c0 [ 660.994359] ? trace_hardirqs_on+0xbd/0x310 [ 660.998670] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 661.004195] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 661.009545] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 661.014985] __x64_sys_sendto+0xe1/0x1a0 [ 661.019038] do_syscall_64+0x1b9/0x820 [ 661.022910] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 661.028259] ? syscall_return_slowpath+0x5e0/0x5e0 [ 661.033174] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 661.038000] ? trace_hardirqs_on_caller+0x310/0x310 [ 661.042998] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 661.047997] ? prepare_exit_to_usermode+0x291/0x3b0 [ 661.053000] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 661.057832] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 661.063027] RIP: 0033:0x457579 [ 661.066210] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 661.085093] RSP: 002b:00007f2ad8052c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 661.092788] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457579 [ 661.100061] RDX: fffffffffffffe4e RSI: 0000000020000000 RDI: 0000000000000003 [ 661.107339] RBP: 000000000072bf00 R08: 00000000200000c0 R09: 0000000000000006 [ 661.114593] R10: 00000000000000c0 R11: 0000000000000246 R12: 00007f2ad80536d4 03:04:53 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x5580]}, 0x6) [ 661.121845] R13: 00000000004c3929 R14: 00000000004d57c0 R15: 00000000ffffffff [ 661.131692] Task in /syz1 killed as a result of limit of /syz1 [ 661.176803] memory: usage 204800kB, limit 204800kB, failcnt 3467 [ 661.192399] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 661.199665] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 661.205903] Memory cgroup stats for /syz1: cache:224KB rss:4256KB rss_huge:4096KB shmem:224KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:4256KB inactive_file:0KB active_file:0KB unevictable:0KB [ 661.227557] Memory cgroup out of memory: Kill process 25379 (syz-executor1) score 181 or sacrifice child [ 661.237364] Killed process 25379 (syz-executor1) total-vm:70472kB, anon-rss:4204kB, file-rss:32768kB, shmem-rss:0kB [ 661.250430] oom_reaper: reaped process 25379 (syz-executor1), now anon-rss:0kB, file-rss:32000kB, shmem-rss:0kB [ 661.260852] syz-executor1 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=0 [ 661.273916] syz-executor1 cpuset=syz1 mems_allowed=0 [ 661.279657] CPU: 0 PID: 25379 Comm: syz-executor1 Not tainted 4.19.0-rc6+ #265 [ 661.287019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 661.296366] Call Trace: [ 661.298941] dump_stack+0x1c4/0x2b4 [ 661.302582] ? dump_stack_print_info.cold.2+0x52/0x52 [ 661.307764] dump_header+0x27b/0xf72 [ 661.311471] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 661.317252] ? kasan_check_read+0x11/0x20 [ 661.321388] ? pagefault_out_of_memory+0x197/0x197 [ 661.326307] ? rcu_read_unlock+0x33/0x60 [ 661.330353] ? mem_cgroup_iter+0x514/0x1160 [ 661.334672] ? find_held_lock+0x36/0x1c0 [ 661.338739] ? mem_cgroup_nr_lru_pages+0x80/0x80 [ 661.343482] ? mark_held_locks+0xc7/0x130 [ 661.347618] ? _raw_spin_unlock_irq+0x27/0x80 [ 661.352097] ? _raw_spin_unlock_irq+0x27/0x80 [ 661.356576] ? lockdep_hardirqs_on+0x421/0x5c0 [ 661.361155] ? trace_hardirqs_on+0xbd/0x310 [ 661.365468] ? kasan_check_read+0x11/0x20 [ 661.369604] ? css_task_iter_end+0x222/0x490 [ 661.373998] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 661.379433] ? kasan_check_write+0x14/0x20 [ 661.383656] ? do_raw_spin_lock+0xc1/0x200 [ 661.387881] ? _raw_spin_unlock_irq+0x60/0x80 [ 661.392363] ? css_task_iter_end+0x2ce/0x490 [ 661.396757] ? cgroup_procs_next+0x70/0x70 [ 661.400981] ? _raw_spin_unlock_irq+0x60/0x80 [ 661.405460] ? oom_badness+0xaa0/0xaa0 [ 661.409360] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 661.414104] ? mem_cgroup_iter_break+0x30/0x30 [ 661.418678] ? cgroup_file_notify+0x226/0x2f0 [ 661.423172] out_of_memory.cold.30+0xf/0x184 [ 661.427565] ? lockdep_hardirqs_on+0x421/0x5c0 [ 661.432131] ? kasan_check_read+0x11/0x20 [ 661.436279] ? oom_killer_disable+0x3a0/0x3a0 [ 661.440761] ? kasan_check_write+0x14/0x20 [ 661.444983] ? do_raw_spin_lock+0xc1/0x200 [ 661.449210] mem_cgroup_out_of_memory+0x15e/0x210 [ 661.454036] ? memcg_memory_event+0x40/0x40 [ 661.458345] ? memcg_kmem_charge_memcg+0x7c/0x120 [ 661.463181] ? page_counter_try_charge+0x1c1/0x220 [ 661.468100] try_charge+0xc43/0x1690 [ 661.471802] ? lock_downgrade+0x900/0x900 [ 661.475935] ? check_preemption_disabled+0x48/0x200 [ 661.480940] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 661.486998] ? find_held_lock+0x36/0x1c0 [ 661.491063] ? get_mem_cgroup_from_mm+0x1e9/0x440 [ 661.495890] ? lock_downgrade+0x900/0x900 [ 661.500040] ? check_preemption_disabled+0x48/0x200 [ 661.505047] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 661.510829] ? kasan_check_read+0x11/0x20 [ 661.514976] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 661.520272] ? rcu_bh_qs+0xc0/0xc0 [ 661.523804] ? get_mem_cgroup_from_mm+0x206/0x440 [ 661.528636] memcg_kmem_charge_memcg+0x7c/0x120 [ 661.533292] ? memcg_kmem_put_cache+0xb0/0xb0 [ 661.537776] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 661.543127] memcg_kmem_charge+0x135/0x300 [ 661.547362] __alloc_pages_nodemask+0x72e/0xde0 [ 661.552017] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 661.557292] ? __alloc_pages_slowpath+0x2d80/0x2d80 [ 661.562308] ? check_preemption_disabled+0x48/0x200 [ 661.567330] ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0 [ 661.572871] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 661.578179] ? percpu_ref_put_many+0x13e/0x260 [ 661.582748] ? rcu_pm_notify+0xc0/0xc0 [ 661.586646] ? copy_process+0x1ff4/0x8780 [ 661.590791] ? rcu_read_lock_sched_held+0x108/0x120 [ 661.595794] ? kmem_cache_alloc_node+0x349/0x730 [ 661.600535] ? kasan_check_write+0x14/0x20 [ 661.604764] ? do_raw_spin_lock+0xc1/0x200 [ 661.608988] copy_process+0xa09/0x8780 [ 661.612863] ? print_usage_bug+0xc0/0xc0 [ 661.616909] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 661.622440] ? __lock_acquire+0x7ec/0x4ec0 [ 661.626687] ? __cleanup_sighand+0x70/0x70 [ 661.630937] ? mark_held_locks+0x130/0x130 [ 661.635172] ? print_usage_bug+0xc0/0xc0 [ 661.639233] ? find_held_lock+0x36/0x1c0 [ 661.643306] ? rcu_read_unlock_special.part.39+0x8a4/0x11f0 [ 661.649010] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 661.654104] ? __lock_acquire+0x7ec/0x4ec0 [ 661.658342] ? graph_lock+0x170/0x170 [ 661.662130] ? check_preemption_disabled+0x48/0x200 [ 661.667184] ? check_preemption_disabled+0x48/0x200 [ 661.672194] ? mark_held_locks+0x130/0x130 [ 661.676423] ? print_usage_bug+0xc0/0xc0 [ 661.680479] ? find_held_lock+0x36/0x1c0 [ 661.684532] ? find_held_lock+0x36/0x1c0 [ 661.688579] ? print_usage_bug+0xc0/0xc0 [ 661.692627] ? __lock_acquire+0x7ec/0x4ec0 [ 661.696845] ? lock_downgrade+0x900/0x900 [ 661.700979] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 661.706512] ? check_preemption_disabled+0x48/0x200 [ 661.711516] ? check_preemption_disabled+0x48/0x200 [ 661.716537] ? __lock_acquire+0x7ec/0x4ec0 [ 661.720766] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 661.726290] ? mark_held_locks+0x130/0x130 [ 661.730528] ? rcu_read_unlock+0x16/0x60 [ 661.734577] ? lock_downgrade+0x900/0x900 [ 661.738721] ? check_preemption_disabled+0x48/0x200 [ 661.743739] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 661.749520] ? kasan_check_read+0x11/0x20 [ 661.753653] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 661.758939] ? graph_lock+0x170/0x170 [ 661.762732] ? rcu_read_unlock+0x33/0x60 [ 661.766799] ? find_held_lock+0x36/0x1c0 [ 661.770870] ? graph_lock+0x170/0x170 [ 661.774663] ? delayacct_end+0x25/0x100 [ 661.778646] ? lock_downgrade+0x900/0x900 [ 661.782782] ? ktime_get+0x352/0x440 [ 661.786483] ? print_usage_bug+0xc0/0xc0 [ 661.790528] ? find_held_lock+0x36/0x1c0 [ 661.794579] ? delayacct_end+0xc5/0x100 [ 661.798543] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 661.803632] ? __lock_acquire+0x7ec/0x4ec0 [ 661.807860] ? trace_hardirqs_on+0xbd/0x310 [ 661.812180] ? kasan_check_read+0x11/0x20 [ 661.816313] ? delayacct_end+0xc5/0x100 [ 661.820275] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 661.825716] ? mark_held_locks+0x130/0x130 [ 661.829939] ? delayacct_end+0x5a/0x100 [ 661.833899] ? __delayacct_freepages_end+0xe0/0x140 [ 661.838903] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 661.844426] ? do_try_to_free_pages+0xe68/0x1290 [ 661.849174] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 661.854787] ? check_preemption_disabled+0x48/0x200 [ 661.859787] ? check_preemption_disabled+0x48/0x200 [ 661.864792] ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0 [ 661.870317] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 661.875578] ? rcu_pm_notify+0xc0/0xc0 [ 661.879453] ? graph_lock+0x170/0x170 [ 661.883243] ? try_to_free_mem_cgroup_pages+0x58b/0xca0 [ 661.888600] _do_fork+0x1cb/0x11d0 [ 661.892128] ? fork_idle+0x1d0/0x1d0 [ 661.895844] ? percpu_ref_put_many+0x11c/0x260 [ 661.900413] ? lock_downgrade+0x900/0x900 [ 661.904543] ? check_preemption_disabled+0x48/0x200 [ 661.909548] ? kasan_check_read+0x11/0x20 [ 661.913684] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 661.918945] ? rcu_bh_qs+0xc0/0xc0 [ 661.922494] ? get_mem_cgroup_from_mm+0x206/0x440 [ 661.927326] ? do_syscall_64+0x9a/0x820 [ 661.931287] ? do_syscall_64+0x9a/0x820 [ 661.935252] ? lockdep_hardirqs_on+0x421/0x5c0 [ 661.939834] ? trace_hardirqs_on+0xbd/0x310 [ 661.944182] ? trace_hardirqs_on+0x310/0x310 [ 661.948595] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 661.953955] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 661.959393] __x64_sys_clone+0xbf/0x150 [ 661.963380] do_syscall_64+0x1b9/0x820 [ 661.967254] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 661.972638] ? syscall_return_slowpath+0x5e0/0x5e0 [ 661.977566] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 661.982398] ? trace_hardirqs_on_caller+0x310/0x310 [ 661.987400] ? prepare_exit_to_usermode+0x291/0x3b0 [ 661.992403] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 661.997237] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 662.002411] RIP: 0033:0x459f49 [ 662.005592] Code: Bad RIP value. [ 662.008938] RSP: 002b:0000000000a3fac8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 662.016629] RAX: ffffffffffffffda RBX: 00007f2ad8032700 RCX: 0000000000459f49 [ 662.023884] RDX: 00007f2ad80329d0 RSI: 00007f2ad8031db0 RDI: 00000000003d0f00 [ 662.031174] RBP: 0000000000a3fcd0 R08: 00007f2ad8032700 R09: 00007f2ad8032700 [ 662.038428] R10: 00007f2ad80329d0 R11: 0000000000000202 R12: 0000000000000000 [ 662.045681] R13: 0000000000a3fb7f R14: 00007f2ad80329c0 R15: 0000000000000001 [ 662.055748] Memory limit reached of cgroup /syz1 [ 662.060646] memory: usage 200656kB, limit 204800kB, failcnt 3467 [ 662.066791] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 662.073660] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 03:04:54 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x1000000]}, 0x6) 03:04:54 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x200000000000000]}, 0x6) 03:04:54 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x4002]}, 0x6) 03:04:54 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x9000000]}, 0x6) 03:04:54 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x4]}, 0x6) [ 662.080059] Memory cgroup stats for /syz1: cache:224KB rss:80KB rss_huge:0KB shmem:224KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:64KB inactive_file:0KB active_file:0KB unevictable:0KB [ 662.100127] Out of memory and no killable processes... 03:04:54 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x20c]}, 0x6) 03:04:55 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x2e00000000000000]}, 0x6) 03:04:55 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0xf401]}, 0x6) 03:04:55 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xc02]}, 0x6) 03:04:55 executing program 5: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(&(0x7f00000001c0)=ANY=[@ANYBLOB="886b2626730a4bfe8a6d3fa8ff06c5fe91dd328ed069dc0669804b5e85316d8034c02039b17d4257b2ff5e5fe0455ee41eecfe680bd6ceebb7826ab1e61ee08231"], &(0x7f000002c000)='./file0\x00', &(0x7f0000000140)='ramfs\x00', 0x0, &(0x7f0000000180)) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181401, 0x18) ioctl$TCSETAF(r0, 0x5408, &(0x7f0000000180)={0x3622, 0x6, 0x50f0, 0x8, 0x8, 0x5, 0x8000, 0x0, 0x0, 0x5}) mount(&(0x7f0000d04000), &(0x7f0000903000)='./file0\x00', &(0x7f0000000340)='bdev\x00', 0x100000, &(0x7f00000002c0)) mount(&(0x7f0000000240), &(0x7f0000000080)='.', &(0x7f0000000040)="045b898f73", 0x0, 0x0) mount(&(0x7f0000000000), &(0x7f00000000c0)='.', &(0x7f0000000140)='vxfs\x00', 0x3080, &(0x7f0000000200)) mount(&(0x7f0000000080), &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5010, &(0x7f0000000580)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(&(0x7f0000000140)=ANY=[], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)="7379736673002a864f4bc00bce1bdb20637213b1e894d120715f9dc1125b042c7226eb0136d9624ea1d23374a660fe5ac173722fd367ad22e8553025a2e8be0bc5514379af7213d32b8d5d06dc8fbf2c849ed9cdefc74b03dfa9cb5a90b28b4b24d7862c3d66fca53167d5424235435a3dbb76bc7d3c42fc2e9c696114a6f888f0da85277683cfc1c4d2bf71c255a3134d64cc3fed8e97798deb8631cbf7682c9fa2ed031465aa191df922f764297cba22a8499d177f49fba940f55bbc8b723fd374f1fed78c8aeec6811d9b5879487387d56594a14c2588274de84fa27610302b3fb54172a8c910a07e7c76ea465aa68402", 0x0, &(0x7f0000000380)="7379736673002a864f4bc00bce1bdb20637213b1e894d120715f9dc1125b042c7226eb0136d9624ea1d23374a660fe5ac173722fd367ad22e8553025a2e8be0bc5514379af7213d32b8d5d06dc8fbf2c849ed9cdefc74b03dfa9cb5a90b28b4b24d7862c3d66fca53167d5424235435a3dbb76bc7d3c42fc2e9c696114a6f888f0da85277683cfc1c4d2bf71c255a3134d64cc3fed8e97798deb8631cbf7682c9fa2ed031465aa191df922f764297cba22a8499d177f49fba940f55bbc8b723fd374f1fed78c8aeec6811d9b5879487387d56594a14c2588274de84fa27610302b3fb54172a8c910a07e7c76ea465aa68402") 03:04:55 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x200000000000000]}, 0x6) 03:04:55 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xffffffff00000000]}, 0x6) 03:04:55 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x20000000]}, 0x6) 03:04:55 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0xa76a000000000000]}, 0x6) 03:04:55 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0xffffffffffffffff]}, 0x6) 03:04:55 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x300000000000000]}, 0x6) [ 662.576540] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=3, oom_score_adj=0 [ 662.588744] syz-executor1 cpuset=syz1 mems_allowed=0 [ 662.594074] CPU: 1 PID: 25457 Comm: syz-executor1 Not tainted 4.19.0-rc6+ #265 [ 662.601441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 662.610802] Call Trace: [ 662.613407] dump_stack+0x1c4/0x2b4 [ 662.617052] ? dump_stack_print_info.cold.2+0x52/0x52 [ 662.622261] ? mark_held_locks+0x130/0x130 03:04:55 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x40020000]}, 0x6) [ 662.626511] ? mark_held_locks+0x130/0x130 [ 662.630768] dump_header+0x27b/0xf72 [ 662.634504] ? pagefault_out_of_memory+0x197/0x197 [ 662.639450] ? check_preemption_disabled+0x48/0x200 [ 662.644473] ? check_preemption_disabled+0x48/0x200 [ 662.649510] ? graph_lock+0x170/0x170 [ 662.653330] ? graph_lock+0x170/0x170 [ 662.657154] ? print_usage_bug+0xc0/0xc0 [ 662.661230] ? find_held_lock+0x36/0x1c0 [ 662.665310] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 662.670876] ? find_held_lock+0x36/0x1c0 [ 662.674962] ? mark_held_locks+0xc7/0x130 [ 662.679127] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 662.684258] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 662.689374] ? lockdep_hardirqs_on+0x421/0x5c0 [ 662.693965] ? trace_hardirqs_on+0xbd/0x310 [ 662.698306] ? kasan_check_read+0x11/0x20 [ 662.702466] ? ___ratelimit+0x36f/0x655 [ 662.706472] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 662.711941] ? trace_hardirqs_on+0x310/0x310 [ 662.716358] ? lock_downgrade+0x900/0x900 [ 662.720518] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 03:04:55 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x240]}, 0x6) 03:04:55 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0xc020000]}, 0x6) [ 662.725882] ? ___ratelimit+0xaa/0x655 [ 662.729780] ? idr_get_free+0xec0/0xec0 [ 662.733764] ? kasan_check_write+0x14/0x20 [ 662.738011] ? do_raw_spin_lock+0xc1/0x200 [ 662.742264] oom_kill_process.cold.27+0x10/0x903 [ 662.747031] ? kasan_check_write+0x14/0x20 [ 662.751283] ? do_raw_spin_lock+0xc1/0x200 [ 662.755535] ? oom_evaluate_task+0x540/0x540 [ 662.759957] ? cgroup_procs_next+0x70/0x70 [ 662.764208] ? _raw_spin_unlock_irq+0x60/0x80 [ 662.768713] ? oom_badness+0xaa0/0xaa0 [ 662.772614] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 03:04:55 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x4002]}, 0x6) [ 662.777389] ? mem_cgroup_iter_break+0x30/0x30 [ 662.781997] ? mark_held_locks+0xc7/0x130 [ 662.786175] out_of_memory+0xa84/0x1430 [ 662.790171] ? lockdep_hardirqs_on+0x421/0x5c0 [ 662.794770] ? kasan_check_read+0x11/0x20 [ 662.798928] ? oom_killer_disable+0x3a0/0x3a0 [ 662.803434] ? kasan_check_write+0x14/0x20 [ 662.807689] ? do_raw_spin_lock+0xc1/0x200 [ 662.811956] mem_cgroup_out_of_memory+0x15e/0x210 [ 662.816811] ? memcg_memory_event+0x40/0x40 [ 662.821157] ? mem_cgroup_charge_skmem+0x1e4/0x390 03:04:55 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x3]}, 0x6) [ 662.826103] ? page_counter_try_charge+0x1c1/0x220 [ 662.831058] try_charge+0xc43/0x1690 [ 662.834793] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 662.840859] ? tcp_sendmsg+0x2f/0x50 [ 662.844588] ? sock_sendmsg+0xd5/0x120 [ 662.848483] ? __sys_sendto+0x3d7/0x670 [ 662.852469] ? __x64_sys_sendto+0xe1/0x1a0 [ 662.856718] ? do_syscall_64+0x1b9/0x820 [ 662.860785] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 662.866164] ? graph_lock+0x170/0x170 [ 662.869979] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 662.875531] ? check_preemption_disabled+0x48/0x200 [ 662.880564] ? check_preemption_disabled+0x48/0x200 [ 662.885602] ? mark_held_locks+0xc7/0x130 [ 662.889767] ? __lock_is_held+0xb5/0x140 [ 662.893879] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 662.898823] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 662.903846] ? lockdep_hardirqs_on+0x421/0x5c0 [ 662.908448] ? __sk_mem_raise_allocated+0x642/0x1800 [ 662.913565] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 662.919021] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 662.919040] ? check_preemption_disabled+0x48/0x200 [ 662.919064] mem_cgroup_charge_skmem+0x1e4/0x390 [ 662.919082] ? mem_cgroup_sk_free+0x90/0x90 [ 662.938702] __sk_mem_raise_allocated+0x642/0x1800 [ 662.943647] ? sk_busy_loop_end+0x1c0/0x1c0 [ 662.947991] ? sk_alloc_sg+0xa00/0xa00 [ 662.951896] ? arch_local_save_flags+0x40/0x40 [ 662.956502] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 662.961530] ? skb_page_frag_refill+0x1eb/0x6a0 [ 662.966212] ? sock_kzfree_s+0x60/0x60 [ 662.970112] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 662.975163] ? sk_stream_alloc_skb+0x34b/0x970 [ 662.979767] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 662.985316] ? skb_entail+0x618/0x8c0 [ 662.989129] ? tcp_rate_check_app_limited+0x121/0x460 [ 662.994343] ? tcp_splice_data_recv+0x1b0/0x1b0 [ 662.999034] __sk_mem_schedule+0x6d/0xe0 [ 663.003097] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 663.008622] tcp_sendmsg_locked+0x1c86/0x3f00 [ 663.013113] ? tcp_sendpage+0x60/0x60 [ 663.016904] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 663.022431] ? aa_label_sk_perm+0x46d/0x8e0 [ 663.026743] ? find_held_lock+0x36/0x1c0 [ 663.030791] ? mark_held_locks+0xc7/0x130 [ 663.034965] ? __local_bh_enable_ip+0x160/0x260 [ 663.039655] ? __local_bh_enable_ip+0x160/0x260 [ 663.044320] ? trace_hardirqs_on+0xbd/0x310 [ 663.048667] ? lock_release+0x970/0x970 [ 663.052629] ? lock_sock_nested+0xe2/0x120 [ 663.056848] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 663.062285] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 663.067843] ? check_preemption_disabled+0x48/0x200 [ 663.072871] ? lock_sock_nested+0x9a/0x120 [ 663.077094] ? lock_sock_nested+0x9a/0x120 [ 663.081314] ? __local_bh_enable_ip+0x160/0x260 [ 663.085991] tcp_sendmsg+0x2f/0x50 [ 663.089521] inet_sendmsg+0x1a1/0x690 [ 663.093329] ? ipip_gro_receive+0x100/0x100 [ 663.097639] ? apparmor_socket_sendmsg+0x29/0x30 [ 663.102385] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 663.107913] ? security_socket_sendmsg+0x94/0xc0 [ 663.112657] ? ipip_gro_receive+0x100/0x100 [ 663.116977] sock_sendmsg+0xd5/0x120 [ 663.120714] __sys_sendto+0x3d7/0x670 [ 663.124504] ? __ia32_sys_getpeername+0xb0/0xb0 [ 663.129166] ? lock_release+0x970/0x970 [ 663.133124] ? arch_local_save_flags+0x40/0x40 [ 663.137699] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 663.143157] ? aa_af_perm+0x5a0/0x5a0 [ 663.146978] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 663.152505] ? put_timespec64+0x10f/0x1b0 [ 663.156636] ? nsecs_to_jiffies+0x30/0x30 [ 663.160775] ? do_syscall_64+0x9a/0x820 [ 663.164730] ? do_syscall_64+0x9a/0x820 [ 663.168694] ? lockdep_hardirqs_on+0x421/0x5c0 [ 663.173260] ? trace_hardirqs_on+0xbd/0x310 [ 663.177583] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 663.183107] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 663.188453] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 663.193889] __x64_sys_sendto+0xe1/0x1a0 [ 663.197936] do_syscall_64+0x1b9/0x820 [ 663.201826] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 663.207179] ? syscall_return_slowpath+0x5e0/0x5e0 [ 663.212090] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 663.216916] ? trace_hardirqs_on_caller+0x310/0x310 [ 663.221932] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 663.226943] ? prepare_exit_to_usermode+0x291/0x3b0 [ 663.231955] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 663.236784] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 663.241955] RIP: 0033:0x457579 [ 663.245132] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 663.264025] RSP: 002b:00007f2ad8052c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 663.271717] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457579 [ 663.278991] RDX: fffffffffffffe4e RSI: 0000000020000000 RDI: 0000000000000003 [ 663.286244] RBP: 000000000072bf00 R08: 00000000200000c0 R09: 0000000000000006 [ 663.293495] R10: 00000000000000c0 R11: 0000000000000246 R12: 00007f2ad80536d4 [ 663.300767] R13: 00000000004c3929 R14: 00000000004d57c0 R15: 00000000ffffffff [ 663.312306] Task in /syz1 killed as a result of limit of /syz1 [ 663.318630] memory: usage 204792kB, limit 204800kB, failcnt 3481 [ 663.324911] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 663.341600] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 663.355475] Memory cgroup stats for /syz1: cache:224KB rss:2192KB rss_huge:2048KB shmem:224KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2212KB inactive_file:0KB active_file:0KB unevictable:0KB 03:04:56 executing program 5: r0 = syz_open_dev$sndseq(&(0x7f0000000300)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r0, 0xc0a85352, &(0x7f0000000080)={{0x80}, 'port0\x00'}) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x1, 0x0) ioctl$IOC_PR_PREEMPT_ABORT(r1, 0x401870cc, &(0x7f0000000040)={0x9, 0x2, 0xfffffffffffffbff, 0x8}) 03:04:56 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x4002000000000000]}, 0x6) 03:04:56 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x34]}, 0x6) 03:04:56 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x983a0000]}, 0x6) 03:04:56 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x4000]}, 0x6) 03:04:56 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0xe0ff]}, 0x6) [ 663.377848] Memory cgroup out of memory: Kill process 25456 (syz-executor1) score 171 or sacrifice child [ 663.387945] Killed process 25456 (syz-executor1) total-vm:70472kB, anon-rss:2156kB, file-rss:32768kB, shmem-rss:0kB [ 663.400409] oom_reaper: reaped process 25456 (syz-executor1), now anon-rss:0kB, file-rss:32000kB, shmem-rss:0kB 03:04:56 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x40020000]}, 0x6) 03:04:56 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0xa000000]}, 0x6) 03:04:56 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x400000000000000]}, 0x6) 03:04:56 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x300000000000000]}, 0x6) 03:04:56 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0xe0]}, 0x6) 03:04:56 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0xc02000000000000]}, 0x6) 03:04:56 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x10]}, 0x6) 03:04:56 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x600001, 0x0) ioctl(r0, 0x800000000000937e, &(0x7f0000000040)="01000000000000007f") 03:04:56 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x3000000]}, 0x6) 03:04:56 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0xe8030000]}, 0x6) 03:04:56 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x4c1d0000]}, 0x6) 03:04:56 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000000c0)='/dev/dmmidi#\x00', 0x0, 0x300) ioctl$EVIOCGPROP(r1, 0x80404509, &(0x7f0000000200)=""/4096) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e24, 0x401, @ipv4={[], [], @local}, 0x7fffffff}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000140)=0x32, 0x4) r3 = fcntl$dupfd(r0, 0x406, r0) ioctl$sock_kcm_SIOCKCMCLONE(r3, 0x89e2, &(0x7f0000000080)={r0}) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x4000000000001a8, 0x0) sysfs$3(0x3) [ 663.887274] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=3, oom_score_adj=0 03:04:56 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0xc02]}, 0x6) [ 663.957417] syz-executor1 cpuset=syz1 mems_allowed=0 03:04:56 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x4000000000000000]}, 0x6) [ 663.999110] CPU: 1 PID: 25530 Comm: syz-executor1 Not tainted 4.19.0-rc6+ #265 [ 664.006505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 664.015862] Call Trace: [ 664.018469] dump_stack+0x1c4/0x2b4 [ 664.022116] ? dump_stack_print_info.cold.2+0x52/0x52 [ 664.027341] ? mark_held_locks+0x130/0x130 [ 664.031586] ? mark_held_locks+0x130/0x130 [ 664.035835] dump_header+0x27b/0xf72 [ 664.039572] ? pagefault_out_of_memory+0x197/0x197 [ 664.044515] ? check_preemption_disabled+0x48/0x200 [ 664.049539] ? check_preemption_disabled+0x48/0x200 [ 664.054575] ? graph_lock+0x170/0x170 [ 664.058404] ? graph_lock+0x170/0x170 [ 664.062219] ? print_usage_bug+0xc0/0xc0 [ 664.066293] ? find_held_lock+0x36/0x1c0 [ 664.070365] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 664.075916] ? find_held_lock+0x36/0x1c0 [ 664.080006] ? mark_held_locks+0xc7/0x130 [ 664.084182] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 664.089300] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 664.094421] ? lockdep_hardirqs_on+0x421/0x5c0 03:04:56 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x700000000000000]}, 0x6) [ 664.099019] ? trace_hardirqs_on+0xbd/0x310 [ 664.103352] ? kasan_check_read+0x11/0x20 [ 664.107511] ? ___ratelimit+0x36f/0x655 [ 664.111503] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 664.116967] ? trace_hardirqs_on+0x310/0x310 [ 664.121388] ? lock_downgrade+0x900/0x900 [ 664.125554] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 664.130680] ? ___ratelimit+0xaa/0x655 [ 664.134587] ? idr_get_free+0xec0/0xec0 [ 664.138572] ? kasan_check_write+0x14/0x20 [ 664.142823] ? do_raw_spin_lock+0xc1/0x200 [ 664.147076] oom_kill_process.cold.27+0x10/0x903 [ 664.151845] ? kasan_check_write+0x14/0x20 [ 664.156092] ? do_raw_spin_lock+0xc1/0x200 [ 664.160343] ? oom_evaluate_task+0x540/0x540 [ 664.164773] ? cgroup_procs_next+0x70/0x70 [ 664.169025] ? _raw_spin_unlock_irq+0x60/0x80 [ 664.173530] ? oom_badness+0xaa0/0xaa0 [ 664.177435] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 664.182211] ? mem_cgroup_iter_break+0x30/0x30 [ 664.186816] ? mark_held_locks+0xc7/0x130 [ 664.190980] out_of_memory+0xa84/0x1430 [ 664.194960] ? lockdep_hardirqs_on+0x421/0x5c0 03:04:56 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xfffffffe]}, 0x6) [ 664.199555] ? kasan_check_read+0x11/0x20 [ 664.203715] ? oom_killer_disable+0x3a0/0x3a0 [ 664.208218] ? kasan_check_write+0x14/0x20 [ 664.212469] ? do_raw_spin_lock+0xc1/0x200 [ 664.216734] mem_cgroup_out_of_memory+0x15e/0x210 [ 664.221588] ? memcg_memory_event+0x40/0x40 [ 664.225919] ? mem_cgroup_charge_skmem+0x1e4/0x390 [ 664.230860] ? page_counter_try_charge+0x1c1/0x220 [ 664.235803] try_charge+0xc43/0x1690 [ 664.239546] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 664.245614] ? tcp_sendmsg+0x2f/0x50 [ 664.249341] ? sock_sendmsg+0xd5/0x120 [ 664.253238] ? __sys_sendto+0x3d7/0x670 [ 664.257223] ? __x64_sys_sendto+0xe1/0x1a0 [ 664.261470] ? do_syscall_64+0x1b9/0x820 [ 664.265547] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 664.270922] ? graph_lock+0x170/0x170 [ 664.274744] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 664.280299] ? check_preemption_disabled+0x48/0x200 [ 664.285327] ? check_preemption_disabled+0x48/0x200 [ 664.290368] ? mark_held_locks+0xc7/0x130 [ 664.294524] ? __lock_is_held+0xb5/0x140 [ 664.298598] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 664.303539] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 664.308485] ? lockdep_hardirqs_on+0x421/0x5c0 [ 664.313086] ? __sk_mem_raise_allocated+0x642/0x1800 [ 664.318207] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 664.323675] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 664.329224] ? check_preemption_disabled+0x48/0x200 [ 664.334257] mem_cgroup_charge_skmem+0x1e4/0x390 [ 664.339025] ? mem_cgroup_sk_free+0x90/0x90 [ 664.343401] __sk_mem_raise_allocated+0x642/0x1800 [ 664.348350] ? sk_busy_loop_end+0x1c0/0x1c0 [ 664.352693] ? sk_alloc_sg+0xa00/0xa00 [ 664.356598] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 664.361628] ? skb_page_frag_refill+0x1eb/0x6a0 [ 664.366334] ? sock_kzfree_s+0x60/0x60 [ 664.370236] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 664.375263] ? sk_stream_alloc_skb+0x34b/0x970 [ 664.379862] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 664.385410] ? skb_entail+0x618/0x8c0 [ 664.389225] ? tcp_rate_check_app_limited+0x121/0x460 [ 664.394423] ? tcp_splice_data_recv+0x1b0/0x1b0 [ 664.399108] __sk_mem_schedule+0x6d/0xe0 [ 664.403194] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 664.408750] tcp_sendmsg_locked+0x1c86/0x3f00 [ 664.413278] ? tcp_sendpage+0x60/0x60 [ 664.417096] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 664.422642] ? aa_label_sk_perm+0x46d/0x8e0 [ 664.426989] ? find_held_lock+0x36/0x1c0 [ 664.431069] ? mark_held_locks+0xc7/0x130 [ 664.435234] ? __local_bh_enable_ip+0x160/0x260 [ 664.439911] ? __local_bh_enable_ip+0x160/0x260 [ 664.444597] ? trace_hardirqs_on+0xbd/0x310 [ 664.448931] ? lock_release+0x970/0x970 [ 664.452912] ? lock_sock_nested+0xe2/0x120 [ 664.457171] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 664.462636] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 664.468193] ? check_preemption_disabled+0x48/0x200 [ 664.473225] ? lock_sock_nested+0x9a/0x120 [ 664.477472] ? lock_sock_nested+0x9a/0x120 [ 664.481721] ? __local_bh_enable_ip+0x160/0x260 [ 664.486410] tcp_sendmsg+0x2f/0x50 [ 664.489966] inet_sendmsg+0x1a1/0x690 [ 664.493782] ? ipip_gro_receive+0x100/0x100 [ 664.498118] ? apparmor_socket_sendmsg+0x29/0x30 [ 664.502893] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 664.508441] ? security_socket_sendmsg+0x94/0xc0 [ 664.513207] ? ipip_gro_receive+0x100/0x100 [ 664.517544] sock_sendmsg+0xd5/0x120 [ 664.521274] __sys_sendto+0x3d7/0x670 [ 664.525094] ? __ia32_sys_getpeername+0xb0/0xb0 [ 664.529773] ? lock_release+0x970/0x970 [ 664.533762] ? arch_local_save_flags+0x40/0x40 [ 664.538356] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 664.543814] ? aa_af_perm+0x5a0/0x5a0 [ 664.547652] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 664.553207] ? put_timespec64+0x10f/0x1b0 [ 664.557367] ? nsecs_to_jiffies+0x30/0x30 [ 664.561526] ? do_syscall_64+0x9a/0x820 [ 664.565514] ? do_syscall_64+0x9a/0x820 [ 664.569498] ? lockdep_hardirqs_on+0x421/0x5c0 [ 664.574091] ? trace_hardirqs_on+0xbd/0x310 [ 664.578420] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 664.583969] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 664.589349] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 664.594811] __x64_sys_sendto+0xe1/0x1a0 [ 664.598890] do_syscall_64+0x1b9/0x820 [ 664.602784] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 664.608172] ? syscall_return_slowpath+0x5e0/0x5e0 [ 664.613111] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 664.617976] ? trace_hardirqs_on_caller+0x310/0x310 [ 664.623005] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 664.628034] ? prepare_exit_to_usermode+0x291/0x3b0 [ 664.633067] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 664.637934] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 664.643127] RIP: 0033:0x457579 [ 664.646344] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 664.665247] RSP: 002b:00007f2ad8052c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 664.672964] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457579 [ 664.680242] RDX: fffffffffffffe4e RSI: 0000000020000000 RDI: 0000000000000003 [ 664.687520] RBP: 000000000072bf00 R08: 00000000200000c0 R09: 0000000000000006 [ 664.694794] R10: 00000000000000c0 R11: 0000000000000246 R12: 00007f2ad80536d4 [ 664.702072] R13: 00000000004c3929 R14: 00000000004d57c0 R15: 00000000ffffffff [ 664.743054] Task in /syz1 killed as a result of limit of /syz1 [ 664.768499] memory: usage 204784kB, limit 204800kB, failcnt 3516 [ 664.782699] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 664.799343] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 664.832920] Memory cgroup stats for /syz1: cache:224KB rss:80KB rss_huge:0KB shmem:224KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:164KB inactive_file:0KB active_file:0KB unevictable:0KB [ 664.897286] Memory cgroup out of memory: Kill process 25529 (syz-executor1) score 161 or sacrifice child [ 664.907916] Killed process 25529 (syz-executor1) total-vm:70472kB, anon-rss:108kB, file-rss:32832kB, shmem-rss:0kB [ 664.928227] oom_reaper: reaped process 25529 (syz-executor1), now anon-rss:0kB, file-rss:32064kB, shmem-rss:0kB [ 664.938699] syz-executor3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=3, oom_score_adj=0 [ 664.952713] syz-executor3 cpuset=syz3 mems_allowed=0 [ 664.958080] CPU: 0 PID: 25569 Comm: syz-executor3 Not tainted 4.19.0-rc6+ #265 [ 664.965451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 664.974811] Call Trace: [ 664.977409] dump_stack+0x1c4/0x2b4 [ 664.981053] ? dump_stack_print_info.cold.2+0x52/0x52 [ 664.986242] ? mark_held_locks+0x130/0x130 [ 664.990473] ? mark_held_locks+0x130/0x130 [ 664.994714] dump_header+0x27b/0xf72 [ 664.998420] ? pagefault_out_of_memory+0x197/0x197 [ 665.003337] ? check_preemption_disabled+0x48/0x200 [ 665.008351] ? check_preemption_disabled+0x48/0x200 [ 665.013360] ? graph_lock+0x170/0x170 [ 665.017174] ? graph_lock+0x170/0x170 [ 665.020976] ? print_usage_bug+0xc0/0xc0 [ 665.025033] ? find_held_lock+0x36/0x1c0 [ 665.029094] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 665.034619] ? find_held_lock+0x36/0x1c0 [ 665.038673] ? mark_held_locks+0xc7/0x130 [ 665.042820] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 665.047922] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 665.053013] ? lockdep_hardirqs_on+0x421/0x5c0 [ 665.057583] ? trace_hardirqs_on+0xbd/0x310 [ 665.061889] ? kasan_check_read+0x11/0x20 [ 665.066023] ? ___ratelimit+0x36f/0x655 [ 665.069983] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 665.075440] ? trace_hardirqs_on+0x310/0x310 [ 665.079833] ? lock_downgrade+0x900/0x900 [ 665.083980] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 665.089083] ? ___ratelimit+0xaa/0x655 [ 665.092966] ? idr_get_free+0xec0/0xec0 [ 665.096927] ? kasan_check_write+0x14/0x20 [ 665.101170] ? do_raw_spin_lock+0xc1/0x200 [ 665.105400] oom_kill_process.cold.27+0x10/0x903 [ 665.110151] ? kasan_check_write+0x14/0x20 [ 665.114379] ? do_raw_spin_lock+0xc1/0x200 [ 665.118603] ? oom_evaluate_task+0x540/0x540 [ 665.123014] ? cgroup_procs_next+0x70/0x70 [ 665.127257] ? _raw_spin_unlock_irq+0x60/0x80 [ 665.131738] ? oom_badness+0xaa0/0xaa0 [ 665.135614] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 665.140358] ? mem_cgroup_iter_break+0x30/0x30 [ 665.144934] ? mark_held_locks+0xc7/0x130 [ 665.149070] out_of_memory+0xa84/0x1430 [ 665.153034] ? lockdep_hardirqs_on+0x421/0x5c0 [ 665.157613] ? kasan_check_read+0x11/0x20 [ 665.161790] ? oom_killer_disable+0x3a0/0x3a0 [ 665.166270] ? kasan_check_write+0x14/0x20 [ 665.170490] ? do_raw_spin_lock+0xc1/0x200 [ 665.174719] mem_cgroup_out_of_memory+0x15e/0x210 [ 665.179549] ? memcg_memory_event+0x40/0x40 [ 665.183857] ? mem_cgroup_charge_skmem+0x1e4/0x390 [ 665.188775] ? page_counter_try_charge+0x1c1/0x220 [ 665.193747] try_charge+0xc43/0x1690 [ 665.197472] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 665.203517] ? tcp_sendmsg+0x2f/0x50 [ 665.207220] ? sock_sendmsg+0xd5/0x120 [ 665.211115] ? __sys_sendto+0x3d7/0x670 [ 665.215085] ? __x64_sys_sendto+0xe1/0x1a0 [ 665.219309] ? do_syscall_64+0x1b9/0x820 [ 665.223354] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 665.228702] ? graph_lock+0x170/0x170 [ 665.232491] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 665.238016] ? check_preemption_disabled+0x48/0x200 [ 665.243039] ? check_preemption_disabled+0x48/0x200 [ 665.248065] ? mark_held_locks+0xc7/0x130 [ 665.252222] ? __lock_is_held+0xb5/0x140 [ 665.256271] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 665.261187] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 665.266103] ? lockdep_hardirqs_on+0x421/0x5c0 [ 665.270676] ? __sk_mem_raise_allocated+0x642/0x1800 [ 665.275766] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 665.281203] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 665.286727] ? check_preemption_disabled+0x48/0x200 [ 665.291778] mem_cgroup_charge_skmem+0x1e4/0x390 [ 665.296520] ? mem_cgroup_sk_free+0x90/0x90 [ 665.300832] __sk_mem_raise_allocated+0x642/0x1800 [ 665.305749] ? sk_busy_loop_end+0x1c0/0x1c0 [ 665.310059] ? sk_alloc_sg+0xa00/0xa00 [ 665.313931] ? arch_local_save_flags+0x40/0x40 [ 665.318527] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 665.323531] ? skb_page_frag_refill+0x1eb/0x6a0 [ 665.328190] ? sock_kzfree_s+0x60/0x60 [ 665.332064] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 665.337066] ? sk_stream_alloc_skb+0x34b/0x970 [ 665.341636] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 665.347173] ? skb_entail+0x618/0x8c0 [ 665.350960] ? tcp_rate_check_app_limited+0x121/0x460 [ 665.356133] ? tcp_splice_data_recv+0x1b0/0x1b0 [ 665.360824] __sk_mem_schedule+0x6d/0xe0 [ 665.364882] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 665.370407] tcp_sendmsg_locked+0x1c86/0x3f00 [ 665.374903] ? tcp_sendpage+0x60/0x60 [ 665.378692] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 665.384220] ? aa_label_sk_perm+0x46d/0x8e0 [ 665.388534] ? find_held_lock+0x36/0x1c0 [ 665.392585] ? mark_held_locks+0xc7/0x130 [ 665.396719] ? __local_bh_enable_ip+0x160/0x260 [ 665.401375] ? __local_bh_enable_ip+0x160/0x260 [ 665.406031] ? trace_hardirqs_on+0xbd/0x310 [ 665.410337] ? lock_release+0x970/0x970 [ 665.414319] ? lock_sock_nested+0xe2/0x120 [ 665.418554] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 665.423989] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 665.429515] ? check_preemption_disabled+0x48/0x200 [ 665.434519] ? lock_sock_nested+0x9a/0x120 [ 665.438770] ? lock_sock_nested+0x9a/0x120 [ 665.443019] ? __local_bh_enable_ip+0x160/0x260 [ 665.447732] tcp_sendmsg+0x2f/0x50 [ 665.451274] inet_sendmsg+0x1a1/0x690 [ 665.455084] ? ipip_gro_receive+0x100/0x100 [ 665.459397] ? apparmor_socket_sendmsg+0x29/0x30 [ 665.464147] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 665.469678] ? security_socket_sendmsg+0x94/0xc0 [ 665.474437] ? ipip_gro_receive+0x100/0x100 [ 665.478743] sock_sendmsg+0xd5/0x120 [ 665.482445] __sys_sendto+0x3d7/0x670 [ 665.486232] ? __ia32_sys_getpeername+0xb0/0xb0 [ 665.490885] ? lock_release+0x970/0x970 [ 665.494842] ? arch_local_save_flags+0x40/0x40 [ 665.499409] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 665.504868] ? aa_af_perm+0x5a0/0x5a0 [ 665.508669] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 665.514193] ? put_timespec64+0x10f/0x1b0 [ 665.518327] ? nsecs_to_jiffies+0x30/0x30 [ 665.522472] ? do_syscall_64+0x9a/0x820 [ 665.526441] ? do_syscall_64+0x9a/0x820 [ 665.530402] ? lockdep_hardirqs_on+0x421/0x5c0 [ 665.534970] ? trace_hardirqs_on+0xbd/0x310 [ 665.539289] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 665.544849] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 665.550210] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 665.555647] __x64_sys_sendto+0xe1/0x1a0 [ 665.559701] do_syscall_64+0x1b9/0x820 [ 665.563574] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 665.568926] ? syscall_return_slowpath+0x5e0/0x5e0 [ 665.573856] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 665.578713] ? trace_hardirqs_on_caller+0x310/0x310 [ 665.583750] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 665.588758] ? prepare_exit_to_usermode+0x291/0x3b0 [ 665.593763] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 665.598595] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 665.603769] RIP: 0033:0x457579 [ 665.606955] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 665.625853] RSP: 002b:00007f7e36aa9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 665.633545] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457579 [ 665.640801] RDX: fffffffffffffe4e RSI: 0000000020000000 RDI: 0000000000000003 [ 665.648053] RBP: 000000000072bf00 R08: 00000000200000c0 R09: 0000000000000006 [ 665.655308] R10: 00000000000000c0 R11: 0000000000000246 R12: 00007f7e36aaa6d4 [ 665.662581] R13: 00000000004c3929 R14: 00000000004d57c0 R15: 00000000ffffffff [ 665.676077] Task in /syz3 killed as a result of limit of /syz3 [ 665.690620] memory: usage 204800kB, limit 204800kB, failcnt 2784 [ 665.696914] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 665.704043] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 665.710322] Memory cgroup stats for /syz3: cache:0KB rss:4304KB rss_huge:4096KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:4248KB inactive_file:0KB active_file:0KB unevictable:0KB [ 665.733130] Memory cgroup out of memory: Kill process 25568 (syz-executor3) score 181 or sacrifice child [ 665.742927] Killed process 25568 (syz-executor3) total-vm:70604kB, anon-rss:4204kB, file-rss:32768kB, shmem-rss:0kB [ 665.753749] syz-executor1 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=0 [ 665.755586] oom_reaper: reaped process 25568 (syz-executor3), now anon-rss:0kB, file-rss:32000kB, shmem-rss:0kB [ 665.768647] syz-executor1 cpuset=syz1 mems_allowed=0 [ 665.781908] CPU: 0 PID: 25529 Comm: syz-executor1 Not tainted 4.19.0-rc6+ #265 [ 665.789279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 665.798614] Call Trace: [ 665.801190] dump_stack+0x1c4/0x2b4 [ 665.804806] ? dump_stack_print_info.cold.2+0x52/0x52 [ 665.810013] dump_header+0x27b/0xf72 [ 665.813721] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 665.819512] ? kasan_check_read+0x11/0x20 [ 665.823688] ? pagefault_out_of_memory+0x197/0x197 [ 665.828624] ? rcu_read_unlock+0x33/0x60 [ 665.832685] ? mem_cgroup_iter+0x514/0x1160 [ 665.837002] ? find_held_lock+0x36/0x1c0 [ 665.841058] ? mem_cgroup_nr_lru_pages+0x80/0x80 [ 665.845801] ? mark_held_locks+0xc7/0x130 [ 665.849944] ? _raw_spin_unlock_irq+0x27/0x80 [ 665.854679] ? _raw_spin_unlock_irq+0x27/0x80 [ 665.859183] ? lockdep_hardirqs_on+0x421/0x5c0 [ 665.863752] ? trace_hardirqs_on+0xbd/0x310 [ 665.868059] ? kasan_check_read+0x11/0x20 [ 665.872194] ? css_task_iter_end+0x222/0x490 [ 665.876591] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 665.882042] ? kasan_check_write+0x14/0x20 [ 665.886268] ? do_raw_spin_lock+0xc1/0x200 [ 665.890489] ? _raw_spin_unlock_irq+0x60/0x80 [ 665.894972] ? css_task_iter_end+0x2ce/0x490 [ 665.899369] ? cgroup_procs_next+0x70/0x70 [ 665.903588] ? _raw_spin_unlock_irq+0x60/0x80 [ 665.908073] ? oom_badness+0xaa0/0xaa0 [ 665.911971] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 665.916723] ? mem_cgroup_iter_break+0x30/0x30 [ 665.921303] ? cgroup_file_notify+0x226/0x2f0 [ 665.925809] out_of_memory.cold.30+0xf/0x184 [ 665.930216] ? lockdep_hardirqs_on+0x421/0x5c0 [ 665.934786] ? kasan_check_read+0x11/0x20 [ 665.938922] ? oom_killer_disable+0x3a0/0x3a0 [ 665.943402] ? kasan_check_write+0x14/0x20 [ 665.947625] ? do_raw_spin_lock+0xc1/0x200 [ 665.951865] mem_cgroup_out_of_memory+0x15e/0x210 [ 665.956702] ? memcg_memory_event+0x40/0x40 [ 665.961030] ? memcg_kmem_charge_memcg+0x7c/0x120 [ 665.965865] ? page_counter_try_charge+0x1c1/0x220 [ 665.970783] try_charge+0xc43/0x1690 [ 665.974483] ? lock_downgrade+0x900/0x900 [ 665.978618] ? check_preemption_disabled+0x48/0x200 [ 665.983622] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 665.989667] ? find_held_lock+0x36/0x1c0 [ 665.993719] ? get_mem_cgroup_from_mm+0x1e9/0x440 [ 665.998548] ? lock_downgrade+0x900/0x900 [ 666.002684] ? check_preemption_disabled+0x48/0x200 [ 666.007692] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 666.013473] ? kasan_check_read+0x11/0x20 [ 666.017607] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 666.022889] ? rcu_bh_qs+0xc0/0xc0 [ 666.026425] ? get_mem_cgroup_from_mm+0x206/0x440 [ 666.031257] memcg_kmem_charge_memcg+0x7c/0x120 [ 666.035912] ? memcg_kmem_put_cache+0xb0/0xb0 [ 666.040393] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 666.045746] memcg_kmem_charge+0x135/0x300 [ 666.049969] __alloc_pages_nodemask+0x72e/0xde0 [ 666.054629] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 666.059907] ? __alloc_pages_slowpath+0x2d80/0x2d80 [ 666.064926] ? check_preemption_disabled+0x48/0x200 [ 666.069930] ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0 [ 666.075462] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 666.080722] ? percpu_ref_put_many+0x13e/0x260 [ 666.085288] ? rcu_pm_notify+0xc0/0xc0 [ 666.089185] ? copy_process+0x1ff4/0x8780 [ 666.093318] ? rcu_read_lock_sched_held+0x108/0x120 [ 666.098324] ? kmem_cache_alloc_node+0x349/0x730 [ 666.103063] ? kasan_check_write+0x14/0x20 [ 666.107283] ? do_raw_spin_lock+0xc1/0x200 [ 666.111519] copy_process+0xa09/0x8780 [ 666.115405] ? print_usage_bug+0xc0/0xc0 [ 666.119453] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 666.124990] ? __lock_acquire+0x7ec/0x4ec0 [ 666.129231] ? __cleanup_sighand+0x70/0x70 [ 666.133460] ? mark_held_locks+0x130/0x130 [ 666.137685] ? print_usage_bug+0xc0/0xc0 [ 666.141753] ? find_held_lock+0x36/0x1c0 [ 666.145828] ? rcu_read_unlock_special.part.39+0x8a4/0x11f0 [ 666.151529] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 666.156631] ? __lock_acquire+0x7ec/0x4ec0 [ 666.160856] ? graph_lock+0x170/0x170 [ 666.164642] ? check_preemption_disabled+0x48/0x200 [ 666.169643] ? check_preemption_disabled+0x48/0x200 [ 666.174656] ? mark_held_locks+0x130/0x130 [ 666.178879] ? print_usage_bug+0xc0/0xc0 [ 666.182923] ? find_held_lock+0x36/0x1c0 [ 666.186990] ? find_held_lock+0x36/0x1c0 [ 666.191054] ? print_usage_bug+0xc0/0xc0 [ 666.195103] ? __lock_acquire+0x7ec/0x4ec0 [ 666.199322] ? lock_downgrade+0x900/0x900 [ 666.203457] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 666.208980] ? check_preemption_disabled+0x48/0x200 [ 666.213987] ? check_preemption_disabled+0x48/0x200 [ 666.219010] ? __lock_acquire+0x7ec/0x4ec0 [ 666.223233] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 666.228769] ? mark_held_locks+0x130/0x130 [ 666.232993] ? rcu_read_unlock+0x16/0x60 [ 666.237062] ? lock_downgrade+0x900/0x900 [ 666.241200] ? check_preemption_disabled+0x48/0x200 [ 666.246207] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 666.251986] ? kasan_check_read+0x11/0x20 [ 666.256120] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 666.261401] ? graph_lock+0x170/0x170 [ 666.265204] ? rcu_read_unlock+0x33/0x60 [ 666.269265] ? find_held_lock+0x36/0x1c0 [ 666.273325] ? graph_lock+0x170/0x170 [ 666.277115] ? delayacct_end+0x25/0x100 [ 666.281093] ? lock_downgrade+0x900/0x900 [ 666.285225] ? ktime_get+0x352/0x440 [ 666.288925] ? print_usage_bug+0xc0/0xc0 [ 666.292983] ? find_held_lock+0x36/0x1c0 [ 666.297047] ? delayacct_end+0xc5/0x100 [ 666.301033] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 666.306122] ? __lock_acquire+0x7ec/0x4ec0 [ 666.310366] ? trace_hardirqs_on+0xbd/0x310 [ 666.314671] ? kasan_check_read+0x11/0x20 [ 666.318804] ? delayacct_end+0xc5/0x100 [ 666.322767] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 666.328224] ? mark_held_locks+0x130/0x130 [ 666.332453] ? delayacct_end+0x5a/0x100 [ 666.336437] ? __delayacct_freepages_end+0xe0/0x140 [ 666.341448] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 666.346995] ? do_try_to_free_pages+0xe68/0x1290 [ 666.351753] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 666.357302] ? check_preemption_disabled+0x48/0x200 [ 666.362318] ? check_preemption_disabled+0x48/0x200 [ 666.367337] ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0 [ 666.372871] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 666.378135] ? rcu_pm_notify+0xc0/0xc0 [ 666.382030] ? graph_lock+0x170/0x170 [ 666.385835] ? try_to_free_mem_cgroup_pages+0x58b/0xca0 [ 666.391192] _do_fork+0x1cb/0x11d0 [ 666.394719] ? fork_idle+0x1d0/0x1d0 [ 666.398419] ? percpu_ref_put_many+0x11c/0x260 [ 666.402987] ? lock_downgrade+0x900/0x900 [ 666.407121] ? check_preemption_disabled+0x48/0x200 [ 666.412132] ? kasan_check_read+0x11/0x20 [ 666.416279] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 666.421540] ? rcu_bh_qs+0xc0/0xc0 [ 666.425081] ? get_mem_cgroup_from_mm+0x206/0x440 [ 666.429926] ? do_syscall_64+0x9a/0x820 [ 666.433899] ? do_syscall_64+0x9a/0x820 [ 666.437869] ? lockdep_hardirqs_on+0x421/0x5c0 [ 666.442438] ? trace_hardirqs_on+0xbd/0x310 [ 666.446791] ? trace_hardirqs_on+0x310/0x310 [ 666.451220] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 666.456591] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 666.462044] __x64_sys_clone+0xbf/0x150 [ 666.466017] do_syscall_64+0x1b9/0x820 [ 666.469905] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 666.475275] ? syscall_return_slowpath+0x5e0/0x5e0 [ 666.480218] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 666.485058] ? trace_hardirqs_on_caller+0x310/0x310 [ 666.490083] ? prepare_exit_to_usermode+0x291/0x3b0 [ 666.495109] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 666.499943] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 666.505123] RIP: 0033:0x459f49 [ 666.508330] Code: Bad RIP value. [ 666.511679] RSP: 002b:0000000000a3fac8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 666.519383] RAX: ffffffffffffffda RBX: 00007f2ad8032700 RCX: 0000000000459f49 [ 666.526658] RDX: 00007f2ad80329d0 RSI: 00007f2ad8031db0 RDI: 00000000003d0f00 [ 666.533914] RBP: 0000000000a3fcd0 R08: 00007f2ad8032700 R09: 00007f2ad8032700 [ 666.541185] R10: 00007f2ad80329d0 R11: 0000000000000202 R12: 0000000000000000 [ 666.548471] R13: 0000000000a3fb7f R14: 00007f2ad80329c0 R15: 0000000000000001 [ 666.562451] Memory limit reached of cgroup /syz1 [ 666.567330] memory: usage 204632kB, limit 204800kB, failcnt 3516 [ 666.573488] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 666.580462] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 03:04:59 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0xe]}, 0x6) 03:04:59 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x4002000000000000]}, 0x6) 03:04:59 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x2000000]}, 0x6) 03:04:59 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x300]}, 0x6) 03:04:59 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f00000000c0)='/dev/dmmidi#\x00', 0x0, 0x300) ioctl$EVIOCGPROP(r1, 0x80404509, &(0x7f0000000200)=""/4096) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e24, 0x401, @ipv4={[], [], @local}, 0x7fffffff}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000140)=0x32, 0x4) r3 = fcntl$dupfd(r0, 0x406, r0) ioctl$sock_kcm_SIOCKCMCLONE(r3, 0x89e2, &(0x7f0000000080)={r0}) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x4000000000001a8, 0x0) sysfs$3(0x3) [ 666.586606] Memory cgroup stats for /syz1: cache:224KB rss:80KB rss_huge:0KB shmem:224KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:64KB inactive_file:0KB active_file:0KB unevictable:0KB [ 666.606602] Out of memory and no killable processes... [ 666.612324] syz-executor3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=0 [ 666.625549] syz-executor3 cpuset=syz3 mems_allowed=0 [ 666.631259] CPU: 1 PID: 25568 Comm: syz-executor3 Not tainted 4.19.0-rc6+ #265 [ 666.638631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 666.647998] Call Trace: [ 666.650592] dump_stack+0x1c4/0x2b4 [ 666.654245] ? dump_stack_print_info.cold.2+0x52/0x52 [ 666.659457] dump_header+0x27b/0xf72 [ 666.663193] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 666.669003] ? kasan_check_read+0x11/0x20 [ 666.673176] ? pagefault_out_of_memory+0x197/0x197 [ 666.678146] ? rcu_read_unlock+0x33/0x60 [ 666.682218] ? mem_cgroup_iter+0x514/0x1160 [ 666.686551] ? find_held_lock+0x36/0x1c0 [ 666.690631] ? mem_cgroup_nr_lru_pages+0x80/0x80 [ 666.695408] ? mark_held_locks+0xc7/0x130 [ 666.699585] ? _raw_spin_unlock_irq+0x27/0x80 03:04:59 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x20c]}, 0x6) [ 666.704125] ? _raw_spin_unlock_irq+0x27/0x80 [ 666.708641] ? lockdep_hardirqs_on+0x421/0x5c0 [ 666.713253] ? trace_hardirqs_on+0xbd/0x310 [ 666.717587] ? kasan_check_read+0x11/0x20 [ 666.722004] ? css_task_iter_end+0x222/0x490 [ 666.726439] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 666.731898] ? kasan_check_write+0x14/0x20 [ 666.736188] ? do_raw_spin_lock+0xc1/0x200 [ 666.740471] ? _raw_spin_unlock_irq+0x60/0x80 [ 666.744992] ? css_task_iter_end+0x2ce/0x490 [ 666.749409] ? cgroup_procs_next+0x70/0x70 03:04:59 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x240]}, 0x6) [ 666.753655] ? _raw_spin_unlock_irq+0x60/0x80 [ 666.758191] ? oom_badness+0xaa0/0xaa0 [ 666.762089] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 666.766853] ? mem_cgroup_iter_break+0x30/0x30 [ 666.771455] ? cgroup_file_notify+0x226/0x2f0 [ 666.775968] out_of_memory.cold.30+0xf/0x184 [ 666.780380] ? lockdep_hardirqs_on+0x421/0x5c0 [ 666.780396] ? kasan_check_read+0x11/0x20 [ 666.780414] ? oom_killer_disable+0x3a0/0x3a0 [ 666.780427] ? kasan_check_write+0x14/0x20 [ 666.780444] ? do_raw_spin_lock+0xc1/0x200 [ 666.780468] mem_cgroup_out_of_memory+0x15e/0x210 [ 666.806956] ? memcg_memory_event+0x40/0x40 [ 666.811289] ? memcg_kmem_charge_memcg+0x7c/0x120 [ 666.816162] ? page_counter_try_charge+0x1c1/0x220 [ 666.821103] try_charge+0xc43/0x1690 [ 666.821119] ? lock_downgrade+0x900/0x900 [ 666.821147] ? check_preemption_disabled+0x48/0x200 [ 666.821174] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 666.821192] ? find_held_lock+0x36/0x1c0 [ 666.821216] ? get_mem_cgroup_from_mm+0x1e9/0x440 [ 666.821231] ? lock_downgrade+0x900/0x900 [ 666.821246] ? check_preemption_disabled+0x48/0x200 [ 666.821267] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 666.821284] ? kasan_check_read+0x11/0x20 [ 666.858255] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 666.858272] ? rcu_bh_qs+0xc0/0xc0 [ 666.858299] ? get_mem_cgroup_from_mm+0x206/0x440 [ 666.858323] memcg_kmem_charge_memcg+0x7c/0x120 [ 666.858339] ? memcg_kmem_put_cache+0xb0/0xb0 [ 666.858358] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 666.896476] memcg_kmem_charge+0x135/0x300 [ 666.900727] __alloc_pages_nodemask+0x72e/0xde0 03:04:59 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x3400]}, 0x6) [ 666.905416] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 666.910740] ? __alloc_pages_slowpath+0x2d80/0x2d80 [ 666.915798] ? check_preemption_disabled+0x48/0x200 [ 666.920842] ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0 [ 666.920857] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 666.920884] ? percpu_ref_put_many+0x13e/0x260 [ 666.920916] ? rcu_pm_notify+0xc0/0xc0 [ 666.931728] ? copy_process+0x1ff4/0x8780 [ 666.931742] ? rcu_read_lock_sched_held+0x108/0x120 [ 666.931758] ? kmem_cache_alloc_node+0x349/0x730 [ 666.931786] ? kasan_check_write+0x14/0x20 [ 666.931801] ? do_raw_spin_lock+0xc1/0x200 [ 666.931841] copy_process+0xa09/0x8780 [ 666.966502] ? print_usage_bug+0xc0/0xc0 [ 666.970573] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 666.976123] ? __lock_acquire+0x7ec/0x4ec0 [ 666.980397] ? __cleanup_sighand+0x70/0x70 [ 666.984676] ? mark_held_locks+0x130/0x130 [ 666.988925] ? print_usage_bug+0xc0/0xc0 [ 666.992994] ? find_held_lock+0x36/0x1c0 [ 666.997070] ? rcu_read_unlock_special.part.39+0x8a4/0x11f0 03:04:59 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x4c1d0000]}, 0x6) 03:04:59 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0xffffffff00000000]}, 0x6) [ 667.002792] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 667.007912] ? __lock_acquire+0x7ec/0x4ec0 [ 667.012167] ? graph_lock+0x170/0x170 [ 667.015979] ? check_preemption_disabled+0x48/0x200 [ 667.021006] ? check_preemption_disabled+0x48/0x200 [ 667.026045] ? mark_held_locks+0x130/0x130 [ 667.030290] ? print_usage_bug+0xc0/0xc0 [ 667.034358] ? find_held_lock+0x36/0x1c0 [ 667.038444] ? find_held_lock+0x36/0x1c0 [ 667.042524] ? print_usage_bug+0xc0/0xc0 [ 667.046619] ? __lock_acquire+0x7ec/0x4ec0 [ 667.050899] ? lock_downgrade+0x900/0x900 [ 667.055062] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 667.060613] ? check_preemption_disabled+0x48/0x200 [ 667.065643] ? check_preemption_disabled+0x48/0x200 [ 667.070710] ? __lock_acquire+0x7ec/0x4ec0 [ 667.074962] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 667.080521] ? mark_held_locks+0x130/0x130 [ 667.084772] ? rcu_read_unlock+0x16/0x60 [ 667.088841] ? lock_downgrade+0x900/0x900 [ 667.093001] ? check_preemption_disabled+0x48/0x200 [ 667.098038] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 667.103844] ? kasan_check_read+0x11/0x20 [ 667.108005] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 667.113290] ? graph_lock+0x170/0x170 [ 667.117111] ? rcu_read_unlock+0x33/0x60 [ 667.121197] ? find_held_lock+0x36/0x1c0 [ 667.125268] ? graph_lock+0x170/0x170 [ 667.129084] ? delayacct_end+0x25/0x100 [ 667.133070] ? lock_downgrade+0x900/0x900 [ 667.137227] ? ktime_get+0x352/0x440 [ 667.140953] ? print_usage_bug+0xc0/0xc0 [ 667.145026] ? find_held_lock+0x36/0x1c0 [ 667.149106] ? delayacct_end+0xc5/0x100 [ 667.153112] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 667.158258] ? __lock_acquire+0x7ec/0x4ec0 [ 667.162500] ? trace_hardirqs_on+0xbd/0x310 [ 667.166828] ? kasan_check_read+0x11/0x20 [ 667.170985] ? delayacct_end+0xc5/0x100 [ 667.174975] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 667.180448] ? mark_held_locks+0x130/0x130 [ 667.184699] ? delayacct_end+0x5a/0x100 [ 667.188694] ? __delayacct_freepages_end+0xe0/0x140 [ 667.193724] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 667.199273] ? do_try_to_free_pages+0xe68/0x1290 03:04:59 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x0, 0x240]}, 0x6) [ 667.204046] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 667.209598] ? check_preemption_disabled+0x48/0x200 [ 667.214624] ? check_preemption_disabled+0x48/0x200 [ 667.219680] ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0 [ 667.225226] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 667.225244] ? rcu_pm_notify+0xc0/0xc0 [ 667.225267] ? graph_lock+0x170/0x170 [ 667.225291] ? try_to_free_mem_cgroup_pages+0x58b/0xca0 [ 667.243635] _do_fork+0x1cb/0x11d0 [ 667.247225] ? fork_idle+0x1d0/0x1d0 [ 667.250956] ? percpu_ref_put_many+0x11c/0x260 [ 667.255547] ? lock_downgrade+0x900/0x900 [ 667.259715] ? check_preemption_disabled+0x48/0x200 [ 667.264737] ? kasan_check_read+0x11/0x20 [ 667.264753] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 667.264768] ? rcu_bh_qs+0xc0/0xc0 [ 667.264799] ? get_mem_cgroup_from_mm+0x206/0x440 [ 667.264818] ? do_syscall_64+0x9a/0x820 [ 667.286625] ? do_syscall_64+0x9a/0x820 [ 667.290609] ? lockdep_hardirqs_on+0x421/0x5c0 [ 667.295205] ? trace_hardirqs_on+0xbd/0x310 [ 667.299539] ? trace_hardirqs_on+0x310/0x310 [ 667.303956] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 667.309329] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 667.314801] __x64_sys_clone+0xbf/0x150 [ 667.318796] do_syscall_64+0x1b9/0x820 [ 667.322699] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 667.328073] ? syscall_return_slowpath+0x5e0/0x5e0 [ 667.333014] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 667.337871] ? trace_hardirqs_on_caller+0x310/0x310 [ 667.342927] ? prepare_exit_to_usermode+0x291/0x3b0 [ 667.347966] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 667.352822] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 667.358013] RIP: 0033:0x459f49 [ 667.361213] Code: Bad RIP value. [ 667.364601] RSP: 002b:0000000000a3fac8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 667.372317] RAX: ffffffffffffffda RBX: 00007f7e36a68700 RCX: 0000000000459f49 [ 667.379603] RDX: 00007f7e36a689d0 RSI: 00007f7e36a67db0 RDI: 00000000003d0f00 [ 667.386890] RBP: 0000000000a3fcd0 R08: 00007f7e36a68700 R09: 00007f7e36a68700 [ 667.394175] R10: 00007f7e36a689d0 R11: 0000000000000202 R12: 0000000000000000 [ 667.401451] R13: 0000000000a3fb7f R14: 00007f7e36a689c0 R15: 0000000000000002 [ 667.535012] Memory limit reached of cgroup /syz3 [ 667.540271] memory: usage 200524kB, limit 204800kB, failcnt 2784 [ 667.546498] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 667.553426] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 667.560078] Memory cgroup stats for /syz3: cache:0KB rss:72KB rss_huge:0KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:64KB inactive_file:0KB active_file:0KB unevictable:0KB [ 667.580065] Out of memory and no killable processes... 03:05:00 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x11]}, 0x6) [ 667.586012] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=3, oom_score_adj=0 [ 667.607119] syz-executor1 cpuset=syz1 mems_allowed=0 [ 667.620542] CPU: 1 PID: 25588 Comm: syz-executor1 Not tainted 4.19.0-rc6+ #265 [ 667.627924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 667.637280] Call Trace: [ 667.639880] dump_stack+0x1c4/0x2b4 [ 667.643521] ? dump_stack_print_info.cold.2+0x52/0x52 [ 667.648725] ? mark_held_locks+0x130/0x130 [ 667.652970] ? mark_held_locks+0x130/0x130 [ 667.657221] dump_header+0x27b/0xf72 [ 667.660957] ? pagefault_out_of_memory+0x197/0x197 [ 667.665917] ? check_preemption_disabled+0x48/0x200 [ 667.670944] ? check_preemption_disabled+0x48/0x200 [ 667.676008] ? graph_lock+0x170/0x170 [ 667.679825] ? graph_lock+0x170/0x170 [ 667.683650] ? print_usage_bug+0xc0/0xc0 [ 667.687743] ? find_held_lock+0x36/0x1c0 [ 667.691842] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 667.697392] ? find_held_lock+0x36/0x1c0 [ 667.701475] ? mark_held_locks+0xc7/0x130 [ 667.705636] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 667.710745] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 667.715854] ? lockdep_hardirqs_on+0x421/0x5c0 [ 667.720449] ? trace_hardirqs_on+0xbd/0x310 [ 667.724782] ? kasan_check_read+0x11/0x20 [ 667.728940] ? ___ratelimit+0x36f/0x655 [ 667.732931] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 667.738404] ? trace_hardirqs_on+0x310/0x310 [ 667.742824] ? lock_downgrade+0x900/0x900 [ 667.746991] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 667.752110] ? ___ratelimit+0xaa/0x655 [ 667.756023] ? idr_get_free+0xec0/0xec0 [ 667.760007] ? kasan_check_write+0x14/0x20 [ 667.764254] ? do_raw_spin_lock+0xc1/0x200 [ 667.768507] oom_kill_process.cold.27+0x10/0x903 [ 667.773270] ? kasan_check_write+0x14/0x20 [ 667.777517] ? do_raw_spin_lock+0xc1/0x200 [ 667.781785] ? oom_evaluate_task+0x540/0x540 [ 667.786214] ? cgroup_procs_next+0x70/0x70 [ 667.790552] ? _raw_spin_unlock_irq+0x60/0x80 [ 667.795063] ? oom_badness+0xaa0/0xaa0 [ 667.798964] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 667.803731] ? mem_cgroup_iter_break+0x30/0x30 [ 667.808335] ? mark_held_locks+0xc7/0x130 [ 667.812483] out_of_memory+0xa84/0x1430 [ 667.816452] ? lockdep_hardirqs_on+0x421/0x5c0 [ 667.821036] ? kasan_check_read+0x11/0x20 [ 667.821054] ? oom_killer_disable+0x3a0/0x3a0 [ 667.821069] ? kasan_check_write+0x14/0x20 [ 667.821085] ? do_raw_spin_lock+0xc1/0x200 [ 667.821114] mem_cgroup_out_of_memory+0x15e/0x210 [ 667.821131] ? memcg_memory_event+0x40/0x40 [ 667.847370] ? mem_cgroup_charge_skmem+0x1e4/0x390 [ 667.852737] ? page_counter_try_charge+0x1c1/0x220 [ 667.857687] try_charge+0xc43/0x1690 [ 667.861420] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 667.867463] ? tcp_sendmsg+0x2f/0x50 [ 667.871169] ? sock_sendmsg+0xd5/0x120 [ 667.875038] ? __sys_sendto+0x3d7/0x670 [ 667.878998] ? graph_lock+0x170/0x170 [ 667.882779] ? graph_lock+0x170/0x170 [ 667.886563] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 667.892089] ? check_preemption_disabled+0x48/0x200 [ 667.897093] ? check_preemption_disabled+0x48/0x200 [ 667.902099] ? mark_held_locks+0xc7/0x130 [ 667.906231] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 667.911150] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 667.916067] ? lockdep_hardirqs_on+0x421/0x5c0 [ 667.920634] ? rcu_read_lock_sched_held+0x108/0x120 [ 667.925635] ? __sk_mem_raise_allocated+0x642/0x1800 [ 667.930727] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 667.936166] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 667.941687] ? check_preemption_disabled+0x48/0x200 [ 667.946692] mem_cgroup_charge_skmem+0x1e4/0x390 [ 667.951436] ? mem_cgroup_sk_free+0x90/0x90 [ 667.955746] __sk_mem_raise_allocated+0x642/0x1800 [ 667.960667] ? sk_busy_loop_end+0x1c0/0x1c0 [ 667.964973] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 667.970495] ? alloc_pages_current+0x114/0x210 [ 667.975063] ? skb_page_frag_refill+0x1eb/0x6a0 [ 667.979721] ? sock_kzfree_s+0x60/0x60 [ 667.983608] ? _copy_from_iter_full+0x2b3/0xd20 [ 667.988279] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 667.993833] ? tcp_rate_check_app_limited+0x121/0x460 [ 667.999011] ? iov_iter_advance+0x1460/0x1460 [ 668.003490] __sk_mem_schedule+0x6d/0xe0 [ 668.007533] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 668.013058] tcp_sendmsg_locked+0x1c86/0x3f00 [ 668.017547] ? tcp_sendpage+0x60/0x60 [ 668.021337] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 668.026890] ? aa_label_sk_perm+0x46d/0x8e0 [ 668.031219] ? find_held_lock+0x36/0x1c0 [ 668.035294] ? mark_held_locks+0xc7/0x130 [ 668.039429] ? __local_bh_enable_ip+0x160/0x260 [ 668.044080] ? __local_bh_enable_ip+0x160/0x260 [ 668.048734] ? trace_hardirqs_on+0xbd/0x310 [ 668.053038] ? lock_release+0x970/0x970 [ 668.056999] ? lock_sock_nested+0xe2/0x120 [ 668.061222] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 668.066654] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 668.072180] ? check_preemption_disabled+0x48/0x200 [ 668.077184] ? lock_sock_nested+0x9a/0x120 [ 668.081402] ? lock_sock_nested+0x9a/0x120 [ 668.085620] ? __local_bh_enable_ip+0x160/0x260 [ 668.090276] tcp_sendmsg+0x2f/0x50 [ 668.093802] inet_sendmsg+0x1a1/0x690 [ 668.097590] ? ipip_gro_receive+0x100/0x100 [ 668.101931] ? apparmor_socket_sendmsg+0x29/0x30 [ 668.106675] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 668.112201] ? security_socket_sendmsg+0x94/0xc0 [ 668.116951] ? ipip_gro_receive+0x100/0x100 [ 668.121270] sock_sendmsg+0xd5/0x120 [ 668.124982] __sys_sendto+0x3d7/0x670 [ 668.128802] ? __ia32_sys_getpeername+0xb0/0xb0 [ 668.133455] ? lock_release+0x970/0x970 [ 668.137415] ? arch_local_save_flags+0x40/0x40 [ 668.141982] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 668.147413] ? aa_af_perm+0x5a0/0x5a0 [ 668.151211] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 668.156732] ? put_timespec64+0x10f/0x1b0 [ 668.160868] ? nsecs_to_jiffies+0x30/0x30 [ 668.165001] ? do_syscall_64+0x9a/0x820 [ 668.168958] ? do_syscall_64+0x9a/0x820 [ 668.172917] ? lockdep_hardirqs_on+0x421/0x5c0 [ 668.177484] ? trace_hardirqs_on+0xbd/0x310 [ 668.181808] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 668.187331] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 668.192683] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 668.198121] __x64_sys_sendto+0xe1/0x1a0 [ 668.202177] do_syscall_64+0x1b9/0x820 [ 668.206068] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 668.211421] ? syscall_return_slowpath+0x5e0/0x5e0 [ 668.216331] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 668.221166] ? trace_hardirqs_on_caller+0x310/0x310 [ 668.226169] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 668.231175] ? prepare_exit_to_usermode+0x291/0x3b0 [ 668.236180] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 668.241014] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 668.246184] RIP: 0033:0x457579 [ 668.249363] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 668.268268] RSP: 002b:00007f2ad8052c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 668.275961] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457579 [ 668.283212] RDX: fffffffffffffe4e RSI: 0000000020000000 RDI: 0000000000000003 [ 668.290463] RBP: 000000000072bf00 R08: 00000000200000c0 R09: 0000000000000006 [ 668.297717] R10: 00000000000000c0 R11: 0000000000000246 R12: 00007f2ad80536d4 [ 668.304967] R13: 00000000004c3929 R14: 00000000004d57c0 R15: 00000000ffffffff [ 668.314133] Task in /syz1 killed as a result of limit of /syz1 [ 668.328950] memory: usage 204800kB, limit 204800kB, failcnt 3553 [ 668.335840] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 668.343336] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 668.349615] Memory cgroup stats for /syz1: cache:224KB rss:212KB rss_huge:0KB shmem:224KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:176KB inactive_file:0KB active_file:0KB unevictable:0KB [ 668.372658] Memory cgroup out of memory: Kill process 25587 (syz-executor1) score 161 or sacrifice child 03:05:01 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x3f00000000000000]}, 0x6) 03:05:01 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x3075]}, 0x6) 03:05:01 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x0, 0x4002000000000000]}, 0x6) 03:05:01 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x1400]}, 0x6) 03:05:01 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xf401000000000000]}, 0x6) 03:05:01 executing program 5: r0 = socket$inet6(0xa, 0x80003, 0x5) r1 = socket(0x200000000000011, 0x3, 0x0) socket$packet(0x11, 0x0, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'syz_tun\x00', 0x0}) bind$packet(r1, &(0x7f0000000000)={0x11, 0x400000000000003, r2}, 0x14) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") syz_emit_ethernet(0x66, &(0x7f0000000080)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "06f526", 0x30, 0x3a, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}, @mcast2, {[], @icmpv6=@pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "0a07ec", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}, @ipv4={[0xf5ffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [], @dev}}}}}}}}, &(0x7f0000000000)) [ 668.382763] Killed process 25587 (syz-executor1) total-vm:70604kB, anon-rss:108kB, file-rss:32768kB, shmem-rss:0kB [ 668.393970] oom_reaper: reaped process 25587 (syz-executor1), now anon-rss:0kB, file-rss:32000kB, shmem-rss:0kB 03:05:01 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x0, 0x40020000]}, 0x6) [ 668.484945] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 668.496311] syz-executor1 cpuset=syz1 mems_allowed=0 [ 668.502473] CPU: 1 PID: 25639 Comm: syz-executor1 Not tainted 4.19.0-rc6+ #265 [ 668.509856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 668.519214] Call Trace: [ 668.521815] dump_stack+0x1c4/0x2b4 [ 668.525463] ? dump_stack_print_info.cold.2+0x52/0x52 [ 668.530674] ? mark_held_locks+0x130/0x130 [ 668.534920] ? mark_held_locks+0x130/0x130 [ 668.539179] dump_header+0x27b/0xf72 [ 668.542917] ? pagefault_out_of_memory+0x197/0x197 [ 668.547860] ? check_preemption_disabled+0x48/0x200 [ 668.552889] ? check_preemption_disabled+0x48/0x200 [ 668.557926] ? graph_lock+0x170/0x170 [ 668.561745] ? graph_lock+0x170/0x170 [ 668.565559] ? print_usage_bug+0xc0/0xc0 [ 668.569634] ? find_held_lock+0x36/0x1c0 [ 668.573714] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 668.579264] ? find_held_lock+0x36/0x1c0 03:05:01 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x0, 0x4002]}, 0x6) [ 668.583340] ? mark_held_locks+0xc7/0x130 [ 668.587502] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 668.592615] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 668.597723] ? lockdep_hardirqs_on+0x421/0x5c0 [ 668.597741] ? trace_hardirqs_on+0xbd/0x310 [ 668.597754] ? kasan_check_read+0x11/0x20 [ 668.597770] ? ___ratelimit+0x36f/0x655 [ 668.597788] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 668.597806] ? trace_hardirqs_on+0x310/0x310 [ 668.624641] ? lock_downgrade+0x900/0x900 [ 668.628810] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 03:05:01 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0xffffffff00000000]}, 0x6) 03:05:01 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0xf401000000000000]}, 0x6) [ 668.633923] ? ___ratelimit+0xaa/0x655 [ 668.637824] ? idr_get_free+0xec0/0xec0 [ 668.641806] ? kasan_check_write+0x14/0x20 [ 668.646053] ? do_raw_spin_lock+0xc1/0x200 [ 668.646078] oom_kill_process.cold.27+0x10/0x903 [ 668.646095] ? kasan_check_write+0x14/0x20 [ 668.659296] ? do_raw_spin_lock+0xc1/0x200 [ 668.663549] ? oom_evaluate_task+0x540/0x540 [ 668.667969] ? cgroup_procs_next+0x70/0x70 [ 668.667989] ? _raw_spin_unlock_irq+0x60/0x80 [ 668.668004] ? oom_badness+0xaa0/0xaa0 [ 668.668024] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 668.668043] ? mem_cgroup_iter_break+0x30/0x30 [ 668.685394] ? mark_held_locks+0xc7/0x130 [ 668.685417] out_of_memory+0xa84/0x1430 [ 668.698103] ? lockdep_hardirqs_on+0x421/0x5c0 [ 668.698121] ? kasan_check_read+0x11/0x20 [ 668.698151] ? oom_killer_disable+0x3a0/0x3a0 [ 668.698167] ? kasan_check_write+0x14/0x20 [ 668.698188] ? do_raw_spin_lock+0xc1/0x200 [ 668.719858] mem_cgroup_out_of_memory+0x15e/0x210 [ 668.724961] ? memcg_memory_event+0x40/0x40 [ 668.729296] ? mem_cgroup_charge_skmem+0x1e4/0x390 03:05:01 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0xa00000000000000]}, 0x6) [ 668.734241] ? page_counter_try_charge+0x1c1/0x220 [ 668.739193] try_charge+0xc43/0x1690 [ 668.742931] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 668.748994] ? tcp_sendmsg+0x2f/0x50 [ 668.752714] ? sock_sendmsg+0xd5/0x120 [ 668.756610] ? __sys_sendto+0x3d7/0x670 [ 668.760592] ? __x64_sys_sendto+0xe1/0x1a0 [ 668.764842] ? do_syscall_64+0x1b9/0x820 [ 668.768917] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 668.774289] ? graph_lock+0x170/0x170 [ 668.774311] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 668.774331] ? check_preemption_disabled+0x48/0x200 [ 668.774347] ? check_preemption_disabled+0x48/0x200 [ 668.774371] ? mark_held_locks+0xc7/0x130 [ 668.793704] ? __lock_is_held+0xb5/0x140 [ 668.793723] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 668.793740] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 668.793756] ? lockdep_hardirqs_on+0x421/0x5c0 [ 668.793778] ? __sk_mem_raise_allocated+0x642/0x1800 [ 668.821550] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 668.827018] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 03:05:01 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x14280000000000]}, 0x6) [ 668.832568] ? check_preemption_disabled+0x48/0x200 [ 668.837610] mem_cgroup_charge_skmem+0x1e4/0x390 [ 668.842385] ? mem_cgroup_sk_free+0x90/0x90 [ 668.846737] __sk_mem_raise_allocated+0x642/0x1800 [ 668.851698] ? sk_busy_loop_end+0x1c0/0x1c0 [ 668.856050] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 668.861081] ? skb_page_frag_refill+0x1eb/0x6a0 [ 668.865766] ? sock_kzfree_s+0x60/0x60 [ 668.869669] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 668.874728] ? sk_stream_alloc_skb+0x34b/0x970 [ 668.879328] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 668.884874] ? skb_entail+0x618/0x8c0 [ 668.884893] ? tcp_rate_check_app_limited+0x121/0x460 [ 668.884911] ? tcp_splice_data_recv+0x1b0/0x1b0 [ 668.884934] __sk_mem_schedule+0x6d/0xe0 [ 668.884949] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 668.884972] tcp_sendmsg_locked+0x1c86/0x3f00 [ 668.893969] ? tcp_sendpage+0x60/0x60 [ 668.893991] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 668.894006] ? aa_label_sk_perm+0x46d/0x8e0 [ 668.894031] ? find_held_lock+0x36/0x1c0 [ 668.930523] ? mark_held_locks+0xc7/0x130 [ 668.934703] ? __local_bh_enable_ip+0x160/0x260 [ 668.939388] ? __local_bh_enable_ip+0x160/0x260 [ 668.944080] ? trace_hardirqs_on+0xbd/0x310 [ 668.948419] ? lock_release+0x970/0x970 [ 668.952406] ? lock_sock_nested+0xe2/0x120 [ 668.956658] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 668.962134] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 668.967703] ? check_preemption_disabled+0x48/0x200 [ 668.972729] ? lock_sock_nested+0x9a/0x120 [ 668.976976] ? lock_sock_nested+0x9a/0x120 [ 668.981231] ? __local_bh_enable_ip+0x160/0x260 [ 668.985919] tcp_sendmsg+0x2f/0x50 [ 668.989476] inet_sendmsg+0x1a1/0x690 [ 668.993290] ? ipip_gro_receive+0x100/0x100 [ 668.997626] ? apparmor_socket_sendmsg+0x29/0x30 [ 669.002393] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 669.007936] ? security_socket_sendmsg+0x94/0xc0 [ 669.007953] ? ipip_gro_receive+0x100/0x100 [ 669.007971] sock_sendmsg+0xd5/0x120 [ 669.007989] __sys_sendto+0x3d7/0x670 [ 669.008009] ? __ia32_sys_getpeername+0xb0/0xb0 [ 669.008031] ? lock_release+0x970/0x970 [ 669.033216] ? arch_local_save_flags+0x40/0x40 [ 669.037815] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 669.043276] ? aa_af_perm+0x5a0/0x5a0 [ 669.047113] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 669.052681] ? put_timespec64+0x10f/0x1b0 [ 669.056841] ? nsecs_to_jiffies+0x30/0x30 [ 669.061005] ? do_syscall_64+0x9a/0x820 [ 669.064991] ? do_syscall_64+0x9a/0x820 [ 669.068981] ? lockdep_hardirqs_on+0x421/0x5c0 [ 669.073576] ? trace_hardirqs_on+0xbd/0x310 [ 669.077911] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 669.083458] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 669.088836] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 669.094309] __x64_sys_sendto+0xe1/0x1a0 [ 669.098397] do_syscall_64+0x1b9/0x820 [ 669.102298] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 669.107695] ? syscall_return_slowpath+0x5e0/0x5e0 [ 669.112613] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 669.117444] ? trace_hardirqs_on_caller+0x310/0x310 [ 669.122449] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 669.127468] ? prepare_exit_to_usermode+0x291/0x3b0 [ 669.132476] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 669.137326] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 669.142514] RIP: 0033:0x457579 [ 669.145695] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 669.164586] RSP: 002b:00007f2ad8052c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 669.172298] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457579 [ 669.179570] RDX: fffffffffffffe4e RSI: 0000000020000000 RDI: 0000000000000003 [ 669.186822] RBP: 000000000072bf00 R08: 00000000200000c0 R09: 0000000000000006 [ 669.194080] R10: 00000000000000c0 R11: 0000000000000246 R12: 00007f2ad80536d4 [ 669.201358] R13: 00000000004c3929 R14: 00000000004d57c0 R15: 00000000ffffffff [ 669.210436] Task in /syz1 killed as a result of limit of /syz1 [ 669.216537] memory: usage 204796kB, limit 204800kB, failcnt 3589 [ 669.222849] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 669.229724] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 669.235870] Memory cgroup stats for /syz1: cache:224KB rss:76KB rss_huge:0KB shmem:224KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:156KB inactive_file:0KB active_file:0KB unevictable:0KB [ 669.265588] Memory cgroup out of memory: Kill process 25637 (syz-executor1) score 161 or sacrifice child [ 669.275325] Killed process 25637 (syz-executor1) total-vm:70340kB, anon-rss:108kB, file-rss:32768kB, shmem-rss:0kB 03:05:02 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x1000000000000000]}, 0x6) 03:05:02 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x40000000]}, 0x6) 03:05:02 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x0, 0xc02]}, 0x6) 03:05:02 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0xa000000]}, 0x6) [ 669.286693] oom_reaper: reaped process 25637 (syz-executor1), now anon-rss:0kB, file-rss:32720kB, shmem-rss:0kB [ 669.297129] syz-executor3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=2, oom_score_adj=0 [ 669.308563] syz-executor3 cpuset=syz3 mems_allowed=0 [ 669.332907] CPU: 1 PID: 25635 Comm: syz-executor3 Not tainted 4.19.0-rc6+ #265 [ 669.340285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 669.349727] Call Trace: [ 669.352337] dump_stack+0x1c4/0x2b4 [ 669.356021] ? dump_stack_print_info.cold.2+0x52/0x52 [ 669.361241] ? mark_held_locks+0x130/0x130 [ 669.365473] ? mark_held_locks+0x130/0x130 [ 669.369714] dump_header+0x27b/0xf72 [ 669.373436] ? pagefault_out_of_memory+0x197/0x197 [ 669.378371] ? check_preemption_disabled+0x48/0x200 [ 669.383407] ? check_preemption_disabled+0x48/0x200 [ 669.388452] ? graph_lock+0x170/0x170 [ 669.392274] ? graph_lock+0x170/0x170 [ 669.396118] ? print_usage_bug+0xc0/0xc0 [ 669.400248] ? find_held_lock+0x36/0x1c0 [ 669.404329] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 669.409887] ? find_held_lock+0x36/0x1c0 [ 669.413963] ? mark_held_locks+0xc7/0x130 [ 669.418124] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 669.423241] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 669.428353] ? lockdep_hardirqs_on+0x421/0x5c0 [ 669.432954] ? trace_hardirqs_on+0xbd/0x310 [ 669.437280] ? kasan_check_read+0x11/0x20 [ 669.441444] ? ___ratelimit+0x36f/0x655 [ 669.445425] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 669.450878] ? trace_hardirqs_on+0x310/0x310 [ 669.450895] ? lock_downgrade+0x900/0x900 [ 669.450916] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 669.450932] ? ___ratelimit+0xaa/0x655 [ 669.450950] ? idr_get_free+0xec0/0xec0 [ 669.472420] ? kasan_check_write+0x14/0x20 [ 669.476686] ? do_raw_spin_lock+0xc1/0x200 [ 669.480954] oom_kill_process.cold.27+0x10/0x903 [ 669.485723] ? kasan_check_write+0x14/0x20 [ 669.489972] ? do_raw_spin_lock+0xc1/0x200 [ 669.494224] ? oom_evaluate_task+0x540/0x540 [ 669.498694] ? cgroup_procs_next+0x70/0x70 [ 669.502958] ? _raw_spin_unlock_irq+0x60/0x80 [ 669.507465] ? oom_badness+0xaa0/0xaa0 [ 669.511373] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 669.516154] ? mem_cgroup_iter_break+0x30/0x30 [ 669.520771] ? mark_held_locks+0xc7/0x130 [ 669.524949] out_of_memory+0xa84/0x1430 [ 669.528936] ? lockdep_hardirqs_on+0x421/0x5c0 [ 669.533531] ? kasan_check_read+0x11/0x20 [ 669.537715] ? oom_killer_disable+0x3a0/0x3a0 [ 669.542222] ? kasan_check_write+0x14/0x20 [ 669.546470] ? do_raw_spin_lock+0xc1/0x200 [ 669.550733] mem_cgroup_out_of_memory+0x15e/0x210 [ 669.555577] ? memcg_memory_event+0x40/0x40 [ 669.559883] ? mem_cgroup_charge_skmem+0x1e4/0x390 [ 669.564806] ? page_counter_try_charge+0x1c1/0x220 [ 669.569722] try_charge+0xc43/0x1690 [ 669.573428] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 669.579481] ? tcp_sendmsg+0x2f/0x50 [ 669.583183] ? sock_sendmsg+0xd5/0x120 [ 669.587064] ? __sys_sendto+0x3d7/0x670 [ 669.591036] ? graph_lock+0x170/0x170 [ 669.594838] ? graph_lock+0x170/0x170 [ 669.598629] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 669.604163] ? check_preemption_disabled+0x48/0x200 [ 669.609172] ? check_preemption_disabled+0x48/0x200 [ 669.614197] ? mark_held_locks+0xc7/0x130 [ 669.618341] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 669.623258] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 669.628178] ? lockdep_hardirqs_on+0x421/0x5c0 [ 669.632750] ? rcu_read_lock_sched_held+0x108/0x120 [ 669.637756] ? __sk_mem_raise_allocated+0x642/0x1800 [ 669.642849] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 669.648308] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 669.653834] ? check_preemption_disabled+0x48/0x200 [ 669.658839] mem_cgroup_charge_skmem+0x1e4/0x390 [ 669.663588] ? mem_cgroup_sk_free+0x90/0x90 [ 669.667905] __sk_mem_raise_allocated+0x642/0x1800 [ 669.672827] ? sk_busy_loop_end+0x1c0/0x1c0 [ 669.677157] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 669.682695] ? alloc_pages_current+0x114/0x210 [ 669.687266] ? skb_page_frag_refill+0x1eb/0x6a0 [ 669.691937] ? sock_kzfree_s+0x60/0x60 [ 669.695826] ? _copy_from_iter_full+0x2b3/0xd20 [ 669.700481] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 669.706021] ? tcp_rate_check_app_limited+0x121/0x460 [ 669.711229] ? iov_iter_advance+0x1460/0x1460 [ 669.715727] __sk_mem_schedule+0x6d/0xe0 [ 669.719802] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 669.725330] tcp_sendmsg_locked+0x1c86/0x3f00 [ 669.729825] ? tcp_sendpage+0x60/0x60 [ 669.733615] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 669.739160] ? aa_label_sk_perm+0x46d/0x8e0 [ 669.743487] ? find_held_lock+0x36/0x1c0 [ 669.747536] ? mark_held_locks+0xc7/0x130 [ 669.751679] ? __local_bh_enable_ip+0x160/0x260 [ 669.756343] ? __local_bh_enable_ip+0x160/0x260 [ 669.761001] ? trace_hardirqs_on+0xbd/0x310 [ 669.765308] ? lock_release+0x970/0x970 [ 669.769267] ? lock_sock_nested+0xe2/0x120 [ 669.773491] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 669.778926] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 669.784451] ? check_preemption_disabled+0x48/0x200 [ 669.789454] ? lock_sock_nested+0x9a/0x120 [ 669.793679] ? lock_sock_nested+0x9a/0x120 [ 669.797913] ? __local_bh_enable_ip+0x160/0x260 [ 669.802606] tcp_sendmsg+0x2f/0x50 [ 669.806189] inet_sendmsg+0x1a1/0x690 [ 669.809978] ? ipip_gro_receive+0x100/0x100 [ 669.814296] ? apparmor_socket_sendmsg+0x29/0x30 [ 669.819058] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 669.824585] ? security_socket_sendmsg+0x94/0xc0 [ 669.829327] ? ipip_gro_receive+0x100/0x100 [ 669.833635] sock_sendmsg+0xd5/0x120 [ 669.837336] __sys_sendto+0x3d7/0x670 [ 669.841125] ? __ia32_sys_getpeername+0xb0/0xb0 [ 669.845795] ? lock_release+0x970/0x970 [ 669.849765] ? arch_local_save_flags+0x40/0x40 [ 669.854336] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 669.859774] ? aa_af_perm+0x5a0/0x5a0 [ 669.863573] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 669.869096] ? put_timespec64+0x10f/0x1b0 [ 669.873228] ? nsecs_to_jiffies+0x30/0x30 [ 669.877379] ? do_syscall_64+0x9a/0x820 [ 669.881354] ? do_syscall_64+0x9a/0x820 [ 669.885312] ? lockdep_hardirqs_on+0x421/0x5c0 [ 669.889884] ? trace_hardirqs_on+0xbd/0x310 [ 669.894199] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 669.899734] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 669.905086] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 669.910526] __x64_sys_sendto+0xe1/0x1a0 [ 669.914579] do_syscall_64+0x1b9/0x820 [ 669.918454] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 669.923804] ? syscall_return_slowpath+0x5e0/0x5e0 [ 669.928718] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 669.933549] ? trace_hardirqs_on_caller+0x310/0x310 [ 669.938568] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 669.943581] ? prepare_exit_to_usermode+0x291/0x3b0 [ 669.948593] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 669.953443] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 669.958618] RIP: 0033:0x457579 [ 669.961797] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 669.980687] RSP: 002b:00007f7e36aa9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 669.988380] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457579 [ 669.995632] RDX: fffffffffffffe4e RSI: 0000000020000000 RDI: 0000000000000003 [ 670.002890] RBP: 000000000072bf00 R08: 00000000200000c0 R09: 0000000000000006 [ 670.010170] R10: 00000000000000c0 R11: 0000000000000246 R12: 00007f7e36aaa6d4 [ 670.017424] R13: 00000000004c3929 R14: 00000000004d57c0 R15: 00000000ffffffff [ 670.028496] Task in /syz3 killed as a result of limit of /syz3 [ 670.034917] memory: usage 204796kB, limit 204800kB, failcnt 2804 [ 670.041567] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 670.048394] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 670.054544] Memory cgroup stats for /syz3: cache:0KB rss:2292KB rss_huge:2048KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2212KB inactive_file:0KB active_file:0KB unevictable:0KB [ 670.075826] Memory cgroup out of memory: Kill process 25634 (syz-executor3) score 171 or sacrifice child 03:05:02 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xebf8ffff00000000]}, 0x6) 03:05:02 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @multicast1}, 0x10) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000001c0)='vcan0\x00', 0x10) r2 = dup(r0) sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)={0x2, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, [@sadb_spirange={0x2, 0x10, 0x4d4, 0x4d2}, @sadb_x_policy={0x8, 0x12, 0x2, 0x0, 0x0, 0x0, 0x4, {0x6, 0x3f, 0x0, 0x40, 0x0, 0xfffffffffffffff8, 0x0, @in6=@ipv4, @in6=@loopback}}, @sadb_spirange={0x2}]}, 0x70}}, 0x800) sendto$inet(r0, &(0x7f00006d1fd4)="db", 0x1, 0x4000010, &(0x7f00004daff0)={0x2, 0x0, @loopback}, 0x10) write(r0, &(0x7f0000000980)="1acbcb75ce3c3dc9edabb5a2e6b48b07bcbefcc1a1f84f9488393825b2026eb6fbccd36bf4d163948b6d551f19be4b8e54455dab3f89ab8b06a9c2a76fea14feb16945b43c8c69", 0x47) 03:05:02 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x2e000000]}, 0x6) 03:05:02 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x7000000]}, 0x6) 03:05:02 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20c]}, 0x6) [ 670.087214] Killed process 25634 (syz-executor3) total-vm:70472kB, anon-rss:2156kB, file-rss:32768kB, shmem-rss:0kB [ 670.099036] oom_reaper: reaped process 25634 (syz-executor3), now anon-rss:0kB, file-rss:32000kB, shmem-rss:0kB [ 670.109441] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=-1000 [ 670.121236] syz-executor1 cpuset=syz1 mems_allowed=0 [ 670.126469] CPU: 0 PID: 25673 Comm: syz-executor1 Not tainted 4.19.0-rc6+ #265 [ 670.133845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 670.143218] Call Trace: [ 670.145815] dump_stack+0x1c4/0x2b4 [ 670.149455] ? dump_stack_print_info.cold.2+0x52/0x52 [ 670.154671] dump_header+0x27b/0xf72 [ 670.158407] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 670.164250] ? kasan_check_read+0x11/0x20 [ 670.168420] ? pagefault_out_of_memory+0x197/0x197 [ 670.173370] ? rcu_read_unlock+0x33/0x60 [ 670.177442] ? mem_cgroup_iter+0x514/0x1160 [ 670.181800] ? find_held_lock+0x36/0x1c0 03:05:02 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x3075]}, 0x6) [ 670.185873] ? mem_cgroup_nr_lru_pages+0x80/0x80 [ 670.190638] ? mark_held_locks+0xc7/0x130 [ 670.194798] ? _raw_spin_unlock_irq+0x27/0x80 [ 670.199300] ? _raw_spin_unlock_irq+0x27/0x80 [ 670.203804] ? lockdep_hardirqs_on+0x421/0x5c0 [ 670.208401] ? trace_hardirqs_on+0xbd/0x310 [ 670.212731] ? kasan_check_read+0x11/0x20 [ 670.216890] ? css_task_iter_end+0x222/0x490 [ 670.221315] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 670.226776] ? kasan_check_write+0x14/0x20 [ 670.231034] ? do_raw_spin_lock+0xc1/0x200 03:05:03 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x40020000]}, 0x6) [ 670.235286] ? _raw_spin_unlock_irq+0x60/0x80 [ 670.239793] ? css_task_iter_end+0x2ce/0x490 [ 670.244215] ? cgroup_procs_next+0x70/0x70 [ 670.248479] ? _raw_spin_unlock_irq+0x60/0x80 [ 670.252991] ? oom_badness+0xaa0/0xaa0 [ 670.256891] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 670.261666] ? mem_cgroup_iter_break+0x30/0x30 [ 670.266274] ? mark_held_locks+0xc7/0x130 [ 670.270436] out_of_memory.cold.30+0xf/0x184 [ 670.274857] ? lockdep_hardirqs_on+0x421/0x5c0 [ 670.279451] ? kasan_check_read+0x11/0x20 [ 670.283632] ? oom_killer_disable+0x3a0/0x3a0 03:05:03 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x6aa7]}, 0x6) [ 670.288152] ? kasan_check_write+0x14/0x20 [ 670.292403] ? do_raw_spin_lock+0xc1/0x200 [ 670.296660] mem_cgroup_out_of_memory+0x15e/0x210 [ 670.301512] ? memcg_memory_event+0x40/0x40 [ 670.305837] ? mem_cgroup_try_charge+0x5ea/0xe10 [ 670.310611] ? page_counter_try_charge+0x1c1/0x220 [ 670.315553] try_charge+0xc43/0x1690 [ 670.319293] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 670.325366] ? get_mem_cgroup_from_mm+0x1e9/0x440 [ 670.330221] ? lock_downgrade+0x900/0x900 [ 670.334380] ? check_preemption_disabled+0x48/0x200 [ 670.339548] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 670.345356] ? kasan_check_read+0x11/0x20 [ 670.349514] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 670.354804] ? rcu_bh_qs+0xc0/0xc0 [ 670.358368] ? get_mem_cgroup_from_mm+0x206/0x440 [ 670.363227] ? mem_cgroup_can_attach+0x580/0x580 [ 670.368000] ? __lock_is_held+0xb5/0x140 [ 670.372083] mem_cgroup_try_charge+0x5ea/0xe10 [ 670.376689] ? mem_cgroup_protected+0xa60/0xa60 [ 670.381371] ? swp_swapcount+0x530/0x530 [ 670.385461] ? find_get_pages_range_tag+0x1320/0x1320 [ 670.390679] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 670.396237] mem_cgroup_try_charge_delay+0x1d/0xa0 [ 670.401193] wp_page_copy+0x46c/0x14f0 [ 670.405098] ? follow_pfn+0x2e0/0x2e0 [ 670.408913] ? do_wp_page+0x76c/0x1390 [ 670.412814] ? lock_downgrade+0x900/0x900 [ 670.416970] ? kasan_check_write+0x14/0x20 [ 670.421215] ? kasan_check_read+0x11/0x20 [ 670.425375] ? do_raw_spin_unlock+0xa7/0x2f0 [ 670.429796] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 670.434389] ? __pte_alloc_kernel+0x220/0x220 [ 670.438886] ? __lock_acquire+0x7ec/0x4ec0 [ 670.443149] do_wp_page+0x774/0x1390 [ 670.446881] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 670.446900] ? lock_downgrade+0x900/0x900 [ 670.446930] ? trace_hardirqs_on+0xbd/0x310 [ 670.446963] ? lock_release+0x970/0x970 [ 670.446992] ? kasan_check_read+0x11/0x20 [ 670.447023] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 670.447039] ? kasan_check_write+0x14/0x20 [ 670.447056] ? do_raw_spin_lock+0xc1/0x200 [ 670.455894] __handle_mm_fault+0x2c60/0x53e0 [ 670.468342] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 670.468359] ? graph_lock+0x170/0x170 [ 670.468376] ? check_preemption_disabled+0x48/0x200 [ 670.468394] ? print_usage_bug+0xc0/0xc0 [ 670.478153] ? graph_lock+0x170/0x170 [ 670.478175] ? graph_lock+0x170/0x170 [ 670.478210] ? handle_mm_fault+0x42a/0xc70 [ 670.478226] ? lock_downgrade+0x900/0x900 [ 670.478241] ? check_preemption_disabled+0x48/0x200 [ 670.478261] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 670.491701] ? kasan_check_read+0x11/0x20 [ 670.491719] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 670.491736] ? rcu_bh_qs+0xc0/0xc0 [ 670.491750] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 670.491770] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 670.500565] ? check_preemption_disabled+0x48/0x200 [ 670.500589] handle_mm_fault+0x54f/0xc70 [ 670.500609] ? __handle_mm_fault+0x53e0/0x53e0 [ 670.500626] ? find_vma+0x34/0x190 [ 670.500663] __do_page_fault+0x67d/0xed0 [ 670.576548] ? mm_fault_error+0x380/0x380 [ 670.580732] ? trace_hardirqs_on+0x310/0x310 [ 670.585159] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 670.590529] ? trace_hardirqs_on+0x310/0x310 [ 670.594923] do_page_fault+0xf2/0x7e0 [ 670.598736] ? vmalloc_sync_all+0x30/0x30 [ 670.602883] ? error_entry+0x70/0xd0 [ 670.606595] ? trace_hardirqs_off_caller+0xbb/0x310 [ 670.611635] ? trace_hardirqs_on_caller+0xc0/0x310 [ 670.616550] ? syscall_return_slowpath+0x5e0/0x5e0 [ 670.621464] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 670.626289] ? trace_hardirqs_on_caller+0x310/0x310 [ 670.631291] ? trace_hardirqs_off+0x310/0x310 [ 670.635774] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 670.641299] ? prepare_exit_to_usermode+0x291/0x3b0 [ 670.646311] ? page_fault+0x8/0x30 [ 670.649861] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 670.654708] ? page_fault+0x8/0x30 [ 670.658232] page_fault+0x1e/0x30 [ 670.661687] RIP: 0033:0x40d4c8 [ 670.664863] Code: 48 8b 05 f3 e9 2f 00 48 89 08 48 8b 15 f1 e9 2f 00 48 89 42 08 48 8b 05 d6 e9 2f 00 48 89 05 df e9 2f 00 49 8d 81 c0 02 00 00 <48> 89 05 81 2b 63 00 49 8b 89 c8 02 00 00 49 8b 91 c0 02 00 00 48 [ 670.683797] RSP: 002b:0000000000a3fd48 EFLAGS: 00010246 [ 670.689157] RAX: 0000000000d54c00 RBX: 0000000000a3fd50 RCX: 000000000070bea0 [ 670.696420] RDX: 000000000040d300 RSI: 000000000070be90 RDI: 0000000000d54c20 [ 670.703682] RBP: 0000000000a3fd90 R08: 0000000000000001 R09: 0000000000d54940 [ 670.710946] R10: 0000000000d54c10 R11: 0000000000000202 R12: 0000000000000001 [ 670.718233] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000001 [ 670.730594] Memory limit reached of cgroup /syz1 [ 670.736265] memory: usage 204672kB, limit 204800kB, failcnt 3609 [ 670.742529] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 670.749332] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 670.755470] Memory cgroup stats for /syz1: cache:224KB rss:76KB rss_huge:0KB shmem:224KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:88KB inactive_file:0KB active_file:0KB unevictable:0KB [ 670.775683] Out of memory and no killable processes... [ 670.781483] syz-executor3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=0 [ 670.794221] syz-executor3 cpuset=syz3 mems_allowed=0 [ 670.799994] CPU: 1 PID: 25683 Comm: syz-executor3 Not tainted 4.19.0-rc6+ #265 [ 670.807360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 670.816695] Call Trace: [ 670.819272] dump_stack+0x1c4/0x2b4 [ 670.822891] ? dump_stack_print_info.cold.2+0x52/0x52 [ 670.828086] dump_header+0x27b/0xf72 [ 670.831804] ? mark_held_locks+0x130/0x130 [ 670.836031] ? pagefault_out_of_memory+0x197/0x197 [ 670.840974] ? check_preemption_disabled+0x48/0x200 [ 670.846013] ? check_preemption_disabled+0x48/0x200 [ 670.851046] ? graph_lock+0x170/0x170 [ 670.854834] ? graph_lock+0x170/0x170 [ 670.858621] ? print_usage_bug+0xc0/0xc0 [ 670.862706] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 670.868302] ? find_held_lock+0x36/0x1c0 [ 670.872354] ? mark_held_locks+0xc7/0x130 [ 670.876488] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 670.881576] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 670.886669] ? lockdep_hardirqs_on+0x421/0x5c0 [ 670.891241] ? trace_hardirqs_on+0xbd/0x310 [ 670.895545] ? kasan_check_read+0x11/0x20 [ 670.899682] ? ___ratelimit+0x36f/0x655 [ 670.903643] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 670.909094] ? trace_hardirqs_on+0x310/0x310 [ 670.913502] ? lock_downgrade+0x900/0x900 [ 670.917642] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 670.922740] ? ___ratelimit+0xaa/0x655 [ 670.926624] ? idr_get_free+0xec0/0xec0 [ 670.930583] ? kasan_check_write+0x14/0x20 [ 670.934803] ? do_raw_spin_lock+0xc1/0x200 [ 670.939040] oom_kill_process.cold.27+0x10/0x903 [ 670.943796] ? kasan_check_write+0x14/0x20 [ 670.948018] ? do_raw_spin_lock+0xc1/0x200 [ 670.952244] ? oom_evaluate_task+0x540/0x540 [ 670.956643] ? cgroup_procs_next+0x70/0x70 [ 670.960868] ? _raw_spin_unlock_irq+0x60/0x80 [ 670.965350] ? oom_badness+0xaa0/0xaa0 [ 670.969232] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 670.973990] ? mem_cgroup_iter_break+0x30/0x30 [ 670.978567] ? cgroup_file_notify+0x226/0x2f0 [ 670.983050] out_of_memory+0xa84/0x1430 [ 670.987029] ? lockdep_hardirqs_on+0x421/0x5c0 [ 670.991606] ? kasan_check_read+0x11/0x20 [ 670.995740] ? oom_killer_disable+0x3a0/0x3a0 [ 671.000236] ? kasan_check_write+0x14/0x20 [ 671.004558] ? do_raw_spin_lock+0xc1/0x200 [ 671.008796] mem_cgroup_out_of_memory+0x15e/0x210 [ 671.013636] ? memcg_memory_event+0x40/0x40 [ 671.017952] ? memcg_kmem_charge_memcg+0x7c/0x120 [ 671.022803] ? page_counter_try_charge+0x1c1/0x220 [ 671.027737] try_charge+0xc43/0x1690 [ 671.031437] ? lock_downgrade+0x900/0x900 [ 671.035574] ? check_preemption_disabled+0x48/0x200 [ 671.040593] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 671.046684] ? find_held_lock+0x36/0x1c0 [ 671.050755] ? get_mem_cgroup_from_mm+0x1e9/0x440 [ 671.055601] ? lock_downgrade+0x900/0x900 [ 671.059753] ? check_preemption_disabled+0x48/0x200 [ 671.064780] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 671.070572] ? kasan_check_read+0x11/0x20 [ 671.074706] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 671.079978] ? rcu_bh_qs+0xc0/0xc0 [ 671.083517] ? get_mem_cgroup_from_mm+0x206/0x440 [ 671.088353] memcg_kmem_charge_memcg+0x7c/0x120 [ 671.093007] ? memcg_kmem_put_cache+0xb0/0xb0 [ 671.097486] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 671.102839] memcg_kmem_charge+0x135/0x300 [ 671.107064] __alloc_pages_nodemask+0x72e/0xde0 [ 671.111741] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 671.117011] ? lock_downgrade+0x900/0x900 [ 671.121178] ? __alloc_pages_slowpath+0x2d80/0x2d80 [ 671.126180] ? check_preemption_disabled+0x48/0x200 [ 671.131191] ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0 [ 671.136712] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 671.141980] ? percpu_ref_put_many+0x13e/0x260 [ 671.146555] ? rcu_pm_notify+0xc0/0xc0 [ 671.150433] ? copy_process+0x1ff4/0x8780 [ 671.154566] ? rcu_read_lock_sched_held+0x108/0x120 [ 671.159570] ? kmem_cache_alloc_node+0x349/0x730 [ 671.164349] ? kasan_check_write+0x14/0x20 [ 671.168569] ? do_raw_spin_lock+0xc1/0x200 [ 671.172793] copy_process+0xa09/0x8780 [ 671.176672] ? print_usage_bug+0xc0/0xc0 [ 671.180717] ? __lock_acquire+0x7ec/0x4ec0 [ 671.184937] ? __lock_acquire+0x7ec/0x4ec0 [ 671.189173] ? print_usage_bug+0xc0/0xc0 [ 671.193225] ? __cleanup_sighand+0x70/0x70 [ 671.197465] ? mark_held_locks+0x130/0x130 [ 671.201699] ? print_usage_bug+0xc0/0xc0 [ 671.205748] ? print_usage_bug+0xc0/0xc0 [ 671.209807] ? mark_held_locks+0x130/0x130 [ 671.214041] ? __lock_acquire+0x7ec/0x4ec0 [ 671.218267] ? __lock_acquire+0x7ec/0x4ec0 [ 671.222489] ? graph_lock+0x170/0x170 [ 671.226275] ? check_preemption_disabled+0x48/0x200 [ 671.231284] ? check_preemption_disabled+0x48/0x200 [ 671.236406] ? mark_held_locks+0x130/0x130 [ 671.240624] ? print_usage_bug+0xc0/0xc0 [ 671.244686] ? find_held_lock+0x36/0x1c0 [ 671.248752] ? find_held_lock+0x36/0x1c0 [ 671.252816] ? print_usage_bug+0xc0/0xc0 [ 671.256862] ? __lock_acquire+0x7ec/0x4ec0 [ 671.261098] ? lock_downgrade+0x900/0x900 [ 671.265245] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 671.270784] ? check_preemption_disabled+0x48/0x200 [ 671.275801] ? check_preemption_disabled+0x48/0x200 [ 671.280809] ? __lock_acquire+0x7ec/0x4ec0 [ 671.285041] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 671.290569] ? mark_held_locks+0x130/0x130 [ 671.294792] ? rcu_read_unlock+0x16/0x60 [ 671.298852] ? lock_downgrade+0x900/0x900 [ 671.302999] ? check_preemption_disabled+0x48/0x200 [ 671.308019] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 671.313817] ? kasan_check_read+0x11/0x20 [ 671.317959] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 671.323222] ? graph_lock+0x170/0x170 [ 671.327018] ? rcu_read_unlock+0x33/0x60 [ 671.331066] ? find_held_lock+0x36/0x1c0 [ 671.335121] ? graph_lock+0x170/0x170 [ 671.338931] ? delayacct_end+0x25/0x100 [ 671.342903] ? lock_downgrade+0x900/0x900 [ 671.347050] ? ktime_get+0x352/0x440 [ 671.350763] ? print_usage_bug+0xc0/0xc0 [ 671.354863] ? find_held_lock+0x36/0x1c0 [ 671.358911] ? delayacct_end+0xc5/0x100 [ 671.362890] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 671.367979] ? __lock_acquire+0x7ec/0x4ec0 [ 671.372227] ? trace_hardirqs_on+0xbd/0x310 [ 671.376543] ? kasan_check_read+0x11/0x20 [ 671.380688] ? delayacct_end+0xc5/0x100 [ 671.384646] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 671.390135] ? mark_held_locks+0x130/0x130 [ 671.394367] ? delayacct_end+0x5a/0x100 [ 671.398339] ? __delayacct_freepages_end+0xe0/0x140 [ 671.403355] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 671.408895] ? do_try_to_free_pages+0xe68/0x1290 [ 671.413675] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 671.419205] ? check_preemption_disabled+0x48/0x200 [ 671.424217] ? check_preemption_disabled+0x48/0x200 [ 671.429251] ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0 [ 671.434772] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 671.440066] ? rcu_pm_notify+0xc0/0xc0 [ 671.443975] ? graph_lock+0x170/0x170 [ 671.447783] ? try_to_free_mem_cgroup_pages+0x58b/0xca0 [ 671.453159] _do_fork+0x1cb/0x11d0 [ 671.456695] ? fork_idle+0x1d0/0x1d0 [ 671.460399] ? percpu_ref_put_many+0x11c/0x260 [ 671.464964] ? lock_downgrade+0x900/0x900 [ 671.469100] ? check_preemption_disabled+0x48/0x200 [ 671.474126] ? kasan_check_read+0x11/0x20 [ 671.478287] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 671.483548] ? rcu_bh_qs+0xc0/0xc0 [ 671.487105] ? get_mem_cgroup_from_mm+0x206/0x440 [ 671.491960] ? do_syscall_64+0x9a/0x820 [ 671.495918] ? do_syscall_64+0x9a/0x820 [ 671.499907] ? lockdep_hardirqs_on+0x421/0x5c0 [ 671.504479] ? trace_hardirqs_on+0xbd/0x310 [ 671.508793] ? trace_hardirqs_on+0x310/0x310 [ 671.513187] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 671.518536] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 671.523999] __x64_sys_clone+0xbf/0x150 [ 671.527974] do_syscall_64+0x1b9/0x820 [ 671.531857] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 671.537234] ? syscall_return_slowpath+0x5e0/0x5e0 [ 671.542180] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 671.547052] ? trace_hardirqs_on_caller+0x310/0x310 [ 671.552057] ? prepare_exit_to_usermode+0x291/0x3b0 [ 671.557073] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 671.561915] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 671.567095] RIP: 0033:0x459f49 [ 671.570286] Code: ff 48 85 f6 0f 84 47 8a fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 1e 8a fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 671.589172] RSP: 002b:0000000000a3fac8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 671.596874] RAX: ffffffffffffffda RBX: 00007f7e36a89700 RCX: 0000000000459f49 [ 671.604150] RDX: 00007f7e36a899d0 RSI: 00007f7e36a88db0 RDI: 00000000003d0f00 [ 671.611408] RBP: 0000000000a3fcd0 R08: 00007f7e36a89700 R09: 00007f7e36a89700 [ 671.618673] R10: 00007f7e36a899d0 R11: 0000000000000202 R12: 0000000000000000 [ 671.625991] R13: 0000000000a3fb7f R14: 00007f7e36a899c0 R15: 0000000000000001 [ 671.636592] Task in /syz3 killed as a result of limit of /syz3 [ 671.649399] memory: usage 204596kB, limit 204800kB, failcnt 2816 [ 671.656482] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 671.664354] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 671.670664] Memory cgroup stats for /syz3: cache:0KB rss:2248KB rss_huge:2048KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2172KB inactive_file:0KB active_file:0KB unevictable:0KB [ 671.691354] Memory cgroup out of memory: Kill process 25683 (syz-executor3) score 171 or sacrifice child [ 671.701114] Killed process 25683 (syz-executor3) total-vm:70472kB, anon-rss:2156kB, file-rss:32768kB, shmem-rss:0kB [ 671.711968] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=3, oom_score_adj=0 [ 671.713160] oom_reaper: reaped process 25683 (syz-executor3), now anon-rss:0kB, file-rss:32064kB, shmem-rss:0kB [ 671.723173] syz-executor1 cpuset=syz1 mems_allowed=0 [ 671.744052] CPU: 1 PID: 25710 Comm: syz-executor1 Not tainted 4.19.0-rc6+ #265 [ 671.751431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 671.760765] Call Trace: [ 671.763340] dump_stack+0x1c4/0x2b4 [ 671.766969] ? dump_stack_print_info.cold.2+0x52/0x52 [ 671.772167] ? mark_held_locks+0x130/0x130 [ 671.776388] ? mark_held_locks+0x130/0x130 [ 671.780612] dump_header+0x27b/0xf72 [ 671.784314] ? pagefault_out_of_memory+0x197/0x197 [ 671.789232] ? check_preemption_disabled+0x48/0x200 [ 671.794230] ? check_preemption_disabled+0x48/0x200 [ 671.799251] ? graph_lock+0x170/0x170 [ 671.803038] ? graph_lock+0x170/0x170 [ 671.806819] ? print_usage_bug+0xc0/0xc0 [ 671.810866] ? find_held_lock+0x36/0x1c0 [ 671.814914] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 671.820439] ? find_held_lock+0x36/0x1c0 [ 671.824485] ? mark_held_locks+0xc7/0x130 [ 671.828634] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 671.833749] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 671.838866] ? lockdep_hardirqs_on+0x421/0x5c0 [ 671.843434] ? trace_hardirqs_on+0xbd/0x310 [ 671.847737] ? kasan_check_read+0x11/0x20 [ 671.851869] ? ___ratelimit+0x36f/0x655 [ 671.856019] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 671.861456] ? trace_hardirqs_on+0x310/0x310 [ 671.865846] ? lock_downgrade+0x900/0x900 [ 671.869980] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 671.875064] ? ___ratelimit+0xaa/0x655 [ 671.878938] ? idr_get_free+0xec0/0xec0 [ 671.882911] ? kasan_check_write+0x14/0x20 [ 671.887132] ? do_raw_spin_lock+0xc1/0x200 [ 671.891363] oom_kill_process.cold.27+0x10/0x903 [ 671.896117] ? kasan_check_write+0x14/0x20 [ 671.900356] ? do_raw_spin_lock+0xc1/0x200 [ 671.904582] ? oom_evaluate_task+0x540/0x540 [ 671.908980] ? cgroup_procs_next+0x70/0x70 [ 671.913198] ? _raw_spin_unlock_irq+0x60/0x80 [ 671.917686] ? oom_badness+0xaa0/0xaa0 [ 671.921558] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 671.926297] ? mem_cgroup_iter_break+0x30/0x30 [ 671.930873] ? mark_held_locks+0xc7/0x130 [ 671.935008] out_of_memory+0xa84/0x1430 [ 671.938965] ? lockdep_hardirqs_on+0x421/0x5c0 [ 671.943528] ? kasan_check_read+0x11/0x20 [ 671.947683] ? oom_killer_disable+0x3a0/0x3a0 [ 671.952165] ? kasan_check_write+0x14/0x20 [ 671.956383] ? do_raw_spin_lock+0xc1/0x200 [ 671.960607] mem_cgroup_out_of_memory+0x15e/0x210 [ 671.965443] ? memcg_memory_event+0x40/0x40 [ 671.969751] ? mem_cgroup_charge_skmem+0x1e4/0x390 [ 671.974670] ? page_counter_try_charge+0x1c1/0x220 [ 671.979587] try_charge+0xc43/0x1690 [ 671.983303] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 671.989345] ? tcp_sendmsg+0x2f/0x50 [ 671.993041] ? sock_sendmsg+0xd5/0x120 [ 671.996926] ? __sys_sendto+0x3d7/0x670 [ 672.000924] ? graph_lock+0x170/0x170 [ 672.004704] ? graph_lock+0x170/0x170 [ 672.008521] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 672.014058] ? check_preemption_disabled+0x48/0x200 [ 672.019072] ? check_preemption_disabled+0x48/0x200 [ 672.024075] ? mark_held_locks+0xc7/0x130 [ 672.028210] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 672.033124] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 672.038042] ? lockdep_hardirqs_on+0x421/0x5c0 [ 672.042610] ? rcu_read_lock_sched_held+0x108/0x120 [ 672.047614] ? __sk_mem_raise_allocated+0x642/0x1800 [ 672.052701] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 672.058138] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 672.063670] ? check_preemption_disabled+0x48/0x200 [ 672.068695] mem_cgroup_charge_skmem+0x1e4/0x390 [ 672.073436] ? mem_cgroup_sk_free+0x90/0x90 [ 672.077748] __sk_mem_raise_allocated+0x642/0x1800 [ 672.082666] ? sk_busy_loop_end+0x1c0/0x1c0 [ 672.086983] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 672.092520] ? alloc_pages_current+0x114/0x210 [ 672.097088] ? skb_page_frag_refill+0x1eb/0x6a0 [ 672.101740] ? sock_kzfree_s+0x60/0x60 [ 672.105608] ? _copy_from_iter_full+0x2b3/0xd20 [ 672.110265] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 672.115786] ? tcp_rate_check_app_limited+0x121/0x460 [ 672.120960] ? iov_iter_advance+0x1460/0x1460 [ 672.125445] __sk_mem_schedule+0x6d/0xe0 [ 672.129490] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 672.135012] tcp_sendmsg_locked+0x1c86/0x3f00 [ 672.139502] ? tcp_sendpage+0x60/0x60 [ 672.143287] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 672.148806] ? aa_label_sk_perm+0x46d/0x8e0 [ 672.153118] ? find_held_lock+0x36/0x1c0 [ 672.157189] ? mark_held_locks+0xc7/0x130 [ 672.161337] ? __local_bh_enable_ip+0x160/0x260 [ 672.165991] ? __local_bh_enable_ip+0x160/0x260 [ 672.170667] ? trace_hardirqs_on+0xbd/0x310 [ 672.175036] ? lock_release+0x970/0x970 [ 672.178997] ? lock_sock_nested+0xe2/0x120 [ 672.183228] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 672.188682] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 672.194217] ? check_preemption_disabled+0x48/0x200 [ 672.199235] ? lock_sock_nested+0x9a/0x120 [ 672.203474] ? lock_sock_nested+0x9a/0x120 [ 672.207698] ? __local_bh_enable_ip+0x160/0x260 [ 672.212385] tcp_sendmsg+0x2f/0x50 [ 672.215911] inet_sendmsg+0x1a1/0x690 [ 672.219696] ? ipip_gro_receive+0x100/0x100 [ 672.224018] ? apparmor_socket_sendmsg+0x29/0x30 [ 672.228757] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 672.234279] ? security_socket_sendmsg+0x94/0xc0 [ 672.239019] ? ipip_gro_receive+0x100/0x100 [ 672.243323] sock_sendmsg+0xd5/0x120 [ 672.247032] __sys_sendto+0x3d7/0x670 [ 672.250820] ? __ia32_sys_getpeername+0xb0/0xb0 [ 672.255468] ? lock_release+0x970/0x970 [ 672.259427] ? arch_local_save_flags+0x40/0x40 [ 672.263990] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 672.269420] ? aa_af_perm+0x5a0/0x5a0 [ 672.273214] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 672.278735] ? put_timespec64+0x10f/0x1b0 [ 672.282866] ? nsecs_to_jiffies+0x30/0x30 [ 672.287008] ? do_syscall_64+0x9a/0x820 [ 672.291009] ? do_syscall_64+0x9a/0x820 [ 672.294965] ? lockdep_hardirqs_on+0x421/0x5c0 [ 672.299531] ? trace_hardirqs_on+0xbd/0x310 [ 672.303837] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 672.309360] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 672.314709] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 672.320149] __x64_sys_sendto+0xe1/0x1a0 [ 672.324201] do_syscall_64+0x1b9/0x820 [ 672.328072] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 672.333417] ? syscall_return_slowpath+0x5e0/0x5e0 [ 672.338329] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 672.343162] ? trace_hardirqs_on_caller+0x310/0x310 [ 672.348173] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 672.353175] ? prepare_exit_to_usermode+0x291/0x3b0 [ 672.358182] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 672.363013] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 672.368188] RIP: 0033:0x457579 [ 672.371370] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 672.390258] RSP: 002b:00007f2ad8052c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 672.397965] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457579 [ 672.405222] RDX: fffffffffffffe4e RSI: 0000000020000000 RDI: 0000000000000003 [ 672.412474] RBP: 000000000072bf00 R08: 00000000200000c0 R09: 0000000000000006 [ 672.419728] R10: 00000000000000c0 R11: 0000000000000246 R12: 00007f2ad80536d4 [ 672.426991] R13: 00000000004c3929 R14: 00000000004d57c0 R15: 00000000ffffffff [ 672.444435] Task in /syz1 killed as a result of limit of /syz1 [ 672.451246] memory: usage 204756kB, limit 204800kB, failcnt 3630 [ 672.458054] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 672.464814] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 672.471052] Memory cgroup stats for /syz1: cache:224KB rss:208KB rss_huge:0KB shmem:224KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:164KB inactive_file:0KB active_file:0KB unevictable:0KB [ 672.491319] Memory cgroup out of memory: Kill process 25673 (syz-executor1) score 161 or sacrifice child 03:05:05 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x10000000]}, 0x6) 03:05:05 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x15]}, 0x6) 03:05:05 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x14]}, 0x6) 03:05:05 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x0, 0xc02000000000000]}, 0x6) 03:05:05 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000ccb000)={0x2, 0x4000004e20, @loopback}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x3, &(0x7f00000011c0)=ANY=[@ANYBLOB="180000000300000000000000000000009500000000000000"], &(0x7f00002bf000)='syzkaller\x00', 0x1, 0xb7, &(0x7f0000000440)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x5, 0x0) write$binfmt_aout(r2, &(0x7f0000004e00)=ANY=[@ANYBLOB='\x00\x00\x00'], 0x3) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f00000000c0)={r0, r1}) clock_gettime(0x0, &(0x7f0000000280)={0x0, 0x0}) recvmmsg(r2, &(0x7f0000006e40)=[{{&(0x7f00000049c0)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, 0x80, &(0x7f0000004b40), 0x123, &(0x7f0000004b80)=""/181, 0xb5}}], 0x1500, 0x0, &(0x7f0000004c40)={0x0, r3+30000000}) 03:05:05 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xedf8ffff]}, 0x6) [ 672.501006] Killed process 25673 (syz-executor1) total-vm:70472kB, anon-rss:108kB, file-rss:32768kB, shmem-rss:0kB [ 672.512483] oom_reaper: reaped process 25673 (syz-executor1), now anon-rss:0kB, file-rss:32732kB, shmem-rss:0kB [ 672.577845] syz-executor3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=3, oom_score_adj=0 [ 672.592279] syz-executor3 cpuset=syz3 mems_allowed=0 [ 672.615794] CPU: 0 PID: 25726 Comm: syz-executor3 Not tainted 4.19.0-rc6+ #265 [ 672.623187] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 672.632544] Call Trace: [ 672.635157] dump_stack+0x1c4/0x2b4 [ 672.638807] ? dump_stack_print_info.cold.2+0x52/0x52 [ 672.644012] ? mark_held_locks+0x130/0x130 [ 672.648255] ? mark_held_locks+0x130/0x130 [ 672.652507] dump_header+0x27b/0xf72 [ 672.656251] ? pagefault_out_of_memory+0x197/0x197 [ 672.661199] ? check_preemption_disabled+0x48/0x200 [ 672.666232] ? check_preemption_disabled+0x48/0x200 [ 672.671270] ? graph_lock+0x170/0x170 03:05:05 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x400000000000000]}, 0x6) 03:05:05 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000]}, 0x6) 03:05:05 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x5580]}, 0x6) [ 672.675106] ? graph_lock+0x170/0x170 [ 672.678948] ? print_usage_bug+0xc0/0xc0 [ 672.683038] ? find_held_lock+0x36/0x1c0 [ 672.687115] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 672.692705] ? find_held_lock+0x36/0x1c0 [ 672.696787] ? mark_held_locks+0xc7/0x130 [ 672.700947] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 672.706071] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 672.711197] ? lockdep_hardirqs_on+0x421/0x5c0 [ 672.715798] ? trace_hardirqs_on+0xbd/0x310 [ 672.720126] ? kasan_check_read+0x11/0x20 03:05:05 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x1400000000000000]}, 0x6) [ 672.724777] ? ___ratelimit+0x36f/0x655 [ 672.728767] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 672.734233] ? trace_hardirqs_on+0x310/0x310 [ 672.738649] ? lock_downgrade+0x900/0x900 [ 672.742809] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 672.747927] ? ___ratelimit+0xaa/0x655 [ 672.747947] ? idr_get_free+0xec0/0xec0 [ 672.747961] ? kasan_check_write+0x14/0x20 [ 672.747978] ? do_raw_spin_lock+0xc1/0x200 [ 672.748000] oom_kill_process.cold.27+0x10/0x903 [ 672.755841] ? kasan_check_write+0x14/0x20 [ 672.755857] ? do_raw_spin_lock+0xc1/0x200 [ 672.755881] ? oom_evaluate_task+0x540/0x540 [ 672.755901] ? cgroup_procs_next+0x70/0x70 [ 672.755918] ? _raw_spin_unlock_irq+0x60/0x80 [ 672.769170] ? oom_badness+0xaa0/0xaa0 [ 672.769192] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 672.769211] ? mem_cgroup_iter_break+0x30/0x30 [ 672.769242] ? mark_held_locks+0xc7/0x130 [ 672.777702] out_of_memory+0xa84/0x1430 [ 672.777718] ? lockdep_hardirqs_on+0x421/0x5c0 [ 672.777735] ? kasan_check_read+0x11/0x20 [ 672.777753] ? oom_killer_disable+0x3a0/0x3a0 [ 672.777769] ? kasan_check_write+0x14/0x20 [ 672.777785] ? do_raw_spin_lock+0xc1/0x200 [ 672.777812] mem_cgroup_out_of_memory+0x15e/0x210 [ 672.794786] ? memcg_memory_event+0x40/0x40 [ 672.794801] ? mem_cgroup_charge_skmem+0x1e4/0x390 [ 672.794837] ? page_counter_try_charge+0x1c1/0x220 [ 672.794857] try_charge+0xc43/0x1690 [ 672.794884] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 672.816942] ? tcp_sendmsg+0x2f/0x50 [ 672.816960] ? sock_sendmsg+0xd5/0x120 [ 672.816975] ? __sys_sendto+0x3d7/0x670 [ 672.816989] ? __x64_sys_sendto+0xe1/0x1a0 03:05:05 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x4000000]}, 0x6) [ 672.817006] ? do_syscall_64+0x1b9/0x820 [ 672.817022] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 672.817035] ? graph_lock+0x170/0x170 [ 672.817056] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 672.897430] ? check_preemption_disabled+0x48/0x200 [ 672.902463] ? check_preemption_disabled+0x48/0x200 [ 672.907519] ? mark_held_locks+0xc7/0x130 [ 672.911716] ? __lock_is_held+0xb5/0x140 [ 672.915808] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 672.920755] ? mem_cgroup_charge_skmem+0x1cf/0x390 03:05:05 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0xe000000]}, 0x6) [ 672.925692] ? lockdep_hardirqs_on+0x421/0x5c0 [ 672.930296] ? __sk_mem_raise_allocated+0x642/0x1800 [ 672.935409] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 672.940867] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 672.946417] ? check_preemption_disabled+0x48/0x200 [ 672.951456] mem_cgroup_charge_skmem+0x1e4/0x390 [ 672.956228] ? mem_cgroup_sk_free+0x90/0x90 [ 672.960634] __sk_mem_raise_allocated+0x642/0x1800 [ 672.965590] ? sk_busy_loop_end+0x1c0/0x1c0 [ 672.969929] ? sk_alloc_sg+0xa00/0xa00 [ 672.973834] ? arch_local_save_flags+0x40/0x40 [ 672.978439] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 672.983468] ? skb_page_frag_refill+0x1eb/0x6a0 [ 672.988170] ? sock_kzfree_s+0x60/0x60 [ 672.992071] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 672.997102] ? sk_stream_alloc_skb+0x34b/0x970 [ 673.001699] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 673.007246] ? skb_entail+0x618/0x8c0 [ 673.011060] ? tcp_rate_check_app_limited+0x121/0x460 [ 673.016262] ? tcp_splice_data_recv+0x1b0/0x1b0 [ 673.020949] __sk_mem_schedule+0x6d/0xe0 [ 673.025013] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 673.030579] tcp_sendmsg_locked+0x1c86/0x3f00 [ 673.035103] ? tcp_sendpage+0x60/0x60 [ 673.038922] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 673.044467] ? aa_label_sk_perm+0x46d/0x8e0 [ 673.048821] ? find_held_lock+0x36/0x1c0 [ 673.052898] ? mark_held_locks+0xc7/0x130 [ 673.052919] ? __local_bh_enable_ip+0x160/0x260 [ 673.052938] ? __local_bh_enable_ip+0x160/0x260 [ 673.061752] ? trace_hardirqs_on+0xbd/0x310 [ 673.061766] ? lock_release+0x970/0x970 [ 673.061779] ? lock_sock_nested+0xe2/0x120 [ 673.061811] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 673.084399] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 673.089954] ? check_preemption_disabled+0x48/0x200 [ 673.094988] ? lock_sock_nested+0x9a/0x120 [ 673.099236] ? lock_sock_nested+0x9a/0x120 [ 673.103489] ? __local_bh_enable_ip+0x160/0x260 [ 673.108199] tcp_sendmsg+0x2f/0x50 [ 673.111799] inet_sendmsg+0x1a1/0x690 [ 673.115658] ? ipip_gro_receive+0x100/0x100 [ 673.119997] ? apparmor_socket_sendmsg+0x29/0x30 [ 673.124742] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 673.130282] ? security_socket_sendmsg+0x94/0xc0 [ 673.135044] ? ipip_gro_receive+0x100/0x100 [ 673.139367] sock_sendmsg+0xd5/0x120 [ 673.143094] __sys_sendto+0x3d7/0x670 [ 673.146950] ? __ia32_sys_getpeername+0xb0/0xb0 [ 673.151616] ? lock_release+0x970/0x970 [ 673.155577] ? arch_local_save_flags+0x40/0x40 [ 673.160153] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 673.165628] ? aa_af_perm+0x5a0/0x5a0 [ 673.169477] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 673.175002] ? put_timespec64+0x10f/0x1b0 [ 673.179139] ? nsecs_to_jiffies+0x30/0x30 [ 673.183294] ? do_syscall_64+0x9a/0x820 [ 673.187252] ? do_syscall_64+0x9a/0x820 [ 673.191212] ? lockdep_hardirqs_on+0x421/0x5c0 [ 673.195781] ? trace_hardirqs_on+0xbd/0x310 [ 673.200089] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 673.205611] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 673.210962] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 673.216401] __x64_sys_sendto+0xe1/0x1a0 [ 673.220451] do_syscall_64+0x1b9/0x820 [ 673.224325] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 673.229704] ? syscall_return_slowpath+0x5e0/0x5e0 [ 673.234632] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 673.239459] ? trace_hardirqs_on_caller+0x310/0x310 [ 673.244502] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 673.249505] ? prepare_exit_to_usermode+0x291/0x3b0 [ 673.254527] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 673.259371] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 673.264543] RIP: 0033:0x457579 [ 673.267806] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 673.286690] RSP: 002b:00007f7e36aa9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 673.294419] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457579 [ 673.301685] RDX: fffffffffffffe4e RSI: 0000000020000000 RDI: 0000000000000003 [ 673.308961] RBP: 000000000072bf00 R08: 00000000200000c0 R09: 0000000000000006 [ 673.316217] R10: 00000000000000c0 R11: 0000000000000246 R12: 00007f7e36aaa6d4 [ 673.323478] R13: 00000000004c3929 R14: 00000000004d57c0 R15: 00000000ffffffff [ 673.338403] Task in /syz3 killed as a result of limit of /syz3 [ 673.345017] memory: usage 204788kB, limit 204800kB, failcnt 2827 [ 673.351482] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 673.358474] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 673.364749] Memory cgroup stats for /syz3: cache:0KB rss:2216KB rss_huge:2048KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2204KB inactive_file:0KB active_file:0KB unevictable:0KB [ 673.385421] Memory cgroup out of memory: Kill process 25724 (syz-executor3) score 171 or sacrifice child [ 673.395195] Killed process 25724 (syz-executor3) total-vm:70472kB, anon-rss:2156kB, file-rss:32768kB, shmem-rss:0kB [ 673.407908] oom_reaper: reaped process 25724 (syz-executor3), now anon-rss:0kB, file-rss:32000kB, shmem-rss:0kB [ 673.408981] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=1, oom_score_adj=0 [ 673.429120] syz-executor1 cpuset=syz1 mems_allowed=0 [ 673.434240] CPU: 0 PID: 25732 Comm: syz-executor1 Not tainted 4.19.0-rc6+ #265 [ 673.441587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 673.450936] Call Trace: [ 673.453511] dump_stack+0x1c4/0x2b4 [ 673.457150] ? dump_stack_print_info.cold.2+0x52/0x52 [ 673.462334] ? mark_held_locks+0x130/0x130 [ 673.466561] ? mark_held_locks+0x130/0x130 [ 673.470793] dump_header+0x27b/0xf72 [ 673.474499] ? pagefault_out_of_memory+0x197/0x197 [ 673.479419] ? check_preemption_disabled+0x48/0x200 [ 673.484420] ? check_preemption_disabled+0x48/0x200 [ 673.489429] ? graph_lock+0x170/0x170 [ 673.493220] ? graph_lock+0x170/0x170 [ 673.497016] ? print_usage_bug+0xc0/0xc0 [ 673.501088] ? find_held_lock+0x36/0x1c0 [ 673.505135] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 673.510672] ? find_held_lock+0x36/0x1c0 [ 673.514722] ? mark_held_locks+0xc7/0x130 [ 673.518875] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 673.523984] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 673.529106] ? lockdep_hardirqs_on+0x421/0x5c0 [ 673.533704] ? trace_hardirqs_on+0xbd/0x310 [ 673.538057] ? kasan_check_read+0x11/0x20 [ 673.542226] ? ___ratelimit+0x36f/0x655 [ 673.542245] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 673.542262] ? trace_hardirqs_on+0x310/0x310 [ 673.542280] ? lock_downgrade+0x900/0x900 [ 673.551696] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 673.551713] ? ___ratelimit+0xaa/0x655 [ 673.551745] ? idr_get_free+0xec0/0xec0 [ 673.551759] ? kasan_check_write+0x14/0x20 [ 673.551775] ? do_raw_spin_lock+0xc1/0x200 [ 673.551810] oom_kill_process.cold.27+0x10/0x903 [ 673.586471] ? kasan_check_write+0x14/0x20 [ 673.590694] ? do_raw_spin_lock+0xc1/0x200 [ 673.594915] ? oom_evaluate_task+0x540/0x540 [ 673.599313] ? cgroup_procs_next+0x70/0x70 [ 673.603535] ? _raw_spin_unlock_irq+0x60/0x80 [ 673.608016] ? oom_badness+0xaa0/0xaa0 [ 673.611923] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 673.616693] ? mem_cgroup_iter_break+0x30/0x30 [ 673.621267] ? mark_held_locks+0xc7/0x130 [ 673.625401] out_of_memory+0xa84/0x1430 [ 673.629359] ? lockdep_hardirqs_on+0x421/0x5c0 [ 673.633928] ? kasan_check_read+0x11/0x20 [ 673.638062] ? oom_killer_disable+0x3a0/0x3a0 [ 673.642545] ? kasan_check_write+0x14/0x20 [ 673.646765] ? do_raw_spin_lock+0xc1/0x200 [ 673.651014] mem_cgroup_out_of_memory+0x15e/0x210 [ 673.655856] ? memcg_memory_event+0x40/0x40 [ 673.660173] ? mem_cgroup_charge_skmem+0x1e4/0x390 [ 673.665094] ? page_counter_try_charge+0x1c1/0x220 [ 673.670023] try_charge+0xc43/0x1690 [ 673.673742] ? __tcp_select_window+0x9f0/0x9f0 [ 673.678315] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 673.684379] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 673.689915] ? skb_zerocopy_clone+0x2b5/0x5d0 [ 673.694399] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 673.699425] ? mark_held_locks+0xc7/0x130 [ 673.703577] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 673.708505] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 673.713418] ? lockdep_hardirqs_on+0x421/0x5c0 [ 673.717990] ? __sk_mem_raise_allocated+0x642/0x1800 [ 673.723077] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 673.728511] ? sched_clock+0x31/0x40 [ 673.732212] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 673.737751] ? check_preemption_disabled+0x48/0x200 [ 673.742755] ? tcp_fragment_tstamp+0x31b/0x380 [ 673.747342] mem_cgroup_charge_skmem+0x1e4/0x390 [ 673.752087] ? mem_cgroup_sk_free+0x90/0x90 [ 673.756420] __sk_mem_raise_allocated+0x642/0x1800 [ 673.761338] ? __tcp_transmit_skb+0x3fc0/0x3fc0 [ 673.765996] ? sk_busy_loop_end+0x1c0/0x1c0 [ 673.770314] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 673.775319] ? skb_page_frag_refill+0x1eb/0x6a0 [ 673.779976] ? sock_kzfree_s+0x60/0x60 [ 673.783852] ? _copy_from_iter_full+0x2b3/0xd20 [ 673.788506] ? tcp_chrono_start+0x190/0x1e0 [ 673.792818] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 673.798353] ? tcp_rate_check_app_limited+0x121/0x460 [ 673.803543] ? iov_iter_advance+0x1460/0x1460 [ 673.808056] __sk_mem_schedule+0x6d/0xe0 [ 673.812124] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 673.817659] tcp_sendmsg_locked+0x1c86/0x3f00 [ 673.822161] ? tcp_sendpage+0x60/0x60 [ 673.825956] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 673.831480] ? aa_label_sk_perm+0x46d/0x8e0 [ 673.835805] ? find_held_lock+0x36/0x1c0 [ 673.839853] ? mark_held_locks+0xc7/0x130 [ 673.843987] ? __local_bh_enable_ip+0x160/0x260 [ 673.848654] ? __local_bh_enable_ip+0x160/0x260 [ 673.853342] ? trace_hardirqs_on+0xbd/0x310 [ 673.857651] ? lock_release+0x970/0x970 [ 673.861614] ? lock_sock_nested+0xe2/0x120 [ 673.865836] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 673.871448] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 673.876999] ? check_preemption_disabled+0x48/0x200 [ 673.882007] ? lock_sock_nested+0x9a/0x120 [ 673.886225] ? lock_sock_nested+0x9a/0x120 [ 673.890449] ? __local_bh_enable_ip+0x160/0x260 [ 673.895105] tcp_sendmsg+0x2f/0x50 [ 673.898634] inet_sendmsg+0x1a1/0x690 [ 673.902427] ? ipip_gro_receive+0x100/0x100 [ 673.906738] ? apparmor_socket_sendmsg+0x29/0x30 [ 673.911481] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 673.917006] ? security_socket_sendmsg+0x94/0xc0 [ 673.921782] ? ipip_gro_receive+0x100/0x100 [ 673.926112] sock_sendmsg+0xd5/0x120 [ 673.929814] __sys_sendto+0x3d7/0x670 [ 673.933605] ? __ia32_sys_getpeername+0xb0/0xb0 [ 673.938269] ? lock_release+0x970/0x970 [ 673.942240] ? arch_local_save_flags+0x40/0x40 [ 673.946809] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 673.952240] ? aa_af_perm+0x5a0/0x5a0 [ 673.956039] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 673.961560] ? put_timespec64+0x10f/0x1b0 [ 673.965691] ? nsecs_to_jiffies+0x30/0x30 [ 673.969825] ? do_syscall_64+0x9a/0x820 [ 673.973806] ? do_syscall_64+0x9a/0x820 [ 673.977765] ? lockdep_hardirqs_on+0x421/0x5c0 [ 673.982360] ? trace_hardirqs_on+0xbd/0x310 [ 673.986683] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 673.992205] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 673.997555] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 674.002993] __x64_sys_sendto+0xe1/0x1a0 [ 674.007040] do_syscall_64+0x1b9/0x820 [ 674.010914] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 674.016277] ? syscall_return_slowpath+0x5e0/0x5e0 [ 674.021206] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 674.026056] ? trace_hardirqs_on_caller+0x310/0x310 [ 674.031063] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 674.036065] ? prepare_exit_to_usermode+0x291/0x3b0 [ 674.041081] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 674.045926] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 674.051099] RIP: 0033:0x457579 [ 674.054323] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 674.073232] RSP: 002b:00007f2ad8052c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 674.080925] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457579 [ 674.088183] RDX: fffffffffffffe4e RSI: 0000000020000000 RDI: 0000000000000003 [ 674.095434] RBP: 000000000072bf00 R08: 00000000200000c0 R09: 0000000000000006 [ 674.102686] R10: 00000000000000c0 R11: 0000000000000246 R12: 00007f2ad80536d4 [ 674.109942] R13: 00000000004c3929 R14: 00000000004d57c0 R15: 00000000ffffffff [ 674.120185] Task in /syz1 killed as a result of limit of /syz1 [ 674.126216] memory: usage 204800kB, limit 204800kB, failcnt 3667 [ 674.132505] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 674.139342] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 674.145493] Memory cgroup stats for /syz1: cache:224KB rss:76KB rss_huge:0KB shmem:224KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:172KB inactive_file:0KB active_file:0KB unevictable:0KB [ 674.165705] Memory cgroup out of memory: Kill process 25730 (syz-executor1) score 161 or sacrifice child [ 674.175447] Killed process 25730 (syz-executor1) total-vm:70472kB, anon-rss:108kB, file-rss:32768kB, shmem-rss:0kB [ 674.187111] oom_reaper: reaped process 25730 (syz-executor1), now anon-rss:0kB, file-rss:32000kB, shmem-rss:0kB [ 674.188767] syz-executor3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=0 [ 674.211218] syz-executor3 cpuset=syz3 mems_allowed=0 [ 674.216331] CPU: 0 PID: 25724 Comm: syz-executor3 Not tainted 4.19.0-rc6+ #265 [ 674.223676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 674.233027] Call Trace: [ 674.235617] dump_stack+0x1c4/0x2b4 [ 674.239249] ? dump_stack_print_info.cold.2+0x52/0x52 [ 674.244429] dump_header+0x27b/0xf72 [ 674.248131] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 674.253922] ? kasan_check_read+0x11/0x20 [ 674.258059] ? pagefault_out_of_memory+0x197/0x197 [ 674.262980] ? rcu_read_unlock+0x33/0x60 [ 674.267027] ? mem_cgroup_iter+0x514/0x1160 [ 674.271337] ? find_held_lock+0x36/0x1c0 [ 674.275408] ? mem_cgroup_nr_lru_pages+0x80/0x80 [ 674.280157] ? mark_held_locks+0xc7/0x130 [ 674.284313] ? _raw_spin_unlock_irq+0x27/0x80 [ 674.288791] ? _raw_spin_unlock_irq+0x27/0x80 [ 674.293271] ? lockdep_hardirqs_on+0x421/0x5c0 [ 674.297841] ? trace_hardirqs_on+0xbd/0x310 [ 674.302155] ? kasan_check_read+0x11/0x20 [ 674.306296] ? css_task_iter_end+0x222/0x490 [ 674.310694] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 674.316130] ? kasan_check_write+0x14/0x20 [ 674.320370] ? do_raw_spin_lock+0xc1/0x200 [ 674.324590] ? _raw_spin_unlock_irq+0x60/0x80 [ 674.329072] ? css_task_iter_end+0x2ce/0x490 [ 674.333468] ? cgroup_procs_next+0x70/0x70 [ 674.337690] ? _raw_spin_unlock_irq+0x60/0x80 [ 674.342186] ? oom_badness+0xaa0/0xaa0 [ 674.346062] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 674.350823] ? mem_cgroup_iter_break+0x30/0x30 [ 674.355399] ? cgroup_file_notify+0x226/0x2f0 [ 674.359883] out_of_memory.cold.30+0xf/0x184 [ 674.364277] ? lockdep_hardirqs_on+0x421/0x5c0 [ 674.368846] ? kasan_check_read+0x11/0x20 [ 674.373002] ? oom_killer_disable+0x3a0/0x3a0 [ 674.377484] ? kasan_check_write+0x14/0x20 [ 674.381704] ? do_raw_spin_lock+0xc1/0x200 [ 674.385938] mem_cgroup_out_of_memory+0x15e/0x210 [ 674.390778] ? memcg_memory_event+0x40/0x40 [ 674.395092] ? memcg_kmem_charge_memcg+0x7c/0x120 [ 674.399922] ? page_counter_try_charge+0x1c1/0x220 [ 674.404839] try_charge+0xc43/0x1690 [ 674.408538] ? lock_downgrade+0x900/0x900 [ 674.412675] ? check_preemption_disabled+0x48/0x200 [ 674.417695] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 674.423749] ? find_held_lock+0x36/0x1c0 [ 674.427815] ? get_mem_cgroup_from_mm+0x1e9/0x440 [ 674.432686] ? lock_downgrade+0x900/0x900 [ 674.436830] ? check_preemption_disabled+0x48/0x200 [ 674.441856] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 674.447635] ? kasan_check_read+0x11/0x20 [ 674.451769] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 674.457043] ? rcu_bh_qs+0xc0/0xc0 [ 674.460588] ? get_mem_cgroup_from_mm+0x206/0x440 [ 674.465417] memcg_kmem_charge_memcg+0x7c/0x120 [ 674.470073] ? memcg_kmem_put_cache+0xb0/0xb0 [ 674.474553] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 674.479905] memcg_kmem_charge+0x135/0x300 [ 674.484128] __alloc_pages_nodemask+0x72e/0xde0 [ 674.488792] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 674.494068] ? __alloc_pages_slowpath+0x2d80/0x2d80 [ 674.499090] ? check_preemption_disabled+0x48/0x200 [ 674.504130] ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0 [ 674.509669] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 674.514949] ? percpu_ref_put_many+0x13e/0x260 [ 674.519520] ? rcu_pm_notify+0xc0/0xc0 [ 674.523410] ? copy_process+0x1ff4/0x8780 [ 674.527548] ? rcu_read_lock_sched_held+0x108/0x120 [ 674.532552] ? kmem_cache_alloc_node+0x349/0x730 [ 674.537315] ? kasan_check_write+0x14/0x20 [ 674.541537] ? do_raw_spin_lock+0xc1/0x200 [ 674.545762] copy_process+0xa09/0x8780 [ 674.549646] ? print_usage_bug+0xc0/0xc0 [ 674.553709] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 674.559246] ? __lock_acquire+0x7ec/0x4ec0 [ 674.563475] ? __cleanup_sighand+0x70/0x70 [ 674.567702] ? mark_held_locks+0x130/0x130 [ 674.571922] ? print_usage_bug+0xc0/0xc0 [ 674.575968] ? find_held_lock+0x36/0x1c0 [ 674.580043] ? rcu_read_unlock_special.part.39+0x8a4/0x11f0 [ 674.585755] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 674.590843] ? __lock_acquire+0x7ec/0x4ec0 [ 674.595061] ? graph_lock+0x170/0x170 [ 674.598858] ? check_preemption_disabled+0x48/0x200 [ 674.603872] ? check_preemption_disabled+0x48/0x200 [ 674.608878] ? mark_held_locks+0x130/0x130 [ 674.613098] ? print_usage_bug+0xc0/0xc0 [ 674.617149] ? find_held_lock+0x36/0x1c0 [ 674.621209] ? find_held_lock+0x36/0x1c0 [ 674.625258] ? print_usage_bug+0xc0/0xc0 [ 674.629312] ? __lock_acquire+0x7ec/0x4ec0 [ 674.633533] ? lock_downgrade+0x900/0x900 [ 674.637669] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 674.643192] ? check_preemption_disabled+0x48/0x200 [ 674.648196] ? check_preemption_disabled+0x48/0x200 [ 674.653204] ? __lock_acquire+0x7ec/0x4ec0 [ 674.657430] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 674.662972] ? mark_held_locks+0x130/0x130 [ 674.667207] ? rcu_read_unlock+0x16/0x60 [ 674.671254] ? lock_downgrade+0x900/0x900 [ 674.675402] ? check_preemption_disabled+0x48/0x200 [ 674.680415] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 674.686197] ? kasan_check_read+0x11/0x20 [ 674.690330] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 674.695605] ? graph_lock+0x170/0x170 [ 674.699428] ? rcu_read_unlock+0x33/0x60 [ 674.703489] ? find_held_lock+0x36/0x1c0 [ 674.707548] ? graph_lock+0x170/0x170 [ 674.711346] ? delayacct_end+0x25/0x100 [ 674.715338] ? lock_downgrade+0x900/0x900 [ 674.719494] ? ktime_get+0x352/0x440 [ 674.723196] ? print_usage_bug+0xc0/0xc0 [ 674.727245] ? find_held_lock+0x36/0x1c0 [ 674.731299] ? delayacct_end+0xc5/0x100 [ 674.735260] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 674.740349] ? __lock_acquire+0x7ec/0x4ec0 [ 674.744566] ? trace_hardirqs_on+0xbd/0x310 [ 674.748870] ? kasan_check_read+0x11/0x20 [ 674.753010] ? delayacct_end+0xc5/0x100 [ 674.756986] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 674.762429] ? mark_held_locks+0x130/0x130 [ 674.766648] ? delayacct_end+0x5a/0x100 [ 674.770611] ? __delayacct_freepages_end+0xe0/0x140 [ 674.775615] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 674.781162] ? do_try_to_free_pages+0xe68/0x1290 [ 674.785918] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 674.791443] ? check_preemption_disabled+0x48/0x200 [ 674.796443] ? check_preemption_disabled+0x48/0x200 [ 674.801472] ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0 [ 674.807005] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 674.812283] ? rcu_pm_notify+0xc0/0xc0 [ 674.816171] ? graph_lock+0x170/0x170 [ 674.819984] ? try_to_free_mem_cgroup_pages+0x58b/0xca0 [ 674.825338] _do_fork+0x1cb/0x11d0 [ 674.828867] ? fork_idle+0x1d0/0x1d0 [ 674.832569] ? percpu_ref_put_many+0x11c/0x260 [ 674.837135] ? lock_downgrade+0x900/0x900 [ 674.841281] ? check_preemption_disabled+0x48/0x200 [ 674.846291] ? kasan_check_read+0x11/0x20 [ 674.850463] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 674.855750] ? rcu_bh_qs+0xc0/0xc0 [ 674.859279] ? get_mem_cgroup_from_mm+0x206/0x440 [ 674.864112] ? do_syscall_64+0x9a/0x820 [ 674.868071] ? do_syscall_64+0x9a/0x820 [ 674.872041] ? lockdep_hardirqs_on+0x421/0x5c0 [ 674.876609] ? trace_hardirqs_on+0xbd/0x310 [ 674.880915] ? trace_hardirqs_on+0x310/0x310 [ 674.885311] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 674.890658] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 674.896100] __x64_sys_clone+0xbf/0x150 [ 674.900061] do_syscall_64+0x1b9/0x820 [ 674.903935] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 674.909292] ? syscall_return_slowpath+0x5e0/0x5e0 [ 674.914218] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 674.919045] ? trace_hardirqs_on_caller+0x310/0x310 [ 674.924051] ? prepare_exit_to_usermode+0x291/0x3b0 [ 674.929078] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 674.933911] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 674.939083] RIP: 0033:0x459f49 [ 674.942263] Code: Bad RIP value. [ 674.945629] RSP: 002b:0000000000a3fac8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 674.953344] RAX: ffffffffffffffda RBX: 00007f7e36a89700 RCX: 0000000000459f49 [ 674.960617] RDX: 00007f7e36a899d0 RSI: 00007f7e36a88db0 RDI: 00000000003d0f00 [ 674.967879] RBP: 0000000000a3fcd0 R08: 00007f7e36a89700 R09: 00007f7e36a89700 [ 674.975153] R10: 00007f7e36a899d0 R11: 0000000000000202 R12: 0000000000000000 [ 674.982421] R13: 0000000000a3fb7f R14: 00007f7e36a899c0 R15: 0000000000000001 [ 674.993526] Memory limit reached of cgroup /syz3 [ 674.998425] memory: usage 202636kB, limit 204800kB, failcnt 2838 [ 675.004570] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 675.011625] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 675.018079] Memory cgroup stats for /syz3: cache:0KB rss:80KB rss_huge:0KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:64KB inactive_file:0KB active_file:0KB unevictable:0KB [ 675.037971] Out of memory and no killable processes... [ 675.043320] syz-executor1 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=0 [ 675.056317] syz-executor1 cpuset=syz1 mems_allowed=0 [ 675.064332] CPU: 0 PID: 25730 Comm: syz-executor1 Not tainted 4.19.0-rc6+ #265 [ 675.071706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 675.081057] Call Trace: [ 675.083655] dump_stack+0x1c4/0x2b4 [ 675.087288] ? dump_stack_print_info.cold.2+0x52/0x52 [ 675.092468] dump_header+0x27b/0xf72 [ 675.096178] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 675.101957] ? kasan_check_read+0x11/0x20 [ 675.106115] ? pagefault_out_of_memory+0x197/0x197 [ 675.111034] ? rcu_read_unlock+0x33/0x60 [ 675.115079] ? mem_cgroup_iter+0x514/0x1160 [ 675.119401] ? find_held_lock+0x36/0x1c0 [ 675.123445] ? mem_cgroup_nr_lru_pages+0x80/0x80 [ 675.128185] ? mark_held_locks+0xc7/0x130 [ 675.132316] ? _raw_spin_unlock_irq+0x27/0x80 [ 675.136793] ? _raw_spin_unlock_irq+0x27/0x80 [ 675.141271] ? lockdep_hardirqs_on+0x421/0x5c0 [ 675.145859] ? trace_hardirqs_on+0xbd/0x310 [ 675.150170] ? kasan_check_read+0x11/0x20 [ 675.154302] ? css_task_iter_end+0x222/0x490 [ 675.158715] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 675.164159] ? kasan_check_write+0x14/0x20 [ 675.168386] ? do_raw_spin_lock+0xc1/0x200 [ 675.172658] ? _raw_spin_unlock_irq+0x60/0x80 [ 675.177150] ? css_task_iter_end+0x2ce/0x490 [ 675.181550] ? cgroup_procs_next+0x70/0x70 [ 675.185767] ? _raw_spin_unlock_irq+0x60/0x80 [ 675.190259] ? oom_badness+0xaa0/0xaa0 [ 675.194129] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 675.198875] ? mem_cgroup_iter_break+0x30/0x30 [ 675.203445] ? cgroup_file_notify+0x226/0x2f0 [ 675.207928] out_of_memory.cold.30+0xf/0x184 [ 675.212317] ? lockdep_hardirqs_on+0x421/0x5c0 [ 675.216881] ? kasan_check_read+0x11/0x20 [ 675.221016] ? oom_killer_disable+0x3a0/0x3a0 [ 675.225494] ? kasan_check_write+0x14/0x20 [ 675.229713] ? do_raw_spin_lock+0xc1/0x200 [ 675.233957] mem_cgroup_out_of_memory+0x15e/0x210 [ 675.238784] ? memcg_memory_event+0x40/0x40 [ 675.243085] ? memcg_kmem_charge_memcg+0x7c/0x120 [ 675.247914] ? page_counter_try_charge+0x1c1/0x220 [ 675.252827] try_charge+0xc43/0x1690 [ 675.256520] ? lock_downgrade+0x900/0x900 [ 675.260675] ? check_preemption_disabled+0x48/0x200 [ 675.265682] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 675.271725] ? find_held_lock+0x36/0x1c0 [ 675.275774] ? get_mem_cgroup_from_mm+0x1e9/0x440 [ 675.280600] ? lock_downgrade+0x900/0x900 [ 675.284728] ? check_preemption_disabled+0x48/0x200 [ 675.289729] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 675.295507] ? kasan_check_read+0x11/0x20 [ 675.299653] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 675.304912] ? rcu_bh_qs+0xc0/0xc0 [ 675.308463] ? get_mem_cgroup_from_mm+0x206/0x440 [ 675.313334] memcg_kmem_charge_memcg+0x7c/0x120 [ 675.317987] ? memcg_kmem_put_cache+0xb0/0xb0 [ 675.322463] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 675.327817] memcg_kmem_charge+0x135/0x300 [ 675.332065] __alloc_pages_nodemask+0x72e/0xde0 [ 675.336717] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 675.341978] ? __alloc_pages_slowpath+0x2d80/0x2d80 [ 675.346980] ? check_preemption_disabled+0x48/0x200 [ 675.351980] ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0 [ 675.357501] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 675.362756] ? percpu_ref_put_many+0x13e/0x260 [ 675.367336] ? rcu_pm_notify+0xc0/0xc0 [ 675.371243] ? copy_process+0x1ff4/0x8780 [ 675.375403] ? rcu_read_lock_sched_held+0x108/0x120 [ 675.380404] ? kmem_cache_alloc_node+0x349/0x730 [ 675.385140] ? kasan_check_write+0x14/0x20 [ 675.389368] ? do_raw_spin_lock+0xc1/0x200 [ 675.393591] copy_process+0xa09/0x8780 [ 675.397482] ? print_usage_bug+0xc0/0xc0 [ 675.401529] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 675.407072] ? __lock_acquire+0x7ec/0x4ec0 [ 675.411299] ? __cleanup_sighand+0x70/0x70 [ 675.415526] ? mark_held_locks+0x130/0x130 [ 675.419746] ? print_usage_bug+0xc0/0xc0 [ 675.423813] ? find_held_lock+0x36/0x1c0 [ 675.427893] ? rcu_read_unlock_special.part.39+0x8a4/0x11f0 [ 675.433589] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 675.438701] ? __lock_acquire+0x7ec/0x4ec0 [ 675.442921] ? graph_lock+0x170/0x170 [ 675.446706] ? check_preemption_disabled+0x48/0x200 [ 675.451704] ? check_preemption_disabled+0x48/0x200 [ 675.456708] ? mark_held_locks+0x130/0x130 [ 675.460946] ? print_usage_bug+0xc0/0xc0 [ 675.464987] ? find_held_lock+0x36/0x1c0 [ 675.469038] ? find_held_lock+0x36/0x1c0 [ 675.473084] ? print_usage_bug+0xc0/0xc0 [ 675.477127] ? __lock_acquire+0x7ec/0x4ec0 [ 675.481351] ? lock_downgrade+0x900/0x900 [ 675.485480] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 675.491000] ? check_preemption_disabled+0x48/0x200 [ 675.495995] ? check_preemption_disabled+0x48/0x200 [ 675.501002] ? __lock_acquire+0x7ec/0x4ec0 [ 675.505224] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 675.510748] ? mark_held_locks+0x130/0x130 [ 675.514965] ? rcu_read_unlock+0x16/0x60 [ 675.519011] ? lock_downgrade+0x900/0x900 [ 675.523148] ? check_preemption_disabled+0x48/0x200 [ 675.528160] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 675.533947] ? kasan_check_read+0x11/0x20 [ 675.538079] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 675.543342] ? graph_lock+0x170/0x170 [ 675.547131] ? rcu_read_unlock+0x33/0x60 [ 675.551192] ? find_held_lock+0x36/0x1c0 [ 675.555233] ? graph_lock+0x170/0x170 [ 675.559021] ? delayacct_end+0x25/0x100 [ 675.562977] ? lock_downgrade+0x900/0x900 [ 675.567110] ? ktime_get+0x352/0x440 [ 675.570805] ? print_usage_bug+0xc0/0xc0 [ 675.574868] ? find_held_lock+0x36/0x1c0 [ 675.578916] ? delayacct_end+0xc5/0x100 [ 675.582885] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 675.587976] ? __lock_acquire+0x7ec/0x4ec0 [ 675.592214] ? trace_hardirqs_on+0xbd/0x310 [ 675.596518] ? kasan_check_read+0x11/0x20 [ 675.600649] ? delayacct_end+0xc5/0x100 [ 675.604654] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 675.610100] ? mark_held_locks+0x130/0x130 [ 675.614318] ? delayacct_end+0x5a/0x100 [ 675.618278] ? __delayacct_freepages_end+0xe0/0x140 [ 675.623298] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 675.628818] ? do_try_to_free_pages+0xe68/0x1290 [ 675.633572] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 675.639092] ? check_preemption_disabled+0x48/0x200 [ 675.644091] ? check_preemption_disabled+0x48/0x200 [ 675.649092] ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0 [ 675.654610] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 675.659870] ? rcu_pm_notify+0xc0/0xc0 [ 675.663756] ? graph_lock+0x170/0x170 [ 675.667543] ? try_to_free_mem_cgroup_pages+0x58b/0xca0 [ 675.672905] _do_fork+0x1cb/0x11d0 [ 675.676428] ? fork_idle+0x1d0/0x1d0 [ 675.680128] ? percpu_ref_put_many+0x11c/0x260 [ 675.684698] ? lock_downgrade+0x900/0x900 [ 675.688848] ? check_preemption_disabled+0x48/0x200 [ 675.693851] ? kasan_check_read+0x11/0x20 [ 675.697980] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 675.703238] ? rcu_bh_qs+0xc0/0xc0 [ 675.706774] ? get_mem_cgroup_from_mm+0x206/0x440 [ 675.711619] ? do_syscall_64+0x9a/0x820 [ 675.715576] ? do_syscall_64+0x9a/0x820 [ 675.719535] ? lockdep_hardirqs_on+0x421/0x5c0 [ 675.724101] ? trace_hardirqs_on+0xbd/0x310 [ 675.728412] ? trace_hardirqs_on+0x310/0x310 [ 675.732803] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 675.738155] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 675.743604] __x64_sys_clone+0xbf/0x150 [ 675.747563] do_syscall_64+0x1b9/0x820 [ 675.751528] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 675.756878] ? syscall_return_slowpath+0x5e0/0x5e0 [ 675.761788] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 675.766612] ? trace_hardirqs_on_caller+0x310/0x310 [ 675.771614] ? prepare_exit_to_usermode+0x291/0x3b0 [ 675.776612] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 675.781441] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 675.786612] RIP: 0033:0x459f49 [ 675.789792] Code: Bad RIP value. [ 675.793137] RSP: 002b:0000000000a3fac8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 675.800839] RAX: ffffffffffffffda RBX: 00007f2ad8032700 RCX: 0000000000459f49 [ 675.808092] RDX: 00007f2ad80329d0 RSI: 00007f2ad8031db0 RDI: 00000000003d0f00 [ 675.815343] RBP: 0000000000a3fcd0 R08: 00007f2ad8032700 R09: 00007f2ad8032700 [ 675.822592] R10: 00007f2ad80329d0 R11: 0000000000000202 R12: 0000000000000000 [ 675.829843] R13: 0000000000a3fb7f R14: 00007f2ad80329c0 R15: 0000000000000001 [ 675.842524] Memory limit reached of cgroup /syz1 03:05:08 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0xe8030000]}, 0x6) 03:05:08 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x300]}, 0x6) 03:05:08 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000]}, 0x6) 03:05:08 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x11]}, 0x6) 03:05:08 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$inet6(0xa, 0x0, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x34000}, 0x200000cc, &(0x7f0000000100)={&(0x7f00000001c0)={0x2c, 0x32, 0x829, 0x0, 0x0, {0x2802}, [@nested={0x18, 0x0, [@typed={0x14, 0x1, @ipv6=@loopback={0x8000000000}}]}]}, 0x2c}, 0x1, 0xfffffffc}, 0x0) 03:05:08 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x900]}, 0x6) [ 675.847444] memory: usage 204620kB, limit 204800kB, failcnt 3668 [ 675.853592] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 675.860431] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 675.866574] Memory cgroup stats for /syz1: cache:224KB rss:76KB rss_huge:0KB shmem:224KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:64KB inactive_file:0KB active_file:0KB unevictable:0KB [ 675.886594] Out of memory and no killable processes... 03:05:08 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x0, 0xc020000]}, 0x6) 03:05:08 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioprio_set$uid(0x3, 0x0, 0x0) r0 = socket$inet6(0x10, 0x0, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000002000), 0x0, &(0x7f0000000400)}, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) fsetxattr(r0, &(0x7f00000000c0)=@random={'security.', 'proc\x00'}, &(0x7f0000000140)='nodev\x00', 0x6, 0x3) getpid() setsockopt$inet6_MRT6_DEL_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd3, &(0x7f0000002000)={{}, {0xa, 0x0, 0x0, @mcast2}}, 0xfffffc99) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000002000)={0x0, 0xc}, 0x14) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000180)='/dev/hwrng\x00', 0x0, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f00000001c0)=0x1b, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r2, 0x29, 0x40, &(0x7f0000001fde), 0x4) 03:05:08 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x983a000000000000]}, 0x6) [ 676.052294] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=3, oom_score_adj=0 [ 676.098956] syz-executor1 cpuset=syz1 mems_allowed=0 [ 676.104243] CPU: 0 PID: 25779 Comm: syz-executor1 Not tainted 4.19.0-rc6+ #265 [ 676.111617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 676.120974] Call Trace: [ 676.123576] dump_stack+0x1c4/0x2b4 [ 676.127246] ? dump_stack_print_info.cold.2+0x52/0x52 [ 676.132452] ? mark_held_locks+0x130/0x130 [ 676.136694] ? mark_held_locks+0x130/0x130 [ 676.140943] dump_header+0x27b/0xf72 [ 676.144678] ? pagefault_out_of_memory+0x197/0x197 [ 676.149623] ? check_preemption_disabled+0x48/0x200 [ 676.154648] ? check_preemption_disabled+0x48/0x200 [ 676.159688] ? graph_lock+0x170/0x170 [ 676.163506] ? graph_lock+0x170/0x170 [ 676.167319] ? print_usage_bug+0xc0/0xc0 [ 676.171397] ? find_held_lock+0x36/0x1c0 [ 676.175471] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 676.181023] ? find_held_lock+0x36/0x1c0 [ 676.185108] ? mark_held_locks+0xc7/0x130 [ 676.189276] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 676.194383] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 676.199501] ? lockdep_hardirqs_on+0x421/0x5c0 [ 676.204103] ? trace_hardirqs_on+0xbd/0x310 [ 676.208448] ? kasan_check_read+0x11/0x20 [ 676.212603] ? ___ratelimit+0x36f/0x655 [ 676.216592] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 676.222054] ? trace_hardirqs_on+0x310/0x310 [ 676.226470] ? lock_downgrade+0x900/0x900 [ 676.230634] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 676.235751] ? ___ratelimit+0xaa/0x655 [ 676.239650] ? idr_get_free+0xec0/0xec0 [ 676.243634] ? kasan_check_write+0x14/0x20 [ 676.247877] ? do_raw_spin_lock+0xc1/0x200 [ 676.252130] oom_kill_process.cold.27+0x10/0x903 [ 676.256918] ? kasan_check_write+0x14/0x20 [ 676.261175] ? do_raw_spin_lock+0xc1/0x200 [ 676.265419] ? oom_evaluate_task+0x540/0x540 [ 676.269834] ? cgroup_procs_next+0x70/0x70 [ 676.269854] ? _raw_spin_unlock_irq+0x60/0x80 [ 676.269869] ? oom_badness+0xaa0/0xaa0 [ 676.269890] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 676.287227] ? mem_cgroup_iter_break+0x30/0x30 [ 676.291833] ? mark_held_locks+0xc7/0x130 [ 676.291854] out_of_memory+0xa84/0x1430 [ 676.291870] ? lockdep_hardirqs_on+0x421/0x5c0 [ 676.291887] ? kasan_check_read+0x11/0x20 [ 676.291906] ? oom_killer_disable+0x3a0/0x3a0 [ 676.291922] ? kasan_check_write+0x14/0x20 [ 676.291938] ? do_raw_spin_lock+0xc1/0x200 [ 676.291966] mem_cgroup_out_of_memory+0x15e/0x210 [ 676.300063] ? memcg_memory_event+0x40/0x40 [ 676.300079] ? mem_cgroup_charge_skmem+0x1e4/0x390 [ 676.300101] ? page_counter_try_charge+0x1c1/0x220 [ 676.300122] try_charge+0xc43/0x1690 03:05:08 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000]}, 0x6) 03:05:08 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x983a]}, 0x6) 03:05:08 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) setsockopt$sock_attach_bpf(r0, 0x1, 0x10, &(0x7f0000000140), 0x4) sendmsg(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)}, 0x0) [ 676.300162] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 676.300185] ? tcp_sendmsg+0x2f/0x50 [ 676.300200] ? sock_sendmsg+0xd5/0x120 [ 676.300214] ? __sys_sendto+0x3d7/0x670 [ 676.300232] ? graph_lock+0x170/0x170 [ 676.313426] ? graph_lock+0x170/0x170 [ 676.313446] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 676.313466] ? check_preemption_disabled+0x48/0x200 [ 676.313483] ? check_preemption_disabled+0x48/0x200 [ 676.313511] ? mark_held_locks+0xc7/0x130 [ 676.313530] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 676.313549] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 676.326834] ? lockdep_hardirqs_on+0x421/0x5c0 [ 676.326854] ? rcu_read_lock_sched_held+0x108/0x120 [ 676.326872] ? __sk_mem_raise_allocated+0x642/0x1800 [ 676.326891] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 676.326909] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 676.326927] ? check_preemption_disabled+0x48/0x200 [ 676.326950] mem_cgroup_charge_skmem+0x1e4/0x390 [ 676.326969] ? mem_cgroup_sk_free+0x90/0x90 [ 676.326999] __sk_mem_raise_allocated+0x642/0x1800 [ 676.336245] ? sk_busy_loop_end+0x1c0/0x1c0 [ 676.336265] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 676.336286] ? alloc_pages_current+0x114/0x210 [ 676.336309] ? skb_page_frag_refill+0x1eb/0x6a0 [ 676.336329] ? sock_kzfree_s+0x60/0x60 [ 676.336352] ? _copy_from_iter_full+0x2b3/0xd20 [ 676.444279] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 676.444301] ? tcp_rate_check_app_limited+0x121/0x460 [ 676.444322] ? iov_iter_advance+0x1460/0x1460 [ 676.444345] __sk_mem_schedule+0x6d/0xe0 [ 676.444365] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 676.454218] tcp_sendmsg_locked+0x1c86/0x3f00 [ 676.454261] ? tcp_sendpage+0x60/0x60 [ 676.454282] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 676.454300] ? aa_label_sk_perm+0x46d/0x8e0 [ 676.505102] ? find_held_lock+0x36/0x1c0 [ 676.505126] ? mark_held_locks+0xc7/0x130 [ 676.505157] ? __local_bh_enable_ip+0x160/0x260 [ 676.505182] ? __local_bh_enable_ip+0x160/0x260 [ 676.515024] ? trace_hardirqs_on+0xbd/0x310 [ 676.536848] ? lock_release+0x970/0x970 [ 676.540853] ? lock_sock_nested+0xe2/0x120 [ 676.545137] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 676.550618] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 676.556183] ? check_preemption_disabled+0x48/0x200 [ 676.561212] ? lock_sock_nested+0x9a/0x120 [ 676.565458] ? lock_sock_nested+0x9a/0x120 [ 676.569706] ? __local_bh_enable_ip+0x160/0x260 [ 676.569733] tcp_sendmsg+0x2f/0x50 [ 676.569756] inet_sendmsg+0x1a1/0x690 [ 676.577955] ? ipip_gro_receive+0x100/0x100 [ 676.577974] ? apparmor_socket_sendmsg+0x29/0x30 [ 676.577990] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 676.578011] ? security_socket_sendmsg+0x94/0xc0 [ 676.601183] ? ipip_gro_receive+0x100/0x100 [ 676.605519] sock_sendmsg+0xd5/0x120 [ 676.609249] __sys_sendto+0x3d7/0x670 [ 676.613050] ? __ia32_sys_getpeername+0xb0/0xb0 [ 676.617705] ? lock_release+0x970/0x970 [ 676.621666] ? arch_local_save_flags+0x40/0x40 [ 676.626239] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 676.631682] ? aa_af_perm+0x5a0/0x5a0 [ 676.635482] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 676.641006] ? put_timespec64+0x10f/0x1b0 [ 676.645160] ? nsecs_to_jiffies+0x30/0x30 [ 676.649313] ? do_syscall_64+0x9a/0x820 [ 676.653275] ? do_syscall_64+0x9a/0x820 [ 676.657236] ? lockdep_hardirqs_on+0x421/0x5c0 [ 676.661805] ? trace_hardirqs_on+0xbd/0x310 [ 676.666114] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 676.671637] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 676.676991] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 676.682431] __x64_sys_sendto+0xe1/0x1a0 [ 676.686481] do_syscall_64+0x1b9/0x820 [ 676.690353] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 676.695714] ? syscall_return_slowpath+0x5e0/0x5e0 [ 676.700642] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 676.705473] ? trace_hardirqs_on_caller+0x310/0x310 [ 676.710479] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 676.715481] ? prepare_exit_to_usermode+0x291/0x3b0 [ 676.720499] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 676.725345] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 676.730519] RIP: 0033:0x457579 [ 676.733708] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 676.752595] RSP: 002b:00007f2ad8052c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 676.760288] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457579 [ 676.767540] RDX: fffffffffffffe4e RSI: 0000000020000000 RDI: 0000000000000003 [ 676.774794] RBP: 000000000072bf00 R08: 00000000200000c0 R09: 0000000000000006 [ 676.782049] R10: 00000000000000c0 R11: 0000000000000246 R12: 00007f2ad80536d4 [ 676.789304] R13: 00000000004c3929 R14: 00000000004d57c0 R15: 00000000ffffffff [ 676.804773] Task in /syz1 killed as a result of limit of /syz1 [ 676.811287] memory: usage 204792kB, limit 204800kB, failcnt 3706 [ 676.817982] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 676.824840] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 676.831670] Memory cgroup stats for /syz1: cache:224KB rss:76KB rss_huge:0KB shmem:224KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:172KB inactive_file:0KB active_file:0KB unevictable:0KB 03:05:09 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0xffffffffffffffe0]}, 0x6) 03:05:09 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$inet6(0xa, 0x80003, 0x800000000000006) ioctl(r1, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'veth0\x00'}) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x34000}, 0x200000cc, &(0x7f0000000100)={&(0x7f00000001c0)={0x2c, 0x32, 0x829, 0x0, 0x0, {0x2802}, [@nested={0x18, 0x0, [@typed={0x14, 0x1, @ipv6=@loopback={0x8000000000}}]}]}, 0x2c}, 0x1, 0xfffffffc}, 0x0) 03:05:09 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x900]}, 0x6) 03:05:09 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x0, 0x300]}, 0x6) 03:05:09 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xffffffffffffffff]}, 0x6) 03:05:09 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x11]}, 0x6) [ 676.852395] Memory cgroup out of memory: Kill process 25777 (syz-executor1) score 161 or sacrifice child [ 676.862123] Killed process 25777 (syz-executor1) total-vm:70472kB, anon-rss:108kB, file-rss:32768kB, shmem-rss:0kB [ 676.873637] oom_reaper: reaped process 25777 (syz-executor1), now anon-rss:0kB, file-rss:32000kB, shmem-rss:0kB 03:05:09 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) 03:05:09 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x100000000000000]}, 0x6) 03:05:09 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x6) 03:05:09 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x700000000000000]}, 0x6) 03:05:09 executing program 5: r0 = inotify_init() ioctl$TUNSETGROUP(0xffffffffffffffff, 0x400454ce, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000000)={0x0, 0x3, 0x0, 0x80000000}) fchown(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) ioctl$FITRIM(r1, 0xc0185879, &(0x7f0000000280)={0x8000, 0x100000001}) socketpair$inet6(0xa, 0x80a, 0x0, &(0x7f0000000140)) [ 677.015254] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=3, oom_score_adj=0 [ 677.051710] syz-executor1 cpuset=syz1 mems_allowed=0 [ 677.077201] CPU: 0 PID: 25831 Comm: syz-executor1 Not tainted 4.19.0-rc6+ #265 [ 677.084604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 677.093962] Call Trace: [ 677.096569] dump_stack+0x1c4/0x2b4 [ 677.100214] ? dump_stack_print_info.cold.2+0x52/0x52 [ 677.105420] ? mark_held_locks+0x130/0x130 [ 677.109662] ? mark_held_locks+0x130/0x130 [ 677.113921] dump_header+0x27b/0xf72 [ 677.117682] ? pagefault_out_of_memory+0x197/0x197 [ 677.122625] ? check_preemption_disabled+0x48/0x200 [ 677.127655] ? check_preemption_disabled+0x48/0x200 [ 677.132698] ? graph_lock+0x170/0x170 [ 677.136515] ? graph_lock+0x170/0x170 [ 677.140327] ? print_usage_bug+0xc0/0xc0 [ 677.144402] ? find_held_lock+0x36/0x1c0 [ 677.148484] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 677.154039] ? find_held_lock+0x36/0x1c0 [ 677.158119] ? mark_held_locks+0xc7/0x130 [ 677.162302] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 677.167414] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 677.172531] ? lockdep_hardirqs_on+0x421/0x5c0 [ 677.177124] ? trace_hardirqs_on+0xbd/0x310 [ 677.181470] ? kasan_check_read+0x11/0x20 [ 677.185629] ? ___ratelimit+0x36f/0x655 [ 677.189620] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 677.195076] ? trace_hardirqs_on+0x310/0x310 [ 677.199493] ? lock_downgrade+0x900/0x900 [ 677.203658] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 677.208775] ? ___ratelimit+0xaa/0x655 [ 677.212679] ? idr_get_free+0xec0/0xec0 [ 677.216664] ? kasan_check_write+0x14/0x20 [ 677.220911] ? do_raw_spin_lock+0xc1/0x200 [ 677.225171] oom_kill_process.cold.27+0x10/0x903 [ 677.229937] ? kasan_check_write+0x14/0x20 [ 677.234197] ? do_raw_spin_lock+0xc1/0x200 [ 677.238451] ? oom_evaluate_task+0x540/0x540 [ 677.242882] ? cgroup_procs_next+0x70/0x70 [ 677.247135] ? _raw_spin_unlock_irq+0x60/0x80 [ 677.251661] ? oom_badness+0xaa0/0xaa0 [ 677.255563] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 677.260337] ? mem_cgroup_iter_break+0x30/0x30 [ 677.264944] ? mark_held_locks+0xc7/0x130 [ 677.269106] out_of_memory+0xa84/0x1430 [ 677.273090] ? lockdep_hardirqs_on+0x421/0x5c0 [ 677.277677] ? kasan_check_read+0x11/0x20 [ 677.281839] ? oom_killer_disable+0x3a0/0x3a0 [ 677.286347] ? kasan_check_write+0x14/0x20 [ 677.290598] ? do_raw_spin_lock+0xc1/0x200 [ 677.294858] mem_cgroup_out_of_memory+0x15e/0x210 [ 677.299725] ? memcg_memory_event+0x40/0x40 [ 677.304067] ? mem_cgroup_charge_skmem+0x1e4/0x390 [ 677.309018] ? page_counter_try_charge+0x1c1/0x220 [ 677.313965] try_charge+0xc43/0x1690 [ 677.317704] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 677.323777] ? tcp_sendmsg+0x2f/0x50 [ 677.327500] ? sock_sendmsg+0xd5/0x120 [ 677.331394] ? __sys_sendto+0x3d7/0x670 [ 677.335383] ? graph_lock+0x170/0x170 [ 677.339199] ? graph_lock+0x170/0x170 [ 677.343013] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 677.348564] ? check_preemption_disabled+0x48/0x200 [ 677.353593] ? check_preemption_disabled+0x48/0x200 [ 677.358636] ? mark_held_locks+0xc7/0x130 [ 677.362802] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 677.367745] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 677.372686] ? lockdep_hardirqs_on+0x421/0x5c0 [ 677.372706] ? rcu_read_lock_sched_held+0x108/0x120 [ 677.382287] ? __sk_mem_raise_allocated+0x642/0x1800 [ 677.382307] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 677.382325] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 677.382343] ? check_preemption_disabled+0x48/0x200 [ 677.382366] mem_cgroup_charge_skmem+0x1e4/0x390 [ 677.408189] ? mem_cgroup_sk_free+0x90/0x90 [ 677.412541] __sk_mem_raise_allocated+0x642/0x1800 [ 677.417486] ? futex_wait_queue_me+0x55d/0x840 [ 677.422085] ? sk_busy_loop_end+0x1c0/0x1c0 03:05:09 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000]}, 0x6) [ 677.426420] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 677.426443] ? alloc_pages_current+0x114/0x210 [ 677.426466] ? skb_page_frag_refill+0x1eb/0x6a0 [ 677.426492] ? sock_kzfree_s+0x60/0x60 [ 677.441260] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 677.441276] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 677.441295] ? tcp_chrono_start+0x190/0x1e0 [ 677.459515] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 677.465067] ? skb_entail+0x618/0x8c0 [ 677.468877] ? tcp_rate_check_app_limited+0x121/0x460 [ 677.474079] ? tcp_splice_data_recv+0x1b0/0x1b0 [ 677.478752] __sk_mem_schedule+0x6d/0xe0 [ 677.482800] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 677.488339] tcp_sendmsg_locked+0x1c86/0x3f00 [ 677.492822] ? __fget+0x4a0/0x740 [ 677.496292] ? tcp_sendpage+0x60/0x60 [ 677.500085] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 677.505611] ? aa_label_sk_perm+0x46d/0x8e0 [ 677.509925] ? find_held_lock+0x36/0x1c0 [ 677.513978] ? mark_held_locks+0xc7/0x130 [ 677.518117] ? __local_bh_enable_ip+0x160/0x260 [ 677.522772] ? __local_bh_enable_ip+0x160/0x260 [ 677.527441] ? trace_hardirqs_on+0xbd/0x310 [ 677.531758] ? lock_release+0x970/0x970 [ 677.535717] ? lock_sock_nested+0xe2/0x120 [ 677.539940] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 677.545379] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 677.550908] ? check_preemption_disabled+0x48/0x200 [ 677.555916] ? lock_sock_nested+0x9a/0x120 [ 677.560138] ? lock_sock_nested+0x9a/0x120 [ 677.564397] ? __local_bh_enable_ip+0x160/0x260 [ 677.569072] tcp_sendmsg+0x2f/0x50 [ 677.572599] inet_sendmsg+0x1a1/0x690 [ 677.576401] ? ipip_gro_receive+0x100/0x100 [ 677.580711] ? apparmor_socket_sendmsg+0x29/0x30 [ 677.585451] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 677.590973] ? security_socket_sendmsg+0x94/0xc0 [ 677.595714] ? ipip_gro_receive+0x100/0x100 [ 677.600022] sock_sendmsg+0xd5/0x120 [ 677.603723] __sys_sendto+0x3d7/0x670 [ 677.607529] ? __ia32_sys_getpeername+0xb0/0xb0 [ 677.612197] ? lock_release+0x970/0x970 [ 677.616170] ? arch_local_save_flags+0x40/0x40 [ 677.620755] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 677.626198] ? aa_af_perm+0x5a0/0x5a0 [ 677.629996] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 677.635548] ? put_timespec64+0x10f/0x1b0 [ 677.639698] ? nsecs_to_jiffies+0x30/0x30 [ 677.643846] ? do_syscall_64+0x9a/0x820 [ 677.647807] ? do_syscall_64+0x9a/0x820 [ 677.651769] ? lockdep_hardirqs_on+0x421/0x5c0 [ 677.656336] ? trace_hardirqs_on+0xbd/0x310 [ 677.660655] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 677.666209] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 677.671572] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 677.677025] __x64_sys_sendto+0xe1/0x1a0 [ 677.681074] do_syscall_64+0x1b9/0x820 [ 677.684947] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 677.690297] ? syscall_return_slowpath+0x5e0/0x5e0 [ 677.695212] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 677.700041] ? trace_hardirqs_on_caller+0x310/0x310 [ 677.705048] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 677.710053] ? prepare_exit_to_usermode+0x291/0x3b0 [ 677.715059] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 677.719892] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 677.725075] RIP: 0033:0x457579 [ 677.728275] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 677.747181] RSP: 002b:00007f2ad8052c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 677.754877] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457579 [ 677.762130] RDX: fffffffffffffe4e RSI: 0000000020000000 RDI: 0000000000000003 [ 677.769403] RBP: 000000000072bf00 R08: 00000000200000c0 R09: 0000000000000006 [ 677.776665] R10: 00000000000000c0 R11: 0000000000000246 R12: 00007f2ad80536d4 [ 677.783931] R13: 00000000004c3929 R14: 00000000004d57c0 R15: 00000000ffffffff [ 677.794007] Task in /syz1 killed as a result of limit of /syz1 [ 677.803117] memory: usage 204800kB, limit 204800kB, failcnt 3750 [ 677.812426] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 677.819249] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 677.825397] Memory cgroup stats for /syz1: cache:224KB rss:76KB rss_huge:0KB shmem:224KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:164KB inactive_file:0KB active_file:0KB unevictable:0KB [ 677.845581] Memory cgroup out of memory: Kill process 25829 (syz-executor1) score 161 or sacrifice child [ 677.855296] Killed process 25829 (syz-executor1) total-vm:70472kB, anon-rss:108kB, file-rss:32768kB, shmem-rss:0kB [ 677.866299] syz-executor3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=3, oom_score_adj=0 [ 677.866934] oom_reaper: reaped process 25829 (syz-executor1), now anon-rss:0kB, file-rss:32000kB, shmem-rss:0kB [ 677.878197] syz-executor3 cpuset=syz3 mems_allowed=0 [ 677.893071] CPU: 1 PID: 25828 Comm: syz-executor3 Not tainted 4.19.0-rc6+ #265 [ 677.900460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 677.909800] Call Trace: [ 677.912376] dump_stack+0x1c4/0x2b4 [ 677.916004] ? dump_stack_print_info.cold.2+0x52/0x52 [ 677.921196] ? mark_held_locks+0x130/0x130 [ 677.925425] ? mark_held_locks+0x130/0x130 [ 677.929657] dump_header+0x27b/0xf72 [ 677.933370] ? pagefault_out_of_memory+0x197/0x197 [ 677.938301] ? check_preemption_disabled+0x48/0x200 [ 677.943313] ? check_preemption_disabled+0x48/0x200 [ 677.948319] ? graph_lock+0x170/0x170 [ 677.952120] ? graph_lock+0x170/0x170 [ 677.955915] ? print_usage_bug+0xc0/0xc0 [ 677.959963] ? find_held_lock+0x36/0x1c0 [ 677.964014] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 677.969537] ? find_held_lock+0x36/0x1c0 [ 677.973591] ? mark_held_locks+0xc7/0x130 [ 677.977727] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 677.982814] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 677.987905] ? lockdep_hardirqs_on+0x421/0x5c0 [ 677.992473] ? trace_hardirqs_on+0xbd/0x310 [ 677.996779] ? kasan_check_read+0x11/0x20 [ 678.000914] ? ___ratelimit+0x36f/0x655 [ 678.004875] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 678.010311] ? trace_hardirqs_on+0x310/0x310 [ 678.014705] ? lock_downgrade+0x900/0x900 [ 678.018856] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 678.023965] ? ___ratelimit+0xaa/0x655 [ 678.027846] ? idr_get_free+0xec0/0xec0 [ 678.031820] ? kasan_check_write+0x14/0x20 [ 678.036046] ? do_raw_spin_lock+0xc1/0x200 [ 678.040273] oom_kill_process.cold.27+0x10/0x903 [ 678.045026] ? kasan_check_write+0x14/0x20 [ 678.049263] ? do_raw_spin_lock+0xc1/0x200 [ 678.053504] ? oom_evaluate_task+0x540/0x540 [ 678.057912] ? cgroup_procs_next+0x70/0x70 [ 678.062155] ? _raw_spin_unlock_irq+0x60/0x80 [ 678.066678] ? oom_badness+0xaa0/0xaa0 [ 678.070597] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 678.075342] ? mem_cgroup_iter_break+0x30/0x30 [ 678.079916] ? mark_held_locks+0xc7/0x130 [ 678.084051] out_of_memory+0xa84/0x1430 [ 678.088013] ? lockdep_hardirqs_on+0x421/0x5c0 [ 678.092589] ? kasan_check_read+0x11/0x20 [ 678.096727] ? oom_killer_disable+0x3a0/0x3a0 [ 678.101210] ? kasan_check_write+0x14/0x20 [ 678.105434] ? do_raw_spin_lock+0xc1/0x200 [ 678.109670] mem_cgroup_out_of_memory+0x15e/0x210 [ 678.114502] ? memcg_memory_event+0x40/0x40 [ 678.118824] ? mem_cgroup_charge_skmem+0x1e4/0x390 [ 678.123757] ? page_counter_try_charge+0x1c1/0x220 [ 678.128678] try_charge+0xc43/0x1690 [ 678.132406] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 678.138463] ? tcp_sendmsg+0x2f/0x50 [ 678.142172] ? sock_sendmsg+0xd5/0x120 [ 678.146044] ? __sys_sendto+0x3d7/0x670 [ 678.150013] ? __x64_sys_sendto+0xe1/0x1a0 [ 678.154245] ? do_syscall_64+0x1b9/0x820 [ 678.158300] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 678.163664] ? graph_lock+0x170/0x170 [ 678.167459] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 678.172998] ? check_preemption_disabled+0x48/0x200 [ 678.178006] ? check_preemption_disabled+0x48/0x200 [ 678.183020] ? mark_held_locks+0xc7/0x130 [ 678.187182] ? __lock_is_held+0xb5/0x140 [ 678.191243] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 678.196166] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 678.201084] ? lockdep_hardirqs_on+0x421/0x5c0 [ 678.205659] ? __sk_mem_raise_allocated+0x642/0x1800 [ 678.210758] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 678.216207] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 678.221747] ? check_preemption_disabled+0x48/0x200 [ 678.226767] mem_cgroup_charge_skmem+0x1e4/0x390 [ 678.231510] ? mem_cgroup_sk_free+0x90/0x90 [ 678.235827] __sk_mem_raise_allocated+0x642/0x1800 [ 678.240746] ? sk_busy_loop_end+0x1c0/0x1c0 [ 678.245062] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 678.250065] ? skb_page_frag_refill+0x1eb/0x6a0 [ 678.254721] ? sock_kzfree_s+0x60/0x60 [ 678.258597] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 678.263601] ? sk_stream_alloc_skb+0x34b/0x970 [ 678.268184] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 678.273706] ? skb_entail+0x618/0x8c0 [ 678.277495] ? tcp_rate_check_app_limited+0x121/0x460 [ 678.282676] ? tcp_splice_data_recv+0x1b0/0x1b0 [ 678.287342] __sk_mem_schedule+0x6d/0xe0 [ 678.291388] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 678.296914] tcp_sendmsg_locked+0x1c86/0x3f00 [ 678.301434] ? tcp_sendpage+0x60/0x60 [ 678.305225] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 678.310758] ? aa_label_sk_perm+0x46d/0x8e0 [ 678.315082] ? find_held_lock+0x36/0x1c0 [ 678.319154] ? mark_held_locks+0xc7/0x130 [ 678.323296] ? __local_bh_enable_ip+0x160/0x260 [ 678.327952] ? __local_bh_enable_ip+0x160/0x260 [ 678.332624] ? trace_hardirqs_on+0xbd/0x310 [ 678.336953] ? lock_release+0x970/0x970 [ 678.340929] ? lock_sock_nested+0xe2/0x120 [ 678.345161] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 678.350612] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 678.356161] ? check_preemption_disabled+0x48/0x200 [ 678.361185] ? lock_sock_nested+0x9a/0x120 [ 678.365414] ? lock_sock_nested+0x9a/0x120 [ 678.369640] ? __local_bh_enable_ip+0x160/0x260 [ 678.374313] tcp_sendmsg+0x2f/0x50 [ 678.377847] inet_sendmsg+0x1a1/0x690 [ 678.381636] ? ipip_gro_receive+0x100/0x100 [ 678.385942] ? apparmor_socket_sendmsg+0x29/0x30 [ 678.390686] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 678.396212] ? security_socket_sendmsg+0x94/0xc0 [ 678.400953] ? ipip_gro_receive+0x100/0x100 [ 678.405262] sock_sendmsg+0xd5/0x120 [ 678.408965] __sys_sendto+0x3d7/0x670 [ 678.412752] ? __ia32_sys_getpeername+0xb0/0xb0 [ 678.417409] ? lock_release+0x970/0x970 [ 678.421368] ? arch_local_save_flags+0x40/0x40 [ 678.425943] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 678.431394] ? aa_af_perm+0x5a0/0x5a0 [ 678.435196] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 678.440719] ? put_timespec64+0x10f/0x1b0 [ 678.444855] ? nsecs_to_jiffies+0x30/0x30 [ 678.448990] ? do_syscall_64+0x9a/0x820 [ 678.452954] ? do_syscall_64+0x9a/0x820 [ 678.456916] ? lockdep_hardirqs_on+0x421/0x5c0 [ 678.461491] ? trace_hardirqs_on+0xbd/0x310 [ 678.465798] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 678.471321] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 678.476676] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 678.482113] __x64_sys_sendto+0xe1/0x1a0 [ 678.486192] do_syscall_64+0x1b9/0x820 [ 678.490082] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 678.495431] ? syscall_return_slowpath+0x5e0/0x5e0 [ 678.500346] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 678.505187] ? trace_hardirqs_on_caller+0x310/0x310 [ 678.510206] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 678.515211] ? prepare_exit_to_usermode+0x291/0x3b0 [ 678.520214] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 678.525061] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 678.530258] RIP: 0033:0x457579 [ 678.533445] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 678.552332] RSP: 002b:00007f7e36aa9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 678.560025] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457579 [ 678.567277] RDX: fffffffffffffe4e RSI: 0000000020000000 RDI: 0000000000000003 [ 678.574529] RBP: 000000000072bf00 R08: 00000000200000c0 R09: 0000000000000006 [ 678.581781] R10: 00000000000000c0 R11: 0000000000000246 R12: 00007f7e36aaa6d4 [ 678.589035] R13: 00000000004c3929 R14: 00000000004d57c0 R15: 00000000ffffffff [ 678.600677] Task in /syz3 killed as a result of limit of /syz3 [ 678.606696] memory: usage 204800kB, limit 204800kB, failcnt 2861 [ 678.612981] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 678.619809] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 678.625950] Memory cgroup stats for /syz3: cache:0KB rss:212KB rss_huge:0KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:168KB inactive_file:0KB active_file:0KB unevictable:0KB [ 678.646004] Memory cgroup out of memory: Kill process 25823 (syz-executor3) score 161 or sacrifice child [ 678.655731] Killed process 25823 (syz-executor3) total-vm:70472kB, anon-rss:108kB, file-rss:32832kB, shmem-rss:0kB [ 678.666539] syz-executor1 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=0 [ 678.667344] oom_reaper: reaped process 25823 (syz-executor3), now anon-rss:0kB, file-rss:32064kB, shmem-rss:0kB [ 678.681009] syz-executor1 cpuset=syz1 mems_allowed=0 [ 678.696710] CPU: 0 PID: 25829 Comm: syz-executor1 Not tainted 4.19.0-rc6+ #265 [ 678.704081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 678.713426] Call Trace: [ 678.716001] dump_stack+0x1c4/0x2b4 [ 678.719617] ? dump_stack_print_info.cold.2+0x52/0x52 [ 678.724796] dump_header+0x27b/0xf72 [ 678.728496] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 678.734275] ? kasan_check_read+0x11/0x20 [ 678.738413] ? pagefault_out_of_memory+0x197/0x197 [ 678.743327] ? rcu_read_unlock+0x33/0x60 [ 678.747371] ? mem_cgroup_iter+0x514/0x1160 [ 678.751679] ? find_held_lock+0x36/0x1c0 [ 678.755724] ? mem_cgroup_nr_lru_pages+0x80/0x80 [ 678.760465] ? mark_held_locks+0xc7/0x130 [ 678.764635] ? _raw_spin_unlock_irq+0x27/0x80 [ 678.769116] ? _raw_spin_unlock_irq+0x27/0x80 [ 678.773594] ? lockdep_hardirqs_on+0x421/0x5c0 [ 678.778171] ? trace_hardirqs_on+0xbd/0x310 [ 678.782512] ? kasan_check_read+0x11/0x20 [ 678.786643] ? css_task_iter_end+0x222/0x490 [ 678.791035] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 678.796506] ? kasan_check_write+0x14/0x20 [ 678.800764] ? do_raw_spin_lock+0xc1/0x200 [ 678.804985] ? _raw_spin_unlock_irq+0x60/0x80 [ 678.809464] ? css_task_iter_end+0x2ce/0x490 [ 678.813855] ? cgroup_procs_next+0x70/0x70 [ 678.818073] ? _raw_spin_unlock_irq+0x60/0x80 [ 678.822550] ? oom_badness+0xaa0/0xaa0 [ 678.826419] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 678.831165] ? mem_cgroup_iter_break+0x30/0x30 [ 678.835742] ? cgroup_file_notify+0x226/0x2f0 [ 678.840223] out_of_memory.cold.30+0xf/0x184 [ 678.844615] ? lockdep_hardirqs_on+0x421/0x5c0 [ 678.849184] ? kasan_check_read+0x11/0x20 [ 678.853315] ? oom_killer_disable+0x3a0/0x3a0 [ 678.857792] ? kasan_check_write+0x14/0x20 [ 678.862013] ? do_raw_spin_lock+0xc1/0x200 [ 678.866236] mem_cgroup_out_of_memory+0x15e/0x210 [ 678.871062] ? memcg_memory_event+0x40/0x40 [ 678.875366] ? memcg_kmem_charge_memcg+0x7c/0x120 [ 678.880196] ? page_counter_try_charge+0x1c1/0x220 [ 678.885109] try_charge+0xc43/0x1690 [ 678.888809] ? lock_downgrade+0x900/0x900 [ 678.892944] ? check_preemption_disabled+0x48/0x200 [ 678.897949] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 678.904012] ? find_held_lock+0x36/0x1c0 [ 678.908062] ? get_mem_cgroup_from_mm+0x1e9/0x440 [ 678.912886] ? lock_downgrade+0x900/0x900 [ 678.917031] ? check_preemption_disabled+0x48/0x200 [ 678.922032] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 678.927809] ? kasan_check_read+0x11/0x20 [ 678.931941] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 678.937201] ? rcu_bh_qs+0xc0/0xc0 [ 678.940728] ? get_mem_cgroup_from_mm+0x206/0x440 [ 678.945555] memcg_kmem_charge_memcg+0x7c/0x120 [ 678.950209] ? memcg_kmem_put_cache+0xb0/0xb0 [ 678.954688] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 678.960037] memcg_kmem_charge+0x135/0x300 [ 678.964259] __alloc_pages_nodemask+0x72e/0xde0 [ 678.968910] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 678.974177] ? __alloc_pages_slowpath+0x2d80/0x2d80 [ 678.979181] ? check_preemption_disabled+0x48/0x200 [ 678.984188] ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0 [ 678.989731] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 678.994989] ? percpu_ref_put_many+0x13e/0x260 [ 678.999554] ? rcu_pm_notify+0xc0/0xc0 [ 679.003428] ? copy_process+0x1ff4/0x8780 [ 679.007561] ? rcu_read_lock_sched_held+0x108/0x120 [ 679.012562] ? kmem_cache_alloc_node+0x349/0x730 [ 679.017298] ? kasan_check_write+0x14/0x20 [ 679.021516] ? do_raw_spin_lock+0xc1/0x200 [ 679.025757] copy_process+0xa09/0x8780 [ 679.029630] ? print_usage_bug+0xc0/0xc0 [ 679.033677] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 679.039198] ? __lock_acquire+0x7ec/0x4ec0 [ 679.043424] ? __cleanup_sighand+0x70/0x70 [ 679.047649] ? mark_held_locks+0x130/0x130 [ 679.051890] ? print_usage_bug+0xc0/0xc0 [ 679.055934] ? find_held_lock+0x36/0x1c0 [ 679.059986] ? rcu_read_unlock_special.part.39+0x8a4/0x11f0 [ 679.065685] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 679.070774] ? __lock_acquire+0x7ec/0x4ec0 [ 679.074992] ? graph_lock+0x170/0x170 [ 679.078781] ? check_preemption_disabled+0x48/0x200 [ 679.083782] ? check_preemption_disabled+0x48/0x200 [ 679.088787] ? mark_held_locks+0x130/0x130 [ 679.093003] ? print_usage_bug+0xc0/0xc0 [ 679.097072] ? find_held_lock+0x36/0x1c0 [ 679.101122] ? find_held_lock+0x36/0x1c0 [ 679.105178] ? print_usage_bug+0xc0/0xc0 [ 679.109225] ? __lock_acquire+0x7ec/0x4ec0 [ 679.113462] ? lock_downgrade+0x900/0x900 [ 679.117596] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 679.123116] ? check_preemption_disabled+0x48/0x200 [ 679.128114] ? check_preemption_disabled+0x48/0x200 [ 679.133118] ? __lock_acquire+0x7ec/0x4ec0 [ 679.137341] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 679.142865] ? mark_held_locks+0x130/0x130 [ 679.147085] ? rcu_read_unlock+0x16/0x60 [ 679.151129] ? lock_downgrade+0x900/0x900 [ 679.155265] ? check_preemption_disabled+0x48/0x200 [ 679.160266] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 679.166043] ? kasan_check_read+0x11/0x20 [ 679.170181] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 679.175438] ? graph_lock+0x170/0x170 [ 679.179228] ? rcu_read_unlock+0x33/0x60 [ 679.183275] ? find_held_lock+0x36/0x1c0 [ 679.187322] ? graph_lock+0x170/0x170 [ 679.191104] ? delayacct_end+0x25/0x100 [ 679.195058] ? lock_downgrade+0x900/0x900 [ 679.199190] ? ktime_get+0x352/0x440 [ 679.202886] ? print_usage_bug+0xc0/0xc0 [ 679.206941] ? find_held_lock+0x36/0x1c0 [ 679.211001] ? delayacct_end+0xc5/0x100 [ 679.214961] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 679.220048] ? __lock_acquire+0x7ec/0x4ec0 [ 679.224262] ? trace_hardirqs_on+0xbd/0x310 [ 679.228566] ? kasan_check_read+0x11/0x20 [ 679.232699] ? delayacct_end+0xc5/0x100 [ 679.236657] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 679.242097] ? mark_held_locks+0x130/0x130 [ 679.246315] ? delayacct_end+0x5a/0x100 [ 679.250275] ? __delayacct_freepages_end+0xe0/0x140 [ 679.255277] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 679.260824] ? do_try_to_free_pages+0xe68/0x1290 [ 679.265569] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 679.271112] ? check_preemption_disabled+0x48/0x200 [ 679.276114] ? check_preemption_disabled+0x48/0x200 [ 679.281117] ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0 [ 679.286635] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 679.291898] ? rcu_pm_notify+0xc0/0xc0 [ 679.295773] ? graph_lock+0x170/0x170 [ 679.299580] ? try_to_free_mem_cgroup_pages+0x58b/0xca0 [ 679.304933] _do_fork+0x1cb/0x11d0 [ 679.308457] ? fork_idle+0x1d0/0x1d0 [ 679.312186] ? percpu_ref_put_many+0x11c/0x260 [ 679.316752] ? lock_downgrade+0x900/0x900 [ 679.320906] ? check_preemption_disabled+0x48/0x200 [ 679.325908] ? kasan_check_read+0x11/0x20 [ 679.330044] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 679.335305] ? rcu_bh_qs+0xc0/0xc0 [ 679.338832] ? get_mem_cgroup_from_mm+0x206/0x440 [ 679.343662] ? do_syscall_64+0x9a/0x820 [ 679.347623] ? do_syscall_64+0x9a/0x820 [ 679.351581] ? lockdep_hardirqs_on+0x421/0x5c0 [ 679.356152] ? trace_hardirqs_on+0xbd/0x310 [ 679.360485] ? trace_hardirqs_on+0x310/0x310 [ 679.364878] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 679.370224] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 679.375658] __x64_sys_clone+0xbf/0x150 [ 679.379656] do_syscall_64+0x1b9/0x820 [ 679.383526] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 679.388873] ? syscall_return_slowpath+0x5e0/0x5e0 [ 679.393783] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 679.398611] ? trace_hardirqs_on_caller+0x310/0x310 [ 679.403611] ? prepare_exit_to_usermode+0x291/0x3b0 [ 679.408614] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 679.413451] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 679.418621] RIP: 0033:0x459f49 [ 679.421800] Code: Bad RIP value. [ 679.425174] RSP: 002b:0000000000a3fac8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 679.432869] RAX: ffffffffffffffda RBX: 00007f2ad8032700 RCX: 0000000000459f49 [ 679.440118] RDX: 00007f2ad80329d0 RSI: 00007f2ad8031db0 RDI: 00000000003d0f00 [ 679.447367] RBP: 0000000000a3fcd0 R08: 00007f2ad8032700 R09: 00007f2ad8032700 [ 679.454616] R10: 00007f2ad80329d0 R11: 0000000000000202 R12: 0000000000000000 [ 679.461908] R13: 0000000000a3fb7f R14: 00007f2ad80329c0 R15: 0000000000000001 [ 679.476782] Memory limit reached of cgroup /syz1 [ 679.481788] memory: usage 204656kB, limit 204800kB, failcnt 3750 03:05:12 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300]}, 0x6) 03:05:12 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x34000000]}, 0x6) 03:05:12 executing program 5: socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000080)) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000380)={'bcsf0\x00'}) clone(0x1000500, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) r2 = memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, &(0x7f0000000200)) execveat(r2, &(0x7f0000000000)='\x00', &(0x7f00000001c0), &(0x7f0000000240), 0x1000) 03:05:12 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x100000000000000]}, 0x6) 03:05:12 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x4000000000000000]}, 0x6) 03:05:12 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x1f4]}, 0x6) [ 679.488832] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 679.495602] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 679.501881] Memory cgroup stats for /syz1: cache:224KB rss:76KB rss_huge:0KB shmem:224KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:64KB inactive_file:0KB active_file:0KB unevictable:0KB [ 679.522142] Out of memory and no killable processes... 03:05:12 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioprio_set$uid(0x3, 0x0, 0x0) socket$inet6(0x10, 0x0, 0x0) setsockopt$inet6_MRT6_DEL_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd3, &(0x7f0000002000)={{}, {0xa, 0x0, 0x0, @mcast2}}, 0xfffffc99) 03:05:12 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4002]}, 0x6) [ 679.620286] syz-executor3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 679.684961] syz-executor3 cpuset=syz3 mems_allowed=0 [ 679.706551] CPU: 1 PID: 25879 Comm: syz-executor3 Not tainted 4.19.0-rc6+ #265 [ 679.713931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 679.723280] Call Trace: [ 679.725877] dump_stack+0x1c4/0x2b4 [ 679.725899] ? dump_stack_print_info.cold.2+0x52/0x52 [ 679.725925] dump_header+0x27b/0xf72 [ 679.738440] ? mark_held_locks+0x130/0x130 [ 679.742703] ? pagefault_out_of_memory+0x197/0x197 [ 679.747655] ? check_preemption_disabled+0x48/0x200 [ 679.752718] ? check_preemption_disabled+0x48/0x200 [ 679.757762] ? graph_lock+0x170/0x170 [ 679.761601] ? graph_lock+0x170/0x170 [ 679.765412] ? print_usage_bug+0xc0/0xc0 [ 679.769494] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 679.775048] ? find_held_lock+0x36/0x1c0 [ 679.779131] ? mark_held_locks+0xc7/0x130 [ 679.783300] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 679.788412] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 679.793524] ? lockdep_hardirqs_on+0x421/0x5c0 [ 679.798123] ? trace_hardirqs_on+0xbd/0x310 [ 679.802461] ? kasan_check_read+0x11/0x20 [ 679.802478] ? ___ratelimit+0x36f/0x655 [ 679.802494] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 679.802510] ? trace_hardirqs_on+0x310/0x310 [ 679.802528] ? lock_downgrade+0x900/0x900 [ 679.810641] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 679.810658] ? ___ratelimit+0xaa/0x655 [ 679.810684] ? idr_get_free+0xec0/0xec0 [ 679.810699] ? kasan_check_write+0x14/0x20 [ 679.810714] ? do_raw_spin_lock+0xc1/0x200 [ 679.810735] oom_kill_process.cold.27+0x10/0x903 [ 679.850987] ? kasan_check_write+0x14/0x20 [ 679.855704] ? do_raw_spin_lock+0xc1/0x200 [ 679.859960] ? oom_evaluate_task+0x540/0x540 [ 679.864386] ? cgroup_procs_next+0x70/0x70 [ 679.868638] ? _raw_spin_unlock_irq+0x60/0x80 [ 679.873163] ? oom_badness+0xaa0/0xaa0 [ 679.877065] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 679.881834] ? mem_cgroup_iter_break+0x30/0x30 [ 679.886441] ? mark_held_locks+0xc7/0x130 [ 679.890605] out_of_memory+0xa84/0x1430 [ 679.894588] ? lockdep_hardirqs_on+0x421/0x5c0 [ 679.899187] ? kasan_check_read+0x11/0x20 03:05:12 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000280)="66640000340c43fe0de91d9014245d9afc2c1bf1966e108cc72de39048d7f864cff2b9be354a60ba5b42fb8a17c55babf76b9ca4e3b98615835f6b43e916e1a490154388bc9ecbd1389db40b696ca289c51937684d4a9214284419a3087d5f68732fe34f0a91f1e468723fb9c4defa368256df8c59a81d50f5a8ee2ad3897760e10e4d435d3db149264a21b440c2346362d483047e683841c015da9f8ec49170e83c59095c49a9586b652ed0cd871e7152400a0c11ce63ea7ec7a552f68900b9915a5ae7e073ed19291ff194a7b30a220d2d383b864e0b723fedb21219456ea657b13f470557c277ec9c53c1") fchdir(r0) r1 = memfd_create(&(0x7f0000000100)="9099f73a1c7a8d070fc9118d5475663b2ed16f0008f441b01fd923c640a21c6619ecb5cf774b4a64549d57962a838f8edd993560a2f848bc483a9d16f602d4739aa45b3d5930d1865232afa712497380f8733173c58546fb224a6dd2e652c54dc25570fce3a59c1ee353a2dcdd719edc15752cee6ea21a24186d1ba23b0b61719b96815f5cbbb9", 0x0) write(r1, &(0x7f0000000540)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) 03:05:12 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x3f8) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x12}) 03:05:12 executing program 5: 03:05:12 executing program 5: 03:05:12 executing program 5: [ 679.903348] ? oom_killer_disable+0x3a0/0x3a0 [ 679.907851] ? kasan_check_write+0x14/0x20 [ 679.912090] ? do_raw_spin_lock+0xc1/0x200 [ 679.916347] mem_cgroup_out_of_memory+0x15e/0x210 [ 679.921205] ? memcg_memory_event+0x40/0x40 [ 679.925533] ? mem_cgroup_try_charge+0x5ea/0xe10 [ 679.930301] ? page_counter_try_charge+0x1c1/0x220 [ 679.935244] try_charge+0xc43/0x1690 [ 679.938979] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 679.945040] ? get_mem_cgroup_from_mm+0x1e9/0x440 [ 679.949884] ? lock_downgrade+0x900/0x900 [ 679.954021] ? check_preemption_disabled+0x48/0x200 [ 679.959026] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 679.964831] ? kasan_check_read+0x11/0x20 [ 679.968980] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 679.974246] ? rcu_bh_qs+0xc0/0xc0 [ 679.977780] ? get_mem_cgroup_from_mm+0x206/0x440 [ 679.982612] ? mem_cgroup_can_attach+0x580/0x580 [ 679.987354] ? __lock_is_held+0xb5/0x140 [ 679.991412] mem_cgroup_try_charge+0x5ea/0xe10 [ 679.995984] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 680.001510] ? mem_cgroup_protected+0xa60/0xa60 [ 680.006174] ? find_held_lock+0x36/0x1c0 [ 680.010228] ? __pte_alloc+0x1c7/0x350 [ 680.014105] ? kasan_check_read+0x11/0x20 [ 680.018237] ? do_raw_spin_unlock+0xa7/0x2f0 [ 680.022631] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 680.027199] ? kasan_check_write+0x14/0x20 [ 680.031433] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 680.036984] mem_cgroup_try_charge_delay+0x1d/0xa0 [ 680.041908] __handle_mm_fault+0x273a/0x53e0 [ 680.046306] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 680.051135] ? graph_lock+0x170/0x170 [ 680.054929] ? print_usage_bug+0xc0/0xc0 [ 680.058973] ? graph_lock+0x170/0x170 [ 680.062760] ? graph_lock+0x170/0x170 [ 680.066544] ? graph_lock+0x170/0x170 [ 680.070338] ? handle_mm_fault+0x42a/0xc70 [ 680.074561] ? lock_downgrade+0x900/0x900 [ 680.078696] ? check_preemption_disabled+0x48/0x200 [ 680.083701] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 680.089481] ? kasan_check_read+0x11/0x20 [ 680.093616] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 680.098878] ? rcu_bh_qs+0xc0/0xc0 [ 680.102406] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 680.107855] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 680.113379] ? check_preemption_disabled+0x48/0x200 [ 680.118387] handle_mm_fault+0x54f/0xc70 [ 680.122473] ? __handle_mm_fault+0x53e0/0x53e0 [ 680.127042] ? find_vma+0x34/0x190 [ 680.130588] __do_page_fault+0x67d/0xed0 [ 680.134664] ? mm_fault_error+0x380/0x380 [ 680.138818] ? trace_hardirqs_off+0xb8/0x310 [ 680.143213] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 680.148568] ? trace_hardirqs_on+0x310/0x310 [ 680.152977] do_page_fault+0xf2/0x7e0 [ 680.156801] ? vmalloc_sync_all+0x30/0x30 [ 680.160936] ? error_entry+0x70/0xd0 [ 680.164638] ? trace_hardirqs_off_caller+0xbb/0x310 [ 680.169636] ? trace_hardirqs_on_caller+0xc0/0x310 [ 680.174558] ? syscall_return_slowpath+0x5e0/0x5e0 [ 680.179484] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 680.184314] ? trace_hardirqs_on_caller+0x310/0x310 [ 680.189312] ? trace_hardirqs_off+0x310/0x310 [ 680.193797] ? prepare_exit_to_usermode+0x291/0x3b0 [ 680.198799] ? page_fault+0x8/0x30 [ 680.202323] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 680.207188] ? page_fault+0x8/0x30 [ 680.210727] page_fault+0x1e/0x30 [ 680.214172] RIP: 0033:0x4004d1 [ 680.217358] Code: d3 e6 0f b6 c2 f7 d6 40 22 37 d3 e0 09 f0 88 07 e9 5a 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 11 48 8b 44 24 08 8b 54 24 20 <66> 89 10 e9 3d 01 00 00 8a 4c 24 28 b8 01 00 00 00 8b 54 24 20 48 [ 680.236244] RSP: 002b:0000000000a3fbc0 EFLAGS: 00010246 [ 680.241594] RAX: 0000000020e68000 RBX: 000000000072c900 RCX: 0000000000000000 [ 680.248853] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 000000000286a848 03:05:13 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x4000000]}, 0x6) 03:05:13 executing program 5: [ 680.256116] RBP: fffffffffffffffe R08: 0000000000000000 R09: 0000000000000000 [ 680.263369] R10: 0000000000a3fcc0 R11: 0000000000000246 R12: 000000000072bf0c [ 680.270622] R13: 00000000000003e8 R14: 00000000000a5ed7 R15: 00000000000a5eaa [ 680.327823] Task in /syz3 killed as a result of limit of /syz3 [ 680.333952] memory: usage 204796kB, limit 204800kB, failcnt 2880 [ 680.344889] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 680.363530] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 680.373759] Memory cgroup stats for /syz3: cache:0KB rss:212KB rss_huge:0KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:156KB inactive_file:0KB active_file:0KB unevictable:0KB [ 680.393980] Memory cgroup out of memory: Kill process 25879 (syz-executor3) score 161 or sacrifice child [ 680.403862] Killed process 25879 (syz-executor3) total-vm:70340kB, anon-rss:108kB, file-rss:32768kB, shmem-rss:0kB [ 680.415345] oom_reaper: reaped process 25879 (syz-executor3), now anon-rss:0kB, file-rss:32064kB, shmem-rss:0kB [ 680.419871] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 680.436834] syz-executor1 cpuset=syz1 mems_allowed=0 [ 680.442397] CPU: 1 PID: 25886 Comm: syz-executor1 Not tainted 4.19.0-rc6+ #265 [ 680.449768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 680.459117] Call Trace: [ 680.459142] dump_stack+0x1c4/0x2b4 [ 680.459176] ? dump_stack_print_info.cold.2+0x52/0x52 [ 680.459203] dump_header+0x27b/0xf72 [ 680.459228] ? mark_held_locks+0x130/0x130 [ 680.478532] ? pagefault_out_of_memory+0x197/0x197 [ 680.483463] ? check_preemption_disabled+0x48/0x200 [ 680.488466] ? check_preemption_disabled+0x48/0x200 [ 680.493473] ? graph_lock+0x170/0x170 [ 680.497266] ? graph_lock+0x170/0x170 [ 680.501053] ? print_usage_bug+0xc0/0xc0 [ 680.505103] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 680.510659] ? find_held_lock+0x36/0x1c0 [ 680.514732] ? mark_held_locks+0xc7/0x130 [ 680.518869] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 680.523956] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 680.529046] ? lockdep_hardirqs_on+0x421/0x5c0 [ 680.533613] ? trace_hardirqs_on+0xbd/0x310 [ 680.537920] ? kasan_check_read+0x11/0x20 [ 680.542056] ? ___ratelimit+0x36f/0x655 [ 680.546015] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 680.551456] ? trace_hardirqs_on+0x310/0x310 [ 680.555851] ? lock_downgrade+0x900/0x900 [ 680.559989] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 680.565080] ? ___ratelimit+0xaa/0x655 [ 680.568953] ? idr_get_free+0xec0/0xec0 [ 680.572914] ? kasan_check_write+0x14/0x20 [ 680.577133] ? do_raw_spin_lock+0xc1/0x200 [ 680.581366] oom_kill_process.cold.27+0x10/0x903 [ 680.586113] ? kasan_check_write+0x14/0x20 [ 680.590357] ? do_raw_spin_lock+0xc1/0x200 [ 680.594615] ? oom_evaluate_task+0x540/0x540 [ 680.599013] ? cgroup_procs_next+0x70/0x70 [ 680.603235] ? _raw_spin_unlock_irq+0x60/0x80 [ 680.607715] ? oom_badness+0xaa0/0xaa0 [ 680.611589] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 680.616331] ? mem_cgroup_iter_break+0x30/0x30 [ 680.620906] ? mark_held_locks+0xc7/0x130 [ 680.625041] out_of_memory+0xa84/0x1430 [ 680.629003] ? lockdep_hardirqs_on+0x421/0x5c0 [ 680.633573] ? kasan_check_read+0x11/0x20 [ 680.637708] ? oom_killer_disable+0x3a0/0x3a0 [ 680.642191] ? kasan_check_write+0x14/0x20 [ 680.646413] ? do_raw_spin_lock+0xc1/0x200 [ 680.650643] mem_cgroup_out_of_memory+0x15e/0x210 [ 680.655489] ? memcg_memory_event+0x40/0x40 [ 680.659795] ? mem_cgroup_charge_skmem+0x1e4/0x390 [ 680.664711] ? page_counter_try_charge+0x1c1/0x220 [ 680.669640] try_charge+0xc43/0x1690 [ 680.673348] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 680.679414] ? __kmalloc_node_track_caller+0x33/0x70 [ 680.684503] ? __kmalloc_node_track_caller+0x33/0x70 [ 680.689592] ? rcu_read_lock_sched_held+0x108/0x120 [ 680.694604] ? kmem_cache_alloc_node_trace+0x34b/0x740 [ 680.699867] ? kasan_unpoison_shadow+0x35/0x50 [ 680.704433] ? kasan_kmalloc+0xc7/0xe0 [ 680.708308] ? mark_held_locks+0xc7/0x130 [ 680.712442] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 680.717355] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 680.722438] ? lockdep_hardirqs_on+0x421/0x5c0 [ 680.727008] ? sk_forced_mem_schedule+0x13b/0x170 [ 680.731839] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 680.737276] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 680.742800] ? check_preemption_disabled+0x48/0x200 [ 680.747806] mem_cgroup_charge_skmem+0x1e4/0x390 [ 680.752551] ? mem_cgroup_sk_free+0x90/0x90 [ 680.756860] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 680.762381] ? tcp_chrono_stop+0x25f/0x520 [ 680.766610] sk_forced_mem_schedule+0x13b/0x170 [ 680.771270] sk_stream_alloc_skb+0x1ab/0x970 [ 680.775673] ? tcp_init_transfer+0x470/0x470 [ 680.780071] ? __lock_is_held+0xb5/0x140 [ 680.784122] tcp_connect+0x1283/0x4690 [ 680.788010] ? tcp_push_one+0x110/0x110 [ 680.791976] ? mark_held_locks+0xc7/0x130 [ 680.796112] ? ktime_get_with_offset+0x38e/0x470 [ 680.800857] ? pvclock_read_flags+0x160/0x160 [ 680.805337] ? secure_tcp_seq+0xa4/0x180 [ 680.809383] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 680.814826] ? kvm_clock_read+0x18/0x30 [ 680.818788] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 680.823802] ? ktime_get_with_offset+0x313/0x470 [ 680.828543] ? ktime_get+0x440/0x440 [ 680.832260] ? ip_route_output_key_hash+0x297/0x3b0 [ 680.837264] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 680.842792] ? tcp_fastopen_cookie_check+0x330/0x330 [ 680.847882] ? secure_tcp_ts_off+0xe6/0x1a0 [ 680.852198] ? secure_ipv6_port_ephemeral+0x2f0/0x2f0 [ 680.857417] ? check_preemption_disabled+0x48/0x200 [ 680.862425] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 680.867950] ? sk_setup_caps+0x209/0x690 [ 680.872000] tcp_v4_connect+0x1996/0x1dd0 [ 680.876141] ? tcp_v4_parse_md5_keys+0x340/0x340 [ 680.880910] ? graph_lock+0x170/0x170 [ 680.884703] __inet_stream_connect+0x992/0x1150 [ 680.889363] ? inet_dgram_connect+0x2e0/0x2e0 [ 680.893841] ? __lock_is_held+0xb5/0x140 [ 680.897896] ? tcp_sendmsg_locked+0x32f9/0x3f00 [ 680.902553] ? rcu_read_lock_sched_held+0x108/0x120 [ 680.907558] ? kmem_cache_alloc_trace+0x353/0x750 [ 680.912402] tcp_sendmsg_locked+0x2bf2/0x3f00 [ 680.916887] ? __fget+0x4aa/0x740 [ 680.920329] ? lock_downgrade+0x900/0x900 [ 680.924462] ? check_preemption_disabled+0x48/0x200 [ 680.929468] ? tcp_sendpage+0x60/0x60 [ 680.933259] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 680.938782] ? aa_label_sk_perm+0x46d/0x8e0 [ 680.943118] ? find_held_lock+0x36/0x1c0 [ 680.947185] ? mark_held_locks+0xc7/0x130 [ 680.951336] ? __local_bh_enable_ip+0x160/0x260 [ 680.956006] ? __local_bh_enable_ip+0x160/0x260 [ 680.960688] ? lockdep_hardirqs_on+0x421/0x5c0 [ 680.965281] ? trace_hardirqs_on+0xbd/0x310 [ 680.969589] ? lock_release+0x970/0x970 [ 680.973550] ? lock_sock_nested+0xe2/0x120 [ 680.977770] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 680.983209] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 680.988753] ? check_preemption_disabled+0x48/0x200 [ 680.993759] ? lock_sock_nested+0x9a/0x120 [ 680.997979] ? lock_sock_nested+0x9a/0x120 [ 681.002203] ? __local_bh_enable_ip+0x160/0x260 [ 681.006882] tcp_sendmsg+0x2f/0x50 [ 681.010410] inet_sendmsg+0x1a1/0x690 [ 681.014202] ? ipip_gro_receive+0x100/0x100 [ 681.018510] ? apparmor_socket_sendmsg+0x29/0x30 [ 681.023250] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 681.028775] ? security_socket_sendmsg+0x94/0xc0 [ 681.033536] ? ipip_gro_receive+0x100/0x100 [ 681.037844] sock_sendmsg+0xd5/0x120 [ 681.041546] __sys_sendto+0x3d7/0x670 [ 681.045356] ? __ia32_sys_getpeername+0xb0/0xb0 [ 681.050011] ? lock_release+0x970/0x970 [ 681.053979] ? arch_local_save_flags+0x40/0x40 [ 681.058562] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 681.064041] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 681.069583] ? put_timespec64+0x10f/0x1b0 [ 681.073730] ? nsecs_to_jiffies+0x30/0x30 [ 681.077865] ? do_syscall_64+0x9a/0x820 [ 681.081839] ? do_syscall_64+0x9a/0x820 [ 681.085809] ? lockdep_hardirqs_on+0x421/0x5c0 [ 681.090378] ? trace_hardirqs_on+0xbd/0x310 [ 681.094690] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 681.100214] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 681.105562] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 681.111001] __x64_sys_sendto+0xe1/0x1a0 [ 681.115051] do_syscall_64+0x1b9/0x820 [ 681.118923] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 681.124272] ? syscall_return_slowpath+0x5e0/0x5e0 [ 681.129185] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 681.134017] ? trace_hardirqs_on_caller+0x310/0x310 [ 681.139022] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 681.144024] ? prepare_exit_to_usermode+0x291/0x3b0 [ 681.149027] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 681.153858] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 681.159032] RIP: 0033:0x457579 [ 681.162212] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 681.181098] RSP: 002b:00007f2ad8052c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 681.188791] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457579 [ 681.196041] RDX: 00000000000000a4 RSI: 0000000020000000 RDI: 0000000000000003 [ 681.203294] RBP: 000000000072bf00 R08: 0000000020e68000 R09: 0000000000000010 [ 681.210549] R10: 00000000200007fe R11: 0000000000000246 R12: 00007f2ad80536d4 [ 681.217821] R13: 00000000004c3929 R14: 00000000004d57c0 R15: 00000000ffffffff [ 681.227287] Task in /syz1 killed as a result of limit of /syz1 [ 681.233309] memory: usage 202892kB, limit 204800kB, failcnt 3791 [ 681.239624] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 681.246388] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 681.253367] Memory cgroup stats for /syz1: cache:224KB rss:76KB rss_huge:0KB shmem:224KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:160KB inactive_file:0KB active_file:0KB unevictable:0KB 03:05:14 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x4002000000000000]}, 0x6) 03:05:14 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x240]}, 0x6) 03:05:14 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0xa00]}, 0x6) 03:05:14 executing program 5: 03:05:14 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x1100]}, 0x6) 03:05:14 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xfffff8ea]}, 0x6) [ 681.273521] Memory cgroup out of memory: Kill process 25883 (syz-executor1) score 161 or sacrifice child [ 681.283255] Killed process 25883 (syz-executor1) total-vm:70340kB, anon-rss:108kB, file-rss:32768kB, shmem-rss:0kB [ 681.294817] oom_reaper: reaped process 25883 (syz-executor1), now anon-rss:0kB, file-rss:32064kB, shmem-rss:0kB 03:05:14 executing program 5: [ 681.390063] syz-executor3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 681.419649] syz-executor3 cpuset=syz3 mems_allowed=0 [ 681.433870] CPU: 1 PID: 25919 Comm: syz-executor3 Not tainted 4.19.0-rc6+ #265 [ 681.441251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 681.450610] Call Trace: [ 681.453219] dump_stack+0x1c4/0x2b4 [ 681.456889] ? dump_stack_print_info.cold.2+0x52/0x52 [ 681.462101] dump_header+0x27b/0xf72 [ 681.465867] ? mark_held_locks+0x130/0x130 [ 681.470113] ? pagefault_out_of_memory+0x197/0x197 [ 681.475064] ? check_preemption_disabled+0x48/0x200 [ 681.480090] ? check_preemption_disabled+0x48/0x200 [ 681.485128] ? graph_lock+0x170/0x170 [ 681.488961] ? graph_lock+0x170/0x170 [ 681.492771] ? print_usage_bug+0xc0/0xc0 [ 681.496844] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 681.502396] ? find_held_lock+0x36/0x1c0 [ 681.506476] ? mark_held_locks+0xc7/0x130 [ 681.510637] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 681.515756] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 681.520873] ? lockdep_hardirqs_on+0x421/0x5c0 [ 681.525464] ? trace_hardirqs_on+0xbd/0x310 [ 681.525479] ? kasan_check_read+0x11/0x20 [ 681.525500] ? ___ratelimit+0x36f/0x655 [ 681.537919] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 681.537937] ? trace_hardirqs_on+0x310/0x310 [ 681.537952] ? lock_downgrade+0x900/0x900 [ 681.537973] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 681.537992] ? ___ratelimit+0xaa/0x655 [ 681.560939] ? idr_get_free+0xec0/0xec0 [ 681.564913] ? kasan_check_write+0x14/0x20 [ 681.569166] ? do_raw_spin_lock+0xc1/0x200 [ 681.573424] oom_kill_process.cold.27+0x10/0x903 [ 681.578199] ? kasan_check_write+0x14/0x20 [ 681.582446] ? do_raw_spin_lock+0xc1/0x200 [ 681.586700] ? oom_evaluate_task+0x540/0x540 03:05:14 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20c]}, 0x6) 03:05:14 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x69f6ffff00000000]}, 0x6) 03:05:14 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x1d4c]}, 0x6) [ 681.586722] ? cgroup_procs_next+0x70/0x70 [ 681.586740] ? _raw_spin_unlock_irq+0x60/0x80 [ 681.595379] ? oom_badness+0xaa0/0xaa0 [ 681.595399] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 681.595417] ? mem_cgroup_iter_break+0x30/0x30 [ 681.613110] out_of_memory+0xa84/0x1430 [ 681.617121] ? oom_killer_disable+0x3a0/0x3a0 [ 681.621644] ? _raw_spin_unlock_irqrestore+0xaf/0xd0 [ 681.626774] mem_cgroup_out_of_memory+0x15e/0x210 [ 681.631626] ? memcg_memory_event+0x40/0x40 [ 681.635953] ? mem_cgroup_charge_skmem+0x1e4/0x390 [ 681.640896] ? page_counter_try_charge+0x1c1/0x220 [ 681.645846] try_charge+0xc43/0x1690 [ 681.649588] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 681.655662] ? __kmalloc_node_track_caller+0x33/0x70 [ 681.660814] ? __kmalloc_node_track_caller+0x33/0x70 [ 681.665937] ? rcu_read_lock_sched_held+0x108/0x120 [ 681.670963] ? kmem_cache_alloc_node_trace+0x34b/0x740 [ 681.676248] ? kasan_unpoison_shadow+0x35/0x50 [ 681.680843] ? kasan_kmalloc+0xc7/0xe0 [ 681.684749] ? mark_held_locks+0xc7/0x130 03:05:14 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4002000000000000]}, 0x6) [ 681.688910] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 681.693847] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 681.698778] ? lockdep_hardirqs_on+0x421/0x5c0 [ 681.698798] ? sk_forced_mem_schedule+0x13b/0x170 [ 681.698815] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 681.698848] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 681.708277] ? check_preemption_disabled+0x48/0x200 [ 681.708303] mem_cgroup_charge_skmem+0x1e4/0x390 [ 681.708322] ? mem_cgroup_sk_free+0x90/0x90 [ 681.708338] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 681.708352] ? tcp_chrono_stop+0x25f/0x520 [ 681.708373] sk_forced_mem_schedule+0x13b/0x170 [ 681.747826] sk_stream_alloc_skb+0x1ab/0x970 [ 681.752261] ? tcp_init_transfer+0x470/0x470 [ 681.756695] ? __lock_is_held+0xb5/0x140 [ 681.760781] tcp_connect+0x1283/0x4690 [ 681.764704] ? tcp_push_one+0x110/0x110 [ 681.768706] ? mark_held_locks+0xc7/0x130 [ 681.772872] ? ktime_get_with_offset+0x38e/0x470 [ 681.777642] ? pvclock_read_flags+0x160/0x160 [ 681.782165] ? secure_tcp_seq+0xa4/0x180 [ 681.786252] ? __bpf_trace_preemptirq_template+0x30/0x30 03:05:14 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000]}, 0x6) [ 681.791735] ? kvm_clock_read+0x18/0x30 [ 681.795721] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 681.800743] ? ktime_get_with_offset+0x313/0x470 [ 681.800766] ? ktime_get+0x440/0x440 [ 681.800794] ? ip_route_output_key_hash+0x297/0x3b0 [ 681.800810] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 681.800830] ? tcp_fastopen_cookie_check+0x330/0x330 [ 681.809286] ? secure_tcp_ts_off+0xe6/0x1a0 [ 681.809303] ? secure_ipv6_port_ephemeral+0x2f0/0x2f0 [ 681.809322] ? check_preemption_disabled+0x48/0x200 03:05:14 executing program 5: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000040)={0x0, 0x1}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000100)={r1, 0x8, 0x100000001, 0x10001, 0x4, 0x7ff}, &(0x7f0000000140)=0x14) shmctl$SHM_LOCK(0x0, 0xb) [ 681.809341] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 681.809358] ? sk_setup_caps+0x209/0x690 [ 681.809384] tcp_v4_connect+0x1996/0x1dd0 [ 681.853756] ? tcp_v4_parse_md5_keys+0x340/0x340 [ 681.858526] ? graph_lock+0x170/0x170 [ 681.862347] __inet_stream_connect+0x992/0x1150 [ 681.867035] ? inet_dgram_connect+0x2e0/0x2e0 [ 681.871543] ? __lock_is_held+0xb5/0x140 [ 681.875628] ? tcp_sendmsg_locked+0x32f9/0x3f00 [ 681.880347] ? rcu_read_lock_sched_held+0x108/0x120 [ 681.885378] ? kmem_cache_alloc_trace+0x353/0x750 03:05:14 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc020000]}, 0x6) [ 681.890247] tcp_sendmsg_locked+0x2bf2/0x3f00 [ 681.894757] ? __fget+0x4aa/0x740 [ 681.898234] ? lock_downgrade+0x900/0x900 [ 681.902389] ? check_preemption_disabled+0x48/0x200 [ 681.907429] ? tcp_sendpage+0x60/0x60 [ 681.911243] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 681.916805] ? aa_label_sk_perm+0x46d/0x8e0 [ 681.921156] ? find_held_lock+0x36/0x1c0 [ 681.921180] ? mark_held_locks+0xc7/0x130 [ 681.921202] ? __local_bh_enable_ip+0x160/0x260 [ 681.921218] ? __local_bh_enable_ip+0x160/0x260 03:05:14 executing program 5: set_mempolicy(0x3, &(0x7f0000000000)=0x401, 0xfe) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000200)="2f6578650000c10000000000e9ff0700000000000054fa07424adee916d2da75afe70b35a0fd6a1f0200f5ab26d7a071fb35331ce39c5a6568641006d7c0206a74e33326530000000000000000000000") r1 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) sendfile(r1, r0, &(0x7f0000000180), 0x10013c93a) [ 681.921237] ? lockdep_hardirqs_on+0x421/0x5c0 [ 681.929430] ? trace_hardirqs_on+0xbd/0x310 [ 681.929446] ? lock_release+0x970/0x970 [ 681.929464] ? lock_sock_nested+0xe2/0x120 [ 681.929481] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 681.929498] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 681.929515] ? check_preemption_disabled+0x48/0x200 [ 681.929535] ? lock_sock_nested+0x9a/0x120 [ 681.976123] ? lock_sock_nested+0x9a/0x120 [ 681.980387] ? __local_bh_enable_ip+0x160/0x260 [ 681.985076] tcp_sendmsg+0x2f/0x50 [ 681.988637] inet_sendmsg+0x1a1/0x690 03:05:14 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x6) [ 681.992456] ? ipip_gro_receive+0x100/0x100 [ 681.996795] ? apparmor_socket_sendmsg+0x29/0x30 [ 682.001570] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 682.007125] ? security_socket_sendmsg+0x94/0xc0 [ 682.011901] ? ipip_gro_receive+0x100/0x100 [ 682.016268] sock_sendmsg+0xd5/0x120 [ 682.019998] __sys_sendto+0x3d7/0x670 [ 682.023815] ? __ia32_sys_getpeername+0xb0/0xb0 [ 682.028495] ? lock_release+0x970/0x970 [ 682.032478] ? arch_local_save_flags+0x40/0x40 [ 682.037076] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 682.042563] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 682.048122] ? put_timespec64+0x10f/0x1b0 [ 682.052289] ? nsecs_to_jiffies+0x30/0x30 [ 682.056446] ? do_syscall_64+0x9a/0x820 [ 682.060431] ? do_syscall_64+0x9a/0x820 [ 682.064422] ? lockdep_hardirqs_on+0x421/0x5c0 [ 682.069018] ? trace_hardirqs_on+0xbd/0x310 [ 682.073354] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 682.078907] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 682.084286] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 682.089756] __x64_sys_sendto+0xe1/0x1a0 [ 682.093836] do_syscall_64+0x1b9/0x820 [ 682.097735] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 682.103114] ? syscall_return_slowpath+0x5e0/0x5e0 [ 682.108063] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 682.112919] ? trace_hardirqs_on_caller+0x310/0x310 [ 682.117950] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 682.122985] ? prepare_exit_to_usermode+0x291/0x3b0 [ 682.128021] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 682.132885] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 682.138079] RIP: 0033:0x457579 [ 682.141284] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 682.160194] RSP: 002b:00007f7e36aa9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 682.167910] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457579 [ 682.175188] RDX: 00000000000000a4 RSI: 0000000020000000 RDI: 0000000000000003 [ 682.182470] RBP: 000000000072bf00 R08: 0000000020e68000 R09: 0000000000000010 03:05:14 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x9]}, 0x6) [ 682.189744] R10: 00000000200007fe R11: 0000000000000246 R12: 00007f7e36aaa6d4 [ 682.189754] R13: 00000000004c3929 R14: 00000000004d57c0 R15: 00000000ffffffff [ 682.340361] Task in /syz3 killed as a result of limit of /syz3 [ 682.351022] memory: usage 204800kB, limit 204800kB, failcnt 2927 [ 682.357345] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 682.364198] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 682.370932] Memory cgroup stats for /syz3: cache:0KB rss:76KB rss_huge:0KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:160KB inactive_file:0KB active_file:0KB unevictable:0KB [ 682.391859] Memory cgroup out of memory: Kill process 25918 (syz-executor3) score 161 or sacrifice child [ 682.401773] Killed process 25918 (syz-executor3) total-vm:70340kB, anon-rss:108kB, file-rss:32768kB, shmem-rss:0kB [ 682.413351] oom_reaper: reaped process 25918 (syz-executor3), now anon-rss:0kB, file-rss:32064kB, shmem-rss:0kB [ 682.421786] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=1, oom_score_adj=0 [ 682.434554] syz-executor1 cpuset=syz1 mems_allowed=0 [ 682.439818] CPU: 1 PID: 25935 Comm: syz-executor1 Not tainted 4.19.0-rc6+ #265 [ 682.447193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 682.456551] Call Trace: [ 682.459165] dump_stack+0x1c4/0x2b4 [ 682.462817] ? dump_stack_print_info.cold.2+0x52/0x52 [ 682.468013] ? mark_held_locks+0x130/0x130 [ 682.472235] ? mark_held_locks+0x130/0x130 [ 682.476460] dump_header+0x27b/0xf72 [ 682.480178] ? pagefault_out_of_memory+0x197/0x197 [ 682.485098] ? check_preemption_disabled+0x48/0x200 [ 682.490098] ? check_preemption_disabled+0x48/0x200 [ 682.495104] ? graph_lock+0x170/0x170 [ 682.498898] ? graph_lock+0x170/0x170 [ 682.502690] ? print_usage_bug+0xc0/0xc0 [ 682.506738] ? find_held_lock+0x36/0x1c0 [ 682.510786] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 682.516333] ? find_held_lock+0x36/0x1c0 [ 682.520407] ? mark_held_locks+0xc7/0x130 [ 682.524544] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 682.529630] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 682.534716] ? lockdep_hardirqs_on+0x421/0x5c0 [ 682.539283] ? trace_hardirqs_on+0xbd/0x310 [ 682.543586] ? kasan_check_read+0x11/0x20 [ 682.547743] ? ___ratelimit+0x36f/0x655 [ 682.551720] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 682.557167] ? trace_hardirqs_on+0x310/0x310 [ 682.561562] ? lock_downgrade+0x900/0x900 [ 682.565705] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 682.570793] ? ___ratelimit+0xaa/0x655 [ 682.574673] ? idr_get_free+0xec0/0xec0 [ 682.578633] ? kasan_check_write+0x14/0x20 [ 682.582853] ? do_raw_spin_lock+0xc1/0x200 [ 682.587078] oom_kill_process.cold.27+0x10/0x903 [ 682.591817] ? kasan_check_write+0x14/0x20 [ 682.596040] ? do_raw_spin_lock+0xc1/0x200 [ 682.600263] ? oom_evaluate_task+0x540/0x540 [ 682.604659] ? cgroup_procs_next+0x70/0x70 [ 682.608889] ? _raw_spin_unlock_irq+0x60/0x80 [ 682.613392] ? oom_badness+0xaa0/0xaa0 [ 682.617271] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 682.622015] ? mem_cgroup_iter_break+0x30/0x30 [ 682.626611] ? mark_held_locks+0xc7/0x130 [ 682.630747] out_of_memory+0xa84/0x1430 [ 682.634718] ? lockdep_hardirqs_on+0x421/0x5c0 [ 682.639297] ? kasan_check_read+0x11/0x20 [ 682.643432] ? oom_killer_disable+0x3a0/0x3a0 [ 682.647913] ? kasan_check_write+0x14/0x20 [ 682.652133] ? do_raw_spin_lock+0xc1/0x200 [ 682.656365] mem_cgroup_out_of_memory+0x15e/0x210 [ 682.661193] ? memcg_memory_event+0x40/0x40 [ 682.665497] ? mem_cgroup_charge_skmem+0x1e4/0x390 [ 682.670414] ? page_counter_try_charge+0x1c1/0x220 [ 682.675330] try_charge+0xc43/0x1690 [ 682.679036] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 682.685079] ? mark_held_locks+0xc7/0x130 [ 682.689233] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 682.694154] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 682.699073] ? lockdep_hardirqs_on+0x421/0x5c0 [ 682.703639] ? trace_hardirqs_on+0xbd/0x310 [ 682.707950] ? check_preemption_disabled+0x48/0x200 [ 682.712952] ? __sk_mem_raise_allocated+0x642/0x1800 [ 682.718042] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 682.723681] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 682.729209] ? mark_held_locks+0xc7/0x130 [ 682.733346] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 682.738261] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 682.743180] ? lockdep_hardirqs_on+0x421/0x5c0 [ 682.747752] ? __sk_mem_raise_allocated+0x642/0x1800 [ 682.752853] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 682.758301] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 682.763823] ? check_preemption_disabled+0x48/0x200 [ 682.768845] ? __sk_mem_raise_allocated+0x721/0x1800 [ 682.773939] mem_cgroup_charge_skmem+0x1e4/0x390 [ 682.778693] ? mem_cgroup_sk_free+0x90/0x90 [ 682.783008] __sk_mem_raise_allocated+0x642/0x1800 [ 682.787926] ? sk_busy_loop_end+0x1c0/0x1c0 [ 682.792234] ? sk_alloc_sg+0xa00/0xa00 [ 682.796222] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 682.801227] ? skb_page_frag_refill+0x1eb/0x6a0 [ 682.805884] ? sock_kzfree_s+0x60/0x60 [ 682.809764] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 682.815306] ? sk_stream_alloc_skb+0x34b/0x970 [ 682.819887] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 682.825418] ? skb_entail+0x618/0x8c0 [ 682.829229] ? tcp_rate_check_app_limited+0x121/0x460 [ 682.834407] ? tcp_splice_data_recv+0x1b0/0x1b0 [ 682.839077] __sk_mem_schedule+0x6d/0xe0 [ 682.843122] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 682.848666] tcp_sendmsg_locked+0x1c86/0x3f00 [ 682.853177] ? tcp_sendpage+0x60/0x60 [ 682.856978] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 682.862504] ? aa_label_sk_perm+0x46d/0x8e0 [ 682.866815] ? find_held_lock+0x36/0x1c0 [ 682.870866] ? mark_held_locks+0xc7/0x130 [ 682.875001] ? __local_bh_enable_ip+0x160/0x260 [ 682.879656] ? __local_bh_enable_ip+0x160/0x260 [ 682.884317] ? trace_hardirqs_on+0xbd/0x310 [ 682.888623] ? lock_release+0x970/0x970 [ 682.892595] ? lock_sock_nested+0xe2/0x120 [ 682.896823] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 682.902263] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 682.907808] ? check_preemption_disabled+0x48/0x200 [ 682.912827] ? lock_sock_nested+0x9a/0x120 [ 682.917050] ? lock_sock_nested+0x9a/0x120 [ 682.921272] ? __local_bh_enable_ip+0x160/0x260 [ 682.925942] tcp_sendmsg+0x2f/0x50 [ 682.929487] inet_sendmsg+0x1a1/0x690 [ 682.933275] ? ipip_gro_receive+0x100/0x100 [ 682.937600] ? apparmor_socket_sendmsg+0x29/0x30 [ 682.942342] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 682.947865] ? security_socket_sendmsg+0x94/0xc0 [ 682.952622] ? ipip_gro_receive+0x100/0x100 [ 682.956934] sock_sendmsg+0xd5/0x120 [ 682.960662] __sys_sendto+0x3d7/0x670 [ 682.964472] ? __ia32_sys_getpeername+0xb0/0xb0 [ 682.969125] ? lock_release+0x970/0x970 [ 682.973094] ? arch_local_save_flags+0x40/0x40 [ 682.977684] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 682.983135] ? aa_af_perm+0x5a0/0x5a0 [ 682.986947] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 682.992497] ? put_timespec64+0x10f/0x1b0 [ 682.996628] ? nsecs_to_jiffies+0x30/0x30 [ 683.000762] ? do_syscall_64+0x9a/0x820 [ 683.004744] ? do_syscall_64+0x9a/0x820 [ 683.008707] ? lockdep_hardirqs_on+0x421/0x5c0 [ 683.013277] ? trace_hardirqs_on+0xbd/0x310 [ 683.017595] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 683.023136] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 683.028508] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 683.033945] __x64_sys_sendto+0xe1/0x1a0 [ 683.037994] do_syscall_64+0x1b9/0x820 [ 683.041866] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 683.047219] ? syscall_return_slowpath+0x5e0/0x5e0 [ 683.052139] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 683.056996] ? trace_hardirqs_on_caller+0x310/0x310 [ 683.062000] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 683.067002] ? prepare_exit_to_usermode+0x291/0x3b0 [ 683.072004] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 683.076833] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 683.082003] RIP: 0033:0x457579 [ 683.085185] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 683.104070] RSP: 002b:00007f2ad8052c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 683.111776] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457579 [ 683.119027] RDX: fffffffffffffe4e RSI: 0000000020000000 RDI: 0000000000000003 [ 683.126282] RBP: 000000000072bf00 R08: 00000000200000c0 R09: 0000000000000006 [ 683.133534] R10: 00000000000000c0 R11: 0000000000000246 R12: 00007f2ad80536d4 [ 683.140787] R13: 00000000004c3929 R14: 00000000004d57c0 R15: 00000000ffffffff [ 683.149752] Task in /syz1 killed as a result of limit of /syz1 [ 683.155774] memory: usage 204796kB, limit 204800kB, failcnt 3818 [ 683.162296] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 683.170188] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 683.176323] Memory cgroup stats for /syz1: cache:224KB rss:76KB rss_huge:0KB shmem:224KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:164KB inactive_file:0KB active_file:0KB unevictable:0KB [ 683.196799] Memory cgroup out of memory: Kill process 25933 (syz-executor1) score 161 or sacrifice child [ 683.206720] Killed process 25933 (syz-executor1) total-vm:70472kB, anon-rss:108kB, file-rss:32832kB, shmem-rss:0kB [ 683.217492] syz-executor3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 683.218371] oom_reaper: reaped process 25933 (syz-executor1), now anon-rss:0kB, file-rss:32064kB, shmem-rss:0kB [ 683.229594] syz-executor3 cpuset=syz3 mems_allowed=0 [ 683.244724] CPU: 1 PID: 25918 Comm: syz-executor3 Not tainted 4.19.0-rc6+ #265 [ 683.252079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 683.261415] Call Trace: [ 683.264029] dump_stack+0x1c4/0x2b4 [ 683.267657] ? dump_stack_print_info.cold.2+0x52/0x52 [ 683.272840] dump_header+0x27b/0xf72 [ 683.276539] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 683.282323] ? kasan_check_read+0x11/0x20 [ 683.286467] ? pagefault_out_of_memory+0x197/0x197 [ 683.291387] ? rcu_read_unlock+0x33/0x60 [ 683.295462] ? mem_cgroup_iter+0x514/0x1160 [ 683.299770] ? find_held_lock+0x36/0x1c0 [ 683.303820] ? mem_cgroup_nr_lru_pages+0x80/0x80 [ 683.308562] ? mark_held_locks+0xc7/0x130 [ 683.312701] ? _raw_spin_unlock_irq+0x27/0x80 [ 683.317184] ? _raw_spin_unlock_irq+0x27/0x80 [ 683.321667] ? lockdep_hardirqs_on+0x421/0x5c0 [ 683.326254] ? trace_hardirqs_on+0xbd/0x310 [ 683.330560] ? kasan_check_read+0x11/0x20 [ 683.334700] ? css_task_iter_end+0x222/0x490 [ 683.339096] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 683.344531] ? kasan_check_write+0x14/0x20 [ 683.348751] ? do_raw_spin_lock+0xc1/0x200 [ 683.352972] ? _raw_spin_unlock_irq+0x60/0x80 [ 683.357467] ? css_task_iter_end+0x2ce/0x490 [ 683.361866] ? cgroup_procs_next+0x70/0x70 [ 683.366085] ? _raw_spin_unlock_irq+0x60/0x80 [ 683.370565] ? oom_badness+0xaa0/0xaa0 [ 683.374440] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 683.379183] ? mem_cgroup_iter_break+0x30/0x30 [ 683.383759] ? mark_held_locks+0xc7/0x130 [ 683.387896] out_of_memory.cold.30+0xf/0x184 [ 683.392303] ? lockdep_hardirqs_on+0x421/0x5c0 [ 683.396869] ? kasan_check_read+0x11/0x20 [ 683.401005] ? oom_killer_disable+0x3a0/0x3a0 [ 683.405483] ? kasan_check_write+0x14/0x20 [ 683.409704] ? do_raw_spin_lock+0xc1/0x200 [ 683.413930] mem_cgroup_out_of_memory+0x15e/0x210 [ 683.418785] ? memcg_memory_event+0x40/0x40 [ 683.423105] ? mem_cgroup_try_charge+0x5ea/0xe10 [ 683.427855] ? page_counter_try_charge+0x1c1/0x220 [ 683.432771] try_charge+0xc43/0x1690 [ 683.436493] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 683.442535] ? get_mem_cgroup_from_mm+0x1e9/0x440 [ 683.447377] ? lock_downgrade+0x900/0x900 [ 683.451511] ? check_preemption_disabled+0x48/0x200 [ 683.456514] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 683.462301] ? kasan_check_read+0x11/0x20 [ 683.466446] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 683.471723] ? rcu_bh_qs+0xc0/0xc0 [ 683.475254] ? get_mem_cgroup_from_mm+0x206/0x440 [ 683.480099] ? mem_cgroup_can_attach+0x580/0x580 [ 683.484850] ? __lock_is_held+0xb5/0x140 [ 683.488933] mem_cgroup_try_charge+0x5ea/0xe10 [ 683.493502] ? mem_cgroup_protected+0xa60/0xa60 [ 683.498179] ? __lock_acquire+0x7ec/0x4ec0 [ 683.502417] ? mark_held_locks+0x130/0x130 [ 683.506638] ? do_futex+0x249/0x26d0 [ 683.510336] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 683.515774] ? pmd_val+0x88/0x100 [ 683.519213] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 683.524744] mem_cgroup_try_charge_delay+0x1d/0xa0 [ 683.529663] __handle_mm_fault+0x273a/0x53e0 [ 683.534070] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 683.538896] ? graph_lock+0x170/0x170 [ 683.542693] ? check_preemption_disabled+0x48/0x200 [ 683.547733] ? print_usage_bug+0xc0/0xc0 [ 683.551793] ? graph_lock+0x170/0x170 [ 683.555578] ? graph_lock+0x170/0x170 [ 683.559375] ? graph_lock+0x170/0x170 [ 683.563179] ? handle_mm_fault+0x42a/0xc70 [ 683.567403] ? lock_downgrade+0x900/0x900 [ 683.571534] ? check_preemption_disabled+0x48/0x200 [ 683.576535] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 683.582330] ? kasan_check_read+0x11/0x20 [ 683.586463] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 683.591725] ? rcu_bh_qs+0xc0/0xc0 [ 683.595248] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 683.600698] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 683.606222] ? check_preemption_disabled+0x48/0x200 [ 683.611226] handle_mm_fault+0x54f/0xc70 [ 683.615277] ? __handle_mm_fault+0x53e0/0x53e0 [ 683.619856] ? find_vma+0x34/0x190 [ 683.623383] __do_page_fault+0x67d/0xed0 [ 683.627431] ? mm_fault_error+0x380/0x380 [ 683.631564] ? trace_hardirqs_off+0xb8/0x310 [ 683.635955] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 683.641312] ? trace_hardirqs_on+0x310/0x310 [ 683.645710] do_page_fault+0xf2/0x7e0 [ 683.649497] ? vmalloc_sync_all+0x30/0x30 [ 683.653632] ? error_entry+0x70/0xd0 [ 683.657332] ? trace_hardirqs_off_caller+0xbb/0x310 [ 683.662333] ? trace_hardirqs_on_caller+0xc0/0x310 [ 683.667246] ? syscall_return_slowpath+0x5e0/0x5e0 [ 683.672167] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 683.677005] ? trace_hardirqs_on_caller+0x310/0x310 [ 683.682003] ? trace_hardirqs_off+0x310/0x310 [ 683.686487] ? prepare_exit_to_usermode+0x291/0x3b0 [ 683.691494] ? page_fault+0x8/0x30 [ 683.695044] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 683.699873] ? page_fault+0x8/0x30 [ 683.703406] page_fault+0x1e/0x30 [ 683.706856] RIP: 0033:0x43e8c7 [ 683.710040] Code: Bad RIP value. [ 683.713406] RSP: 002b:0000000000a3fbf8 EFLAGS: 00010202 [ 683.718769] RAX: 00000000200015c0 RBX: 000000000072c900 RCX: 0000003168746576 [ 683.726023] RDX: 0000000000000010 RSI: 0000000000730618 RDI: 00000000200015c0 [ 683.733275] RBP: fffffffffffffffe R08: 00efffffffffff00 R09: 0000000000000000 [ 683.740525] R10: 0000000000a3fcc0 R11: 0000000000000246 R12: 000000000072bf0c [ 683.747779] R13: 00000000000003e8 R14: 00000000000a65ca R15: 00000000000a659d [ 683.755941] Memory limit reached of cgroup /syz3 [ 683.760816] memory: usage 204676kB, limit 204800kB, failcnt 2928 [ 683.767169] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 683.773923] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 03:05:16 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x4002]}, 0x6) 03:05:16 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000]}, 0x6) 03:05:16 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x2]}, 0x6) [ 683.780163] Memory cgroup stats for /syz3: cache:0KB rss:76KB rss_huge:0KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:64KB inactive_file:0KB active_file:0KB unevictable:0KB [ 683.800068] Out of memory and no killable processes... [ 683.805419] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 683.817360] syz-executor1 cpuset=syz1 mems_allowed=0 [ 683.822599] CPU: 0 PID: 25933 Comm: syz-executor1 Not tainted 4.19.0-rc6+ #265 [ 683.829962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 683.839318] Call Trace: [ 683.841918] dump_stack+0x1c4/0x2b4 [ 683.845562] ? dump_stack_print_info.cold.2+0x52/0x52 [ 683.850781] dump_header+0x27b/0xf72 [ 683.854768] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 683.860571] ? kasan_check_read+0x11/0x20 [ 683.864736] ? pagefault_out_of_memory+0x197/0x197 [ 683.869685] ? rcu_read_unlock+0x33/0x60 [ 683.873755] ? mem_cgroup_iter+0x514/0x1160 [ 683.878087] ? find_held_lock+0x36/0x1c0 [ 683.882178] ? mem_cgroup_nr_lru_pages+0x80/0x80 [ 683.886941] ? mark_held_locks+0xc7/0x130 [ 683.891104] ? _raw_spin_unlock_irq+0x27/0x80 [ 683.895605] ? _raw_spin_unlock_irq+0x27/0x80 [ 683.895622] ? lockdep_hardirqs_on+0x421/0x5c0 [ 683.895639] ? trace_hardirqs_on+0xbd/0x310 [ 683.895658] ? kasan_check_read+0x11/0x20 [ 683.909054] ? css_task_iter_end+0x222/0x490 [ 683.909072] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 683.909089] ? kasan_check_write+0x14/0x20 [ 683.909108] ? do_raw_spin_lock+0xc1/0x200 [ 683.931539] ? _raw_spin_unlock_irq+0x60/0x80 [ 683.936052] ? css_task_iter_end+0x2ce/0x490 [ 683.940479] ? cgroup_procs_next+0x70/0x70 [ 683.944729] ? _raw_spin_unlock_irq+0x60/0x80 [ 683.949241] ? oom_badness+0xaa0/0xaa0 [ 683.953158] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 683.957929] ? mem_cgroup_iter_break+0x30/0x30 [ 683.962531] ? mark_held_locks+0xc7/0x130 [ 683.966687] out_of_memory.cold.30+0xf/0x184 [ 683.971098] ? lockdep_hardirqs_on+0x421/0x5c0 [ 683.975683] ? kasan_check_read+0x11/0x20 [ 683.979840] ? oom_killer_disable+0x3a0/0x3a0 [ 683.984349] ? kasan_check_write+0x14/0x20 [ 683.988595] ? do_raw_spin_lock+0xc1/0x200 [ 683.992852] mem_cgroup_out_of_memory+0x15e/0x210 [ 683.997707] ? memcg_memory_event+0x40/0x40 [ 684.002042] ? mem_cgroup_try_charge+0x5ea/0xe10 [ 684.006816] ? page_counter_try_charge+0x1c1/0x220 [ 684.011762] try_charge+0xc43/0x1690 [ 684.015496] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 684.021554] ? get_mem_cgroup_from_mm+0x1e9/0x440 [ 684.026396] ? lock_downgrade+0x900/0x900 [ 684.030544] ? check_preemption_disabled+0x48/0x200 [ 684.035592] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 684.041410] ? kasan_check_read+0x11/0x20 [ 684.045545] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 684.050807] ? rcu_bh_qs+0xc0/0xc0 [ 684.054338] ? get_mem_cgroup_from_mm+0x206/0x440 [ 684.059180] ? mem_cgroup_can_attach+0x580/0x580 [ 684.063923] ? __lock_is_held+0xb5/0x140 [ 684.067976] mem_cgroup_try_charge+0x5ea/0xe10 [ 684.072546] ? __anon_vma_prepare+0x325/0x6c0 [ 684.077069] ? mem_cgroup_protected+0xa60/0xa60 [ 684.081727] ? up_write+0x7b/0x220 [ 684.085250] ? up_read+0x110/0x110 [ 684.088795] ? __anon_vma_prepare+0x353/0x6c0 [ 684.093320] ? pmd_val+0x88/0x100 [ 684.096766] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 684.102295] mem_cgroup_try_charge_delay+0x1d/0xa0 [ 684.107215] __handle_mm_fault+0x273a/0x53e0 [ 684.111615] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 684.116440] ? graph_lock+0x170/0x170 [ 684.120226] ? print_usage_bug+0xc0/0xc0 [ 684.124274] ? lock_downgrade+0x900/0x900 [ 684.128408] ? graph_lock+0x170/0x170 [ 684.132202] ? graph_lock+0x170/0x170 [ 684.136006] ? handle_mm_fault+0x42a/0xc70 [ 684.140229] ? lock_downgrade+0x900/0x900 [ 684.144361] ? check_preemption_disabled+0x48/0x200 [ 684.149374] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 684.155164] ? kasan_check_read+0x11/0x20 [ 684.159303] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 684.164564] ? rcu_bh_qs+0xc0/0xc0 [ 684.168092] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 684.173530] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 684.179056] ? check_preemption_disabled+0x48/0x200 [ 684.184063] handle_mm_fault+0x54f/0xc70 [ 684.188111] ? __handle_mm_fault+0x53e0/0x53e0 [ 684.192683] ? find_vma+0x34/0x190 [ 684.196234] __do_page_fault+0x67d/0xed0 [ 684.200286] ? mm_fault_error+0x380/0x380 [ 684.204450] ? trace_hardirqs_off+0xb8/0x310 [ 684.208849] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 684.214199] ? trace_hardirqs_on+0x310/0x310 [ 684.218594] do_page_fault+0xf2/0x7e0 [ 684.222389] ? vmalloc_sync_all+0x30/0x30 [ 684.226525] ? error_entry+0x70/0xd0 [ 684.230225] ? trace_hardirqs_off_caller+0xbb/0x310 [ 684.235223] ? trace_hardirqs_on_caller+0xc0/0x310 [ 684.240161] ? syscall_return_slowpath+0x5e0/0x5e0 [ 684.245092] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 684.249922] ? trace_hardirqs_on_caller+0x310/0x310 [ 684.254921] ? trace_hardirqs_off+0x310/0x310 [ 684.259403] ? prepare_exit_to_usermode+0x291/0x3b0 [ 684.264407] ? page_fault+0x8/0x30 [ 684.267941] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 684.272804] ? page_fault+0x8/0x30 [ 684.276331] page_fault+0x1e/0x30 [ 684.279767] RIP: 0033:0x40ecaf [ 684.282946] Code: Bad RIP value. [ 684.286290] RSP: 002b:0000000000a3fb10 EFLAGS: 00010206 [ 684.291638] RAX: 00007f2ad8012000 RBX: 0000000000020000 RCX: 00000000004575ca [ 684.298889] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 684.306139] RBP: 0000000000a3fbf0 R08: ffffffffffffffff R09: 0000000000000000 [ 684.313405] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a3fcd0 [ 684.320656] R13: 00007f2ad8032700 R14: 0000000000000003 R15: 0000000000000001 [ 684.329658] Memory limit reached of cgroup /syz1 [ 684.334451] memory: usage 204664kB, limit 204800kB, failcnt 3818 [ 684.340688] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 03:05:17 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x481c000000000000]}, 0x6) 03:05:17 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x7530]}, 0x6) 03:05:17 executing program 5: set_mempolicy(0x3, &(0x7f0000000000)=0x401, 0xfe) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000200)="2f6578650000c10000000000e9ff0700000000000054fa07424adee916d2da75afe70b35a0fd6a1f0200f5ab26d7a071fb35331ce39c5a6568641006d7c0206a74e33326530000000000000000000000") r1 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) sendfile(r1, r0, &(0x7f0000000180), 0x10013c93a) 03:05:17 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc02000000000000]}, 0x6) 03:05:17 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x9]}, 0x6) [ 684.347523] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 684.353656] Memory cgroup stats for /syz1: cache:224KB rss:76KB rss_huge:0KB shmem:224KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:64KB inactive_file:0KB active_file:0KB unevictable:0KB [ 684.373650] Out of memory and no killable processes... [ 684.379050] syz-executor3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 684.390492] syz-executor3 cpuset=syz3 mems_allowed=0 [ 684.395737] CPU: 1 PID: 25968 Comm: syz-executor3 Not tainted 4.19.0-rc6+ #265 [ 684.403102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 684.412454] Call Trace: [ 684.415046] dump_stack+0x1c4/0x2b4 [ 684.418695] ? dump_stack_print_info.cold.2+0x52/0x52 [ 684.423907] dump_header+0x27b/0xf72 [ 684.427646] ? mark_held_locks+0x130/0x130 [ 684.431899] ? pagefault_out_of_memory+0x197/0x197 [ 684.436840] ? check_preemption_disabled+0x48/0x200 [ 684.441871] ? check_preemption_disabled+0x48/0x200 [ 684.446905] ? graph_lock+0x170/0x170 [ 684.450728] ? graph_lock+0x170/0x170 [ 684.454540] ? print_usage_bug+0xc0/0xc0 [ 684.458619] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 684.464177] ? find_held_lock+0x36/0x1c0 [ 684.468263] ? mark_held_locks+0xc7/0x130 [ 684.472423] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 684.477541] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 684.482656] ? lockdep_hardirqs_on+0x421/0x5c0 [ 684.487258] ? trace_hardirqs_on+0xbd/0x310 [ 684.491591] ? kasan_check_read+0x11/0x20 [ 684.495743] ? ___ratelimit+0x36f/0x655 03:05:17 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x1f4]}, 0x6) [ 684.499728] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 684.505189] ? trace_hardirqs_on+0x310/0x310 [ 684.509608] ? lock_downgrade+0x900/0x900 [ 684.513775] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 684.518891] ? ___ratelimit+0xaa/0x655 [ 684.522791] ? idr_get_free+0xec0/0xec0 [ 684.526777] ? kasan_check_write+0x14/0x20 [ 684.531026] ? do_raw_spin_lock+0xc1/0x200 [ 684.535279] oom_kill_process.cold.27+0x10/0x903 [ 684.540048] ? kasan_check_write+0x14/0x20 [ 684.544296] ? do_raw_spin_lock+0xc1/0x200 [ 684.548548] ? oom_evaluate_task+0x540/0x540 [ 684.552971] ? cgroup_procs_next+0x70/0x70 [ 684.557223] ? _raw_spin_unlock_irq+0x60/0x80 [ 684.561733] ? oom_badness+0xaa0/0xaa0 [ 684.565637] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 684.570416] ? mem_cgroup_iter_break+0x30/0x30 [ 684.575025] ? mark_held_locks+0xc7/0x130 [ 684.579190] out_of_memory+0xa84/0x1430 [ 684.583182] ? lockdep_hardirqs_on+0x421/0x5c0 [ 684.587776] ? kasan_check_read+0x11/0x20 [ 684.591935] ? oom_killer_disable+0x3a0/0x3a0 [ 684.596439] ? kasan_check_write+0x14/0x20 [ 684.600690] ? do_raw_spin_lock+0xc1/0x200 [ 684.604947] mem_cgroup_out_of_memory+0x15e/0x210 [ 684.609801] ? memcg_memory_event+0x40/0x40 [ 684.614130] ? mem_cgroup_try_charge+0x5ea/0xe10 [ 684.618913] ? page_counter_try_charge+0x1c1/0x220 [ 684.623857] try_charge+0xc43/0x1690 [ 684.627591] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 684.633659] ? get_mem_cgroup_from_mm+0x1e9/0x440 [ 684.638519] ? lock_downgrade+0x900/0x900 [ 684.642693] ? check_preemption_disabled+0x48/0x200 03:05:17 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x4c1d000000000000]}, 0x6) [ 684.647731] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 684.653533] ? kasan_check_read+0x11/0x20 [ 684.657699] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 684.662988] ? rcu_bh_qs+0xc0/0xc0 [ 684.666550] ? get_mem_cgroup_from_mm+0x206/0x440 [ 684.671406] ? mem_cgroup_can_attach+0x580/0x580 [ 684.676184] ? __lock_is_held+0xb5/0x140 [ 684.680269] mem_cgroup_try_charge+0x5ea/0xe10 [ 684.684863] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 684.690416] ? mem_cgroup_protected+0xa60/0xa60 [ 684.695093] ? find_held_lock+0x36/0x1c0 [ 684.699183] ? __pte_alloc+0x1c7/0x350 [ 684.703096] ? kasan_check_read+0x11/0x20 [ 684.707260] ? do_raw_spin_unlock+0xa7/0x2f0 [ 684.711690] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 684.716290] ? kasan_check_write+0x14/0x20 [ 684.720536] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 684.726329] mem_cgroup_try_charge_delay+0x1d/0xa0 [ 684.731308] __handle_mm_fault+0x273a/0x53e0 [ 684.735736] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 684.740585] ? graph_lock+0x170/0x170 [ 684.744400] ? check_preemption_disabled+0x48/0x200 03:05:17 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x4c1d]}, 0x6) [ 684.749433] ? print_usage_bug+0xc0/0xc0 [ 684.753516] ? graph_lock+0x170/0x170 [ 684.757334] ? graph_lock+0x170/0x170 [ 684.761173] ? handle_mm_fault+0x42a/0xc70 [ 684.765425] ? lock_downgrade+0x900/0x900 [ 684.769582] ? check_preemption_disabled+0x48/0x200 [ 684.774611] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 684.780416] ? kasan_check_read+0x11/0x20 [ 684.784575] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 684.789868] ? rcu_bh_qs+0xc0/0xc0 [ 684.793417] ? __bpf_trace_preemptirq_template+0x30/0x30 03:05:17 executing program 5: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$FIBMAP(r0, 0x1, &(0x7f0000000080)=0x3) r1 = openat$ion(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x5, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff}) ioctl$DMA_BUF_IOCTL_SYNC(r2, 0x40086200, &(0x7f0000000040)=0x1) [ 684.798879] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 684.804430] ? check_preemption_disabled+0x48/0x200 [ 684.809463] handle_mm_fault+0x54f/0xc70 [ 684.813542] ? __handle_mm_fault+0x53e0/0x53e0 [ 684.818141] ? find_vma+0x34/0x190 [ 684.821713] __do_page_fault+0x67d/0xed0 [ 684.825789] ? mm_fault_error+0x380/0x380 [ 684.829938] ? trace_hardirqs_on+0x310/0x310 [ 684.829954] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 684.829969] ? trace_hardirqs_on+0x310/0x310 [ 684.829988] do_page_fault+0xf2/0x7e0 [ 684.847967] ? vmalloc_sync_all+0x30/0x30 [ 684.852126] ? error_entry+0x70/0xd0 [ 684.855863] ? trace_hardirqs_off_caller+0xbb/0x310 [ 684.861060] ? trace_hardirqs_on_caller+0xc0/0x310 [ 684.865996] ? syscall_return_slowpath+0x5e0/0x5e0 [ 684.870935] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 684.875797] ? trace_hardirqs_on_caller+0x310/0x310 [ 684.880824] ? trace_hardirqs_off+0x310/0x310 [ 684.885340] ? prepare_exit_to_usermode+0x291/0x3b0 [ 684.890371] ? page_fault+0x8/0x30 [ 684.893924] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 684.898783] ? page_fault+0x8/0x30 [ 684.902334] page_fault+0x1e/0x30 [ 684.905794] RIP: 0033:0x4004d1 [ 684.908997] Code: d3 e6 0f b6 c2 f7 d6 40 22 37 d3 e0 09 f0 88 07 e9 5a 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 11 48 8b 44 24 08 8b 54 24 20 <66> 89 10 e9 3d 01 00 00 8a 4c 24 28 b8 01 00 00 00 8b 54 24 20 48 [ 684.911410] ion_buffer_destroy: buffer still mapped in the kernel [ 684.927899] RSP: 002b:0000000000a3fbc0 EFLAGS: 00010246 [ 684.927913] RAX: 0000000020000080 RBX: 000000000072c900 RCX: 0000000000000000 [ 684.927922] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 000000000286a848 [ 684.927932] RBP: fffffffffffffffe R08: 0000000000000000 R09: 0000000000000000 [ 684.927941] R10: 0000000000a3fcc0 R11: 0000000000000246 R12: 000000000072bf0c [ 684.927950] R13: 00000000000003e8 R14: 00000000000a6f5a R15: 00000000000a6f2d [ 684.944091] Task in /syz3 killed as a result of limit of /syz3 [ 684.991699] memory: usage 204796kB, limit 204800kB, failcnt 2949 [ 685.026143] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 685.038039] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 685.049896] Memory cgroup stats for /syz3: cache:0KB rss:76KB rss_huge:0KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:152KB inactive_file:0KB active_file:0KB unevictable:0KB [ 685.070855] Memory cgroup out of memory: Kill process 25968 (syz-executor3) score 161 or sacrifice child [ 685.081309] Killed process 25968 (syz-executor3) total-vm:70340kB, anon-rss:108kB, file-rss:32768kB, shmem-rss:0kB [ 685.092962] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 685.093532] oom_reaper: reaped process 25968 (syz-executor3), now anon-rss:0kB, file-rss:32064kB, shmem-rss:0kB [ 685.103885] syz-executor1 cpuset=syz1 mems_allowed=0 [ 685.120516] CPU: 1 PID: 25983 Comm: syz-executor1 Not tainted 4.19.0-rc6+ #265 [ 685.127886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 685.137235] Call Trace: [ 685.139810] dump_stack+0x1c4/0x2b4 [ 685.143425] ? dump_stack_print_info.cold.2+0x52/0x52 [ 685.148646] dump_header+0x27b/0xf72 [ 685.152357] ? mark_held_locks+0x130/0x130 [ 685.156575] ? pagefault_out_of_memory+0x197/0x197 [ 685.161494] ? check_preemption_disabled+0x48/0x200 [ 685.166494] ? check_preemption_disabled+0x48/0x200 [ 685.171504] ? graph_lock+0x170/0x170 [ 685.175299] ? graph_lock+0x170/0x170 [ 685.179085] ? print_usage_bug+0xc0/0xc0 [ 685.183137] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 685.188668] ? find_held_lock+0x36/0x1c0 [ 685.192721] ? mark_held_locks+0xc7/0x130 [ 685.196852] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 685.201940] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 685.207029] ? lockdep_hardirqs_on+0x421/0x5c0 [ 685.211596] ? trace_hardirqs_on+0xbd/0x310 [ 685.215899] ? kasan_check_read+0x11/0x20 [ 685.220031] ? ___ratelimit+0x36f/0x655 [ 685.223991] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 685.229426] ? trace_hardirqs_on+0x310/0x310 [ 685.233815] ? lock_downgrade+0x900/0x900 [ 685.237951] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 685.243076] ? ___ratelimit+0xaa/0x655 [ 685.246961] ? idr_get_free+0xec0/0xec0 [ 685.250926] ? kasan_check_write+0x14/0x20 [ 685.255153] ? do_raw_spin_lock+0xc1/0x200 [ 685.259398] oom_kill_process.cold.27+0x10/0x903 [ 685.264141] ? kasan_check_write+0x14/0x20 [ 685.268395] ? do_raw_spin_lock+0xc1/0x200 [ 685.272620] ? oom_evaluate_task+0x540/0x540 [ 685.277017] ? cgroup_procs_next+0x70/0x70 [ 685.281235] ? _raw_spin_unlock_irq+0x60/0x80 [ 685.285715] ? oom_badness+0xaa0/0xaa0 [ 685.289587] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 685.294328] ? mem_cgroup_iter_break+0x30/0x30 [ 685.298899] ? mark_held_locks+0xc7/0x130 [ 685.303034] out_of_memory+0xa84/0x1430 [ 685.306994] ? lockdep_hardirqs_on+0x421/0x5c0 [ 685.311560] ? kasan_check_read+0x11/0x20 [ 685.315721] ? oom_killer_disable+0x3a0/0x3a0 [ 685.320202] ? kasan_check_write+0x14/0x20 [ 685.324441] ? do_raw_spin_lock+0xc1/0x200 [ 685.328667] mem_cgroup_out_of_memory+0x15e/0x210 [ 685.333497] ? memcg_memory_event+0x40/0x40 [ 685.337807] ? page_counter_try_charge+0x1c1/0x220 [ 685.342721] try_charge+0xc43/0x1690 [ 685.346424] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 685.352489] ? __kmalloc_node_track_caller+0x33/0x70 [ 685.357578] ? __kmalloc_node_track_caller+0x33/0x70 [ 685.362663] ? rcu_read_lock_sched_held+0x108/0x120 [ 685.367668] ? kmem_cache_alloc_node_trace+0x34b/0x740 [ 685.372931] ? kasan_unpoison_shadow+0x35/0x50 [ 685.377497] ? kasan_kmalloc+0xc7/0xe0 [ 685.381370] ? mark_held_locks+0xc7/0x130 [ 685.385500] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 685.390426] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 685.395337] ? lockdep_hardirqs_on+0x421/0x5c0 [ 685.399905] ? sk_forced_mem_schedule+0x13b/0x170 [ 685.404734] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 685.410176] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 685.415699] ? check_preemption_disabled+0x48/0x200 [ 685.420705] mem_cgroup_charge_skmem+0x1e4/0x390 [ 685.425442] ? mem_cgroup_sk_free+0x90/0x90 [ 685.429747] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 685.435283] ? tcp_chrono_stop+0x25f/0x520 [ 685.439510] sk_forced_mem_schedule+0x13b/0x170 [ 685.444169] sk_stream_alloc_skb+0x1ab/0x970 [ 685.448586] ? tcp_init_transfer+0x470/0x470 [ 685.452987] ? __lock_is_held+0xb5/0x140 [ 685.457034] ? media_create_pad_link+0x1f0/0x540 [ 685.461776] tcp_connect+0x1283/0x4690 [ 685.465653] ? tcp_push_one+0x110/0x110 [ 685.469625] ? mark_held_locks+0xc7/0x130 [ 685.473757] ? ktime_get_with_offset+0x38e/0x470 [ 685.478499] ? pvclock_read_flags+0x160/0x160 [ 685.482978] ? secure_tcp_seq+0xa4/0x180 [ 685.487025] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 685.492462] ? kvm_clock_read+0x18/0x30 [ 685.496420] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 685.501421] ? ktime_get_with_offset+0x313/0x470 [ 685.506167] ? ktime_get+0x440/0x440 [ 685.509876] ? ip_route_output_key_hash+0x297/0x3b0 [ 685.514873] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 685.520398] ? tcp_fastopen_cookie_check+0x330/0x330 [ 685.525484] ? secure_tcp_ts_off+0xe6/0x1a0 [ 685.529788] ? secure_ipv6_port_ephemeral+0x2f0/0x2f0 [ 685.534960] ? check_preemption_disabled+0x48/0x200 [ 685.539962] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 685.545483] ? sk_setup_caps+0x209/0x690 [ 685.549529] tcp_v4_connect+0x1996/0x1dd0 [ 685.553677] ? tcp_v4_parse_md5_keys+0x340/0x340 [ 685.558418] ? graph_lock+0x170/0x170 [ 685.562206] __inet_stream_connect+0x992/0x1150 [ 685.566890] ? inet_dgram_connect+0x2e0/0x2e0 [ 685.571369] ? __lock_is_held+0xb5/0x140 [ 685.575419] ? tcp_sendmsg_locked+0x32f9/0x3f00 [ 685.580070] ? rcu_read_lock_sched_held+0x108/0x120 [ 685.585071] ? kmem_cache_alloc_trace+0x353/0x750 [ 685.589902] tcp_sendmsg_locked+0x2bf2/0x3f00 [ 685.594382] ? __fget+0x4aa/0x740 [ 685.597855] ? lock_downgrade+0x900/0x900 [ 685.601990] ? check_preemption_disabled+0x48/0x200 [ 685.606997] ? tcp_sendpage+0x60/0x60 [ 685.610781] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 685.616298] ? aa_label_sk_perm+0x46d/0x8e0 [ 685.620609] ? find_held_lock+0x36/0x1c0 [ 685.624685] ? mark_held_locks+0xc7/0x130 [ 685.628823] ? __local_bh_enable_ip+0x160/0x260 [ 685.633474] ? __local_bh_enable_ip+0x160/0x260 [ 685.638126] ? lockdep_hardirqs_on+0x421/0x5c0 [ 685.642698] ? trace_hardirqs_on+0xbd/0x310 [ 685.647003] ? lock_release+0x970/0x970 [ 685.650959] ? lock_sock_nested+0xe2/0x120 [ 685.655181] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 685.660618] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 685.666138] ? check_preemption_disabled+0x48/0x200 [ 685.671143] ? lock_sock_nested+0x9a/0x120 [ 685.675367] ? lock_sock_nested+0x9a/0x120 [ 685.679590] ? __local_bh_enable_ip+0x160/0x260 [ 685.684245] tcp_sendmsg+0x2f/0x50 [ 685.687791] inet_sendmsg+0x1a1/0x690 [ 685.691578] ? ipip_gro_receive+0x100/0x100 [ 685.695908] ? apparmor_socket_sendmsg+0x29/0x30 [ 685.700649] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 685.706176] ? security_socket_sendmsg+0x94/0xc0 [ 685.710916] ? ipip_gro_receive+0x100/0x100 [ 685.715225] sock_sendmsg+0xd5/0x120 [ 685.718924] __sys_sendto+0x3d7/0x670 [ 685.722732] ? __ia32_sys_getpeername+0xb0/0xb0 [ 685.727386] ? lock_release+0x970/0x970 [ 685.731342] ? arch_local_save_flags+0x40/0x40 [ 685.735909] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 685.741364] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 685.746885] ? put_timespec64+0x10f/0x1b0 [ 685.751018] ? nsecs_to_jiffies+0x30/0x30 [ 685.755158] ? do_syscall_64+0x9a/0x820 [ 685.759123] ? do_syscall_64+0x9a/0x820 [ 685.763087] ? lockdep_hardirqs_on+0x421/0x5c0 [ 685.767655] ? trace_hardirqs_on+0xbd/0x310 [ 685.771963] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 685.777489] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 685.782834] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 685.788271] __x64_sys_sendto+0xe1/0x1a0 [ 685.792320] do_syscall_64+0x1b9/0x820 [ 685.796190] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 685.801540] ? syscall_return_slowpath+0x5e0/0x5e0 [ 685.806453] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 685.811300] ? trace_hardirqs_on_caller+0x310/0x310 [ 685.816301] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 685.821302] ? prepare_exit_to_usermode+0x291/0x3b0 [ 685.826305] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 685.831137] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 685.836320] RIP: 0033:0x457579 [ 685.839500] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 685.858582] RSP: 002b:00007f2ad8052c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 685.866275] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457579 03:05:18 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x20480]}, 0x6) 03:05:18 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x1500000000000000]}, 0x6) 03:05:18 executing program 5: r0 = open(&(0x7f0000000200)='./file0\x00', 0x611, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000480), 0x0, 0x0) pwritev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080)="1d", 0x1}], 0x1, 0x0) write(r0, &(0x7f0000000500), 0xfffffe66) [ 685.873525] RDX: 00000000000000a4 RSI: 0000000020000000 RDI: 0000000000000003 [ 685.880777] RBP: 000000000072bf00 R08: 0000000020e68000 R09: 0000000000000010 [ 685.888027] R10: 00000000200007fe R11: 0000000000000246 R12: 00007f2ad80536d4 [ 685.895280] R13: 00000000004c3929 R14: 00000000004d57c0 R15: 00000000ffffffff [ 685.917991] Task in /syz1 killed as a result of limit of /syz1 [ 685.934025] memory: usage 200028kB, limit 204800kB, failcnt 3846 [ 685.947305] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 685.962493] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 685.969371] Memory cgroup stats for /syz1: cache:224KB rss:76KB rss_huge:0KB shmem:224KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:160KB inactive_file:0KB active_file:0KB unevictable:0KB [ 685.990036] Memory cgroup out of memory: Kill process 25982 (syz-executor1) score 161 or sacrifice child 03:05:18 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x8004020000000000]}, 0x6) 03:05:18 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x7530]}, 0x6) 03:05:18 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40020000]}, 0x6) 03:05:18 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x3f8) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x12}) 03:05:18 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x2]}, 0x6) [ 686.028730] Killed process 25982 (syz-executor1) total-vm:70340kB, anon-rss:108kB, file-rss:32768kB, shmem-rss:0kB 03:05:18 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xfffff8ed]}, 0x6) 03:05:18 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc02]}, 0x6) 03:05:18 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x40020000]}, 0x6) 03:05:19 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x240]}, 0x6) 03:05:19 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x40020000]}, 0x6) 03:05:19 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x1100000000000000]}, 0x6) [ 686.292607] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=3, oom_score_adj=0 [ 686.325596] syz-executor1 cpuset=syz1 mems_allowed=0 [ 686.332877] CPU: 1 PID: 26033 Comm: syz-executor1 Not tainted 4.19.0-rc6+ #265 03:05:19 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000]}, 0x6) [ 686.340250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 686.340256] Call Trace: [ 686.340280] dump_stack+0x1c4/0x2b4 [ 686.340301] ? dump_stack_print_info.cold.2+0x52/0x52 [ 686.340322] ? mark_held_locks+0x130/0x130 [ 686.340337] ? mark_held_locks+0x130/0x130 [ 686.340358] dump_header+0x27b/0xf72 [ 686.340386] ? pagefault_out_of_memory+0x197/0x197 [ 686.340404] ? check_preemption_disabled+0x48/0x200 [ 686.340420] ? check_preemption_disabled+0x48/0x200 [ 686.340446] ? graph_lock+0x170/0x170 [ 686.340470] ? graph_lock+0x170/0x170 [ 686.392214] ? print_usage_bug+0xc0/0xc0 [ 686.392234] ? find_held_lock+0x36/0x1c0 [ 686.392254] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 686.392273] ? find_held_lock+0x36/0x1c0 [ 686.417694] ? mark_held_locks+0xc7/0x130 [ 686.421866] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 686.426984] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 686.432100] ? lockdep_hardirqs_on+0x421/0x5c0 [ 686.436706] ? trace_hardirqs_on+0xbd/0x310 [ 686.441039] ? kasan_check_read+0x11/0x20 [ 686.445209] ? ___ratelimit+0x36f/0x655 [ 686.449204] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 686.454669] ? trace_hardirqs_on+0x310/0x310 [ 686.459095] ? lock_downgrade+0x900/0x900 [ 686.463262] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 686.468374] ? ___ratelimit+0xaa/0x655 [ 686.472270] ? idr_get_free+0xec0/0xec0 [ 686.476249] ? kasan_check_write+0x14/0x20 [ 686.480494] ? do_raw_spin_lock+0xc1/0x200 [ 686.484754] oom_kill_process.cold.27+0x10/0x903 [ 686.489518] ? kasan_check_write+0x14/0x20 [ 686.493760] ? do_raw_spin_lock+0xc1/0x200 [ 686.498014] ? oom_evaluate_task+0x540/0x540 [ 686.502438] ? cgroup_procs_next+0x70/0x70 [ 686.502459] ? _raw_spin_unlock_irq+0x60/0x80 [ 686.502476] ? oom_badness+0xaa0/0xaa0 [ 686.511195] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 686.511214] ? mem_cgroup_iter_break+0x30/0x30 [ 686.511249] ? mark_held_locks+0xc7/0x130 [ 686.528593] out_of_memory+0xa84/0x1430 [ 686.532583] ? lockdep_hardirqs_on+0x421/0x5c0 [ 686.537188] ? kasan_check_read+0x11/0x20 [ 686.541356] ? oom_killer_disable+0x3a0/0x3a0 [ 686.545866] ? kasan_check_write+0x14/0x20 [ 686.550113] ? do_raw_spin_lock+0xc1/0x200 [ 686.554384] mem_cgroup_out_of_memory+0x15e/0x210 [ 686.559244] ? memcg_memory_event+0x40/0x40 [ 686.563577] ? mem_cgroup_charge_skmem+0x1e4/0x390 [ 686.568510] ? page_counter_try_charge+0x1c1/0x220 [ 686.573431] try_charge+0xc43/0x1690 [ 686.577137] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 686.583192] ? tcp_sendmsg+0x2f/0x50 [ 686.586893] ? sock_sendmsg+0xd5/0x120 [ 686.590763] ? __sys_sendto+0x3d7/0x670 [ 686.594719] ? __x64_sys_sendto+0xe1/0x1a0 [ 686.598944] ? do_syscall_64+0x1b9/0x820 [ 686.603008] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 686.608357] ? graph_lock+0x170/0x170 [ 686.612155] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 686.617689] ? check_preemption_disabled+0x48/0x200 [ 686.622695] ? check_preemption_disabled+0x48/0x200 [ 686.627703] ? mark_held_locks+0xc7/0x130 [ 686.631850] ? __lock_is_held+0xb5/0x140 [ 686.635909] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 686.640833] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 686.645747] ? lockdep_hardirqs_on+0x421/0x5c0 [ 686.650332] ? __sk_mem_raise_allocated+0x642/0x1800 [ 686.655437] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 686.660882] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 686.666406] ? check_preemption_disabled+0x48/0x200 [ 686.671434] mem_cgroup_charge_skmem+0x1e4/0x390 [ 686.676192] ? mem_cgroup_sk_free+0x90/0x90 [ 686.680512] __sk_mem_raise_allocated+0x642/0x1800 [ 686.685431] ? sk_busy_loop_end+0x1c0/0x1c0 [ 686.689738] ? arch_local_save_flags+0x40/0x40 [ 686.694309] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 686.699315] ? skb_page_frag_refill+0x1eb/0x6a0 [ 686.703971] ? sock_kzfree_s+0x60/0x60 [ 686.707847] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 686.712854] ? sk_stream_alloc_skb+0x34b/0x970 [ 686.717424] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 686.723343] ? skb_entail+0x618/0x8c0 [ 686.727134] ? tcp_rate_check_app_limited+0x121/0x460 [ 686.732318] ? tcp_splice_data_recv+0x1b0/0x1b0 [ 686.736990] __sk_mem_schedule+0x6d/0xe0 [ 686.741053] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 686.746579] tcp_sendmsg_locked+0x1c86/0x3f00 [ 686.751073] ? tcp_sendpage+0x60/0x60 [ 686.754861] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 686.760390] ? aa_label_sk_perm+0x46d/0x8e0 [ 686.764704] ? find_held_lock+0x36/0x1c0 [ 686.768757] ? mark_held_locks+0xc7/0x130 [ 686.772894] ? __local_bh_enable_ip+0x160/0x260 [ 686.777548] ? __local_bh_enable_ip+0x160/0x260 [ 686.782207] ? trace_hardirqs_on+0xbd/0x310 [ 686.786516] ? lock_release+0x970/0x970 [ 686.790494] ? lock_sock_nested+0xe2/0x120 [ 686.794737] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 686.800188] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 686.805714] ? check_preemption_disabled+0x48/0x200 [ 686.810718] ? lock_sock_nested+0x9a/0x120 [ 686.814937] ? lock_sock_nested+0x9a/0x120 [ 686.819167] ? __local_bh_enable_ip+0x160/0x260 [ 686.823841] tcp_sendmsg+0x2f/0x50 [ 686.827370] inet_sendmsg+0x1a1/0x690 [ 686.831164] ? ipip_gro_receive+0x100/0x100 [ 686.835477] ? apparmor_socket_sendmsg+0x29/0x30 [ 686.840221] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 686.845746] ? security_socket_sendmsg+0x94/0xc0 [ 686.850486] ? ipip_gro_receive+0x100/0x100 [ 686.854804] sock_sendmsg+0xd5/0x120 [ 686.858513] __sys_sendto+0x3d7/0x670 [ 686.862304] ? __ia32_sys_getpeername+0xb0/0xb0 [ 686.866969] ? lock_release+0x970/0x970 [ 686.870942] ? arch_local_save_flags+0x40/0x40 [ 686.875509] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 686.880948] ? aa_af_perm+0x5a0/0x5a0 [ 686.884782] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 686.890345] ? put_timespec64+0x10f/0x1b0 [ 686.894490] ? nsecs_to_jiffies+0x30/0x30 [ 686.898625] ? do_syscall_64+0x9a/0x820 [ 686.902601] ? do_syscall_64+0x9a/0x820 [ 686.906564] ? lockdep_hardirqs_on+0x421/0x5c0 [ 686.911134] ? trace_hardirqs_on+0xbd/0x310 [ 686.915452] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 686.920976] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 686.926325] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 686.931766] __x64_sys_sendto+0xe1/0x1a0 [ 686.935813] do_syscall_64+0x1b9/0x820 [ 686.939689] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 686.945038] ? syscall_return_slowpath+0x5e0/0x5e0 [ 686.949950] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 686.954787] ? trace_hardirqs_on_caller+0x310/0x310 [ 686.959804] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 686.964816] ? prepare_exit_to_usermode+0x291/0x3b0 [ 686.969830] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 686.974662] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 686.979841] RIP: 0033:0x457579 [ 686.983019] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 687.001902] RSP: 002b:00007f2ad8052c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 687.009597] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457579 [ 687.016853] RDX: fffffffffffffe4e RSI: 0000000020000000 RDI: 0000000000000003 [ 687.024104] RBP: 000000000072bf00 R08: 00000000200000c0 R09: 0000000000000006 [ 687.031359] R10: 00000000000000c0 R11: 0000000000000246 R12: 00007f2ad80536d4 [ 687.038632] R13: 00000000004c3929 R14: 00000000004d57c0 R15: 00000000ffffffff [ 687.052185] Task in /syz1 killed as a result of limit of /syz1 [ 687.058479] memory: usage 204796kB, limit 204800kB, failcnt 3871 [ 687.064639] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 687.071475] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 687.077746] Memory cgroup stats for /syz1: cache:224KB rss:4204KB rss_huge:4096KB shmem:224KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:4248KB inactive_file:0KB active_file:0KB unevictable:0KB [ 687.098453] Memory cgroup out of memory: Kill process 26032 (syz-executor1) score 181 or sacrifice child [ 687.108402] Killed process 26032 (syz-executor1) total-vm:70472kB, anon-rss:4204kB, file-rss:32768kB, shmem-rss:0kB [ 687.120591] oom_reaper: reaped process 26032 (syz-executor1), now anon-rss:0kB, file-rss:32000kB, shmem-rss:0kB [ 687.122091] syz-executor3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=2, oom_score_adj=0 [ 687.141870] syz-executor3 cpuset=syz3 mems_allowed=0 [ 687.147066] CPU: 0 PID: 26038 Comm: syz-executor3 Not tainted 4.19.0-rc6+ #265 [ 687.154424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 687.163763] Call Trace: [ 687.166354] dump_stack+0x1c4/0x2b4 [ 687.169974] ? dump_stack_print_info.cold.2+0x52/0x52 [ 687.175160] ? mark_held_locks+0x130/0x130 [ 687.179398] ? mark_held_locks+0x130/0x130 [ 687.183621] dump_header+0x27b/0xf72 [ 687.187330] ? pagefault_out_of_memory+0x197/0x197 [ 687.192260] ? check_preemption_disabled+0x48/0x200 [ 687.197276] ? check_preemption_disabled+0x48/0x200 [ 687.202283] ? graph_lock+0x170/0x170 [ 687.206072] ? graph_lock+0x170/0x170 [ 687.209860] ? print_usage_bug+0xc0/0xc0 [ 687.213920] ? find_held_lock+0x36/0x1c0 [ 687.217985] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 687.223515] ? find_held_lock+0x36/0x1c0 [ 687.227582] ? mark_held_locks+0xc7/0x130 [ 687.231727] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 687.236818] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 687.241906] ? lockdep_hardirqs_on+0x421/0x5c0 [ 687.246474] ? trace_hardirqs_on+0xbd/0x310 [ 687.250780] ? kasan_check_read+0x11/0x20 [ 687.254917] ? ___ratelimit+0x36f/0x655 [ 687.258878] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 687.264316] ? trace_hardirqs_on+0x310/0x310 [ 687.268711] ? lock_downgrade+0x900/0x900 [ 687.272845] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 687.277935] ? ___ratelimit+0xaa/0x655 [ 687.281850] ? idr_get_free+0xec0/0xec0 [ 687.285814] ? kasan_check_write+0x14/0x20 [ 687.290044] ? do_raw_spin_lock+0xc1/0x200 [ 687.294272] oom_kill_process.cold.27+0x10/0x903 [ 687.299023] ? kasan_check_write+0x14/0x20 [ 687.303256] ? do_raw_spin_lock+0xc1/0x200 [ 687.307480] ? oom_evaluate_task+0x540/0x540 [ 687.311880] ? cgroup_procs_next+0x70/0x70 [ 687.316117] ? _raw_spin_unlock_irq+0x60/0x80 [ 687.320616] ? oom_badness+0xaa0/0xaa0 [ 687.324501] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 687.329247] ? mem_cgroup_iter_break+0x30/0x30 [ 687.333822] ? mark_held_locks+0xc7/0x130 [ 687.338070] out_of_memory+0xa84/0x1430 [ 687.342028] ? lockdep_hardirqs_on+0x421/0x5c0 [ 687.346595] ? kasan_check_read+0x11/0x20 [ 687.350729] ? oom_killer_disable+0x3a0/0x3a0 [ 687.355210] ? kasan_check_write+0x14/0x20 [ 687.359431] ? do_raw_spin_lock+0xc1/0x200 [ 687.363657] mem_cgroup_out_of_memory+0x15e/0x210 [ 687.368493] ? memcg_memory_event+0x40/0x40 [ 687.372802] ? mem_cgroup_charge_skmem+0x1e4/0x390 [ 687.377730] ? page_counter_try_charge+0x1c1/0x220 [ 687.382645] try_charge+0xc43/0x1690 [ 687.386352] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 687.392396] ? tcp_sendmsg+0x2f/0x50 [ 687.396095] ? sock_sendmsg+0xd5/0x120 [ 687.399967] ? __sys_sendto+0x3d7/0x670 [ 687.403927] ? __x64_sys_sendto+0xe1/0x1a0 [ 687.408158] ? do_syscall_64+0x1b9/0x820 [ 687.412212] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 687.417559] ? graph_lock+0x170/0x170 [ 687.421347] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 687.426871] ? check_preemption_disabled+0x48/0x200 [ 687.431886] ? check_preemption_disabled+0x48/0x200 [ 687.436909] ? mark_held_locks+0xc7/0x130 [ 687.441046] ? __lock_is_held+0xb5/0x140 [ 687.445093] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 687.450019] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 687.454949] ? lockdep_hardirqs_on+0x421/0x5c0 [ 687.459522] ? __sk_mem_raise_allocated+0x642/0x1800 [ 687.464612] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 687.470050] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 687.475573] ? check_preemption_disabled+0x48/0x200 [ 687.480579] mem_cgroup_charge_skmem+0x1e4/0x390 [ 687.485321] ? mem_cgroup_sk_free+0x90/0x90 [ 687.489634] __sk_mem_raise_allocated+0x642/0x1800 [ 687.494553] ? sk_busy_loop_end+0x1c0/0x1c0 [ 687.498871] ? sk_alloc_sg+0xa00/0xa00 [ 687.502789] ? arch_local_save_flags+0x40/0x40 [ 687.507364] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 687.512396] ? skb_page_frag_refill+0x1eb/0x6a0 [ 687.517082] ? sock_kzfree_s+0x60/0x60 [ 687.520967] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 687.525977] ? sk_stream_alloc_skb+0x34b/0x970 [ 687.530575] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 687.536110] ? skb_entail+0x618/0x8c0 [ 687.539896] ? tcp_rate_check_app_limited+0x121/0x460 [ 687.545071] ? tcp_splice_data_recv+0x1b0/0x1b0 [ 687.549728] __sk_mem_schedule+0x6d/0xe0 [ 687.553776] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 687.559299] tcp_sendmsg_locked+0x1c86/0x3f00 [ 687.563791] ? tcp_sendpage+0x60/0x60 [ 687.567580] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 687.573104] ? aa_label_sk_perm+0x46d/0x8e0 [ 687.577418] ? find_held_lock+0x36/0x1c0 [ 687.581471] ? mark_held_locks+0xc7/0x130 [ 687.585622] ? __local_bh_enable_ip+0x160/0x260 [ 687.590275] ? __local_bh_enable_ip+0x160/0x260 [ 687.594948] ? trace_hardirqs_on+0xbd/0x310 [ 687.599261] ? lock_release+0x970/0x970 [ 687.603220] ? lock_sock_nested+0xe2/0x120 [ 687.607456] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 687.612907] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 687.618431] ? check_preemption_disabled+0x48/0x200 [ 687.623432] ? lock_sock_nested+0x9a/0x120 [ 687.627662] ? lock_sock_nested+0x9a/0x120 [ 687.631896] ? __local_bh_enable_ip+0x160/0x260 [ 687.636552] tcp_sendmsg+0x2f/0x50 [ 687.640095] inet_sendmsg+0x1a1/0x690 [ 687.643898] ? ipip_gro_receive+0x100/0x100 [ 687.648211] ? apparmor_socket_sendmsg+0x29/0x30 [ 687.652951] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 687.658474] ? security_socket_sendmsg+0x94/0xc0 [ 687.663214] ? ipip_gro_receive+0x100/0x100 [ 687.667523] sock_sendmsg+0xd5/0x120 [ 687.671222] __sys_sendto+0x3d7/0x670 [ 687.675027] ? __ia32_sys_getpeername+0xb0/0xb0 [ 687.679700] ? lock_release+0x970/0x970 [ 687.683685] ? arch_local_save_flags+0x40/0x40 [ 687.688257] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 687.693693] ? aa_af_perm+0x5a0/0x5a0 [ 687.697512] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 687.703055] ? put_timespec64+0x10f/0x1b0 [ 687.707202] ? nsecs_to_jiffies+0x30/0x30 [ 687.711351] ? do_syscall_64+0x9a/0x820 [ 687.715326] ? do_syscall_64+0x9a/0x820 [ 687.719286] ? lockdep_hardirqs_on+0x421/0x5c0 [ 687.723852] ? trace_hardirqs_on+0xbd/0x310 [ 687.728193] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 687.733742] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 687.739105] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 687.744556] __x64_sys_sendto+0xe1/0x1a0 [ 687.748608] do_syscall_64+0x1b9/0x820 [ 687.752480] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 687.757830] ? syscall_return_slowpath+0x5e0/0x5e0 [ 687.762746] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 687.767586] ? trace_hardirqs_on_caller+0x310/0x310 [ 687.772592] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 687.777593] ? prepare_exit_to_usermode+0x291/0x3b0 [ 687.782597] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 687.787430] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 687.792605] RIP: 0033:0x457579 [ 687.795788] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 687.814681] RSP: 002b:00007f7e36aa9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 687.822374] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457579 [ 687.829628] RDX: fffffffffffffe4e RSI: 0000000020000000 RDI: 0000000000000003 [ 687.836924] RBP: 000000000072bf00 R08: 00000000200000c0 R09: 0000000000000006 [ 687.844204] R10: 00000000000000c0 R11: 0000000000000246 R12: 00007f7e36aaa6d4 [ 687.851487] R13: 00000000004c3929 R14: 00000000004d57c0 R15: 00000000ffffffff [ 687.861773] Task in /syz3 killed as a result of limit of /syz3 [ 687.867872] memory: usage 204800kB, limit 204800kB, failcnt 2977 [ 687.874246] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 687.881056] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 687.887232] Memory cgroup stats for /syz3: cache:0KB rss:2292KB rss_huge:2048KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2204KB inactive_file:0KB active_file:0KB unevictable:0KB [ 687.907671] Memory cgroup out of memory: Kill process 26037 (syz-executor3) score 171 or sacrifice child [ 687.917443] Killed process 26037 (syz-executor3) total-vm:70472kB, anon-rss:2156kB, file-rss:32768kB, shmem-rss:0kB [ 687.928319] syz-executor1 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=0 [ 687.929648] oom_reaper: reaped process 26037 (syz-executor3), now anon-rss:0kB, file-rss:32000kB, shmem-rss:0kB [ 687.942194] syz-executor1 cpuset=syz1 mems_allowed=0 [ 687.956315] CPU: 0 PID: 26032 Comm: syz-executor1 Not tainted 4.19.0-rc6+ #265 [ 687.963663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 687.973005] Call Trace: [ 687.975594] dump_stack+0x1c4/0x2b4 [ 687.979212] ? dump_stack_print_info.cold.2+0x52/0x52 [ 687.984391] dump_header+0x27b/0xf72 [ 687.988105] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 687.993894] ? kasan_check_read+0x11/0x20 [ 687.998031] ? pagefault_out_of_memory+0x197/0x197 [ 688.002963] ? rcu_read_unlock+0x33/0x60 [ 688.007018] ? mem_cgroup_iter+0x514/0x1160 [ 688.011332] ? find_held_lock+0x36/0x1c0 [ 688.015381] ? mem_cgroup_nr_lru_pages+0x80/0x80 [ 688.020123] ? mark_held_locks+0xc7/0x130 [ 688.024265] ? _raw_spin_unlock_irq+0x27/0x80 [ 688.028744] ? _raw_spin_unlock_irq+0x27/0x80 [ 688.033226] ? lockdep_hardirqs_on+0x421/0x5c0 [ 688.037795] ? trace_hardirqs_on+0xbd/0x310 [ 688.042103] ? kasan_check_read+0x11/0x20 [ 688.046237] ? css_task_iter_end+0x222/0x490 [ 688.050632] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 688.056080] ? kasan_check_write+0x14/0x20 [ 688.060327] ? do_raw_spin_lock+0xc1/0x200 [ 688.065951] ? _raw_spin_unlock_irq+0x60/0x80 [ 688.070438] ? css_task_iter_end+0x2ce/0x490 [ 688.074833] ? cgroup_procs_next+0x70/0x70 [ 688.079053] ? _raw_spin_unlock_irq+0x60/0x80 [ 688.083532] ? oom_badness+0xaa0/0xaa0 [ 688.087405] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 688.092165] ? mem_cgroup_iter_break+0x30/0x30 [ 688.096758] ? cgroup_file_notify+0x226/0x2f0 [ 688.101240] out_of_memory.cold.30+0xf/0x184 [ 688.105661] ? lockdep_hardirqs_on+0x421/0x5c0 [ 688.110255] ? kasan_check_read+0x11/0x20 [ 688.114395] ? oom_killer_disable+0x3a0/0x3a0 [ 688.118876] ? kasan_check_write+0x14/0x20 [ 688.123098] ? do_raw_spin_lock+0xc1/0x200 [ 688.127325] mem_cgroup_out_of_memory+0x15e/0x210 [ 688.132160] ? memcg_memory_event+0x40/0x40 [ 688.136470] ? memcg_kmem_charge_memcg+0x7c/0x120 [ 688.141298] ? page_counter_try_charge+0x1c1/0x220 [ 688.146215] try_charge+0xc43/0x1690 [ 688.149912] ? lock_downgrade+0x900/0x900 [ 688.154044] ? check_preemption_disabled+0x48/0x200 [ 688.159047] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 688.165093] ? find_held_lock+0x36/0x1c0 [ 688.169143] ? get_mem_cgroup_from_mm+0x1e9/0x440 [ 688.173987] ? lock_downgrade+0x900/0x900 [ 688.178121] ? check_preemption_disabled+0x48/0x200 [ 688.183124] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 688.188910] ? kasan_check_read+0x11/0x20 [ 688.193045] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 688.198314] ? rcu_bh_qs+0xc0/0xc0 [ 688.201856] ? get_mem_cgroup_from_mm+0x206/0x440 [ 688.206718] memcg_kmem_charge_memcg+0x7c/0x120 [ 688.211372] ? memcg_kmem_put_cache+0xb0/0xb0 [ 688.215852] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 688.221227] memcg_kmem_charge+0x135/0x300 [ 688.225463] __alloc_pages_nodemask+0x72e/0xde0 [ 688.230132] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 688.235407] ? __alloc_pages_slowpath+0x2d80/0x2d80 [ 688.240409] ? check_preemption_disabled+0x48/0x200 [ 688.245413] ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0 [ 688.250933] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 688.256194] ? percpu_ref_put_many+0x13e/0x260 [ 688.260758] ? rcu_pm_notify+0xc0/0xc0 [ 688.264635] ? copy_process+0x1ff4/0x8780 [ 688.268768] ? rcu_read_lock_sched_held+0x108/0x120 [ 688.273768] ? kmem_cache_alloc_node+0x349/0x730 [ 688.278506] ? kasan_check_write+0x14/0x20 [ 688.282725] ? do_raw_spin_lock+0xc1/0x200 [ 688.286953] copy_process+0xa09/0x8780 [ 688.290836] ? print_usage_bug+0xc0/0xc0 [ 688.294904] ? __lock_acquire+0x7ec/0x4ec0 [ 688.299201] ? __lock_acquire+0x7ec/0x4ec0 [ 688.303437] ? print_usage_bug+0xc0/0xc0 [ 688.307501] ? __cleanup_sighand+0x70/0x70 [ 688.311745] ? mark_held_locks+0x130/0x130 [ 688.315975] ? print_usage_bug+0xc0/0xc0 [ 688.320047] ? print_usage_bug+0xc0/0xc0 [ 688.324093] ? mark_held_locks+0x130/0x130 [ 688.328321] ? __lock_acquire+0x7ec/0x4ec0 [ 688.332558] ? __lock_acquire+0x7ec/0x4ec0 [ 688.336774] ? graph_lock+0x170/0x170 [ 688.340563] ? check_preemption_disabled+0x48/0x200 [ 688.345564] ? check_preemption_disabled+0x48/0x200 [ 688.350569] ? mark_held_locks+0x130/0x130 [ 688.354789] ? print_usage_bug+0xc0/0xc0 [ 688.358838] ? find_held_lock+0x36/0x1c0 [ 688.362889] ? find_held_lock+0x36/0x1c0 [ 688.366944] ? print_usage_bug+0xc0/0xc0 [ 688.371004] ? __lock_acquire+0x7ec/0x4ec0 [ 688.375226] ? lock_downgrade+0x900/0x900 [ 688.379359] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 688.384881] ? check_preemption_disabled+0x48/0x200 [ 688.389883] ? check_preemption_disabled+0x48/0x200 [ 688.394891] ? __lock_acquire+0x7ec/0x4ec0 [ 688.399116] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 688.404643] ? mark_held_locks+0x130/0x130 [ 688.408872] ? rcu_read_unlock+0x16/0x60 [ 688.412931] ? lock_downgrade+0x900/0x900 [ 688.417109] ? check_preemption_disabled+0x48/0x200 [ 688.422115] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 688.427927] ? kasan_check_read+0x11/0x20 [ 688.432072] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 688.437349] ? graph_lock+0x170/0x170 [ 688.441162] ? rcu_read_unlock+0x33/0x60 [ 688.445231] ? find_held_lock+0x36/0x1c0 [ 688.449301] ? graph_lock+0x170/0x170 [ 688.453094] ? delayacct_end+0x25/0x100 [ 688.457062] ? lock_downgrade+0x900/0x900 [ 688.461199] ? ktime_get+0x352/0x440 [ 688.464950] ? print_usage_bug+0xc0/0xc0 [ 688.469002] ? find_held_lock+0x36/0x1c0 [ 688.473074] ? delayacct_end+0xc5/0x100 [ 688.477039] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 688.482126] ? __lock_acquire+0x7ec/0x4ec0 [ 688.486365] ? trace_hardirqs_on+0xbd/0x310 [ 688.490683] ? kasan_check_read+0x11/0x20 [ 688.494816] ? delayacct_end+0xc5/0x100 [ 688.498799] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 688.504252] ? mark_held_locks+0x130/0x130 [ 688.508472] ? delayacct_end+0x5a/0x100 [ 688.512436] ? __delayacct_freepages_end+0xe0/0x140 [ 688.517438] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 688.522961] ? do_try_to_free_pages+0xe68/0x1290 [ 688.527709] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 688.533251] ? check_preemption_disabled+0x48/0x200 [ 688.538259] ? check_preemption_disabled+0x48/0x200 [ 688.543276] ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0 [ 688.548797] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 688.554068] ? rcu_pm_notify+0xc0/0xc0 [ 688.557956] ? graph_lock+0x170/0x170 [ 688.561744] ? try_to_free_mem_cgroup_pages+0x58b/0xca0 [ 688.567109] _do_fork+0x1cb/0x11d0 [ 688.570635] ? fork_idle+0x1d0/0x1d0 [ 688.574350] ? percpu_ref_put_many+0x11c/0x260 [ 688.578937] ? lock_downgrade+0x900/0x900 [ 688.583083] ? check_preemption_disabled+0x48/0x200 [ 688.588084] ? kasan_check_read+0x11/0x20 [ 688.592220] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 688.597484] ? rcu_bh_qs+0xc0/0xc0 [ 688.601008] ? get_mem_cgroup_from_mm+0x206/0x440 [ 688.605839] ? do_syscall_64+0x9a/0x820 [ 688.609811] ? do_syscall_64+0x9a/0x820 [ 688.613769] ? lockdep_hardirqs_on+0x421/0x5c0 [ 688.618334] ? trace_hardirqs_on+0xbd/0x310 [ 688.622682] ? trace_hardirqs_on+0x310/0x310 [ 688.627075] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 688.632427] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 688.637867] __x64_sys_clone+0xbf/0x150 [ 688.641831] do_syscall_64+0x1b9/0x820 [ 688.645700] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 688.651068] ? syscall_return_slowpath+0x5e0/0x5e0 [ 688.655983] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 688.660811] ? trace_hardirqs_on_caller+0x310/0x310 [ 688.665818] ? prepare_exit_to_usermode+0x291/0x3b0 [ 688.670857] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 688.675692] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 688.680880] RIP: 0033:0x459f49 [ 688.684061] Code: Bad RIP value. [ 688.687406] RSP: 002b:0000000000a3fac8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 688.695106] RAX: ffffffffffffffda RBX: 00007f2ad8032700 RCX: 0000000000459f49 [ 688.702394] RDX: 00007f2ad80329d0 RSI: 00007f2ad8031db0 RDI: 00000000003d0f00 [ 688.709646] RBP: 0000000000a3fcd0 R08: 00007f2ad8032700 R09: 00007f2ad8032700 [ 688.716898] R10: 00007f2ad80329d0 R11: 0000000000000202 R12: 0000000000000000 [ 688.724161] R13: 0000000000a3fb7f R14: 00007f2ad80329c0 R15: 0000000000000001 [ 688.734807] Memory limit reached of cgroup /syz1 [ 688.740188] memory: usage 200576kB, limit 204800kB, failcnt 3871 [ 688.746332] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 688.753228] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 03:05:21 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x700]}, 0x6) 03:05:21 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x40020000]}, 0x6) 03:05:21 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x900000000000000]}, 0x6) 03:05:21 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc020000]}, 0x6) 03:05:21 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x142800]}, 0x6) [ 688.759447] Memory cgroup stats for /syz1: cache:224KB rss:28KB rss_huge:0KB shmem:224KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:64KB inactive_file:0KB active_file:0KB unevictable:0KB [ 688.779686] Out of memory and no killable processes... [ 688.785472] syz-executor3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 688.797146] syz-executor3 cpuset=syz3 mems_allowed=0 [ 688.802432] CPU: 1 PID: 26037 Comm: syz-executor3 Not tainted 4.19.0-rc6+ #265 [ 688.809797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 688.819174] Call Trace: [ 688.821768] dump_stack+0x1c4/0x2b4 [ 688.825409] ? dump_stack_print_info.cold.2+0x52/0x52 [ 688.830623] dump_header+0x27b/0xf72 [ 688.834354] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 688.840160] ? kasan_check_read+0x11/0x20 [ 688.840183] ? pagefault_out_of_memory+0x197/0x197 [ 688.840205] ? rcu_read_unlock+0x33/0x60 [ 688.840219] ? mem_cgroup_iter+0x514/0x1160 [ 688.840237] ? find_held_lock+0x36/0x1c0 [ 688.840256] ? mem_cgroup_nr_lru_pages+0x80/0x80 [ 688.866521] ? mark_held_locks+0xc7/0x130 [ 688.870720] ? _raw_spin_unlock_irq+0x27/0x80 [ 688.875227] ? _raw_spin_unlock_irq+0x27/0x80 [ 688.879731] ? lockdep_hardirqs_on+0x421/0x5c0 [ 688.884331] ? trace_hardirqs_on+0xbd/0x310 [ 688.888658] ? kasan_check_read+0x11/0x20 [ 688.892830] ? css_task_iter_end+0x222/0x490 [ 688.897251] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 688.902728] ? kasan_check_write+0x14/0x20 [ 688.906976] ? do_raw_spin_lock+0xc1/0x200 [ 688.911227] ? _raw_spin_unlock_irq+0x60/0x80 [ 688.915735] ? css_task_iter_end+0x2ce/0x490 [ 688.920171] ? cgroup_procs_next+0x70/0x70 [ 688.924426] ? _raw_spin_unlock_irq+0x60/0x80 [ 688.928947] ? oom_badness+0xaa0/0xaa0 [ 688.932851] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 688.937619] ? mem_cgroup_iter_break+0x30/0x30 [ 688.942223] ? mark_held_locks+0xc7/0x130 [ 688.946387] out_of_memory.cold.30+0xf/0x184 [ 688.950802] ? lockdep_hardirqs_on+0x421/0x5c0 [ 688.955384] ? kasan_check_read+0x11/0x20 [ 688.955403] ? oom_killer_disable+0x3a0/0x3a0 [ 688.955418] ? kasan_check_write+0x14/0x20 [ 688.955435] ? do_raw_spin_lock+0xc1/0x200 [ 688.955463] mem_cgroup_out_of_memory+0x15e/0x210 [ 688.955478] ? memcg_memory_event+0x40/0x40 [ 688.955497] ? mem_cgroup_try_charge+0x5ea/0xe10 [ 688.964131] ? page_counter_try_charge+0x1c1/0x220 [ 688.964162] try_charge+0xc43/0x1690 [ 688.964192] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 688.964206] ? get_mem_cgroup_from_mm+0x1e9/0x440 [ 688.964223] ? lock_downgrade+0x900/0x900 [ 688.964241] ? check_preemption_disabled+0x48/0x200 [ 688.964261] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 689.021009] ? kasan_check_read+0x11/0x20 [ 689.025183] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 689.030476] ? rcu_bh_qs+0xc0/0xc0 [ 689.034035] ? get_mem_cgroup_from_mm+0x206/0x440 [ 689.038897] ? mem_cgroup_can_attach+0x580/0x580 [ 689.043662] ? __lock_is_held+0xb5/0x140 [ 689.047753] mem_cgroup_try_charge+0x5ea/0xe10 [ 689.052351] ? mem_cgroup_protected+0xa60/0xa60 [ 689.057063] ? validate_mm+0x386/0x630 [ 689.060953] ? lock_downgrade+0x900/0x900 [ 689.065105] ? pmd_val+0x88/0x100 [ 689.068566] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 689.074120] mem_cgroup_try_charge_delay+0x1d/0xa0 [ 689.079068] __handle_mm_fault+0x273a/0x53e0 [ 689.083486] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 689.089039] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 689.093892] ? graph_lock+0x170/0x170 [ 689.097704] ? print_usage_bug+0xc0/0xc0 [ 689.097720] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 689.097734] ? vma_wants_writenotify+0x22c/0x510 [ 689.097749] ? graph_lock+0x170/0x170 [ 689.097762] ? graph_lock+0x170/0x170 [ 689.097796] ? handle_mm_fault+0x42a/0xc70 [ 689.097813] ? lock_downgrade+0x900/0x900 [ 689.107392] ? check_preemption_disabled+0x48/0x200 [ 689.107414] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 689.107426] ? kasan_check_read+0x11/0x20 [ 689.107442] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 689.107457] ? rcu_bh_qs+0xc0/0xc0 [ 689.107472] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 689.107490] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 689.162914] ? check_preemption_disabled+0x48/0x200 [ 689.167926] handle_mm_fault+0x54f/0xc70 [ 689.172011] ? __handle_mm_fault+0x53e0/0x53e0 [ 689.176580] ? find_vma+0x34/0x190 [ 689.180122] __do_page_fault+0x67d/0xed0 [ 689.184193] ? do_mprotect_pkey+0x8dd/0xa60 [ 689.188504] ? mm_fault_error+0x380/0x380 [ 689.192646] ? trace_hardirqs_off+0xb8/0x310 [ 689.197058] ? trace_hardirqs_on+0x310/0x310 [ 689.201461] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 689.206808] ? trace_hardirqs_on+0x310/0x310 [ 689.211204] do_page_fault+0xf2/0x7e0 [ 689.214994] ? vmalloc_sync_all+0x30/0x30 [ 689.219127] ? error_entry+0x70/0xd0 [ 689.222837] ? trace_hardirqs_off_caller+0xbb/0x310 [ 689.227835] ? trace_hardirqs_on_caller+0xc0/0x310 [ 689.232752] ? syscall_return_slowpath+0x5e0/0x5e0 [ 689.237681] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 689.242511] ? trace_hardirqs_on_caller+0x310/0x310 [ 689.247520] ? trace_hardirqs_off+0x310/0x310 [ 689.252013] ? prepare_exit_to_usermode+0x291/0x3b0 [ 689.257023] ? page_fault+0x8/0x30 [ 689.260553] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 689.265384] ? page_fault+0x8/0x30 [ 689.268908] page_fault+0x1e/0x30 [ 689.272344] RIP: 0033:0x459f2d [ 689.275524] Code: Bad RIP value. [ 689.278871] RSP: 002b:0000000000a3fac8 EFLAGS: 00010202 [ 689.284217] RAX: ffffffffffffffea RBX: 00007f7e36a89700 RCX: 00007f7e36a89700 [ 689.291470] RDX: 00000000003d0f00 RSI: 00007f7e36a88db0 RDI: 000000000040e0a0 [ 689.298721] RBP: 0000000000a3fcd0 R08: 00007f7e36a899d0 R09: 00007f7e36a89700 [ 689.305975] R10: 00007f7e36a88dc0 R11: 0000000000000246 R12: 0000000000000000 [ 689.313232] R13: 0000000000a3fb7f R14: 00007f7e36a899c0 R15: 0000000000000001 [ 689.321401] Memory limit reached of cgroup /syz3 [ 689.326188] memory: usage 202624kB, limit 204800kB, failcnt 2977 [ 689.332376] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 689.339233] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 689.345388] Memory cgroup stats for /syz3: cache:0KB rss:76KB rss_huge:0KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:64KB inactive_file:0KB active_file:0KB unevictable:0KB [ 689.365197] Out of memory and no killable processes... [ 689.370666] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=3, oom_score_adj=0 [ 689.383354] syz-executor1 cpuset=syz1 mems_allowed=0 [ 689.389296] CPU: 0 PID: 26073 Comm: syz-executor1 Not tainted 4.19.0-rc6+ #265 [ 689.396687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 689.406063] Call Trace: [ 689.408659] dump_stack+0x1c4/0x2b4 [ 689.412309] ? dump_stack_print_info.cold.2+0x52/0x52 [ 689.417516] ? mark_held_locks+0x130/0x130 [ 689.421766] ? mark_held_locks+0x130/0x130 [ 689.426023] dump_header+0x27b/0xf72 [ 689.429764] ? pagefault_out_of_memory+0x197/0x197 [ 689.434710] ? check_preemption_disabled+0x48/0x200 [ 689.439739] ? check_preemption_disabled+0x48/0x200 [ 689.444780] ? graph_lock+0x170/0x170 [ 689.448600] ? graph_lock+0x170/0x170 [ 689.452416] ? print_usage_bug+0xc0/0xc0 [ 689.456489] ? find_held_lock+0x36/0x1c0 [ 689.460567] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 689.466118] ? find_held_lock+0x36/0x1c0 [ 689.470221] ? mark_held_locks+0xc7/0x130 [ 689.474385] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 689.479503] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 689.484620] ? lockdep_hardirqs_on+0x421/0x5c0 [ 689.489220] ? trace_hardirqs_on+0xbd/0x310 [ 689.493551] ? kasan_check_read+0x11/0x20 [ 689.497714] ? ___ratelimit+0x36f/0x655 [ 689.501701] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 689.507183] ? trace_hardirqs_on+0x310/0x310 [ 689.511606] ? lock_downgrade+0x900/0x900 [ 689.515773] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 689.520888] ? ___ratelimit+0xaa/0x655 [ 689.524788] ? idr_get_free+0xec0/0xec0 [ 689.528772] ? kasan_check_write+0x14/0x20 [ 689.533035] ? do_raw_spin_lock+0xc1/0x200 [ 689.537295] oom_kill_process.cold.27+0x10/0x903 [ 689.542072] ? kasan_check_write+0x14/0x20 [ 689.546326] ? do_raw_spin_lock+0xc1/0x200 [ 689.550583] ? oom_evaluate_task+0x540/0x540 [ 689.555010] ? cgroup_procs_next+0x70/0x70 [ 689.559262] ? _raw_spin_unlock_irq+0x60/0x80 [ 689.563771] ? oom_badness+0xaa0/0xaa0 [ 689.567673] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 689.572446] ? mem_cgroup_iter_break+0x30/0x30 [ 689.577051] ? mark_held_locks+0xc7/0x130 [ 689.581222] out_of_memory+0xa84/0x1430 [ 689.585209] ? lockdep_hardirqs_on+0x421/0x5c0 [ 689.589796] ? kasan_check_read+0x11/0x20 [ 689.593958] ? oom_killer_disable+0x3a0/0x3a0 [ 689.598463] ? kasan_check_write+0x14/0x20 [ 689.602712] ? do_raw_spin_lock+0xc1/0x200 [ 689.606969] mem_cgroup_out_of_memory+0x15e/0x210 03:05:22 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xe00000000000000]}, 0x6) 03:05:22 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x142800]}, 0x6) 03:05:22 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x4000]}, 0x6) 03:05:22 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000]}, 0x6) 03:05:22 executing program 5: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000380)='/dev/rtc0\x00', 0x0, 0x0) getresuid(&(0x7f00000003c0), &(0x7f0000000540), &(0x7f0000000680)=0x0) setsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f00000006c0)={{{@in=@remote, @in6=@mcast1, 0x4e22, 0x1fe0, 0x4e24, 0x0, 0xa, 0x80, 0x80, 0x4, 0x0, r1}, {0x1, 0x4, 0x100, 0x7, 0x8, 0x3, 0x0, 0x3}, {0x7, 0xfffffffffffffffe, 0x8, 0x1ff}, 0xe8, 0x6e6bbe, 0x8608341d8ef6d275, 0x0, 0x1}, {{@in=@rand_addr=0x9, 0x4d5}, 0x2, @in=@remote, 0x0, 0x4, 0x3, 0x9, 0x0, 0x40, 0x7}}, 0xe8) r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x12000, 0x0) r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffff9c, 0x84, 0x10, &(0x7f0000000040)=@assoc_value={0x0, 0x80000001}, &(0x7f0000000080)=0x8) ioctl$TCSETS(r2, 0x5402, &(0x7f0000000800)={0x0, 0x0, 0x8, 0x0, 0x7, 0x8000, 0x8, 0x4, 0x0, 0x100000000, 0x3}) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nullb0\x00', 0x802, 0x0) ioctl$SG_GET_VERSION_NUM(r3, 0x2282, &(0x7f00000007c0)) ioctl$sock_netdev_private(r0, 0x89fd, &(0x7f0000000880)="66d243e6c64723e3cb08bf451c8ed08c03d33b22b77cba2eb9c59ee6cbf6cdc899f697621084a73ff506edfab9b946c67ab5b07323dfb0ad4e8568b59a1cfd2faa28795d93fa6be8563823a8ee2fce83c64496557c3789") ioctl$BLKZEROOUT(r5, 0x127f, &(0x7f0000000080)={0x0, 0x4004400}) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000280)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) setsockopt$inet6_MCAST_LEAVE_GROUP(0xffffffffffffffff, 0x29, 0x2d, &(0x7f00000005c0)={0x0, {{0xa, 0x4e23, 0x7, @mcast2}}}, 0x88) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(0xffffffffffffffff, 0xc0505510, &(0x7f0000000400)={0x0, 0x3, 0x16e, 0x80000000, &(0x7f0000000480)=[{}, {}, {}]}) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000200)={@rand_addr, @rand_addr}, &(0x7f0000000240)=0xc) openat$kvm(0xffffffffffffff9c, &(0x7f0000000580)='/dev/kvm\x00', 0x0, 0x0) renameat(r3, &(0x7f0000000100)='./file1\x00', r0, &(0x7f0000000840)='./file0\x00') signalfd4(r4, &(0x7f0000000340)={0x7a5}, 0x8, 0x800) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f00000001c0)={'veth1_to_bond\x00', @ifru_data=&(0x7f0000000180)="df0981c5f71291d26f64c52507829989afcbba77d84d78c681f5e5328fa262c3"}) 03:05:22 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x1000000]}, 0x6) 03:05:22 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x20000]}, 0x6) [ 689.611822] ? memcg_memory_event+0x40/0x40 [ 689.616192] ? mem_cgroup_charge_skmem+0x1e4/0x390 [ 689.621144] ? page_counter_try_charge+0x1c1/0x220 [ 689.626109] try_charge+0xc43/0x1690 [ 689.629891] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 689.635966] ? tcp_sendmsg+0x2f/0x50 [ 689.639693] ? sock_sendmsg+0xd5/0x120 [ 689.643592] ? __sys_sendto+0x3d7/0x670 [ 689.647575] ? graph_lock+0x170/0x170 [ 689.651387] ? graph_lock+0x170/0x170 [ 689.655205] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 689.660754] ? check_preemption_disabled+0x48/0x200 [ 689.665785] ? check_preemption_disabled+0x48/0x200 [ 689.670856] ? mark_held_locks+0xc7/0x130 [ 689.675017] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 689.679955] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 689.684896] ? lockdep_hardirqs_on+0x421/0x5c0 [ 689.689495] ? rcu_read_lock_sched_held+0x108/0x120 [ 689.694523] ? __sk_mem_raise_allocated+0x642/0x1800 [ 689.699636] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 689.705100] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 689.710686] ? check_preemption_disabled+0x48/0x200 [ 689.715716] mem_cgroup_charge_skmem+0x1e4/0x390 [ 689.720486] ? mem_cgroup_sk_free+0x90/0x90 [ 689.724835] __sk_mem_raise_allocated+0x642/0x1800 [ 689.729781] ? futex_wait_queue_me+0x55d/0x840 [ 689.734381] ? sk_busy_loop_end+0x1c0/0x1c0 [ 689.738712] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 689.744265] ? alloc_pages_current+0x114/0x210 [ 689.748861] ? skb_page_frag_refill+0x1eb/0x6a0 [ 689.753549] ? sock_kzfree_s+0x60/0x60 [ 689.757446] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 689.762475] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 689.767502] ? tcp_chrono_start+0x190/0x1e0 [ 689.771839] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 689.777387] ? skb_entail+0x618/0x8c0 [ 689.781205] ? tcp_rate_check_app_limited+0x121/0x460 [ 689.786413] ? tcp_splice_data_recv+0x1b0/0x1b0 [ 689.791104] __sk_mem_schedule+0x6d/0xe0 [ 689.795200] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 689.800752] tcp_sendmsg_locked+0x1c86/0x3f00 [ 689.805262] ? __fget+0x4a0/0x740 [ 689.808743] ? tcp_sendpage+0x60/0x60 [ 689.812562] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 689.818104] ? aa_label_sk_perm+0x46d/0x8e0 [ 689.822447] ? find_held_lock+0x36/0x1c0 [ 689.826618] ? mark_held_locks+0xc7/0x130 [ 689.830777] ? __local_bh_enable_ip+0x160/0x260 [ 689.835454] ? __local_bh_enable_ip+0x160/0x260 [ 689.840136] ? trace_hardirqs_on+0xbd/0x310 [ 689.844484] ? lock_release+0x970/0x970 [ 689.848468] ? lock_sock_nested+0xe2/0x120 [ 689.852861] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 689.858335] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 689.863883] ? check_preemption_disabled+0x48/0x200 [ 689.868912] ? lock_sock_nested+0x9a/0x120 [ 689.873165] ? lock_sock_nested+0x9a/0x120 [ 689.877423] ? __local_bh_enable_ip+0x160/0x260 [ 689.882113] tcp_sendmsg+0x2f/0x50 [ 689.885671] inet_sendmsg+0x1a1/0x690 [ 689.889488] ? ipip_gro_receive+0x100/0x100 [ 689.893827] ? apparmor_socket_sendmsg+0x29/0x30 [ 689.898598] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 689.904148] ? security_socket_sendmsg+0x94/0xc0 [ 689.908933] ? ipip_gro_receive+0x100/0x100 [ 689.913269] sock_sendmsg+0xd5/0x120 [ 689.916997] __sys_sendto+0x3d7/0x670 [ 689.920812] ? __ia32_sys_getpeername+0xb0/0xb0 [ 689.925492] ? lock_release+0x970/0x970 [ 689.929478] ? arch_local_save_flags+0x40/0x40 [ 689.934073] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 689.939533] ? aa_af_perm+0x5a0/0x5a0 [ 689.943370] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 689.948917] ? put_timespec64+0x10f/0x1b0 [ 689.953073] ? nsecs_to_jiffies+0x30/0x30 [ 689.957237] ? do_syscall_64+0x9a/0x820 [ 689.961220] ? do_syscall_64+0x9a/0x820 [ 689.965218] ? lockdep_hardirqs_on+0x421/0x5c0 [ 689.969811] ? trace_hardirqs_on+0xbd/0x310 [ 689.974139] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 689.979701] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 689.985074] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 689.990539] __x64_sys_sendto+0xe1/0x1a0 [ 689.994614] do_syscall_64+0x1b9/0x820 [ 689.998509] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 690.003883] ? syscall_return_slowpath+0x5e0/0x5e0 [ 690.008819] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 690.013671] ? trace_hardirqs_on_caller+0x310/0x310 [ 690.018705] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 690.023737] ? prepare_exit_to_usermode+0x291/0x3b0 [ 690.028773] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 690.033635] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 690.038831] RIP: 0033:0x457579 [ 690.042031] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 690.060938] RSP: 002b:00007f2ad8052c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 690.068656] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457579 [ 690.075935] RDX: fffffffffffffe4e RSI: 0000000020000000 RDI: 0000000000000003 [ 690.083215] RBP: 000000000072bf00 R08: 00000000200000c0 R09: 0000000000000006 [ 690.090491] R10: 00000000000000c0 R11: 0000000000000246 R12: 00007f2ad80536d4 [ 690.097765] R13: 00000000004c3929 R14: 00000000004d57c0 R15: 00000000ffffffff [ 690.243988] Task in /syz1 killed as a result of limit of /syz1 [ 690.269544] memory: usage 204800kB, limit 204800kB, failcnt 3891 [ 690.289658] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 690.310294] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 690.333992] Memory cgroup stats for /syz1: cache:224KB rss:4256KB rss_huge:4096KB shmem:224KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:4248KB inactive_file:0KB active_file:0KB unevictable:0KB [ 690.397451] Memory cgroup out of memory: Kill process 26072 (syz-executor1) score 181 or sacrifice child [ 690.427394] Killed process 26072 (syz-executor1) total-vm:70472kB, anon-rss:4204kB, file-rss:32768kB, shmem-rss:0kB [ 690.465647] oom_reaper: reaped process 26072 (syz-executor1), now anon-rss:0kB, file-rss:32000kB, shmem-rss:0kB 03:05:23 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x11]}, 0x6) 03:05:23 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xeaf8ffff]}, 0x6) 03:05:23 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x1500]}, 0x6) 03:05:23 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40020000]}, 0x6) 03:05:23 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x281400]}, 0x6) 03:05:23 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300]}, 0x6) [ 690.653753] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 690.678932] syz-executor1 cpuset=syz1 mems_allowed=0 [ 690.684100] CPU: 0 PID: 26121 Comm: syz-executor1 Not tainted 4.19.0-rc6+ #265 [ 690.691488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 690.700853] Call Trace: [ 690.703460] dump_stack+0x1c4/0x2b4 [ 690.707116] ? dump_stack_print_info.cold.2+0x52/0x52 [ 690.712336] dump_header+0x27b/0xf72 [ 690.716075] ? mark_held_locks+0x130/0x130 [ 690.720340] ? pagefault_out_of_memory+0x197/0x197 [ 690.725760] ? check_preemption_disabled+0x48/0x200 [ 690.730785] ? check_preemption_disabled+0x48/0x200 [ 690.735827] ? graph_lock+0x170/0x170 [ 690.739648] ? graph_lock+0x170/0x170 [ 690.743467] ? print_usage_bug+0xc0/0xc0 [ 690.747549] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 03:05:23 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x3f00000000000000]}, 0x6) [ 690.753132] ? find_held_lock+0x36/0x1c0 [ 690.757226] ? mark_held_locks+0xc7/0x130 [ 690.761385] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 690.766500] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 690.771614] ? lockdep_hardirqs_on+0x421/0x5c0 [ 690.776218] ? trace_hardirqs_on+0xbd/0x310 [ 690.780551] ? kasan_check_read+0x11/0x20 [ 690.784716] ? ___ratelimit+0x36f/0x655 [ 690.788708] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 690.794280] ? trace_hardirqs_on+0x310/0x310 [ 690.798712] ? lock_downgrade+0x900/0x900 03:05:23 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0xf401000000000000]}, 0x6) [ 690.802893] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 690.808023] ? ___ratelimit+0xaa/0x655 [ 690.811926] ? idr_get_free+0xec0/0xec0 [ 690.815923] ? kasan_check_write+0x14/0x20 [ 690.820210] ? do_raw_spin_lock+0xc1/0x200 [ 690.824465] oom_kill_process.cold.27+0x10/0x903 [ 690.829230] ? kasan_check_write+0x14/0x20 [ 690.833472] ? do_raw_spin_lock+0xc1/0x200 [ 690.837751] ? oom_evaluate_task+0x540/0x540 [ 690.842189] ? cgroup_procs_next+0x70/0x70 [ 690.846438] ? _raw_spin_unlock_irq+0x60/0x80 [ 690.850949] ? oom_badness+0xaa0/0xaa0 [ 690.854881] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 690.859706] ? mem_cgroup_iter_break+0x30/0x30 [ 690.864313] ? mark_held_locks+0xc7/0x130 [ 690.868479] out_of_memory+0xa84/0x1430 [ 690.872469] ? lockdep_hardirqs_on+0x421/0x5c0 [ 690.877063] ? kasan_check_read+0x11/0x20 [ 690.881230] ? oom_killer_disable+0x3a0/0x3a0 [ 690.885740] ? kasan_check_write+0x14/0x20 [ 690.890011] ? do_raw_spin_lock+0xc1/0x200 [ 690.894265] mem_cgroup_out_of_memory+0x15e/0x210 [ 690.899115] ? memcg_memory_event+0x40/0x40 03:05:23 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0xe803000000000000]}, 0x6) [ 690.903457] ? mem_cgroup_charge_skmem+0x1e4/0x390 [ 690.908400] ? page_counter_try_charge+0x1c1/0x220 [ 690.913343] try_charge+0xc43/0x1690 [ 690.917085] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 690.923164] ? __kmalloc_node_track_caller+0x33/0x70 [ 690.928313] ? __kmalloc_node_track_caller+0x33/0x70 [ 690.933428] ? rcu_read_lock_sched_held+0x108/0x120 [ 690.938457] ? kmem_cache_alloc_node_trace+0x34b/0x740 [ 690.943768] ? kasan_unpoison_shadow+0x35/0x50 [ 690.948357] ? kasan_kmalloc+0xc7/0xe0 [ 690.952260] ? mark_held_locks+0xc7/0x130 [ 690.956426] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 690.961371] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 690.966311] ? lockdep_hardirqs_on+0x421/0x5c0 [ 690.970908] ? sk_forced_mem_schedule+0x13b/0x170 [ 690.975769] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 690.981237] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 690.986792] ? check_preemption_disabled+0x48/0x200 [ 690.991872] mem_cgroup_charge_skmem+0x1e4/0x390 [ 690.996653] ? mem_cgroup_sk_free+0x90/0x90 [ 691.000999] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 691.006543] ? tcp_chrono_stop+0x25f/0x520 [ 691.010840] sk_forced_mem_schedule+0x13b/0x170 [ 691.015523] sk_stream_alloc_skb+0x1ab/0x970 [ 691.019964] ? tcp_init_transfer+0x470/0x470 [ 691.024386] ? __lock_is_held+0xb5/0x140 [ 691.028473] tcp_connect+0x1283/0x4690 [ 691.032389] ? tcp_push_one+0x110/0x110 [ 691.036386] ? mark_held_locks+0xc7/0x130 [ 691.040553] ? ktime_get_with_offset+0x38e/0x470 [ 691.045328] ? pvclock_read_flags+0x160/0x160 [ 691.049850] ? secure_tcp_seq+0xa4/0x180 [ 691.053944] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 691.059415] ? kvm_clock_read+0x18/0x30 [ 691.063403] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 691.068433] ? ktime_get_with_offset+0x313/0x470 [ 691.073209] ? ktime_get+0x440/0x440 [ 691.077000] ? ip_route_output_key_hash+0x297/0x3b0 [ 691.082023] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 691.087580] ? tcp_fastopen_cookie_check+0x330/0x330 [ 691.092695] ? secure_tcp_ts_off+0xe6/0x1a0 [ 691.097028] ? secure_ipv6_port_ephemeral+0x2f0/0x2f0 [ 691.102229] ? check_preemption_disabled+0x48/0x200 [ 691.107259] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 691.112807] ? sk_setup_caps+0x209/0x690 [ 691.116921] tcp_v4_connect+0x1996/0x1dd0 [ 691.121106] ? tcp_v4_parse_md5_keys+0x340/0x340 [ 691.125873] ? graph_lock+0x170/0x170 [ 691.129746] __inet_stream_connect+0x992/0x1150 [ 691.134461] ? inet_dgram_connect+0x2e0/0x2e0 [ 691.138967] ? __lock_is_held+0xb5/0x140 [ 691.143062] ? tcp_sendmsg_locked+0x32f9/0x3f00 [ 691.147747] ? rcu_read_lock_sched_held+0x108/0x120 [ 691.152791] ? kmem_cache_alloc_trace+0x353/0x750 [ 691.157688] tcp_sendmsg_locked+0x2bf2/0x3f00 [ 691.162350] ? __fget+0x4aa/0x740 [ 691.165847] ? lock_downgrade+0x900/0x900 [ 691.170002] ? check_preemption_disabled+0x48/0x200 [ 691.175055] ? tcp_sendpage+0x60/0x60 [ 691.178879] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 691.184438] ? aa_label_sk_perm+0x46d/0x8e0 [ 691.188776] ? find_held_lock+0x36/0x1c0 [ 691.192884] ? mark_held_locks+0xc7/0x130 [ 691.197049] ? __local_bh_enable_ip+0x160/0x260 [ 691.201732] ? __local_bh_enable_ip+0x160/0x260 [ 691.206413] ? lockdep_hardirqs_on+0x421/0x5c0 [ 691.211008] ? trace_hardirqs_on+0xbd/0x310 [ 691.215356] ? lock_release+0x970/0x970 [ 691.219341] ? lock_sock_nested+0xe2/0x120 [ 691.223588] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 691.229050] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 691.234601] ? check_preemption_disabled+0x48/0x200 [ 691.239641] ? lock_sock_nested+0x9a/0x120 [ 691.243891] ? lock_sock_nested+0x9a/0x120 [ 691.248136] ? __local_bh_enable_ip+0x160/0x260 [ 691.252860] tcp_sendmsg+0x2f/0x50 [ 691.256417] inet_sendmsg+0x1a1/0x690 [ 691.260233] ? ipip_gro_receive+0x100/0x100 [ 691.264568] ? apparmor_socket_sendmsg+0x29/0x30 [ 691.269340] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 691.274908] ? security_socket_sendmsg+0x94/0xc0 [ 691.279680] ? ipip_gro_receive+0x100/0x100 [ 691.284016] sock_sendmsg+0xd5/0x120 [ 691.287745] __sys_sendto+0x3d7/0x670 [ 691.291561] ? __ia32_sys_getpeername+0xb0/0xb0 [ 691.296259] ? lock_release+0x970/0x970 [ 691.300242] ? arch_local_save_flags+0x40/0x40 [ 691.304838] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 691.310324] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 691.315873] ? put_timespec64+0x10f/0x1b0 [ 691.320036] ? nsecs_to_jiffies+0x30/0x30 [ 691.324210] ? do_syscall_64+0x9a/0x820 [ 691.328203] ? do_syscall_64+0x9a/0x820 [ 691.332216] ? lockdep_hardirqs_on+0x421/0x5c0 [ 691.336853] ? trace_hardirqs_on+0xbd/0x310 [ 691.341197] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 691.346742] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 691.352117] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 691.357597] __x64_sys_sendto+0xe1/0x1a0 [ 691.361674] do_syscall_64+0x1b9/0x820 [ 691.365603] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 691.370983] ? syscall_return_slowpath+0x5e0/0x5e0 [ 691.375948] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 691.380820] ? trace_hardirqs_on_caller+0x310/0x310 [ 691.385850] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 691.390880] ? prepare_exit_to_usermode+0x291/0x3b0 [ 691.395913] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 691.400776] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 691.405990] RIP: 0033:0x457579 [ 691.409197] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 691.428104] RSP: 002b:00007f2ad8052c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 691.435844] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457579 [ 691.443184] RDX: 00000000000000a4 RSI: 0000000020000000 RDI: 0000000000000003 [ 691.450475] RBP: 000000000072bf00 R08: 0000000020e68000 R09: 0000000000000010 [ 691.457766] R10: 00000000200007fe R11: 0000000000000246 R12: 00007f2ad80536d4 [ 691.465057] R13: 00000000004c3929 R14: 00000000004d57c0 R15: 00000000ffffffff [ 691.523762] Task in /syz1 killed as a result of limit of /syz1 [ 691.557268] memory: usage 198692kB, limit 204800kB, failcnt 3900 [ 691.563430] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 691.580586] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 691.586750] Memory cgroup stats for /syz1: cache:224KB rss:4252KB rss_huge:4096KB shmem:224KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:4260KB inactive_file:0KB active_file:0KB unevictable:0KB [ 691.626029] Memory cgroup out of memory: Kill process 26120 (syz-executor1) score 181 or sacrifice child [ 691.657648] Killed process 26120 (syz-executor1) total-vm:70736kB, anon-rss:4204kB, file-rss:32768kB, shmem-rss:0kB [ 691.684877] oom_reaper: reaped process 26120 (syz-executor1), now anon-rss:0kB, file-rss:32708kB, shmem-rss:0kB [ 691.695233] syz-executor3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=3, oom_score_adj=0 [ 691.722683] syz-executor3 cpuset=syz3 mems_allowed=0 [ 691.727932] CPU: 1 PID: 26117 Comm: syz-executor3 Not tainted 4.19.0-rc6+ #265 [ 691.735300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 691.744658] Call Trace: [ 691.747272] dump_stack+0x1c4/0x2b4 [ 691.750917] ? dump_stack_print_info.cold.2+0x52/0x52 [ 691.756136] ? mark_held_locks+0x130/0x130 [ 691.760390] ? mark_held_locks+0x130/0x130 [ 691.760412] dump_header+0x27b/0xf72 [ 691.760439] ? pagefault_out_of_memory+0x197/0x197 [ 691.768372] ? check_preemption_disabled+0x48/0x200 [ 691.768389] ? check_preemption_disabled+0x48/0x200 [ 691.768414] ? graph_lock+0x170/0x170 [ 691.768438] ? graph_lock+0x170/0x170 [ 691.768455] ? print_usage_bug+0xc0/0xc0 [ 691.795032] ? find_held_lock+0x36/0x1c0 [ 691.799107] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 691.804659] ? find_held_lock+0x36/0x1c0 [ 691.808743] ? mark_held_locks+0xc7/0x130 [ 691.812909] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 691.818054] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 691.823182] ? lockdep_hardirqs_on+0x421/0x5c0 [ 691.827779] ? trace_hardirqs_on+0xbd/0x310 [ 691.832136] ? kasan_check_read+0x11/0x20 [ 691.836325] ? ___ratelimit+0x36f/0x655 [ 691.840312] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 691.845807] ? trace_hardirqs_on+0x310/0x310 [ 691.850244] ? lock_downgrade+0x900/0x900 [ 691.854886] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 691.860003] ? ___ratelimit+0xaa/0x655 [ 691.863909] ? idr_get_free+0xec0/0xec0 [ 691.867889] ? kasan_check_write+0x14/0x20 [ 691.872147] ? do_raw_spin_lock+0xc1/0x200 [ 691.876428] oom_kill_process.cold.27+0x10/0x903 [ 691.881202] ? kasan_check_write+0x14/0x20 [ 691.885450] ? do_raw_spin_lock+0xc1/0x200 [ 691.889718] ? oom_evaluate_task+0x540/0x540 [ 691.894177] ? cgroup_procs_next+0x70/0x70 [ 691.898427] ? _raw_spin_unlock_irq+0x60/0x80 [ 691.902929] ? oom_badness+0xaa0/0xaa0 [ 691.906833] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 691.911599] ? mem_cgroup_iter_break+0x30/0x30 [ 691.916208] ? mark_held_locks+0xc7/0x130 [ 691.920375] out_of_memory+0xa84/0x1430 [ 691.924359] ? lockdep_hardirqs_on+0x421/0x5c0 [ 691.928951] ? kasan_check_read+0x11/0x20 [ 691.933113] ? oom_killer_disable+0x3a0/0x3a0 [ 691.937630] ? kasan_check_write+0x14/0x20 [ 691.941873] ? do_raw_spin_lock+0xc1/0x200 [ 691.946134] mem_cgroup_out_of_memory+0x15e/0x210 [ 691.950998] ? memcg_memory_event+0x40/0x40 [ 691.955324] ? mem_cgroup_charge_skmem+0x1e4/0x390 [ 691.960300] ? page_counter_try_charge+0x1c1/0x220 [ 691.965245] try_charge+0xc43/0x1690 [ 691.969027] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 691.975092] ? tcp_sendmsg+0x2f/0x50 [ 691.978812] ? sock_sendmsg+0xd5/0x120 [ 691.982727] ? __sys_sendto+0x3d7/0x670 [ 691.986722] ? __x64_sys_sendto+0xe1/0x1a0 [ 691.990984] ? do_syscall_64+0x1b9/0x820 [ 691.995050] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 692.000422] ? graph_lock+0x170/0x170 [ 692.004241] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 692.009793] ? check_preemption_disabled+0x48/0x200 [ 692.014832] ? check_preemption_disabled+0x48/0x200 [ 692.019865] ? mark_held_locks+0xc7/0x130 [ 692.024017] ? __lock_is_held+0xb5/0x140 [ 692.028091] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 692.033030] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 692.037970] ? lockdep_hardirqs_on+0x421/0x5c0 [ 692.042582] ? __sk_mem_raise_allocated+0x642/0x1800 [ 692.047744] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 692.053221] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 692.058773] ? check_preemption_disabled+0x48/0x200 [ 692.063808] mem_cgroup_charge_skmem+0x1e4/0x390 [ 692.068581] ? mem_cgroup_sk_free+0x90/0x90 [ 692.072925] __sk_mem_raise_allocated+0x642/0x1800 [ 692.077874] ? sk_busy_loop_end+0x1c0/0x1c0 [ 692.082234] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 692.087266] ? skb_page_frag_refill+0x1eb/0x6a0 [ 692.091950] ? sock_kzfree_s+0x60/0x60 [ 692.095848] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 692.100903] ? sk_stream_alloc_skb+0x34b/0x970 [ 692.105499] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 692.111043] ? skb_entail+0x618/0x8c0 [ 692.114868] ? tcp_rate_check_app_limited+0x121/0x460 [ 692.120095] ? tcp_splice_data_recv+0x1b0/0x1b0 [ 692.124776] __sk_mem_schedule+0x6d/0xe0 [ 692.128845] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 692.134396] tcp_sendmsg_locked+0x1c86/0x3f00 [ 692.138924] ? tcp_sendpage+0x60/0x60 [ 692.142735] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 692.148297] ? aa_label_sk_perm+0x46d/0x8e0 [ 692.152642] ? find_held_lock+0x36/0x1c0 [ 692.156835] ? mark_held_locks+0xc7/0x130 [ 692.161028] ? __local_bh_enable_ip+0x160/0x260 [ 692.165709] ? __local_bh_enable_ip+0x160/0x260 [ 692.170393] ? trace_hardirqs_on+0xbd/0x310 [ 692.174724] ? lock_release+0x970/0x970 [ 692.178712] ? lock_sock_nested+0xe2/0x120 [ 692.182972] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 692.188435] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 692.193982] ? check_preemption_disabled+0x48/0x200 [ 692.199008] ? lock_sock_nested+0x9a/0x120 [ 692.203254] ? lock_sock_nested+0x9a/0x120 [ 692.207501] ? __local_bh_enable_ip+0x160/0x260 [ 692.212202] tcp_sendmsg+0x2f/0x50 [ 692.215756] inet_sendmsg+0x1a1/0x690 [ 692.219574] ? ipip_gro_receive+0x100/0x100 [ 692.223910] ? apparmor_socket_sendmsg+0x29/0x30 [ 692.228684] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 692.234234] ? security_socket_sendmsg+0x94/0xc0 [ 692.239022] ? ipip_gro_receive+0x100/0x100 [ 692.243362] sock_sendmsg+0xd5/0x120 [ 692.247086] __sys_sendto+0x3d7/0x670 [ 692.250920] ? __ia32_sys_getpeername+0xb0/0xb0 [ 692.255657] ? lock_release+0x970/0x970 [ 692.259649] ? arch_local_save_flags+0x40/0x40 [ 692.264246] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 692.269737] ? aa_af_perm+0x5a0/0x5a0 [ 692.273572] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 692.279136] ? put_timespec64+0x10f/0x1b0 [ 692.283329] ? nsecs_to_jiffies+0x30/0x30 [ 692.287494] ? do_syscall_64+0x9a/0x820 [ 692.291478] ? do_syscall_64+0x9a/0x820 [ 692.295463] ? lockdep_hardirqs_on+0x421/0x5c0 [ 692.300055] ? trace_hardirqs_on+0xbd/0x310 [ 692.304389] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 692.309937] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 692.315310] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 692.320775] __x64_sys_sendto+0xe1/0x1a0 [ 692.324856] do_syscall_64+0x1b9/0x820 [ 692.328751] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 692.334126] ? syscall_return_slowpath+0x5e0/0x5e0 [ 692.339071] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 692.343926] ? trace_hardirqs_on_caller+0x310/0x310 [ 692.348973] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 692.354030] ? prepare_exit_to_usermode+0x291/0x3b0 [ 692.359077] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 692.363937] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 692.369135] RIP: 0033:0x457579 [ 692.372346] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 692.391252] RSP: 002b:00007f7e36aa9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 692.398974] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457579 [ 692.406245] RDX: fffffffffffffe4e RSI: 0000000020000000 RDI: 0000000000000003 [ 692.413523] RBP: 000000000072bf00 R08: 00000000200000c0 R09: 0000000000000006 [ 692.420795] R10: 00000000000000c0 R11: 0000000000000246 R12: 00007f7e36aaa6d4 [ 692.428125] R13: 00000000004c3929 R14: 00000000004d57c0 R15: 00000000ffffffff [ 692.461078] Task in /syz3 killed as a result of limit of /syz3 [ 692.468627] memory: usage 199708kB, limit 204800kB, failcnt 3006 [ 692.474917] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 692.482331] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 692.489223] Memory cgroup stats for /syz3: cache:0KB rss:76KB rss_huge:0KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:172KB inactive_file:0KB active_file:0KB unevictable:0KB [ 692.512979] Memory cgroup out of memory: Kill process 26110 (syz-executor3) score 161 or sacrifice child 03:05:25 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0xe000000]}, 0x6) 03:05:25 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x1d4c]}, 0x6) 03:05:25 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4002]}, 0x6) 03:05:25 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x900000000000000]}, 0x6) [ 692.523433] Killed process 26110 (syz-executor3) total-vm:70472kB, anon-rss:108kB, file-rss:32832kB, shmem-rss:0kB [ 692.536508] oom_reaper: reaped process 26110 (syz-executor3), now anon-rss:0kB, file-rss:32064kB, shmem-rss:0kB 03:05:25 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") ioctl$int_in(r1, 0x5452, &(0x7f0000000180)=0x1f) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40106614, &(0x7f0000000000)) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:25 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x2000000]}, 0x6) 03:05:25 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20c]}, 0x6) 03:05:25 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x9]}, 0x6) 03:05:25 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x8055]}, 0x6) 03:05:25 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc02000000000000]}, 0x6) 03:05:25 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") ioctl$int_in(r1, 0x5452, &(0x7f0000000180)=0x1f) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40106614, &(0x7f0000000000)) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) [ 692.824821] syz-executor3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=3, oom_score_adj=0 [ 692.851237] syz-executor3 cpuset=syz3 mems_allowed=0 [ 692.857903] CPU: 0 PID: 26160 Comm: syz-executor3 Not tainted 4.19.0-rc6+ #265 [ 692.865278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 692.874641] Call Trace: [ 692.877253] dump_stack+0x1c4/0x2b4 [ 692.880887] ? dump_stack_print_info.cold.2+0x52/0x52 [ 692.886087] ? mark_held_locks+0x130/0x130 [ 692.890326] ? mark_held_locks+0x130/0x130 [ 692.894569] dump_header+0x27b/0xf72 [ 692.898297] ? pagefault_out_of_memory+0x197/0x197 [ 692.903228] ? check_preemption_disabled+0x48/0x200 [ 692.908248] ? check_preemption_disabled+0x48/0x200 [ 692.913274] ? graph_lock+0x170/0x170 [ 692.917112] ? graph_lock+0x170/0x170 [ 692.920918] ? print_usage_bug+0xc0/0xc0 [ 692.924985] ? find_held_lock+0x36/0x1c0 [ 692.929054] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 692.934595] ? find_held_lock+0x36/0x1c0 [ 692.938706] ? mark_held_locks+0xc7/0x130 [ 692.942860] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 692.947967] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 692.953070] ? lockdep_hardirqs_on+0x421/0x5c0 [ 692.957692] ? trace_hardirqs_on+0xbd/0x310 [ 692.962009] ? kasan_check_read+0x11/0x20 [ 692.966163] ? ___ratelimit+0x36f/0x655 [ 692.970171] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 692.975647] ? trace_hardirqs_on+0x310/0x310 [ 692.980061] ? lock_downgrade+0x900/0x900 [ 692.984218] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 692.989322] ? ___ratelimit+0xaa/0x655 [ 692.993211] ? idr_get_free+0xec0/0xec0 [ 692.997194] ? kasan_check_write+0x14/0x20 [ 693.001432] ? do_raw_spin_lock+0xc1/0x200 [ 693.005675] oom_kill_process.cold.27+0x10/0x903 [ 693.010433] ? kasan_check_write+0x14/0x20 [ 693.014703] ? do_raw_spin_lock+0xc1/0x200 [ 693.018942] ? oom_evaluate_task+0x540/0x540 [ 693.023353] ? cgroup_procs_next+0x70/0x70 [ 693.027594] ? _raw_spin_unlock_irq+0x60/0x80 [ 693.032094] ? oom_badness+0xaa0/0xaa0 [ 693.035984] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 693.040746] ? mem_cgroup_iter_break+0x30/0x30 [ 693.045342] ? mark_held_locks+0xc7/0x130 [ 693.049496] out_of_memory+0xa84/0x1430 [ 693.053467] ? lockdep_hardirqs_on+0x421/0x5c0 [ 693.058048] ? kasan_check_read+0x11/0x20 [ 693.062205] ? oom_killer_disable+0x3a0/0x3a0 [ 693.066699] ? kasan_check_write+0x14/0x20 [ 693.070936] ? do_raw_spin_lock+0xc1/0x200 [ 693.075197] mem_cgroup_out_of_memory+0x15e/0x210 [ 693.080040] ? memcg_memory_event+0x40/0x40 [ 693.084363] ? mem_cgroup_charge_skmem+0x1e4/0x390 [ 693.089300] ? page_counter_try_charge+0x1c1/0x220 [ 693.094236] try_charge+0xc43/0x1690 [ 693.097963] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 693.104016] ? mark_held_locks+0xc7/0x130 [ 693.108183] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 693.113117] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 693.118046] ? lockdep_hardirqs_on+0x421/0x5c0 [ 693.122628] ? trace_hardirqs_on+0xbd/0x310 [ 693.126950] ? check_preemption_disabled+0x48/0x200 [ 693.131973] ? __sk_mem_raise_allocated+0x642/0x1800 [ 693.137080] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 693.142535] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 693.148077] ? mark_held_locks+0xc7/0x130 [ 693.152230] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 693.157170] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 693.162107] ? lockdep_hardirqs_on+0x421/0x5c0 [ 693.166693] ? __sk_mem_raise_allocated+0x642/0x1800 [ 693.171799] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 693.177253] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 693.182791] ? check_preemption_disabled+0x48/0x200 [ 693.187809] ? __sk_mem_raise_allocated+0x721/0x1800 [ 693.192923] mem_cgroup_charge_skmem+0x1e4/0x390 [ 693.197682] ? mem_cgroup_sk_free+0x90/0x90 [ 693.202020] __sk_mem_raise_allocated+0x642/0x1800 [ 693.206956] ? sk_busy_loop_end+0x1c0/0x1c0 [ 693.211282] ? sk_alloc_sg+0xa00/0xa00 [ 693.215185] ? arch_local_save_flags+0x40/0x40 [ 693.219774] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 693.224539] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 693.229557] ? skb_page_frag_refill+0x1eb/0x6a0 [ 693.234230] ? sock_kzfree_s+0x60/0x60 [ 693.238120] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 693.243661] ? sk_stream_alloc_skb+0x34b/0x970 [ 693.248249] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 693.253786] ? skb_entail+0x618/0x8c0 [ 693.257595] ? tcp_splice_data_recv+0x1b0/0x1b0 [ 693.262284] __sk_mem_schedule+0x6d/0xe0 [ 693.266346] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 693.271903] tcp_sendmsg_locked+0x1c86/0x3f00 [ 693.276422] ? tcp_sendpage+0x60/0x60 [ 693.280225] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 693.285764] ? aa_label_sk_perm+0x46d/0x8e0 [ 693.290109] ? find_held_lock+0x36/0x1c0 [ 693.294188] ? mark_held_locks+0xc7/0x130 [ 693.298343] ? __local_bh_enable_ip+0x160/0x260 [ 693.303018] ? __local_bh_enable_ip+0x160/0x260 [ 693.307693] ? trace_hardirqs_on+0xbd/0x310 [ 693.312017] ? lock_release+0x970/0x970 [ 693.315989] ? lock_sock_nested+0xe2/0x120 [ 693.320255] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 693.325705] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 693.331248] ? check_preemption_disabled+0x48/0x200 [ 693.336264] ? lock_sock_nested+0x9a/0x120 [ 693.340501] ? lock_sock_nested+0x9a/0x120 [ 693.344739] ? __local_bh_enable_ip+0x160/0x260 [ 693.349415] tcp_sendmsg+0x2f/0x50 [ 693.352959] inet_sendmsg+0x1a1/0x690 [ 693.356764] ? ipip_gro_receive+0x100/0x100 [ 693.361102] ? apparmor_socket_sendmsg+0x29/0x30 [ 693.365858] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 693.371423] ? security_socket_sendmsg+0x94/0xc0 [ 693.376191] ? ipip_gro_receive+0x100/0x100 [ 693.380517] sock_sendmsg+0xd5/0x120 [ 693.384239] __sys_sendto+0x3d7/0x670 [ 693.388042] ? __ia32_sys_getpeername+0xb0/0xb0 [ 693.392731] ? lock_release+0x970/0x970 [ 693.396706] ? arch_local_save_flags+0x40/0x40 [ 693.401288] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 693.406737] ? aa_af_perm+0x5a0/0x5a0 [ 693.410562] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 693.416100] ? put_timespec64+0x10f/0x1b0 [ 693.420259] ? nsecs_to_jiffies+0x30/0x30 [ 693.424409] ? do_syscall_64+0x9a/0x820 [ 693.428387] ? do_syscall_64+0x9a/0x820 [ 693.432360] ? lockdep_hardirqs_on+0x421/0x5c0 [ 693.436942] ? trace_hardirqs_on+0xbd/0x310 [ 693.441266] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 693.446819] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 693.452207] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 693.457662] __x64_sys_sendto+0xe1/0x1a0 [ 693.461729] do_syscall_64+0x1b9/0x820 [ 693.465613] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 693.470995] ? syscall_return_slowpath+0x5e0/0x5e0 [ 693.475935] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 693.480785] ? trace_hardirqs_on_caller+0x310/0x310 [ 693.485815] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 693.490833] ? prepare_exit_to_usermode+0x291/0x3b0 [ 693.495855] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 693.500704] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 693.505888] RIP: 0033:0x457579 [ 693.509082] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 693.527982] RSP: 002b:00007f7e36aa9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 693.535700] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457579 [ 693.542964] RDX: fffffffffffffe4e RSI: 0000000020000000 RDI: 0000000000000003 [ 693.550234] RBP: 000000000072bf00 R08: 00000000200000c0 R09: 0000000000000006 [ 693.557502] R10: 00000000000000c0 R11: 0000000000000246 R12: 00007f7e36aaa6d4 [ 693.564781] R13: 00000000004c3929 R14: 00000000004d57c0 R15: 00000000ffffffff 03:05:26 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000]}, 0x6) 03:05:26 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x15]}, 0x6) [ 693.587520] Task in /syz3 killed as a result of limit of /syz3 [ 693.610476] memory: usage 204800kB, limit 204800kB, failcnt 3028 03:05:26 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0xe803]}, 0x6) [ 693.633171] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 03:05:26 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x2000000000000000]}, 0x6) [ 693.661613] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 693.677512] Memory cgroup stats for /syz3: cache:0KB rss:4248KB rss_huge:4096KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:4256KB inactive_file:0KB active_file:0KB unevictable:0KB 03:05:26 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4002000000000000]}, 0x6) 03:05:26 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x3f00000000000000]}, 0x6) [ 693.724802] Memory cgroup out of memory: Kill process 26159 (syz-executor3) score 181 or sacrifice child [ 693.749672] Killed process 26159 (syz-executor3) total-vm:70472kB, anon-rss:4204kB, file-rss:32768kB, shmem-rss:0kB 03:05:26 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x9000000]}, 0x6) 03:05:26 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x3f00]}, 0x6) 03:05:26 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc02]}, 0x6) [ 693.809215] oom_reaper: reaped process 26159 (syz-executor3), now anon-rss:0kB, file-rss:32000kB, shmem-rss:0kB 03:05:26 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x6) 03:05:26 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0xf4010000]}, 0x6) 03:05:26 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") ioctl$int_in(r1, 0x5452, &(0x7f0000000180)=0x1f) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40106614, &(0x7f0000000000)) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:26 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x4000000]}, 0x6) 03:05:26 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x240]}, 0x6) 03:05:26 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x7]}, 0x6) 03:05:26 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x240]}, 0x6) 03:05:27 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x15000000]}, 0x6) 03:05:27 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x200000c6) 03:05:27 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x900000000000000]}, 0x6) 03:05:27 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") ioctl$int_in(r1, 0x5452, &(0x7f0000000180)=0x1f) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40106614, &(0x7f0000000000)) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) [ 694.272917] syz-executor3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=2, oom_score_adj=0 [ 694.351181] syz-executor3 cpuset=syz3 mems_allowed=0 [ 694.369893] CPU: 0 PID: 26234 Comm: syz-executor3 Not tainted 4.19.0-rc6+ #265 [ 694.377270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 694.386624] Call Trace: [ 694.389230] dump_stack+0x1c4/0x2b4 [ 694.392876] ? dump_stack_print_info.cold.2+0x52/0x52 [ 694.398080] ? mark_held_locks+0x130/0x130 [ 694.402327] ? mark_held_locks+0x130/0x130 [ 694.406582] dump_header+0x27b/0xf72 [ 694.410321] ? pagefault_out_of_memory+0x197/0x197 [ 694.415269] ? check_preemption_disabled+0x48/0x200 [ 694.420292] ? check_preemption_disabled+0x48/0x200 [ 694.425323] ? graph_lock+0x170/0x170 [ 694.429129] ? graph_lock+0x170/0x170 [ 694.432935] ? print_usage_bug+0xc0/0xc0 [ 694.436997] ? find_held_lock+0x36/0x1c0 [ 694.441062] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 694.446603] ? find_held_lock+0x36/0x1c0 [ 694.450671] ? mark_held_locks+0xc7/0x130 [ 694.454834] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 694.459938] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 694.465070] ? lockdep_hardirqs_on+0x421/0x5c0 [ 694.469653] ? trace_hardirqs_on+0xbd/0x310 [ 694.473976] ? kasan_check_read+0x11/0x20 [ 694.478122] ? ___ratelimit+0x36f/0x655 [ 694.482109] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 694.487560] ? trace_hardirqs_on+0x310/0x310 [ 694.491975] ? lock_downgrade+0x900/0x900 [ 694.496128] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 694.501266] ? ___ratelimit+0xaa/0x655 [ 694.505164] ? idr_get_free+0xec0/0xec0 [ 694.509143] ? kasan_check_write+0x14/0x20 [ 694.513396] ? do_raw_spin_lock+0xc1/0x200 [ 694.517643] oom_kill_process.cold.27+0x10/0x903 [ 694.522399] ? kasan_check_write+0x14/0x20 [ 694.526634] ? do_raw_spin_lock+0xc1/0x200 [ 694.530906] ? oom_evaluate_task+0x540/0x540 [ 694.535319] ? cgroup_procs_next+0x70/0x70 [ 694.539574] ? _raw_spin_unlock_irq+0x60/0x80 [ 694.544067] ? oom_badness+0xaa0/0xaa0 [ 694.547957] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 694.552717] ? mem_cgroup_iter_break+0x30/0x30 [ 694.557316] ? mark_held_locks+0xc7/0x130 [ 694.561467] out_of_memory+0xa84/0x1430 [ 694.565439] ? lockdep_hardirqs_on+0x421/0x5c0 [ 694.570021] ? kasan_check_read+0x11/0x20 [ 694.574183] ? oom_killer_disable+0x3a0/0x3a0 [ 694.578682] ? kasan_check_write+0x14/0x20 [ 694.582919] ? do_raw_spin_lock+0xc1/0x200 [ 694.587184] mem_cgroup_out_of_memory+0x15e/0x210 [ 694.592028] ? memcg_memory_event+0x40/0x40 [ 694.596351] ? mem_cgroup_charge_skmem+0x1e4/0x390 [ 694.601288] ? page_counter_try_charge+0x1c1/0x220 [ 694.606228] try_charge+0xc43/0x1690 [ 694.609954] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 694.616010] ? tcp_sendmsg+0x2f/0x50 [ 694.619739] ? sock_sendmsg+0xd5/0x120 [ 694.623638] ? __sys_sendto+0x3d7/0x670 [ 694.627614] ? graph_lock+0x170/0x170 [ 694.631414] ? graph_lock+0x170/0x170 [ 694.635220] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 694.640764] ? check_preemption_disabled+0x48/0x200 [ 694.645783] ? check_preemption_disabled+0x48/0x200 [ 694.650815] ? mark_held_locks+0xc7/0x130 [ 694.654965] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 694.659897] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 694.664891] ? lockdep_hardirqs_on+0x421/0x5c0 [ 694.669480] ? rcu_read_lock_sched_held+0x108/0x120 [ 694.674496] ? __sk_mem_raise_allocated+0x642/0x1800 [ 694.679602] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 694.685055] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 694.690624] ? check_preemption_disabled+0x48/0x200 [ 694.695660] mem_cgroup_charge_skmem+0x1e4/0x390 [ 694.700468] ? mem_cgroup_sk_free+0x90/0x90 [ 694.704803] __sk_mem_raise_allocated+0x642/0x1800 [ 694.709742] ? sk_busy_loop_end+0x1c0/0x1c0 [ 694.714085] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 694.719628] ? alloc_pages_current+0x114/0x210 [ 694.724707] ? skb_page_frag_refill+0x1eb/0x6a0 [ 694.729385] ? sock_kzfree_s+0x60/0x60 [ 694.733278] ? _copy_from_iter_full+0x2b3/0xd20 [ 694.737963] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 694.743517] ? tcp_rate_check_app_limited+0x121/0x460 [ 694.748711] ? iov_iter_advance+0x1460/0x1460 [ 694.753216] __sk_mem_schedule+0x6d/0xe0 [ 694.757281] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 694.762827] tcp_sendmsg_locked+0x1c86/0x3f00 [ 694.767347] ? tcp_sendpage+0x60/0x60 [ 694.771167] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 694.776721] ? aa_label_sk_perm+0x46d/0x8e0 [ 694.781063] ? find_held_lock+0x36/0x1c0 [ 694.785133] ? mark_held_locks+0xc7/0x130 [ 694.789293] ? __local_bh_enable_ip+0x160/0x260 [ 694.793963] ? __local_bh_enable_ip+0x160/0x260 [ 694.798637] ? trace_hardirqs_on+0xbd/0x310 [ 694.802959] ? lock_release+0x970/0x970 [ 694.806934] ? lock_sock_nested+0xe2/0x120 [ 694.811189] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 694.816641] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 694.822194] ? check_preemption_disabled+0x48/0x200 [ 694.827216] ? lock_sock_nested+0x9a/0x120 [ 694.831449] ? lock_sock_nested+0x9a/0x120 [ 694.835686] ? __local_bh_enable_ip+0x160/0x260 [ 694.840370] tcp_sendmsg+0x2f/0x50 [ 694.843913] inet_sendmsg+0x1a1/0x690 [ 694.847719] ? ipip_gro_receive+0x100/0x100 [ 694.852041] ? apparmor_socket_sendmsg+0x29/0x30 [ 694.856800] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 694.862340] ? security_socket_sendmsg+0x94/0xc0 [ 694.867098] ? ipip_gro_receive+0x100/0x100 [ 694.871420] sock_sendmsg+0xd5/0x120 [ 694.875139] __sys_sendto+0x3d7/0x670 [ 694.878955] ? __ia32_sys_getpeername+0xb0/0xb0 [ 694.883631] ? lock_release+0x970/0x970 [ 694.887608] ? arch_local_save_flags+0x40/0x40 [ 694.892201] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 694.897679] ? aa_af_perm+0x5a0/0x5a0 [ 694.901588] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 694.907129] ? put_timespec64+0x10f/0x1b0 [ 694.911284] ? nsecs_to_jiffies+0x30/0x30 [ 694.915435] ? do_syscall_64+0x9a/0x820 [ 694.919412] ? do_syscall_64+0x9a/0x820 [ 694.923387] ? lockdep_hardirqs_on+0x421/0x5c0 [ 694.927973] ? trace_hardirqs_on+0xbd/0x310 [ 694.932296] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 694.937834] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 694.943204] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 694.948658] __x64_sys_sendto+0xe1/0x1a0 [ 694.952727] do_syscall_64+0x1b9/0x820 [ 694.956612] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 694.961992] ? syscall_return_slowpath+0x5e0/0x5e0 [ 694.966921] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 694.971767] ? trace_hardirqs_on_caller+0x310/0x310 [ 694.976787] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 694.981802] ? prepare_exit_to_usermode+0x291/0x3b0 [ 694.986837] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 694.991686] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 694.996876] RIP: 0033:0x457579 [ 695.000072] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 695.018976] RSP: 002b:00007f7e36aa9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 695.026687] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457579 [ 695.033955] RDX: fffffffffffffe4e RSI: 0000000020000000 RDI: 0000000000000003 [ 695.041224] RBP: 000000000072bf00 R08: 00000000200000c0 R09: 0000000000000006 03:05:27 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$sock_inet_SIOCGARP(r0, 0x8954, &(0x7f0000000000)={{0x2, 0x4e23, @loopback}, {0x307, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, 0x12, {0x2, 0x4e21, @remote}, 'irlan0\x00'}) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) clock_gettime(0x2, &(0x7f0000000100)) lsetxattr$security_smack_entry(&(0x7f0000002480)='./file0\x00', &(0x7f00000024c0)='security.SMACK64EXEC\x00', &(0x7f0000002500)='irlan0\x00', 0x7, 0x0) sendmsg(r0, &(0x7f00000023c0)={&(0x7f0000000140)=@generic={0x8, "2eb2f1a4a6de34ad3daf294244b5bafca627b98b6514fb660a3dd290934ebe45bcc519123bfc0a3fcd7ac1b4a60e1b2b0e6d70c7db88233dfd36795593ab40932b6ddf8749fa80d2d17ecbb43f0b28ada6f93bd9d09a241400339f1636069af8c6f64921c2267e46b3ff87d5370a0fc99d784891148ac26a3d0d7e5ae739"}, 0x80, &(0x7f0000001340)=[{&(0x7f00000001c0)="898cda4c06b6bfab6a1793d5d62091f0785ebd65a714559dc262e9369529e959e2ffecdf795a7e872e9a937eaf58a1380f376209cf05bbe46503598d84faa6bc77ea73bc23e4281b39d8352a475767a89747a409952ebb4a6aa58e7e8207dcdaf44d31cef5610b83a194ababf18bd959de86a061fc860d3ab7fdf6833ae213e64cc92e7857791a8c28b754b323e3ac9fc657315f30c793c3dee8c2c10e908d06810395f9cc37505b676df87fd19b126407d1daac3cadd17aae81a6ed9dd51477f7cd356db2e31895dcf3200f5aefa9e712a44715a005637e08f6b6fa3ecf4be4e3b6c4a716172a9af7eef3bea41eca4efde9b7fa85e7b7747bce84a9ddba48427816292969efc3044c220a17c7d79a7dba9767f8b8b88e8fc25fcfc8674fafff663ef3fa4be77ee9c5163e95a0bd4b844c99945cdb6d441ce0125001aea8e0123a1275649165374d88e2b8796fb15ae0446dfada50692634b4eb3e70e57def6076aec523bf680b658d00e413bc95f1f16a75f674bba4183297707d10119ee3a748b010a739b0f82f6ce3ed52520f0253abc0aa99e2bce13f755c894ca9dbddc1a8fffe47a74a6c0075de34a5112362693ccf328872a929eda871ccefd161c6e73894c604f2ea151cccc01ae32742e090347bd7143a23103d190e81de3d0de04d8df0d9f5534f2fa6c3beb1b3a06588d649f7b22bb254e9ba2e46ac397b6a37dc8af9f3f6c800a96b1b8aeab0b74a2b0f1e003a6726a0691897f7629d4334b622c6b4173aca378343cfce877c6f618a88d0016207fa7f86951fccb0365b96066d467317db0fdbf51a54eb22199e26f07126c4d4dfa19fe39235c203b0941365e46d1eb900901014904c48c11490776e68be34146c371406cdc77736793da6eed3f1575570ce3a2c46cd2aee2d69b2d6f2deaab9dfacf5955d33c671724cf9cc7a3e1f7dce7d0ad71b18ab86d0a3108374084c0893766394d6a5045db6aceefd57b66d9e27ea7e2ccb82531cbd7aaabaa46ed8f6c28a0024cd1ac34455c53a282d5963f42e8e54b038f46dc1a5c2e9aca7a5bf5009bde6130e8e8580bf432e6c09d9dff17e6302b0512826c57dd48ecf3fad64a52fa49a7b58edc1778885cbc122dd536eec4a3f35450cb807bd8dec1bc9c60ecab83f2eb58c3985c8c54cba456e3f95a9791e241a7e83138b545525e50356fe6d9dc3c74f71e9d994ffd4e76969884fee3ecf64a32fb440daca872f90207bd41771b91ea0d7ef1b1029644077d4a6b22e6053b6fdcbe3050cd636892a3b6c85b331dd13570c591d2c9dd549c51105540e4b44e3431d40ec3fe024a6d910e739f9cd37a43e8c06561b6b4e9370fa23cd70c8fc81c822d78918194c9edf68cdade159cc02b0c33b00642d5c5d5203547e7f3073823091b008159664c88ed3ed04fcd6ea709326947eb96a809fab55a6a407f85329e789ecc32a91e2a697a8d80c6764278cf058c2f51597df9b7507d37468981ab9b6471807a59eca665bf69eb468a80f5a7d4e548e9644cb6e3aa8ba9f031d076fd4784aea38692bd4908f66f1c05bcd08df48c5304c06bf8d026ffd4af5359d6c326bfbd3894b4afff78769c3b614df387d3b2717dd1dfe3d5156d5930ee1a83c616fa57798808aeec847d609ba29dfda4b1d97943c676d3df671ae8461c30cd32dabf87b37cbc3c6bbebd6da33b0ea287678e0439cd4f3898a462fa13a8ade4c348ad4c76bace3bdfb2f2f3839a7dc024f90990d0355bf3a71d0bf231db094f8487eee2a2dcde0335031ae0e5d2c2508e06458227a618f3143cdf36ad27ae1c28babd11a4f5d7b0414b3a2af377d5ce8008d8d4a7ad780dffe4e16763351e2545872acdeb29042993fe3e0ca37f3993f86d10a5d5d6bd9f294b55992e3f6fdc09372bc1633592e7815e0680aa8c0041b7d63fecbaa7c9798de6a6e5770245d7d59076f8bad21948eccb0d4a37a99cf18c51f2c725c0f160c22d4dad8af0054147e8af32ed46a091a0618659f4b4e105ec99bf56e3de43ad05c08dc7f82d94df959cf3123e9928d52404d701b21248a5b4417848c7a0bb22c2f433bc41902158e582ab8ba0e230484aa061a4713f3a97e2324a6e5f1cfec5b91a2e25e988d5edacd3395a5e43adfea75de567354fbc3eb05a19b1ac70316a5445685bd59a2106826205197029e0869412a06ec380a1e1f4f9202ed869ef1ecff3881127733ff250ad716a564c6765f47cbfbf7d0005493189373110c0eee949d936260faab75cad137d920f3c23367c682ba5669cd6790e627f07680b4f9d9cdbb846f03fceaeca46a26295c8c232f41b776d6bb98b04ed61bfc85228cbc0a969f253d3c95538660de27d21126757202c1884281bf5bd163d3188a739fd944c3c0b768bd53bde4d714862ed769b8cb5fc3f99dda50e12c421eff7d29a81f90c23e986551be90bdc63fea0ed8c50ba9b49906f1d9f83b93c97f4196d80d6156db7f9a2929bc300beec99c3e657bbeb5a267ab9c877768aaf865c7d20d5277d55b2462b73660cef197fd1dd2e58bcad1911a31b86d44cb86e10664ed6cf62893af71cc4176175753aa245a6d996a5bed1c2f70bbba54364fb5a3e51afb2400e73007ee18a765f89c1106bda1dfec413fc54ba2c08c1fb3562e2959538183f37635b9ed8cd04a90f23cb7423fd3fcb80e8c6f6abbec5fe4eb7931b4a001dd6c217d572eaa289dec09c182faaf156526fcee766a5c30d5d5da576b3b843deb190a275c546c397e7fee4320e94ce4a118ee242bcb6029c26e3b47d6df31aa6f019735ce1a69c138ce3b34b1a9ad9fbe36eb4196e213ff20d756ddf3b2461deed12e7d8e72b6f22d0dba1dbdad1601e227686e401fe577391af9a6e337d923a04b1abd7fe72e75d571c1792988b1649ba4b823cc3f83dbc1bc12081c8a98de97b7f915ccdf4abb83d323b09ac17211707ad299cab8df3520957b7851094b3c86c5ec8ffe8d0848182e04824b49ca54da0e76c6877b43146b51fe3eac2085a4f69286964b08fc629d88da767fc05cf28aed34a13ca62597ef6adf853ea5c8dec5e8b8460e81e2efec84efc290d71966773db4ed784ffeaa7c30049c349407be04f9c48f50d76408a6a0a612318b2f467153df8ce1b2bd3aa00f661634966900dd7ae5aaa89ace5c13ae12a56d003cbdcd9f434eaca5d6017286a4573136cb395cc9cd8b66d31ea953a7373404c5c46d9261d4ef06d1f3764eff708d364721b6da26eb2925a9dc38351df20d2d110f42dc6babddb71dc17e5702b3df78a7b259842b66f6bc3190416c7e8252f32a625de9416b931cbdb842f6179da2f131998073c6565234f4e19b662b844414906fc6fa3c68543b9a1580b1c2266a4a1e561ccbb06a9a283eb1a3e25de8fc5b7e05106ec723a0c70376402d2369e1db6d2d521a1d9da66e7d1d3def421504dfac3e3339b204e7b6c93c36263b3a92a8aad23d675f6dbcdc91f764a219420b5ad573f4ff44bf0f32106484bcfccecf6c850cb339e88899796e8308ca934b1e58746a66b9ec07541564872e41fe28445a0d02192aef1c9a7c56cd73ee7b472752e14c316058b743f5c303f47e2dfea26f8903af869d883043720b72f63d439176832cc2cec94a16f485d29fa77064c9ec5ebc7f4473a17af821def94c92366588254671906f6cfdd9cf31b118c35b76053a48512f17befa05d3b0e54fb0355a5008327ba8db349671196b1ab65fd2677ceeb3101215fae83b6910eaf2723c4ff3fb82f2c183d336daac1a725ff5650586f35d9dc868ddf08011bffa1451d304a34d7e9dcdedb7685e4db33dd26abb660d2be8c5f826420275bf1254642abe85dc72feac4cdd25f5371fa562b5a157ee2bdf7a698686da0a182e73010d96734d90c87796a06e8ac43f9f067273aa198ac321522f4f723215d6f75474b230c1b81b73737956dfdc94e97b004aa4f2187cbb599f502a25e8081b5acbaa94253f2f2d9fd0740266296ae201acab815c537727e083093db373f3b1c3e2e64eba16d2c9291c8a1e87c14d1fce225180f1e9689b545fa33a5dfbd3d0f779845850f7603cc9a8dbb20306c5ccf849fee5c03d6ba271be0da293045a3f4e52a138a96dff798b318f7cbef3b205fde767eca652b4f7a555071d277a90686bee87f1e2485930e85146de34fbfaad3853b511b1f3c5353ccef264233feb5c40e9196857afcff77df2e302617b7d9d8a40c3178b9409a3338eca5cb6784e33e8c288bf9e9db36d31efe931aa27a10e8e6ea12477774ebbbe1b92b43d14f8425ddcf5b588aef83602548be15359e9df122d7aafecc36962eeb1dad9c49bb826e1dfa363e6fd72512f4d9f94ea341a197fdf87a663f5acb43a520a5c8a00a2d96509773fcd7aaceb91463df64408895838f124e476fe71dfcb4247793a223ea3ed4210ccc7193b49e885c0fbf2a1f196d4ecf7b257f267ea3f792e783b344a38d76a3f3c2851b3eece348cd6eda9f9e011edfa129c725a5e350b75031d38ecd3e4f734f9230bdbd93e17e5768a2553609a1c074a4c584d937839805e9d2e00cd5e1ea366460c44cd68b876cd99bab105c85ba0793abe2bbdaa8d05f9fc49b6e6ad74323553db870526254f4e30ed52fb4e5b217e25a323a7caceb8510e9aa7b2cd8883f2f87b1b9b3a5be8806ba57346f59aaf6070efbc241fc74db12356cea9f16792a46e729fdc619afdb8ffb9d2d7cc439544bbd52952cc98d4256ff44c488d81ec1d19b186742cd0f278e64f4041e0d87d2158573dce3ec195af295ade80acaca454a62e1ae55345992656cf0cb9a437e703e444d595e839b0e5e4fbbc4b627e811cf2871f06bab47c95a1a5164be483ec9b8f9f789372d8713f4ae05bbdc2f73bb4286e3b837bbf29fdc46a57baf6357726e38ba72f39e15143725df54bd91f755742ad95173b53eb836563faf9165d0364a4b2aeb68b755a09d2f3f9ff57699349e63a37b7ee3a0ac3edaf4fb4ce1461d88808d22d5a2d4377c8c156bee9d64c03c67fd40cf811adec4c0948df06839a34e6beb057692cbf0cc05601b42f0e03061040e73a1602c9ae2ca1f459e9b57f1e397716d36b2bf7b4304eedbb9a550333e26e435a42b5ca7e4c1003dbb72fa56395676c448fbf852f8dde919d1dd68d05d0518e4023c9a2e9091339f1ae275c9118109108962e1e5dc20ef6ed99479bce01579604e287ce9b19ff153c2ae925e4119e3c5958c4110795437f7c555bc2b9163c8b0adab0ceb647d33993afe7dcb2b39a4e06c6c239641f030e44fd07023f3f1fd58fb5f9dd44e563f4ca38d1d1cc49a997d5906acb26b8af9bd26456992bb558a17dea174c47b2ccd30bec517b30bb41996dc2643d27fbd98233ab030e84e463e2104440a4cd9c1c21f0daf021995c14124c45786f4b1a4dd6a6fdaae9e1402b8b1910dff958c6715bca0fcf873dc43bfd91c81bfcc6f8e387a1cd1bebd3f9c17d3cf8bb7a28a283493c17bbd329d605150d29fa07d919f3c3d0643a229edeb003a69f783ff0d501258637cd36fef58d75ad07707bc640d8bc2b5941ccca03b8ecf3a394e61e1795e6c2312e8c56a32ba9629db7ac3d906647a2bd16073e959813682a4a3df756d6855f55d27d1b11540bc9cb6f60f7102654e640533c83e1ce7fa14c5fe98f342bbdb27ce40be78314b4bec866dec13fa1ae5649b9eec45369af51890c006dcccefb7f5550f229ca2eec13565b5796280e8996032806a49ff7c5142dec610292529478692229f1108b931bf29684162b9268fb", 0x1000}, {&(0x7f00000011c0)="6346f22b4ea031fcd5ae1546ed04000e8e93efe1178e6be9cc4cc070b333a3196e78fcf3ecccd2dee976479756b62ef473dbcceed76a3b3243eaf841321364bf9aa8aa110e1ed7", 0x47}, {&(0x7f0000001240)="61d2c953fe6f085c8f086dd25f84ff47d7b554953ad3463edcc78cb0d11fa8683431a6e0d95f0642198b581f9b48176c0450801734616ec5e686eb186735f94d9342ffd1637a9da502dca327b07acbd6e773a335e3d84e6c9f942e936e596a0b4a18030d9de4549373d716cf6abdab9e2a1857f917b20c3f191997469601f8c054ded9406e9e006390c308169b1396b14b4b51db180a08665639c6c425119f6a61a1387de0dbba3eeefe8bd766508005a097917f6c616910e51b4915d0da697a205da0cce11d910dddc7bcb96c57b48449e8aa439d2cc4e6346dcb2fdbb39c9820cc", 0xe2}], 0x3, &(0x7f0000001380)=[{0x1010, 0x10f, 0x9, "f87b4359c4b3d8d6bedd33180e09cf5f0be91c2234fe1cafbbf757868e2201a1b808cf733ddfb033e8a8194dccb84b70a3a1c5241d7898823c6e8fa8ac98178cefd6ffc1cbac59c7bf56831399c4eb9bb541683ceb5e3874dbf4afe51f404fec1063a63af301594ea9a97c1b67a04fccfb6eab706ce1cedbe24c9c9e0f359942c7767245d968e80c80667baab689d44084ec4985866e5638e87bb64ef3d4915f08f79bf047ac349876f9ee5253926a6c36aba02459331b5c711f0436241d22c6bf47e28cb963bd88be8f4aebc0f685abc35213758a54e47dc5a3e4aff492190b2977a659baa671fabc2f51c9bad9248380c93dfb36c7f7f2d248c3278671dbaa22b6cf860c5474cb752697a2b10c8b2c5771e56583b6c36469d9cfc99d253562c807f86d6a97440edb0a97888263d117e7a60dd082cc73a0150037843699050be156d5693d8bf19475283a6186960e5f24468c2eb63e8825b697c0bf46dcaee3dde754ccfc8507e385e91287cc7322b0bedab7a5aafc5ee957167bdca066e727825003e643b220aaa36ffd6dbdb79dcd746d564ba4e0aa0298d88516f3cdf5d99105047ee7f4343cbed4931d84ec2125a108c9ff6ae552367419219ecd1f6951e0d9e084fca8a0baf19fb3738f8e286cdec3557f700ef7305fd45fb5a86c94afc41a4c2b289793fe975ce97bb1ec536ee902b714f8ba0901bdc445ecdc508a70ced1a555053e2d4d2c990de83826dc3d4c5b34b061c69362c900fdfef332122cc4e8f151c7ecc7a97fb2ef9fa3069f55bf68d3da8afba422d597c403e037e81aff92eaaafc46b2a80de12f1237d23225d73e5c843d123b02ff2b79445a615907da679f51e18e154702e9b0cfc9153cbaccf90a88ca1835c3dbdd70a1aacd14dbb98e4ef5855a30469170634895ebd78bc84875215fdc355c193217aa06d5448da3742f22f8fea76a581beb1edade68aa1afa42efdc206810306ebab35ed3d832884842bc00c333fbdff035883f1deb65c08b4a4c65ca8483078d3dc2a829d1efe351082fe8591b7796da7e163e7cad199c0da0d39a7ed07c7a4dabdc4f434c5b6585f3ffc02c527ffaac17997f46bdc01b6ff6fe89209b9e6d30cf32055bec9c842ee8ee141e4e51f214ebbef478ded57fd85e7ca6ac6a8c4c6462e331bd12c9cd65c28e81fbf5615227607edd04ba68e43d8d2072f33985f1d108b684137c54dca7c468d9b2deb02996cd2b50e68db178bfcc2207a5f37e20d1b34df4fe7704c1c56774200f2610cd7365f3047be5fc82c65fd0c1f8fa4546c9f499e19af6b8e29db2b3ac5071ab8554939e40153469d330a2e56181235d0218db31fa89c246926ec63e74e404eefa43f587268084970c40edecb95eac8a115bccd5ef26446eb5c3718eff867527f204fbfb7a46f6465d399dad0f925bb3501bf172e433563f1ea08c88c7cfba8e510e6b2fc97168ee642e845de41262c7991b4ae5b8e8989d9afcf3f2a62adb8c3d20a45fc12dc7cb5fdaae58fd0b4ead2651c9942a8827a2f0cc0486133aaa01e936df14cf842bfbcb8479ba488afcb32698133dce6774893a8993935f9f41651ffeb941dc6150c8b01157262e6c14a8b12694c05d621352996911930fce4e73310f7156549454376c94a0f16fc532fca79176452aec96e48f6c715c1774a1082776dc2c6c13bfcef63e22f0c5e85370d7fe98eeff9a1c0fd07281847476c82547b2e7a44737438f409cf69156aaa7dfcb6ae49f543a5c3d255b367247e9a53efa75a361c0c6b20cb72ae4d06a35e28f5909af01d0bed39aba8c5c95abb6fdb3cf3b3acb514dde7039618f69a830e0ebfc0cc1c902a1a3f136a7eb8521170e41b7cea38902a44e5828e54959bd2aade2197be24d88921dab1c670996b21883e588a5670711d7a2c4b0909f9e04e3b7244e95132f571ce09181bf843ae69b0af65f3e3192848b2890f930881cb3fa3eae96ee31bf9cc8fdd5f798006b447dbe06bc9de489393c38922af8e5b83f795b9bd793f3a314665d219c2f2221ec6526852308105449e4557a211d8de35050fa92d92f2c6140e8689c75bba7fba2a4997c06a42ae9d58d4b94cf9d95882967f5e9f7fa00dca3bf3b0455a71117a17dba7452315ee81a3a37de03852cf86b412feb08ef0e85fcb77e94a96ade9121dbe068e3eda7ef160527a6ca5d72be17ce14ffccaa6d3554139370de009f044dac1eda2ff193e7498638b0322494a5e4cea2209d84a392b04613031c9a7349e033529fe715775c937fd97ae4b91518290dcbd30179174c3b6716c1643d18666ebf720832b9c4dca0c00a44c0061c694c4862a412aa23ea7b1d28c38dec232f468f877bce3a4ef2ed64945cafa6f1fd77932be55786320f1260de285e2e7ff9f2ea7a45d1b7a7c228406229a616e96bace9194d1d3646dfbbbe6d8f03b4b0ec8291b61991937108c290b118adcde1d668b64d4aa29b65874ce8dfe5fee131a45777da26f969505471f7f6a899f59881dcd4796206c97688d5b01ec64a75e1436c0d4a5761e41c7a98bc8575d2cb5aa37a744bb7677cdca78a3214f8184be1e634dff45bb2b44fb56c98a2d30dd591f6aef48cea451391e822a6c45e0b6897db8f890d9c9540e664596253cb2e016add7ec2c3aba99616471b66199406414fc0ce27c19a0f3b45689919d74f22f4a6c0974eab6e14f383c77e43b240ecab8b3e805b8a1a72b534258ec97651a8d646e15af471a1f7b187d7850a0fb0c4b83da316fa78b38abf8d43e7b4258fb8fdcd84dda90ec9dbe5e6ffdf09d1e4e82b50d007b6e0788b4ec9cb6ae34f66c08bd164e6c0404c08c2520ed1bf66a8b1ae38255327bc09e887259ec4847b0adde399711db312b2b9ec0d65bbce1993d7bc1785e603599c6a161dc06c2a2b40e3d7583194679f23878e455c630158fa317ac7fc4813f1525c9165b134d5c7e495aed40b4e2ac9ec55b291f374a89cf77a1eec33736969de1ba3fcac225984c8e33861021dbf75168ca4c5e21bd7f6fd350c938cb85f2ba69951862d4d430ce4f178ff678fe3268e457c719a7c2c89b650c1f9f46db628da60a8dbcd4eb6f4e56580506f0d227b279e1648e46ca1cd92eb1b202615ac9359b66e0d1a565e85f46ad9d167b1e1cd7a2ca20bc9aafd7589ccd1643b444fb24183a0c287c0e94e91ea05949d19695af223ae3945e893a6dc53e4ba18f36d3c0e8756b44072651b164fa3abafb97e0c148f1a9637ffa2add9395ddd8b5b98f9e46961af35a51ef8c0a9c127c36fff5077d3b1f5d97fdaba2ef593c4dbc34a8031b6f89708ed141a06c7125030b3955e94edc219b29a14bbc5c5c7522c832950c255a60702ea6b5035ed139fc908eccb70a7922bd25c4120cf3dc57ccd0f6716d7faa81e5e9ea14dc9c98fb00d000417922375f81160623b2530d35f3447843ed9439532de321fff978ce1b8a7e8f9a06eeef190fd731315004efc5be0f91abf1068847ba147bf6cfc9456f89ee9d8573defccb629806ff28c36ba9aa08e737cdcb5720ba5e2824d977e7392fc89efbec735066740ca722a3a3d764414f8a383cda857d4c70f5ee44fb39ac5140c650e34bf0f2d3a4b8216e0cf8c47c1aa313197d41d5e7dec253266d706e1ba356a61d4ca50618e3f7602e0ebf9912e7a4f78dcc59d7c60bcce417bbac7f8aa9b039788f4090668c753bdcbb40038a357709f461b1361dd37151e99a95e3870e096db0aaf620bc3d104fe28f1059886cc62893687c55298fc888203a695f71035af8a9d654005825ff69c7e43908cf920f156732488272de62746d1d304dead5e1070938bd488a686ce1779b579152b1052d8bc12eb9db357f7dbf838affe789f6e304bb42e6696793ebca10927e2b1fe157ff08e76f9046c8d54e40536212a83b501c259270c87d16c399d597767ffb2b2ca1f6f10d3b6f7bf588fba8ee6513773cb21e4f03c4069ddf1d06ad3c1dac1a0bec5a3cd298398d07781baa0f3f8a377ab5e39e0e6087b61afff373c42250ae7ace4758dd721788d08ede67f96ab98d4419b8afee365f463ab945f75e0eb18d8121edfa94a79cee3690c6e60b0f12163842f61b24a6180e4ef58f687ea9408da7a456b5e98b1e1c9c4a8ea19c807861dd95de77d9ed173b7b778976a70ba5ab5e14195fc49f29679fd639193c0408e7f8544363d3bc141a1ed0b98263161d7aed2c53a93d67312d704048d55421e18dcc2804e3dbdfaf477c619beb47d0ee0b5452bf4d38c0538c7088531ba35e2b515a7a26687875a66a8b284b7646a69aec18e45588b053fa6d003c57f111f50f95321b910ff0e47ca0cbfa68b156edf6bf78434a65f928300d6da86266372aab318ddae915af7aaf38b5cad3c5440816c205361d04485c98bc9f92d72c938cc15c8aee1eaddcda294a2c745632a948f4e1ba2eaf35fc6f2c4d9b25f2f258aec50270dd22d0ce395fce5c33898b6225a2353fb594cbf303686b24bc75ed8411ffe6aaf4595cdedd727e4aaafa17c484257fef99ffa64de5ba0b432713f8f150cbef23dd54a9c6510455445b164c93718b02dc6a157971a72d7603b976ad09711f7b2b982284656a87710fff60925db0f80a2124a45a1d6ba82767b6daeb5c5b2be6a52ab6cf956ecfcd4454b16beb356d40c88cc2b8db46e81ac7986889512c9791f551a19e0328b0dbe4ab83e953d30a2d10f33a5aeb2663ea505f8558a8e0d4e9c4339620df50bc2bd78e3ae081470c032096c248b5e6338486f61e35e7fc3376ee2ad89ddcc5635c56753a4d9c9eb7fe0e81ef2be93c561ec3282d4497bcc021a3d86da2f9f2fd0b6a91d33f0004b8d0fecb09f57907b6573677dd98cafc5d2cfb2343933c8ab9835b28203a1fe4c07ab4e24d26cee656430d1902f3827e017999a849edec9d2bf4c4991e71f7b2ee5d1101d7e941534f4af60b41215bb587c345d2754a2f89b57c6b8311e54649feb72f825e0c0f738713cb9e90fd22d612c59fff9c7e472497139ef13d81f7020679face8a7b5ebed66f938d6dfd7fe42d55a50bf09664ff6106fb811acbaf7e9784ce58fadf054446212c2d70e81b3560c65515e7162a9a7de05bec3add2996ec394c8370cef122dd2ca42a99ee3ebca8568d470f4ace5c40beacc27c64ec72e85c5b33b388e1c7327398be765c429c23ea099f81e01055ed22192be984329e7c3874ee4e56db29f05aa3cd080a69bb3646bbd7e0a96028407c221a3d2190e1be626318278bffd54759262244c3c6e1315b68d3901a00f83082c7634bac3c776fcb9838ee364d08eac72ab78b6710ccc55f3a33e2a612a1119b7e8f96a3470deac778ea9e784d97f4ea28e1709607463099ab88df2cd981e1c1bec5a665714856026f8fa5ea53f13fea3ab2fa3ee2c2e12a575f6840dc63141abab9ca017efae709bfca85724d927564b0722e243cbef9c31ce0dd50498cb556208ccfde99033f81eaf96ff471d2c1e59726d79728557d9163f343163db0e0118165967523abfd60e34fffda91a6771857055bdd817404ddadfcd1b6a192a3172f2c97ca3f4cc934ed33ea7d1684403d71ae8492750788406c0b1f1db78755c7d8eead895165be56ed8e10969fa3acc7624040251dd4589c9d3ba6045163319dce607fe1627edf3fdd57ff79466706f3aaf4a7e368fca903a3f5ebd8294a144558fdf69b6bd99db41a34395badd90858135c18519fa42ae5eabc7ddb02f72b4002591b807ac7c0e58be8afae033fd4feeac1b938d382c1efbaa96d82878ff5f473593"}], 0x1010}, 0x800) open_by_handle_at(r0, &(0x7f0000002400)={0x58, 0x1, "bf30ee0f7c257647e3b7619456afcecd3c0a080e4c179f2b4abd8cf818777b72918f660d6d4b8de993ecf785fee7ea1d5041083aeff53065940f1a26ce3d654d9f2ad729971d0fb4c2908d326a8dbd6f"}, 0x400) 03:05:27 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x3400000000000000]}, 0x6) [ 695.048488] R10: 00000000000000c0 R11: 0000000000000246 R12: 00007f7e36aaa6d4 [ 695.055756] R13: 00000000004c3929 R14: 00000000004d57c0 R15: 00000000ffffffff 03:05:27 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0xf4010000]}, 0x6) 03:05:27 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0xffffffffffffffff]}, 0x6) [ 695.167237] Task in /syz3 killed as a result of limit of /syz3 [ 695.191186] memory: usage 204796kB, limit 204800kB, failcnt 3052 [ 695.199301] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 695.206327] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 03:05:28 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x20000]}, 0x6) [ 695.224741] Memory cgroup stats for /syz3: cache:0KB rss:2292KB rss_huge:2048KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2212KB inactive_file:0KB active_file:0KB unevictable:0KB 03:05:28 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x11]}, 0x6) [ 695.271793] Memory cgroup out of memory: Kill process 26233 (syz-executor3) score 171 or sacrifice child [ 695.302251] Killed process 26233 (syz-executor3) total-vm:70472kB, anon-rss:2156kB, file-rss:32768kB, shmem-rss:0kB [ 695.323776] oom_reaper: reaped process 26233 (syz-executor3), now anon-rss:0kB, file-rss:32736kB, shmem-rss:0kB 03:05:28 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xe803000000000000]}, 0x6) 03:05:28 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xe000000]}, 0x6) 03:05:28 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x7530]}, 0x6) 03:05:28 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") ioctl$int_in(r1, 0x5452, &(0x7f0000000180)=0x1f) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40106614, &(0x7f0000000000)) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:28 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x34]}, 0x6) 03:05:28 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x80040200]}, 0x6) 03:05:28 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") ioctl$int_in(r1, 0x5452, &(0x7f0000000180)=0x1f) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40106614, &(0x7f0000000000)) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:28 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x3f000000]}, 0x6) 03:05:28 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x9]}, 0x6) 03:05:28 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xa805000000000000]}, 0x6) 03:05:28 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_buf(r0, 0x6, 0x1d, &(0x7f0000000040), 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0x0, 0xfffffffffffffffd, &(0x7f00000000c0), 0x179) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000000)={r0}) accept$inet6(r1, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote}, &(0x7f00000001c0)=0xffffff7e) 03:05:28 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x40000000]}, 0x6) 03:05:28 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") ioctl$int_in(r1, 0x5452, &(0x7f0000000180)=0x1f) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40106614, &(0x7f0000000000)) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:28 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000280)={'ip6_vti0\x00', &(0x7f0000000380)=ANY=[@ANYBLOB="ee32d7628bb9ab74a62404f22eef98de30151f000000feffffff030000000100000003000000090000000008000002000000a19d6e24946f24ff46108f4afa7901ea28a2c2f5c6b3a9e6f6a7324531dca78b20e3eb65e77a8e38545b0395830ef90ddf8e3267b94511a41d29af643b47d215fc40a8e0cea68d1bcb9e95bae4d668a58b2e55cc17c8555f081e366b2f334c7188ea7d8bf7d26f661975226f6205f304c2c0439305f3180a0e0dce6043122a5d60723499f0ea3659f71e1d4de5a40d07bdfdcd2d31f528346c8c80bd1b45534b2af513179e5c78351f2915d32ec823b2fd0f86fb97ffa878c88f24096ea908b945dbf7a5f862fef0d91ce4fbad49e3be21db7ac34538ea4d615ba29cb5fb9d8747c90dd66f20"]}) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x101000, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000040)={0x0, 0x1}, &(0x7f0000000100)=0x8) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000140)={r2, 0x1}, &(0x7f0000000180)=0x8) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) write$9p(r1, &(0x7f00000001c0)="7c83f5b04e91ecb3d68f0c201405ab16ce25623f74f676de4b7960dba35ec15b3f4091563b04de45c147e9db64f21ee17cac8cbe7e97a0bc30143a40396f2a4d816f307b130b6455f98f7f088335aaf8b9dc75a8579e8b95ee5ac36b0acc3eea0a1f7763a7e9b05f6e40efc0", 0x6c) sendto$inet(r0, &(0x7f0000000240), 0x0, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) 03:05:28 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x7530]}, 0x6) 03:05:28 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") ioctl$int_in(r1, 0x5452, &(0x7f0000000180)=0x1f) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40106614, &(0x7f0000000000)) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:28 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x40020000]}, 0x6) 03:05:29 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") ioctl$int_in(r1, 0x5452, &(0x7f0000000180)=0x1f) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40106614, &(0x7f0000000000)) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:29 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x2]}, 0x6) 03:05:29 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xfdffffff00000000]}, 0x6) 03:05:29 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) r1 = socket$inet(0x2, 0x6, 0x5) ioctl$sock_inet_SIOCSIFDSTADDR(r1, 0x8918, &(0x7f0000000000)={'teql0\x00', {0x2, 0x4e24, @multicast2}}) setsockopt$IP_VS_SO_SET_ZERO(r0, 0x0, 0x48f, &(0x7f0000000140)={0x3b, @loopback, 0x4e24, 0x3, 'ovf\x00', 0x3, 0x7, 0x52}, 0x2c) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x480982, 0x0) ioctl$UI_ABS_SETUP(r2, 0x401c5504, &(0x7f0000000100)={0x6, {0x0, 0x5, 0x5, 0x9, 0x0, 0x2}}) 03:05:29 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") ioctl$int_in(r1, 0x5452, &(0x7f0000000180)=0x1f) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40106614, &(0x7f0000000000)) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:29 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0xe803]}, 0x6) [ 696.333010] syz-executor3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=3, oom_score_adj=0 [ 696.347931] syz-executor3 cpuset=syz3 mems_allowed=0 [ 696.359840] CPU: 1 PID: 26358 Comm: syz-executor3 Not tainted 4.19.0-rc6+ #265 [ 696.367223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 696.376579] Call Trace: [ 696.379191] dump_stack+0x1c4/0x2b4 [ 696.382842] ? dump_stack_print_info.cold.2+0x52/0x52 [ 696.388051] ? mark_held_locks+0x130/0x130 [ 696.392295] ? mark_held_locks+0x130/0x130 [ 696.396551] dump_header+0x27b/0xf72 [ 696.400290] ? pagefault_out_of_memory+0x197/0x197 [ 696.405236] ? check_preemption_disabled+0x48/0x200 [ 696.410265] ? check_preemption_disabled+0x48/0x200 [ 696.415306] ? graph_lock+0x170/0x170 [ 696.419128] ? graph_lock+0x170/0x170 [ 696.422958] ? print_usage_bug+0xc0/0xc0 [ 696.427034] ? find_held_lock+0x36/0x1c0 [ 696.431112] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 696.431620] IPVS: set_ctl: invalid protocol: 59 127.0.0.1:20004 [ 696.436666] ? find_held_lock+0x36/0x1c0 [ 696.436697] ? mark_held_locks+0xc7/0x130 [ 696.436719] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 696.456056] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 696.461178] ? lockdep_hardirqs_on+0x421/0x5c0 [ 696.465773] ? trace_hardirqs_on+0xbd/0x310 [ 696.470105] ? kasan_check_read+0x11/0x20 [ 696.474265] ? ___ratelimit+0x36f/0x655 [ 696.478256] ? __bpf_trace_preemptirq_template+0x30/0x30 03:05:29 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0xa76a000000000000]}, 0x6) [ 696.483723] ? trace_hardirqs_on+0x310/0x310 [ 696.488139] ? lock_downgrade+0x900/0x900 [ 696.492316] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 696.497436] ? ___ratelimit+0xaa/0x655 [ 696.501340] ? idr_get_free+0xec0/0xec0 [ 696.505331] ? kasan_check_write+0x14/0x20 [ 696.509583] ? do_raw_spin_lock+0xc1/0x200 [ 696.513836] oom_kill_process.cold.27+0x10/0x903 [ 696.518605] ? kasan_check_write+0x14/0x20 [ 696.522855] ? do_raw_spin_lock+0xc1/0x200 [ 696.527112] ? oom_evaluate_task+0x540/0x540 [ 696.531533] ? cgroup_procs_next+0x70/0x70 [ 696.535785] ? _raw_spin_unlock_irq+0x60/0x80 [ 696.540294] ? oom_badness+0xaa0/0xaa0 [ 696.544202] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 696.548976] ? mem_cgroup_iter_break+0x30/0x30 [ 696.553584] ? mark_held_locks+0xc7/0x130 [ 696.557743] out_of_memory+0xa84/0x1430 [ 696.561726] ? lockdep_hardirqs_on+0x421/0x5c0 [ 696.566318] ? kasan_check_read+0x11/0x20 [ 696.570477] ? oom_killer_disable+0x3a0/0x3a0 [ 696.574976] ? kasan_check_write+0x14/0x20 [ 696.579217] ? do_raw_spin_lock+0xc1/0x200 03:05:29 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0xfffff666]}, 0x6) 03:05:29 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x983a0000]}, 0x6) [ 696.583469] mem_cgroup_out_of_memory+0x15e/0x210 [ 696.588321] ? memcg_memory_event+0x40/0x40 [ 696.592655] ? mem_cgroup_charge_skmem+0x1e4/0x390 [ 696.597616] ? page_counter_try_charge+0x1c1/0x220 [ 696.602560] try_charge+0xc43/0x1690 [ 696.606301] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 696.612371] ? tcp_sendmsg+0x2f/0x50 [ 696.616097] ? sock_sendmsg+0xd5/0x120 [ 696.619996] ? __sys_sendto+0x3d7/0x670 [ 696.623983] ? graph_lock+0x170/0x170 [ 696.627800] ? graph_lock+0x170/0x170 [ 696.631621] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 696.637183] ? check_preemption_disabled+0x48/0x200 [ 696.642214] ? check_preemption_disabled+0x48/0x200 [ 696.647252] ? mark_held_locks+0xc7/0x130 [ 696.651420] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 696.656360] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 696.661305] ? lockdep_hardirqs_on+0x421/0x5c0 [ 696.665902] ? rcu_read_lock_sched_held+0x108/0x120 [ 696.670932] ? __sk_mem_raise_allocated+0x642/0x1800 [ 696.676086] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 696.681554] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 696.687105] ? check_preemption_disabled+0x48/0x200 [ 696.692140] mem_cgroup_charge_skmem+0x1e4/0x390 [ 696.696924] ? mem_cgroup_sk_free+0x90/0x90 [ 696.701275] __sk_mem_raise_allocated+0x642/0x1800 [ 696.706227] ? sk_busy_loop_end+0x1c0/0x1c0 [ 696.710563] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 696.716120] ? alloc_pages_current+0x114/0x210 [ 696.720923] ? skb_page_frag_refill+0x1eb/0x6a0 [ 696.725599] ? sock_kzfree_s+0x60/0x60 [ 696.729510] ? _copy_from_iter_full+0x2b3/0xd20 [ 696.734204] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 696.739753] ? tcp_rate_check_app_limited+0x121/0x460 [ 696.739773] ? iov_iter_advance+0x1460/0x1460 [ 696.739793] __sk_mem_schedule+0x6d/0xe0 [ 696.739809] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 696.739832] tcp_sendmsg_locked+0x1c86/0x3f00 [ 696.763595] ? tcp_sendpage+0x60/0x60 [ 696.763616] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 696.772944] ? aa_label_sk_perm+0x46d/0x8e0 [ 696.777290] ? find_held_lock+0x36/0x1c0 [ 696.781365] ? mark_held_locks+0xc7/0x130 [ 696.781387] ? __local_bh_enable_ip+0x160/0x260 [ 696.781404] ? __local_bh_enable_ip+0x160/0x260 [ 696.781424] ? trace_hardirqs_on+0xbd/0x310 [ 696.790223] ? lock_release+0x970/0x970 [ 696.790241] ? lock_sock_nested+0xe2/0x120 [ 696.790260] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 696.790276] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 696.790298] ? check_preemption_disabled+0x48/0x200 [ 696.799266] ? lock_sock_nested+0x9a/0x120 [ 696.799284] ? lock_sock_nested+0x9a/0x120 [ 696.799304] ? __local_bh_enable_ip+0x160/0x260 [ 696.799329] tcp_sendmsg+0x2f/0x50 [ 696.799349] inet_sendmsg+0x1a1/0x690 [ 696.799367] ? ipip_gro_receive+0x100/0x100 [ 696.799383] ? apparmor_socket_sendmsg+0x29/0x30 [ 696.799404] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 696.807918] ? security_socket_sendmsg+0x94/0xc0 [ 696.807935] ? ipip_gro_receive+0x100/0x100 [ 696.807954] sock_sendmsg+0xd5/0x120 [ 696.807973] __sys_sendto+0x3d7/0x670 [ 696.807994] ? __ia32_sys_getpeername+0xb0/0xb0 [ 696.808009] ? lock_release+0x970/0x970 [ 696.808025] ? arch_local_save_flags+0x40/0x40 [ 696.808042] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 696.808059] ? aa_af_perm+0x5a0/0x5a0 [ 696.819054] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 696.819072] ? put_timespec64+0x10f/0x1b0 [ 696.819089] ? nsecs_to_jiffies+0x30/0x30 [ 696.819108] ? do_syscall_64+0x9a/0x820 [ 696.819124] ? do_syscall_64+0x9a/0x820 [ 696.819140] ? lockdep_hardirqs_on+0x421/0x5c0 [ 696.819170] ? trace_hardirqs_on+0xbd/0x310 [ 696.828433] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 696.898203] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 696.898223] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 696.898244] __x64_sys_sendto+0xe1/0x1a0 [ 696.907921] do_syscall_64+0x1b9/0x820 [ 696.907936] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 696.907954] ? syscall_return_slowpath+0x5e0/0x5e0 [ 696.907969] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 696.907987] ? trace_hardirqs_on_caller+0x310/0x310 [ 696.908007] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 696.978358] ? prepare_exit_to_usermode+0x291/0x3b0 [ 696.983402] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 696.988253] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 696.993428] RIP: 0033:0x457579 [ 696.996608] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 697.015495] RSP: 002b:00007f7e36aa9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 697.023191] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457579 03:05:29 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x1f4]}, 0x6) 03:05:29 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0xa76a]}, 0x6) 03:05:29 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") ioctl$int_in(r1, 0x5452, &(0x7f0000000180)=0x1f) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:29 executing program 4: bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(0xffffffffffffffff, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(0xffffffffffffffff, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x1, 0x0) r1 = gettid() ioctl$TIOCSPGRP(r0, 0x5410, &(0x7f0000000100)=r1) sendto$inet(0xffffffffffffffff, &(0x7f0000000000)="db11aacf1be3584a0918c3b42b9e985e9e0c4a0d139c13d9b3e5bdf33f", 0x1d, 0x1, 0x0, 0x0) [ 697.030446] RDX: fffffffffffffe4e RSI: 0000000020000000 RDI: 0000000000000003 [ 697.037702] RBP: 000000000072bf00 R08: 00000000200000c0 R09: 0000000000000006 [ 697.044957] R10: 00000000000000c0 R11: 0000000000000246 R12: 00007f7e36aaa6d4 [ 697.052213] R13: 00000000004c3929 R14: 00000000004d57c0 R15: 00000000ffffffff [ 697.061564] Task in /syz3 killed as a result of limit of /syz3 [ 697.067833] memory: usage 204784kB, limit 204800kB, failcnt 3065 [ 697.074163] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 697.083835] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 697.111902] Memory cgroup stats for /syz3: cache:0KB rss:4344KB rss_huge:4096KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:4248KB inactive_file:0KB active_file:0KB unevictable:0KB [ 697.143072] Memory cgroup out of memory: Kill process 26357 (syz-executor3) score 181 or sacrifice child 03:05:29 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) [ 697.155670] Killed process 26357 (syz-executor3) total-vm:70340kB, anon-rss:4204kB, file-rss:32768kB, shmem-rss:0kB [ 697.207279] syz-executor1 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=0 [ 697.210174] oom_reaper: reaped process 26357 (syz-executor3), now anon-rss:0kB, file-rss:32720kB, shmem-rss:0kB [ 697.247576] syz-executor1 cpuset=syz1 mems_allowed=0 [ 697.267552] CPU: 0 PID: 26374 Comm: syz-executor1 Not tainted 4.19.0-rc6+ #265 [ 697.274928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 697.284284] Call Trace: [ 697.286884] dump_stack+0x1c4/0x2b4 [ 697.290526] ? dump_stack_print_info.cold.2+0x52/0x52 [ 697.295737] dump_header+0x27b/0xf72 [ 697.299471] ? mark_held_locks+0x130/0x130 [ 697.303715] ? pagefault_out_of_memory+0x197/0x197 [ 697.308654] ? check_preemption_disabled+0x48/0x200 [ 697.313684] ? check_preemption_disabled+0x48/0x200 [ 697.318716] ? graph_lock+0x170/0x170 [ 697.322541] ? graph_lock+0x170/0x170 [ 697.326351] ? print_usage_bug+0xc0/0xc0 [ 697.330432] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 697.335982] ? find_held_lock+0x36/0x1c0 [ 697.340057] ? mark_held_locks+0xc7/0x130 [ 697.344216] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 697.349319] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 697.354419] ? lockdep_hardirqs_on+0x421/0x5c0 [ 697.359004] ? trace_hardirqs_on+0xbd/0x310 [ 697.363324] ? kasan_check_read+0x11/0x20 [ 697.367475] ? ___ratelimit+0x36f/0x655 [ 697.371450] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 697.376931] ? trace_hardirqs_on+0x310/0x310 [ 697.381342] ? lock_downgrade+0x900/0x900 [ 697.385492] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 697.390594] ? ___ratelimit+0xaa/0x655 [ 697.394505] ? idr_get_free+0xec0/0xec0 [ 697.398482] ? kasan_check_write+0x14/0x20 [ 697.402717] ? do_raw_spin_lock+0xc1/0x200 [ 697.406961] oom_kill_process.cold.27+0x10/0x903 [ 697.411720] ? kasan_check_write+0x14/0x20 [ 697.415956] ? do_raw_spin_lock+0xc1/0x200 [ 697.420205] ? oom_evaluate_task+0x540/0x540 [ 697.424615] ? cgroup_procs_next+0x70/0x70 [ 697.428853] ? _raw_spin_unlock_irq+0x60/0x80 [ 697.433341] ? oom_badness+0xaa0/0xaa0 [ 697.437232] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 697.441989] ? mem_cgroup_iter_break+0x30/0x30 [ 697.446584] ? cgroup_file_notify+0x226/0x2f0 [ 697.451085] out_of_memory+0xa84/0x1430 [ 697.455068] ? lockdep_hardirqs_on+0x421/0x5c0 [ 697.459645] ? kasan_check_read+0x11/0x20 [ 697.463799] ? oom_killer_disable+0x3a0/0x3a0 [ 697.468307] ? kasan_check_write+0x14/0x20 [ 697.472544] ? do_raw_spin_lock+0xc1/0x200 [ 697.476801] mem_cgroup_out_of_memory+0x15e/0x210 [ 697.481643] ? memcg_memory_event+0x40/0x40 [ 697.485965] ? memcg_kmem_charge_memcg+0x7c/0x120 [ 697.490814] ? page_counter_try_charge+0x1c1/0x220 [ 697.495747] try_charge+0xc43/0x1690 [ 697.499460] ? lock_downgrade+0x900/0x900 [ 697.503608] ? check_preemption_disabled+0x48/0x200 [ 697.508637] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 697.514697] ? find_held_lock+0x36/0x1c0 [ 697.518764] ? get_mem_cgroup_from_mm+0x1e9/0x440 [ 697.523604] ? lock_downgrade+0x900/0x900 [ 697.527754] ? check_preemption_disabled+0x48/0x200 [ 697.532773] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 697.538564] ? kasan_check_read+0x11/0x20 [ 697.542714] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 697.547994] ? rcu_bh_qs+0xc0/0xc0 [ 697.551544] ? get_mem_cgroup_from_mm+0x206/0x440 [ 697.556396] memcg_kmem_charge_memcg+0x7c/0x120 [ 697.561063] ? memcg_kmem_put_cache+0xb0/0xb0 [ 697.565556] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 697.570927] memcg_kmem_charge+0x135/0x300 [ 697.575181] __alloc_pages_nodemask+0x72e/0xde0 [ 697.579852] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 697.585129] ? lock_downgrade+0x900/0x900 [ 697.589286] ? __alloc_pages_slowpath+0x2d80/0x2d80 [ 697.594304] ? check_preemption_disabled+0x48/0x200 [ 697.599325] ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0 [ 697.604860] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 697.610132] ? percpu_ref_put_many+0x13e/0x260 [ 697.614720] ? rcu_pm_notify+0xc0/0xc0 [ 697.618656] ? copy_process+0x1ff4/0x8780 [ 697.622806] ? rcu_read_lock_sched_held+0x108/0x120 [ 697.627845] ? kmem_cache_alloc_node+0x349/0x730 [ 697.632612] ? kasan_check_write+0x14/0x20 [ 697.636843] ? do_raw_spin_lock+0xc1/0x200 [ 697.641083] copy_process+0xa09/0x8780 [ 697.644975] ? print_usage_bug+0xc0/0xc0 [ 697.649033] ? __lock_acquire+0x7ec/0x4ec0 [ 697.653269] ? __lock_acquire+0x7ec/0x4ec0 [ 697.657507] ? print_usage_bug+0xc0/0xc0 [ 697.661584] ? __cleanup_sighand+0x70/0x70 [ 697.665829] ? mark_held_locks+0x130/0x130 [ 697.670062] ? print_usage_bug+0xc0/0xc0 [ 697.674127] ? print_usage_bug+0xc0/0xc0 [ 697.678202] ? mark_held_locks+0x130/0x130 [ 697.682434] ? __lock_acquire+0x7ec/0x4ec0 [ 697.686681] ? __lock_acquire+0x7ec/0x4ec0 [ 697.690915] ? graph_lock+0x170/0x170 [ 697.694716] ? check_preemption_disabled+0x48/0x200 [ 697.699745] ? check_preemption_disabled+0x48/0x200 [ 697.704772] ? mark_held_locks+0x130/0x130 [ 697.709014] ? print_usage_bug+0xc0/0xc0 [ 697.713072] ? find_held_lock+0x36/0x1c0 [ 697.717140] ? find_held_lock+0x36/0x1c0 [ 697.721230] ? print_usage_bug+0xc0/0xc0 [ 697.725291] ? __lock_acquire+0x7ec/0x4ec0 [ 697.729524] ? lock_downgrade+0x900/0x900 [ 697.733670] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 697.739210] ? check_preemption_disabled+0x48/0x200 [ 697.744228] ? check_preemption_disabled+0x48/0x200 [ 697.749258] ? __lock_acquire+0x7ec/0x4ec0 [ 697.753519] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 697.759063] ? mark_held_locks+0x130/0x130 [ 697.763298] ? rcu_read_unlock+0x16/0x60 [ 697.767363] ? lock_downgrade+0x900/0x900 [ 697.771512] ? check_preemption_disabled+0x48/0x200 [ 697.776532] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 697.782327] ? kasan_check_read+0x11/0x20 [ 697.786474] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 697.791751] ? graph_lock+0x170/0x170 [ 697.795562] ? rcu_read_unlock+0x33/0x60 [ 697.799627] ? find_held_lock+0x36/0x1c0 [ 697.803690] ? graph_lock+0x170/0x170 [ 697.807493] ? delayacct_end+0x25/0x100 [ 697.811468] ? lock_downgrade+0x900/0x900 [ 697.815628] ? ktime_get+0x352/0x440 [ 697.819340] ? print_usage_bug+0xc0/0xc0 [ 697.823407] ? find_held_lock+0x36/0x1c0 [ 697.827478] ? delayacct_end+0xc5/0x100 [ 697.831456] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 697.836563] ? __lock_acquire+0x7ec/0x4ec0 [ 697.840797] ? trace_hardirqs_on+0xbd/0x310 [ 697.845112] ? kasan_check_read+0x11/0x20 [ 697.849260] ? delayacct_end+0xc5/0x100 [ 697.853483] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 697.858945] ? mark_held_locks+0x130/0x130 [ 697.863207] ? delayacct_end+0x5a/0x100 [ 697.867208] ? __delayacct_freepages_end+0xe0/0x140 [ 697.872229] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 697.877772] ? do_try_to_free_pages+0xe68/0x1290 [ 697.882532] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 697.888068] ? check_preemption_disabled+0x48/0x200 [ 697.893079] ? check_preemption_disabled+0x48/0x200 [ 697.898115] ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0 [ 697.903701] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 697.908976] ? rcu_pm_notify+0xc0/0xc0 [ 697.912867] ? graph_lock+0x170/0x170 [ 697.916685] ? try_to_free_mem_cgroup_pages+0x58b/0xca0 [ 697.922072] _do_fork+0x1cb/0x11d0 [ 697.925614] ? fork_idle+0x1d0/0x1d0 [ 697.929421] ? percpu_ref_put_many+0x11c/0x260 [ 697.934004] ? lock_downgrade+0x900/0x900 [ 697.938149] ? check_preemption_disabled+0x48/0x200 [ 697.943195] ? kasan_check_read+0x11/0x20 [ 697.947348] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 697.952622] ? rcu_bh_qs+0xc0/0xc0 [ 697.956171] ? get_mem_cgroup_from_mm+0x206/0x440 [ 697.961028] ? do_syscall_64+0x9a/0x820 [ 697.965003] ? do_syscall_64+0x9a/0x820 [ 697.968976] ? lockdep_hardirqs_on+0x421/0x5c0 [ 697.973561] ? trace_hardirqs_on+0xbd/0x310 [ 697.977917] ? trace_hardirqs_on+0x310/0x310 [ 697.982324] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 697.987690] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 697.993143] __x64_sys_clone+0xbf/0x150 [ 697.997130] do_syscall_64+0x1b9/0x820 [ 698.001052] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 698.006414] ? syscall_return_slowpath+0x5e0/0x5e0 [ 698.011339] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 698.016191] ? trace_hardirqs_on_caller+0x310/0x310 [ 698.021219] ? prepare_exit_to_usermode+0x291/0x3b0 [ 698.026255] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 698.031103] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 698.036292] RIP: 0033:0x459f49 [ 698.039483] Code: ff 48 85 f6 0f 84 47 8a fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 1e 8a fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 698.058378] RSP: 002b:0000000000a3fac8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 698.066086] RAX: ffffffffffffffda RBX: 00007f2ad8011700 RCX: 0000000000459f49 [ 698.073368] RDX: 00007f2ad80119d0 RSI: 00007f2ad8010db0 RDI: 00000000003d0f00 [ 698.080637] RBP: 0000000000a3fcd0 R08: 00007f2ad8011700 R09: 00007f2ad8011700 [ 698.087924] R10: 00007f2ad80119d0 R11: 0000000000000202 R12: 0000000000000000 03:05:30 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xa00]}, 0x6) 03:05:30 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) 03:05:30 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x3400]}, 0x6) 03:05:30 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x141b080000000000]}, 0x6) 03:05:30 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) socket$inet6(0xa, 0x3, 0x800000000000008) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) [ 698.095215] R13: 0000000000a3fb7f R14: 00007f2ad80119c0 R15: 0000000000000002 [ 698.195275] Task in /syz1 killed as a result of limit of /syz1 [ 698.219900] memory: usage 204664kB, limit 204800kB, failcnt 4004 [ 698.237150] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 698.244489] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 698.254538] Memory cgroup stats for /syz1: cache:224KB rss:4264KB rss_huge:4096KB shmem:224KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:4268KB inactive_file:0KB active_file:0KB unevictable:0KB [ 698.275660] Memory cgroup out of memory: Kill process 26374 (syz-executor1) score 181 or sacrifice child 03:05:31 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x67f6ffff00000000]}, 0x6) 03:05:31 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000000000)="e3678d94532669faa65acf05cdc04665", 0x10) socketpair(0x8, 0x4, 0xfffffffffffffff7, &(0x7f0000000140)) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) socketpair(0x10, 0xa, 0x7, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000100)={0x3, 0x9}) 03:05:31 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x8c528]}, 0x6) 03:05:31 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x3f00000000000000]}, 0x6) 03:05:31 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) socket$inet6(0xa, 0x3, 0x800000000000008) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:31 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x4]}, 0x6) [ 698.305437] Killed process 26374 (syz-executor1) total-vm:70604kB, anon-rss:4204kB, file-rss:32768kB, shmem-rss:0kB [ 698.323747] oom_reaper: reaped process 26374 (syz-executor1), now anon-rss:0kB, file-rss:32064kB, shmem-rss:0kB 03:05:31 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) socket$inet6(0xa, 0x3, 0x800000000000008) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) [ 698.441851] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=3, oom_score_adj=0 03:05:31 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @dev}, 0xfffffffffffffd9b) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) 03:05:31 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x7]}, 0x6) [ 698.486175] syz-executor1 cpuset=syz1 mems_allowed=0 [ 698.518655] CPU: 1 PID: 26435 Comm: syz-executor1 Not tainted 4.19.0-rc6+ #265 [ 698.526053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 698.535408] Call Trace: [ 698.538009] dump_stack+0x1c4/0x2b4 [ 698.541654] ? dump_stack_print_info.cold.2+0x52/0x52 [ 698.546870] ? mark_held_locks+0x130/0x130 [ 698.551136] ? mark_held_locks+0x130/0x130 [ 698.555420] dump_header+0x27b/0xf72 [ 698.559173] ? pagefault_out_of_memory+0x197/0x197 [ 698.564120] ? check_preemption_disabled+0x48/0x200 03:05:31 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x3400000000000000]}, 0x6) [ 698.569165] ? check_preemption_disabled+0x48/0x200 [ 698.574207] ? graph_lock+0x170/0x170 [ 698.578024] ? graph_lock+0x170/0x170 [ 698.581832] ? print_usage_bug+0xc0/0xc0 [ 698.585925] ? find_held_lock+0x36/0x1c0 [ 698.589999] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 698.595542] ? find_held_lock+0x36/0x1c0 [ 698.599613] ? mark_held_locks+0xc7/0x130 [ 698.603768] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 698.608874] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 698.613976] ? lockdep_hardirqs_on+0x421/0x5c0 [ 698.618561] ? trace_hardirqs_on+0xbd/0x310 [ 698.622882] ? kasan_check_read+0x11/0x20 [ 698.627030] ? ___ratelimit+0x36f/0x655 [ 698.631006] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 698.636457] ? trace_hardirqs_on+0x310/0x310 [ 698.640868] ? lock_downgrade+0x900/0x900 [ 698.645023] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 698.650128] ? ___ratelimit+0xaa/0x655 [ 698.654029] ? idr_get_free+0xec0/0xec0 [ 698.658003] ? kasan_check_write+0x14/0x20 [ 698.662253] ? do_raw_spin_lock+0xc1/0x200 [ 698.666496] oom_kill_process.cold.27+0x10/0x903 [ 698.671256] ? kasan_check_write+0x14/0x20 [ 698.675504] ? do_raw_spin_lock+0xc1/0x200 [ 698.679748] ? oom_evaluate_task+0x540/0x540 [ 698.684169] ? cgroup_procs_next+0x70/0x70 [ 698.688411] ? _raw_spin_unlock_irq+0x60/0x80 [ 698.692911] ? oom_badness+0xaa0/0xaa0 [ 698.696802] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 698.701562] ? mem_cgroup_iter_break+0x30/0x30 [ 698.706166] ? mark_held_locks+0xc7/0x130 [ 698.710321] out_of_memory+0xa84/0x1430 [ 698.714313] ? lockdep_hardirqs_on+0x421/0x5c0 [ 698.718911] ? kasan_check_read+0x11/0x20 [ 698.723342] ? oom_killer_disable+0x3a0/0x3a0 [ 698.727841] ? kasan_check_write+0x14/0x20 [ 698.732073] ? do_raw_spin_lock+0xc1/0x200 [ 698.736318] mem_cgroup_out_of_memory+0x15e/0x210 [ 698.741181] ? memcg_memory_event+0x40/0x40 [ 698.745520] ? mem_cgroup_charge_skmem+0x1e4/0x390 [ 698.750472] ? page_counter_try_charge+0x1c1/0x220 [ 698.755409] try_charge+0xc43/0x1690 [ 698.759136] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 698.765214] ? mark_held_locks+0xc7/0x130 [ 698.769362] ? graph_lock+0x170/0x170 [ 698.773173] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 698.778103] ? lockdep_hardirqs_on+0x421/0x5c0 [ 698.782719] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 698.788262] ? check_preemption_disabled+0x48/0x200 [ 698.793282] ? check_preemption_disabled+0x48/0x200 [ 698.798313] ? mark_held_locks+0xc7/0x130 [ 698.802465] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 698.807395] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 698.812330] ? lockdep_hardirqs_on+0x421/0x5c0 [ 698.816914] ? rcu_read_lock_sched_held+0x108/0x120 [ 698.821985] ? __sk_mem_raise_allocated+0x642/0x1800 [ 698.827092] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 698.832547] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 698.838086] ? check_preemption_disabled+0x48/0x200 [ 698.843142] mem_cgroup_charge_skmem+0x1e4/0x390 [ 698.847925] ? mem_cgroup_sk_free+0x90/0x90 [ 698.852271] __sk_mem_raise_allocated+0x642/0x1800 [ 698.857230] ? sk_busy_loop_end+0x1c0/0x1c0 [ 698.861556] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 698.867101] ? alloc_pages_current+0x114/0x210 [ 698.871696] ? skb_page_frag_refill+0x1eb/0x6a0 [ 698.876370] ? sock_kzfree_s+0x60/0x60 [ 698.880261] ? _copy_from_iter_full+0x2b3/0xd20 [ 698.884933] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 698.890474] ? tcp_rate_check_app_limited+0x121/0x460 [ 698.895667] ? iov_iter_advance+0x1460/0x1460 [ 698.900182] __sk_mem_schedule+0x6d/0xe0 [ 698.904249] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 698.909807] tcp_sendmsg_locked+0x1c86/0x3f00 [ 698.914344] ? tcp_sendpage+0x60/0x60 [ 698.918147] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 698.923701] ? aa_label_sk_perm+0x46d/0x8e0 [ 698.928033] ? find_held_lock+0x36/0x1c0 [ 698.932098] ? mark_held_locks+0xc7/0x130 [ 698.936275] ? __local_bh_enable_ip+0x160/0x260 [ 698.940944] ? __local_bh_enable_ip+0x160/0x260 [ 698.945631] ? trace_hardirqs_on+0xbd/0x310 [ 698.949953] ? lock_release+0x970/0x970 [ 698.953926] ? lock_sock_nested+0xe2/0x120 [ 698.958194] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 698.963645] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 698.969204] ? check_preemption_disabled+0x48/0x200 [ 698.974229] ? lock_sock_nested+0x9a/0x120 [ 698.978469] ? lock_sock_nested+0x9a/0x120 [ 698.982713] ? __local_bh_enable_ip+0x160/0x260 [ 698.987392] tcp_sendmsg+0x2f/0x50 [ 698.990938] inet_sendmsg+0x1a1/0x690 [ 698.994744] ? ipip_gro_receive+0x100/0x100 [ 698.999086] ? apparmor_socket_sendmsg+0x29/0x30 [ 699.003844] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 699.009388] ? security_socket_sendmsg+0x94/0xc0 [ 699.014145] ? ipip_gro_receive+0x100/0x100 [ 699.018482] sock_sendmsg+0xd5/0x120 [ 699.022198] __sys_sendto+0x3d7/0x670 [ 699.026001] ? __ia32_sys_getpeername+0xb0/0xb0 [ 699.030669] ? lock_release+0x970/0x970 [ 699.034664] ? arch_local_save_flags+0x40/0x40 [ 699.039269] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 699.044728] ? aa_af_perm+0x5a0/0x5a0 [ 699.048551] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 699.054105] ? put_timespec64+0x10f/0x1b0 [ 699.058257] ? nsecs_to_jiffies+0x30/0x30 [ 699.062410] ? do_syscall_64+0x9a/0x820 [ 699.066388] ? do_syscall_64+0x9a/0x820 [ 699.070363] ? lockdep_hardirqs_on+0x421/0x5c0 [ 699.074949] ? trace_hardirqs_on+0xbd/0x310 [ 699.079270] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 699.084810] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 699.090178] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 699.095635] __x64_sys_sendto+0xe1/0x1a0 [ 699.099706] do_syscall_64+0x1b9/0x820 [ 699.103596] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 699.108964] ? syscall_return_slowpath+0x5e0/0x5e0 [ 699.113896] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 699.118739] ? trace_hardirqs_on_caller+0x310/0x310 [ 699.123755] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 699.128778] ? prepare_exit_to_usermode+0x291/0x3b0 [ 699.133802] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 699.138721] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 699.143910] RIP: 0033:0x457579 [ 699.147102] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 03:05:32 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x2]}, 0x6) [ 699.166000] RSP: 002b:00007f2ad8052c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 699.173710] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457579 [ 699.180979] RDX: fffffffffffffe4e RSI: 0000000020000000 RDI: 0000000000000003 [ 699.188246] RBP: 000000000072bf00 R08: 00000000200000c0 R09: 0000000000000006 [ 699.195512] R10: 00000000000000c0 R11: 0000000000000246 R12: 00007f2ad80536d4 [ 699.202778] R13: 00000000004c3929 R14: 00000000004d57c0 R15: 00000000ffffffff [ 699.230826] Task in /syz1 killed as a result of limit of /syz1 [ 699.238055] memory: usage 204796kB, limit 204800kB, failcnt 4025 [ 699.245362] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 699.262917] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 03:05:32 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x6aa7]}, 0x6) [ 699.272811] Memory cgroup stats for /syz1: cache:224KB rss:4228KB rss_huge:4096KB shmem:224KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:4256KB inactive_file:0KB active_file:0KB unevictable:0KB [ 699.368367] Memory cgroup out of memory: Kill process 26434 (syz-executor1) score 181 or sacrifice child [ 699.383415] Killed process 26434 (syz-executor1) total-vm:70472kB, anon-rss:4204kB, file-rss:32768kB, shmem-rss:0kB [ 699.398196] oom_reaper: reaped process 26434 (syz-executor1), now anon-rss:0kB, file-rss:32000kB, shmem-rss:0kB [ 699.410433] syz-executor3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=2, oom_score_adj=0 [ 699.423238] syz-executor3 cpuset=syz3 mems_allowed=0 [ 699.428822] CPU: 0 PID: 26428 Comm: syz-executor3 Not tainted 4.19.0-rc6+ #265 [ 699.436210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 699.445564] Call Trace: [ 699.448152] dump_stack+0x1c4/0x2b4 [ 699.451826] ? dump_stack_print_info.cold.2+0x52/0x52 [ 699.457025] ? mark_held_locks+0x130/0x130 [ 699.461256] ? mark_held_locks+0x130/0x130 [ 699.465490] dump_header+0x27b/0xf72 [ 699.469198] ? pagefault_out_of_memory+0x197/0x197 [ 699.474114] ? check_preemption_disabled+0x48/0x200 [ 699.479123] ? check_preemption_disabled+0x48/0x200 [ 699.484151] ? graph_lock+0x170/0x170 [ 699.487969] ? graph_lock+0x170/0x170 [ 699.491763] ? print_usage_bug+0xc0/0xc0 [ 699.495823] ? find_held_lock+0x36/0x1c0 [ 699.499883] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 699.505413] ? find_held_lock+0x36/0x1c0 [ 699.509464] ? mark_held_locks+0xc7/0x130 [ 699.513600] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 699.518691] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 699.523779] ? lockdep_hardirqs_on+0x421/0x5c0 [ 699.528346] ? trace_hardirqs_on+0xbd/0x310 [ 699.532651] ? kasan_check_read+0x11/0x20 [ 699.536784] ? ___ratelimit+0x36f/0x655 [ 699.540746] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 699.546191] ? trace_hardirqs_on+0x310/0x310 [ 699.550584] ? lock_downgrade+0x900/0x900 [ 699.554720] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 699.559806] ? ___ratelimit+0xaa/0x655 [ 699.563693] ? idr_get_free+0xec0/0xec0 [ 699.567681] ? kasan_check_write+0x14/0x20 [ 699.571902] ? do_raw_spin_lock+0xc1/0x200 [ 699.576123] oom_kill_process.cold.27+0x10/0x903 [ 699.580864] ? kasan_check_write+0x14/0x20 [ 699.585125] ? do_raw_spin_lock+0xc1/0x200 [ 699.589349] ? oom_evaluate_task+0x540/0x540 [ 699.593752] ? cgroup_procs_next+0x70/0x70 [ 699.597970] ? _raw_spin_unlock_irq+0x60/0x80 [ 699.602489] ? oom_badness+0xaa0/0xaa0 [ 699.606364] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 699.611104] ? mem_cgroup_iter_break+0x30/0x30 [ 699.615694] ? mark_held_locks+0xc7/0x130 [ 699.619829] out_of_memory+0xa84/0x1430 [ 699.623800] ? lockdep_hardirqs_on+0x421/0x5c0 [ 699.628365] ? kasan_check_read+0x11/0x20 [ 699.632508] ? oom_killer_disable+0x3a0/0x3a0 [ 699.637009] ? kasan_check_write+0x14/0x20 [ 699.641233] ? do_raw_spin_lock+0xc1/0x200 [ 699.645458] mem_cgroup_out_of_memory+0x15e/0x210 [ 699.650284] ? memcg_memory_event+0x40/0x40 [ 699.654591] ? mem_cgroup_charge_skmem+0x1e4/0x390 [ 699.659521] ? page_counter_try_charge+0x1c1/0x220 [ 699.664438] try_charge+0xc43/0x1690 [ 699.668140] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 699.674215] ? mark_held_locks+0xc7/0x130 [ 699.678362] ? graph_lock+0x170/0x170 [ 699.682172] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 699.687092] ? lockdep_hardirqs_on+0x421/0x5c0 [ 699.691708] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 699.697251] ? check_preemption_disabled+0x48/0x200 [ 699.702252] ? check_preemption_disabled+0x48/0x200 [ 699.707260] ? mark_held_locks+0xc7/0x130 [ 699.711434] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 699.716349] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 699.721263] ? lockdep_hardirqs_on+0x421/0x5c0 [ 699.725834] ? rcu_read_lock_sched_held+0x108/0x120 [ 699.730836] ? __sk_mem_raise_allocated+0x642/0x1800 [ 699.735931] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 699.741368] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 699.746889] ? check_preemption_disabled+0x48/0x200 [ 699.751964] mem_cgroup_charge_skmem+0x1e4/0x390 [ 699.756710] ? mem_cgroup_sk_free+0x90/0x90 [ 699.761022] __sk_mem_raise_allocated+0x642/0x1800 [ 699.765939] ? sk_busy_loop_end+0x1c0/0x1c0 [ 699.770261] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 699.775801] ? alloc_pages_current+0x114/0x210 [ 699.780382] ? skb_page_frag_refill+0x1eb/0x6a0 [ 699.785040] ? sock_kzfree_s+0x60/0x60 [ 699.788913] ? _copy_from_iter_full+0x2b3/0xd20 [ 699.793572] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 699.799095] ? tcp_rate_check_app_limited+0x121/0x460 [ 699.804273] ? iov_iter_advance+0x1460/0x1460 [ 699.808759] __sk_mem_schedule+0x6d/0xe0 [ 699.812821] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 699.818346] tcp_sendmsg_locked+0x1c86/0x3f00 [ 699.822842] ? tcp_sendpage+0x60/0x60 [ 699.826629] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 699.832149] ? aa_label_sk_perm+0x46d/0x8e0 [ 699.836475] ? find_held_lock+0x36/0x1c0 [ 699.840523] ? mark_held_locks+0xc7/0x130 [ 699.844676] ? __local_bh_enable_ip+0x160/0x260 [ 699.849331] ? __local_bh_enable_ip+0x160/0x260 [ 699.854234] ? trace_hardirqs_on+0xbd/0x310 [ 699.858541] ? lock_release+0x970/0x970 [ 699.862499] ? lock_sock_nested+0xe2/0x120 [ 699.866719] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 699.872152] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 699.877704] ? check_preemption_disabled+0x48/0x200 [ 699.882743] ? lock_sock_nested+0x9a/0x120 [ 699.886975] ? lock_sock_nested+0x9a/0x120 [ 699.891218] ? __local_bh_enable_ip+0x160/0x260 [ 699.895893] tcp_sendmsg+0x2f/0x50 [ 699.899442] inet_sendmsg+0x1a1/0x690 [ 699.903232] ? ipip_gro_receive+0x100/0x100 [ 699.907545] ? apparmor_socket_sendmsg+0x29/0x30 [ 699.912300] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 699.917835] ? security_socket_sendmsg+0x94/0xc0 [ 699.922591] ? ipip_gro_receive+0x100/0x100 [ 699.926912] sock_sendmsg+0xd5/0x120 [ 699.930614] __sys_sendto+0x3d7/0x670 [ 699.934401] ? __ia32_sys_getpeername+0xb0/0xb0 [ 699.939084] ? lock_release+0x970/0x970 [ 699.943058] ? arch_local_save_flags+0x40/0x40 [ 699.947626] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 699.953084] ? aa_af_perm+0x5a0/0x5a0 [ 699.956883] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 699.962415] ? put_timespec64+0x10f/0x1b0 [ 699.966551] ? nsecs_to_jiffies+0x30/0x30 [ 699.970716] ? do_syscall_64+0x9a/0x820 [ 699.974711] ? do_syscall_64+0x9a/0x820 [ 699.978671] ? lockdep_hardirqs_on+0x421/0x5c0 [ 699.983254] ? trace_hardirqs_on+0xbd/0x310 [ 699.987560] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 699.993116] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 699.998470] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 700.003909] __x64_sys_sendto+0xe1/0x1a0 [ 700.007959] do_syscall_64+0x1b9/0x820 [ 700.011831] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 700.017195] ? syscall_return_slowpath+0x5e0/0x5e0 [ 700.022109] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 700.026959] ? trace_hardirqs_on_caller+0x310/0x310 [ 700.031987] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 700.037019] ? prepare_exit_to_usermode+0x291/0x3b0 [ 700.042031] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 700.046866] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 700.052039] RIP: 0033:0x457579 [ 700.055219] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 700.074100] RSP: 002b:00007f7e36aa9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 700.081791] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457579 [ 700.089043] RDX: fffffffffffffe4e RSI: 0000000020000000 RDI: 0000000000000003 [ 700.096293] RBP: 000000000072bf00 R08: 00000000200000c0 R09: 0000000000000006 [ 700.103545] R10: 00000000000000c0 R11: 0000000000000246 R12: 00007f7e36aaa6d4 [ 700.110798] R13: 00000000004c3929 R14: 00000000004d57c0 R15: 00000000ffffffff [ 700.120130] Task in /syz3 killed as a result of limit of /syz3 [ 700.126258] memory: usage 204800kB, limit 204800kB, failcnt 3094 [ 700.132618] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 700.139440] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 700.145604] Memory cgroup stats for /syz3: cache:0KB rss:2292KB rss_huge:2048KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2212KB inactive_file:0KB active_file:0KB unevictable:0KB [ 700.166188] Memory cgroup out of memory: Kill process 26427 (syz-executor3) score 171 or sacrifice child [ 700.175928] Killed process 26427 (syz-executor3) total-vm:70472kB, anon-rss:2156kB, file-rss:32768kB, shmem-rss:0kB [ 700.188324] oom_reaper: reaped process 26427 (syz-executor3), now anon-rss:0kB, file-rss:32000kB, shmem-rss:0kB [ 700.189614] syz-executor1 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=0 [ 700.211592] syz-executor1 cpuset=syz1 mems_allowed=0 [ 700.216851] CPU: 0 PID: 26434 Comm: syz-executor1 Not tainted 4.19.0-rc6+ #265 [ 700.224208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 700.233543] Call Trace: [ 700.236117] dump_stack+0x1c4/0x2b4 [ 700.239763] ? dump_stack_print_info.cold.2+0x52/0x52 [ 700.244956] dump_header+0x27b/0xf72 [ 700.248659] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 700.254470] ? kasan_check_read+0x11/0x20 [ 700.258603] ? pagefault_out_of_memory+0x197/0x197 [ 700.263516] ? rcu_read_unlock+0x33/0x60 [ 700.267558] ? mem_cgroup_iter+0x514/0x1160 [ 700.271863] ? find_held_lock+0x36/0x1c0 [ 700.275938] ? mem_cgroup_nr_lru_pages+0x80/0x80 [ 700.280676] ? mark_held_locks+0xc7/0x130 [ 700.284840] ? _raw_spin_unlock_irq+0x27/0x80 [ 700.289319] ? _raw_spin_unlock_irq+0x27/0x80 [ 700.293820] ? lockdep_hardirqs_on+0x421/0x5c0 [ 700.298388] ? trace_hardirqs_on+0xbd/0x310 [ 700.302704] ? kasan_check_read+0x11/0x20 [ 700.306870] ? css_task_iter_end+0x222/0x490 [ 700.311263] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 700.316708] ? kasan_check_write+0x14/0x20 [ 700.320939] ? do_raw_spin_lock+0xc1/0x200 [ 700.325165] ? _raw_spin_unlock_irq+0x60/0x80 [ 700.329648] ? css_task_iter_end+0x2ce/0x490 [ 700.334038] ? cgroup_procs_next+0x70/0x70 [ 700.338257] ? _raw_spin_unlock_irq+0x60/0x80 [ 700.342737] ? oom_badness+0xaa0/0xaa0 [ 700.346608] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 700.351350] ? mem_cgroup_iter_break+0x30/0x30 [ 700.355918] ? cgroup_file_notify+0x226/0x2f0 [ 700.360396] out_of_memory.cold.30+0xf/0x184 [ 700.364783] ? lockdep_hardirqs_on+0x421/0x5c0 [ 700.369367] ? kasan_check_read+0x11/0x20 [ 700.373504] ? oom_killer_disable+0x3a0/0x3a0 [ 700.377983] ? kasan_check_write+0x14/0x20 [ 700.382204] ? do_raw_spin_lock+0xc1/0x200 [ 700.386425] mem_cgroup_out_of_memory+0x15e/0x210 [ 700.391251] ? memcg_memory_event+0x40/0x40 [ 700.395566] ? memcg_kmem_charge_memcg+0x7c/0x120 [ 700.400422] ? page_counter_try_charge+0x1c1/0x220 [ 700.405356] try_charge+0xc43/0x1690 [ 700.409055] ? lock_downgrade+0x900/0x900 [ 700.413193] ? check_preemption_disabled+0x48/0x200 [ 700.418204] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 700.424260] ? find_held_lock+0x36/0x1c0 [ 700.428308] ? get_mem_cgroup_from_mm+0x1e9/0x440 [ 700.433133] ? lock_downgrade+0x900/0x900 [ 700.437268] ? check_preemption_disabled+0x48/0x200 [ 700.442270] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 700.448046] ? kasan_check_read+0x11/0x20 [ 700.452187] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 700.457448] ? rcu_bh_qs+0xc0/0xc0 [ 700.460975] ? get_mem_cgroup_from_mm+0x206/0x440 [ 700.465803] memcg_kmem_charge_memcg+0x7c/0x120 [ 700.470453] ? memcg_kmem_put_cache+0xb0/0xb0 [ 700.474930] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 700.480282] memcg_kmem_charge+0x135/0x300 [ 700.484499] __alloc_pages_nodemask+0x72e/0xde0 [ 700.489180] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 700.494459] ? __alloc_pages_slowpath+0x2d80/0x2d80 [ 700.499459] ? check_preemption_disabled+0x48/0x200 [ 700.504462] ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0 [ 700.510010] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 700.515299] ? percpu_ref_put_many+0x13e/0x260 [ 700.519894] ? rcu_pm_notify+0xc0/0xc0 [ 700.523797] ? copy_process+0x1ff4/0x8780 [ 700.527929] ? rcu_read_lock_sched_held+0x108/0x120 [ 700.532927] ? kmem_cache_alloc_node+0x349/0x730 [ 700.537673] ? kasan_check_write+0x14/0x20 [ 700.541888] ? do_raw_spin_lock+0xc1/0x200 [ 700.546120] copy_process+0xa09/0x8780 [ 700.549995] ? print_usage_bug+0xc0/0xc0 [ 700.554057] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 700.559581] ? __lock_acquire+0x7ec/0x4ec0 [ 700.563806] ? __cleanup_sighand+0x70/0x70 [ 700.568030] ? mark_held_locks+0x130/0x130 [ 700.572285] ? print_usage_bug+0xc0/0xc0 [ 700.576351] ? find_held_lock+0x36/0x1c0 [ 700.580401] ? rcu_read_unlock_special.part.39+0x8a4/0x11f0 [ 700.586093] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 700.591216] ? __lock_acquire+0x7ec/0x4ec0 [ 700.595432] ? graph_lock+0x170/0x170 [ 700.599217] ? check_preemption_disabled+0x48/0x200 [ 700.604215] ? check_preemption_disabled+0x48/0x200 [ 700.609222] ? mark_held_locks+0x130/0x130 [ 700.613452] ? print_usage_bug+0xc0/0xc0 [ 700.617495] ? find_held_lock+0x36/0x1c0 [ 700.621545] ? find_held_lock+0x36/0x1c0 [ 700.625591] ? print_usage_bug+0xc0/0xc0 [ 700.629645] ? __lock_acquire+0x7ec/0x4ec0 [ 700.633858] ? lock_downgrade+0x900/0x900 [ 700.637989] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 700.643509] ? check_preemption_disabled+0x48/0x200 [ 700.648511] ? check_preemption_disabled+0x48/0x200 [ 700.653516] ? __lock_acquire+0x7ec/0x4ec0 [ 700.657739] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 700.663259] ? mark_held_locks+0x130/0x130 [ 700.667479] ? rcu_read_unlock+0x16/0x60 [ 700.671523] ? lock_downgrade+0x900/0x900 [ 700.675666] ? check_preemption_disabled+0x48/0x200 [ 700.680681] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 700.686460] ? kasan_check_read+0x11/0x20 [ 700.690592] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 700.695850] ? graph_lock+0x170/0x170 [ 700.699658] ? rcu_read_unlock+0x33/0x60 [ 700.703710] ? find_held_lock+0x36/0x1c0 [ 700.707753] ? graph_lock+0x170/0x170 [ 700.711553] ? delayacct_end+0x25/0x100 [ 700.715545] ? lock_downgrade+0x900/0x900 [ 700.719674] ? ktime_get+0x352/0x440 [ 700.723579] ? print_usage_bug+0xc0/0xc0 [ 700.727621] ? find_held_lock+0x36/0x1c0 [ 700.731665] ? delayacct_end+0xc5/0x100 [ 700.735621] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 700.740729] ? __lock_acquire+0x7ec/0x4ec0 [ 700.744948] ? trace_hardirqs_on+0xbd/0x310 [ 700.749252] ? kasan_check_read+0x11/0x20 [ 700.753381] ? delayacct_end+0xc5/0x100 [ 700.757343] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 700.762781] ? mark_held_locks+0x130/0x130 [ 700.766999] ? delayacct_end+0x5a/0x100 [ 700.770960] ? __delayacct_freepages_end+0xe0/0x140 [ 700.775972] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 700.781528] ? do_try_to_free_pages+0xe68/0x1290 [ 700.786271] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 700.791819] ? check_preemption_disabled+0x48/0x200 [ 700.796844] ? check_preemption_disabled+0x48/0x200 [ 700.801862] ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0 [ 700.807381] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 700.812639] ? rcu_pm_notify+0xc0/0xc0 [ 700.816513] ? graph_lock+0x170/0x170 [ 700.820302] ? try_to_free_mem_cgroup_pages+0x58b/0xca0 [ 700.825670] _do_fork+0x1cb/0x11d0 [ 700.829217] ? fork_idle+0x1d0/0x1d0 [ 700.832914] ? percpu_ref_put_many+0x11c/0x260 [ 700.837496] ? lock_downgrade+0x900/0x900 [ 700.841627] ? check_preemption_disabled+0x48/0x200 [ 700.846627] ? kasan_check_read+0x11/0x20 [ 700.850759] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 700.856016] ? rcu_bh_qs+0xc0/0xc0 [ 700.859542] ? get_mem_cgroup_from_mm+0x206/0x440 [ 700.864368] ? do_syscall_64+0x9a/0x820 [ 700.868323] ? do_syscall_64+0x9a/0x820 [ 700.872280] ? lockdep_hardirqs_on+0x421/0x5c0 [ 700.876845] ? trace_hardirqs_on+0xbd/0x310 [ 700.881146] ? trace_hardirqs_on+0x310/0x310 [ 700.885545] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 700.890904] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 700.896338] __x64_sys_clone+0xbf/0x150 [ 700.900298] do_syscall_64+0x1b9/0x820 [ 700.904170] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 700.909523] ? syscall_return_slowpath+0x5e0/0x5e0 [ 700.914435] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 700.919259] ? trace_hardirqs_on_caller+0x310/0x310 [ 700.924262] ? prepare_exit_to_usermode+0x291/0x3b0 [ 700.929266] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 700.934123] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 700.939295] RIP: 0033:0x459f49 [ 700.942486] Code: Bad RIP value. [ 700.945831] RSP: 002b:0000000000a3fac8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 700.953532] RAX: ffffffffffffffda RBX: 00007f2ad8032700 RCX: 0000000000459f49 [ 700.960798] RDX: 00007f2ad80329d0 RSI: 00007f2ad8031db0 RDI: 00000000003d0f00 [ 700.968065] RBP: 0000000000a3fcd0 R08: 00007f2ad8032700 R09: 00007f2ad8032700 [ 700.975319] R10: 00007f2ad80329d0 R11: 0000000000000202 R12: 0000000000000000 [ 700.982601] R13: 0000000000a3fb7f R14: 00007f2ad80329c0 R15: 0000000000000001 [ 701.000220] Memory limit reached of cgroup /syz1 [ 701.005024] memory: usage 200560kB, limit 204800kB, failcnt 4025 [ 701.012224] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 701.019170] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 03:05:33 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x700000000000000]}, 0x6) 03:05:33 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x141000, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000100)={0xf5, 0x0, [0x2, 0xb83, 0x6, 0x7fffffff]}) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) 03:05:33 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) ioctl(0xffffffffffffffff, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:33 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x14]}, 0x6) 03:05:33 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0xe0ffffff]}, 0x6) 03:05:33 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x3e8]}, 0x6) [ 701.025323] Memory cgroup stats for /syz1: cache:224KB rss:80KB rss_huge:0KB shmem:224KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:64KB inactive_file:0KB active_file:0KB unevictable:0KB [ 701.045350] Out of memory and no killable processes... [ 701.075140] QAT: Invalid ioctl 03:05:33 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) ioctl(0xffffffffffffffff, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:33 executing program 4: r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000000040)=0x800, 0x4) getsockopt$XDP_STATISTICS(r0, 0x11b, 0x7, &(0x7f0000000100), &(0x7f0000000140)=0x18) r1 = socket$inet(0x2, 0x1, 0x0) getsockopt$inet_sctp_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000000), &(0x7f0000000180)=0xb) getsockopt$ARPT_SO_GET_REVISION_TARGET(0xffffffffffffff9c, 0x0, 0x63, &(0x7f00000001c0)={'TPROXY\x00'}, &(0x7f0000000200)=0x1e) syz_open_dev$admmidi(&(0x7f0000000240)='/dev/admmidi#\x00', 0x8001, 0x2100) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r1, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r1, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) 03:05:33 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x400000000000000]}, 0x6) 03:05:34 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x4000]}, 0x6) 03:05:34 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) ioctl(0xffffffffffffffff, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:34 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x3f000000]}, 0x6) 03:05:34 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) r1 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x6, 0x8800) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r1, 0x80045301, &(0x7f0000000040)) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) 03:05:34 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xe00]}, 0x6) 03:05:34 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:34 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x81b14]}, 0x6) 03:05:34 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x4002000000000000]}, 0x6) 03:05:34 executing program 4: r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x4000, 0x0) sendto$inet(r0, &(0x7f0000000040)="4f7a5479de4fa7be7c138f6945b0dd958f69445847c543c39958e3975c52e37435853fac8a409262ac6592a5", 0x2c, 0x20040005, &(0x7f0000000100)={0x2, 0x4e21, @remote}, 0x10) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r1, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r1, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) getsockopt$inet_mtu(r1, 0x0, 0xa, &(0x7f0000000140), &(0x7f0000000180)=0x4) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f00000001c0)=""/178) 03:05:34 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:34 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x80, 0x0) ioctl$EVIOCGUNIQ(r1, 0x80404508, &(0x7f0000000100)=""/91) [ 701.633712] syz-executor3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=1, oom_score_adj=0 [ 701.717309] syz-executor3 cpuset=syz3 mems_allowed=0 [ 701.735874] CPU: 0 PID: 26508 Comm: syz-executor3 Not tainted 4.19.0-rc6+ #265 [ 701.743255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 701.752612] Call Trace: [ 701.755225] dump_stack+0x1c4/0x2b4 [ 701.758871] ? dump_stack_print_info.cold.2+0x52/0x52 [ 701.764081] ? mark_held_locks+0x130/0x130 [ 701.768325] ? mark_held_locks+0x130/0x130 [ 701.772578] dump_header+0x27b/0xf72 [ 701.776317] ? pagefault_out_of_memory+0x197/0x197 [ 701.781262] ? check_preemption_disabled+0x48/0x200 [ 701.786321] ? check_preemption_disabled+0x48/0x200 [ 701.791359] ? graph_lock+0x170/0x170 [ 701.795204] ? graph_lock+0x170/0x170 [ 701.799029] ? print_usage_bug+0xc0/0xc0 [ 701.803107] ? find_held_lock+0x36/0x1c0 [ 701.807196] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 701.812750] ? find_held_lock+0x36/0x1c0 [ 701.816830] ? mark_held_locks+0xc7/0x130 [ 701.820988] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 701.826097] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 701.831219] ? lockdep_hardirqs_on+0x421/0x5c0 [ 701.835814] ? trace_hardirqs_on+0xbd/0x310 [ 701.840145] ? kasan_check_read+0x11/0x20 [ 701.844320] ? ___ratelimit+0x36f/0x655 [ 701.848302] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 701.853937] ? trace_hardirqs_on+0x310/0x310 [ 701.858357] ? lock_downgrade+0x900/0x900 [ 701.862528] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 701.867645] ? ___ratelimit+0xaa/0x655 [ 701.871547] ? idr_get_free+0xec0/0xec0 [ 701.875530] ? kasan_check_write+0x14/0x20 [ 701.879780] ? do_raw_spin_lock+0xc1/0x200 [ 701.884039] oom_kill_process.cold.27+0x10/0x903 [ 701.888804] ? kasan_check_write+0x14/0x20 [ 701.893053] ? do_raw_spin_lock+0xc1/0x200 [ 701.897308] ? oom_evaluate_task+0x540/0x540 [ 701.901729] ? cgroup_procs_next+0x70/0x70 [ 701.905976] ? _raw_spin_unlock_irq+0x60/0x80 [ 701.910481] ? oom_badness+0xaa0/0xaa0 [ 701.914384] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 701.919171] ? mem_cgroup_iter_break+0x30/0x30 [ 701.923784] ? mark_held_locks+0xc7/0x130 [ 701.927957] out_of_memory+0xa84/0x1430 [ 701.931943] ? lockdep_hardirqs_on+0x421/0x5c0 [ 701.936540] ? kasan_check_read+0x11/0x20 [ 701.940719] ? oom_killer_disable+0x3a0/0x3a0 [ 701.945219] ? kasan_check_write+0x14/0x20 [ 701.949486] ? do_raw_spin_lock+0xc1/0x200 [ 701.953743] mem_cgroup_out_of_memory+0x15e/0x210 [ 701.958630] ? memcg_memory_event+0x40/0x40 [ 701.962973] ? mem_cgroup_charge_skmem+0x1e4/0x390 [ 701.967920] ? page_counter_try_charge+0x1c1/0x220 [ 701.972860] try_charge+0xc43/0x1690 [ 701.972921] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 701.972937] ? tcp_sendmsg+0x2f/0x50 [ 701.972952] ? sock_sendmsg+0xd5/0x120 [ 701.972971] ? __sys_sendto+0x3d7/0x670 [ 701.982987] ? __x64_sys_sendto+0xe1/0x1a0 [ 701.983004] ? do_syscall_64+0x1b9/0x820 [ 701.983019] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 701.983034] ? graph_lock+0x170/0x170 [ 701.983055] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 701.983078] ? check_preemption_disabled+0x48/0x200 [ 702.005049] ? check_preemption_disabled+0x48/0x200 [ 702.005076] ? mark_held_locks+0xc7/0x130 [ 702.005090] ? __lock_is_held+0xb5/0x140 [ 702.005109] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 702.019808] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 702.029813] ? lockdep_hardirqs_on+0x421/0x5c0 [ 702.029836] ? __sk_mem_raise_allocated+0x642/0x1800 [ 702.029853] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 702.029869] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 702.029886] ? check_preemption_disabled+0x48/0x200 [ 702.029924] mem_cgroup_charge_skmem+0x1e4/0x390 [ 702.043043] ? mem_cgroup_sk_free+0x90/0x90 [ 702.043076] __sk_mem_raise_allocated+0x642/0x1800 [ 702.052584] ? sk_busy_loop_end+0x1c0/0x1c0 [ 702.052602] ? sk_alloc_sg+0xa00/0xa00 [ 702.052619] ? arch_local_save_flags+0x40/0x40 [ 702.052643] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 702.063215] ? skb_page_frag_refill+0x1eb/0x6a0 [ 702.063252] ? sock_kzfree_s+0x60/0x60 [ 702.063269] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 702.063289] ? sk_stream_alloc_skb+0x34b/0x970 [ 702.073826] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 702.073842] ? skb_entail+0x618/0x8c0 [ 702.073859] ? tcp_rate_check_app_limited+0x121/0x460 [ 702.073877] ? tcp_splice_data_recv+0x1b0/0x1b0 [ 702.082940] __sk_mem_schedule+0x6d/0xe0 [ 702.082957] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 702.082976] tcp_sendmsg_locked+0x1c86/0x3f00 [ 702.083014] ? tcp_sendpage+0x60/0x60 [ 702.092230] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 03:05:34 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:34 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e22, @dev}, 0x10) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x200, 0x0) accept$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000100)=0x14) sendto$inet(r0, &(0x7f0000000000), 0x0, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e1f, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0x0, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @rand_addr=0x2}, 0x10) 03:05:34 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x2000000000000]}, 0x6) 03:05:34 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0xf401]}, 0x6) 03:05:34 executing program 4: socketpair(0xf, 0xf, 0x33, &(0x7f0000003700)={0xffffffffffffffff}) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r0, 0x84, 0x65, &(0x7f0000003740)=[@in={0x2, 0x4e23, @broadcast}], 0x10) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r1, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r1, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) [ 702.092246] ? aa_label_sk_perm+0x46d/0x8e0 [ 702.092278] ? find_held_lock+0x36/0x1c0 [ 702.100761] ? mark_held_locks+0xc7/0x130 [ 702.100782] ? __local_bh_enable_ip+0x160/0x260 [ 702.100799] ? __local_bh_enable_ip+0x160/0x260 [ 702.100818] ? trace_hardirqs_on+0xbd/0x310 [ 702.100835] ? lock_release+0x970/0x970 [ 702.114376] ? lock_sock_nested+0xe2/0x120 [ 702.114396] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 702.129498] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 702.129517] ? check_preemption_disabled+0x48/0x200 [ 702.129534] ? lock_sock_nested+0x9a/0x120 [ 702.129554] ? lock_sock_nested+0x9a/0x120 [ 702.211869] ? __local_bh_enable_ip+0x160/0x260 [ 702.221102] tcp_sendmsg+0x2f/0x50 [ 702.221122] inet_sendmsg+0x1a1/0x690 [ 702.221142] ? ipip_gro_receive+0x100/0x100 [ 702.221173] ? apparmor_socket_sendmsg+0x29/0x30 [ 702.246433] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 702.251989] ? security_socket_sendmsg+0x94/0xc0 [ 702.256760] ? ipip_gro_receive+0x100/0x100 [ 702.261101] sock_sendmsg+0xd5/0x120 [ 702.264832] __sys_sendto+0x3d7/0x670 [ 702.268652] ? __ia32_sys_getpeername+0xb0/0xb0 [ 702.273339] ? lock_release+0x970/0x970 [ 702.277326] ? arch_local_save_flags+0x40/0x40 [ 702.281923] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 702.287386] ? aa_af_perm+0x5a0/0x5a0 [ 702.291234] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 702.296782] ? put_timespec64+0x10f/0x1b0 [ 702.300931] ? nsecs_to_jiffies+0x30/0x30 [ 702.305065] ? do_syscall_64+0x9a/0x820 [ 702.309025] ? do_syscall_64+0x9a/0x820 [ 702.312999] ? lockdep_hardirqs_on+0x421/0x5c0 [ 702.317581] ? trace_hardirqs_on+0xbd/0x310 [ 702.321896] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 702.327440] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 702.332791] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 702.338231] __x64_sys_sendto+0xe1/0x1a0 [ 702.342299] do_syscall_64+0x1b9/0x820 [ 702.346188] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 702.351539] ? syscall_return_slowpath+0x5e0/0x5e0 [ 702.356454] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 702.361282] ? trace_hardirqs_on_caller+0x310/0x310 [ 702.366300] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 702.371302] ? prepare_exit_to_usermode+0x291/0x3b0 [ 702.376307] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 702.381144] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 702.386329] RIP: 0033:0x457579 [ 702.389506] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 702.408392] RSP: 002b:00007f7e36aa9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 702.416086] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457579 [ 702.423340] RDX: fffffffffffffe4e RSI: 0000000020000000 RDI: 0000000000000003 [ 702.430591] RBP: 000000000072bf00 R08: 00000000200000c0 R09: 0000000000000006 [ 702.437845] R10: 00000000000000c0 R11: 0000000000000246 R12: 00007f7e36aaa6d4 [ 702.445530] R13: 00000000004c3929 R14: 00000000004d57c0 R15: 00000000ffffffff [ 702.461656] Task in /syz3 killed as a result of limit of /syz3 [ 702.468053] memory: usage 204800kB, limit 204800kB, failcnt 3121 [ 702.474508] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 702.482030] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 702.488462] Memory cgroup stats for /syz3: cache:0KB rss:2156KB rss_huge:2048KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2204KB inactive_file:0KB active_file:0KB unevictable:0KB 03:05:35 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xe803]}, 0x6) 03:05:35 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x8055000000000000]}, 0x6) 03:05:35 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sloppy_sctp\x00', 0x2, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) 03:05:35 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x481c]}, 0x6) 03:05:35 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x240]}, 0x6) 03:05:35 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) [ 702.511936] Memory cgroup out of memory: Kill process 26506 (syz-executor3) score 171 or sacrifice child [ 702.521631] Killed process 26506 (syz-executor3) total-vm:70472kB, anon-rss:2156kB, file-rss:32768kB, shmem-rss:0kB [ 702.534029] oom_reaper: reaped process 26506 (syz-executor3), now anon-rss:0kB, file-rss:32740kB, shmem-rss:0kB 03:05:35 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f0000000000)=0x100000001, 0x4) sendto$inet(r0, &(0x7f0000000040), 0x0, 0xc0, &(0x7f00000000c0), 0x10) 03:05:35 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x40000000]}, 0x6) 03:05:35 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x1d4c]}, 0x6) 03:05:35 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x8]}, 0x6) 03:05:35 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x4002]}, 0x6) 03:05:35 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xffffffffffffffff]}, 0x6) 03:05:35 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @dev}, 0x3) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) 03:05:35 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x14000000]}, 0x6) 03:05:35 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xa00000000000000]}, 0x6) 03:05:35 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) ioctl$int_out(r0, 0x5462, &(0x7f0000000000)) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) [ 703.042498] syz-executor3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=3, oom_score_adj=0 [ 703.066873] syz-executor3 cpuset=syz3 mems_allowed=0 [ 703.080010] CPU: 1 PID: 26597 Comm: syz-executor3 Not tainted 4.19.0-rc6+ #265 [ 703.087391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 703.087398] Call Trace: [ 703.087421] dump_stack+0x1c4/0x2b4 [ 703.087443] ? dump_stack_print_info.cold.2+0x52/0x52 [ 703.087464] ? mark_held_locks+0x130/0x130 [ 703.087479] ? mark_held_locks+0x130/0x130 [ 703.087500] dump_header+0x27b/0xf72 [ 703.087529] ? pagefault_out_of_memory+0x197/0x197 [ 703.087547] ? check_preemption_disabled+0x48/0x200 [ 703.087563] ? check_preemption_disabled+0x48/0x200 [ 703.087586] ? graph_lock+0x170/0x170 [ 703.112541] ? graph_lock+0x170/0x170 [ 703.112559] ? print_usage_bug+0xc0/0xc0 [ 703.112577] ? find_held_lock+0x36/0x1c0 [ 703.147067] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 703.147088] ? find_held_lock+0x36/0x1c0 [ 703.147111] ? mark_held_locks+0xc7/0x130 [ 703.147129] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 703.147144] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 703.147175] ? lockdep_hardirqs_on+0x421/0x5c0 [ 703.156783] ? trace_hardirqs_on+0xbd/0x310 [ 703.184033] ? kasan_check_read+0x11/0x20 [ 703.188175] ? ___ratelimit+0x36f/0x655 [ 703.192139] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 703.197584] ? trace_hardirqs_on+0x310/0x310 [ 703.201976] ? lock_downgrade+0x900/0x900 [ 703.206110] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 703.211204] ? ___ratelimit+0xaa/0x655 [ 703.215077] ? idr_get_free+0xec0/0xec0 [ 703.219038] ? kasan_check_write+0x14/0x20 [ 703.223258] ? do_raw_spin_lock+0xc1/0x200 [ 703.227496] oom_kill_process.cold.27+0x10/0x903 [ 703.232288] ? kasan_check_write+0x14/0x20 [ 703.236511] ? do_raw_spin_lock+0xc1/0x200 [ 703.240776] ? oom_evaluate_task+0x540/0x540 [ 703.245179] ? cgroup_procs_next+0x70/0x70 [ 703.249403] ? _raw_spin_unlock_irq+0x60/0x80 [ 703.253882] ? oom_badness+0xaa0/0xaa0 [ 703.257757] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 703.262497] ? mem_cgroup_iter_break+0x30/0x30 [ 703.267110] ? mark_held_locks+0xc7/0x130 [ 703.271249] out_of_memory+0xa84/0x1430 [ 703.275208] ? lockdep_hardirqs_on+0x421/0x5c0 [ 703.279774] ? kasan_check_read+0x11/0x20 [ 703.283906] ? oom_killer_disable+0x3a0/0x3a0 [ 703.288385] ? kasan_check_write+0x14/0x20 [ 703.292603] ? do_raw_spin_lock+0xc1/0x200 [ 703.296826] mem_cgroup_out_of_memory+0x15e/0x210 [ 703.301651] ? memcg_memory_event+0x40/0x40 [ 703.305960] ? mem_cgroup_charge_skmem+0x1e4/0x390 [ 703.310880] ? page_counter_try_charge+0x1c1/0x220 [ 703.315797] try_charge+0xc43/0x1690 [ 703.319505] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 703.325544] ? mark_held_locks+0xc7/0x130 [ 703.329684] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 703.334635] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 703.339553] ? lockdep_hardirqs_on+0x421/0x5c0 [ 703.344121] ? trace_hardirqs_on+0xbd/0x310 [ 703.348470] ? check_preemption_disabled+0x48/0x200 [ 703.353506] ? __sk_mem_raise_allocated+0x642/0x1800 [ 703.358594] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 703.364030] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 703.369551] ? mark_held_locks+0xc7/0x130 [ 703.373687] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 703.378600] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 703.383712] ? lockdep_hardirqs_on+0x421/0x5c0 [ 703.388547] ? __sk_mem_raise_allocated+0x642/0x1800 [ 703.393634] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 703.399090] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 703.404702] ? check_preemption_disabled+0x48/0x200 [ 703.409705] ? __sk_mem_raise_allocated+0x721/0x1800 [ 703.414797] mem_cgroup_charge_skmem+0x1e4/0x390 [ 703.419540] ? mem_cgroup_sk_free+0x90/0x90 [ 703.423851] __sk_mem_raise_allocated+0x642/0x1800 [ 703.428769] ? sk_busy_loop_end+0x1c0/0x1c0 [ 703.433082] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 703.438084] ? skb_page_frag_refill+0x1eb/0x6a0 [ 703.442736] ? sock_kzfree_s+0x60/0x60 [ 703.446611] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 703.452136] ? sk_stream_alloc_skb+0x34b/0x970 [ 703.456712] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 703.462235] ? skb_entail+0x618/0x8c0 [ 703.466025] ? tcp_rate_check_app_limited+0x121/0x460 [ 703.471205] ? tcp_splice_data_recv+0x1b0/0x1b0 [ 703.475861] __sk_mem_schedule+0x6d/0xe0 [ 703.479905] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 703.485427] tcp_sendmsg_locked+0x1c86/0x3f00 [ 703.489919] ? tcp_sendpage+0x60/0x60 [ 703.493706] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 703.499228] ? aa_label_sk_perm+0x46d/0x8e0 [ 703.503538] ? find_held_lock+0x36/0x1c0 [ 703.507613] ? mark_held_locks+0xc7/0x130 [ 703.511767] ? __local_bh_enable_ip+0x160/0x260 [ 703.516418] ? __local_bh_enable_ip+0x160/0x260 [ 703.521076] ? trace_hardirqs_on+0xbd/0x310 [ 703.525379] ? lock_release+0x970/0x970 [ 703.529336] ? lock_sock_nested+0xe2/0x120 [ 703.533554] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 703.538987] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 703.544598] ? check_preemption_disabled+0x48/0x200 [ 703.549598] ? lock_sock_nested+0x9a/0x120 [ 703.553816] ? lock_sock_nested+0x9a/0x120 [ 703.558039] ? __local_bh_enable_ip+0x160/0x260 [ 703.562699] tcp_sendmsg+0x2f/0x50 [ 703.566252] inet_sendmsg+0x1a1/0x690 [ 703.570041] ? ipip_gro_receive+0x100/0x100 [ 703.574348] ? apparmor_socket_sendmsg+0x29/0x30 [ 703.579521] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 703.586176] ? security_socket_sendmsg+0x94/0xc0 [ 703.590922] ? ipip_gro_receive+0x100/0x100 [ 703.595228] sock_sendmsg+0xd5/0x120 [ 703.598929] __sys_sendto+0x3d7/0x670 [ 703.602716] ? __ia32_sys_getpeername+0xb0/0xb0 [ 703.607368] ? lock_release+0x970/0x970 [ 703.611325] ? arch_local_save_flags+0x40/0x40 [ 703.615891] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 703.621327] ? aa_af_perm+0x5a0/0x5a0 [ 703.625128] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 703.630653] ? put_timespec64+0x10f/0x1b0 [ 703.634787] ? nsecs_to_jiffies+0x30/0x30 [ 703.638924] ? do_syscall_64+0x9a/0x820 [ 703.642885] ? do_syscall_64+0x9a/0x820 [ 703.646843] ? lockdep_hardirqs_on+0x421/0x5c0 [ 703.651410] ? trace_hardirqs_on+0xbd/0x310 [ 703.655719] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 703.661244] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 703.667050] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 703.673269] __x64_sys_sendto+0xe1/0x1a0 [ 703.677317] do_syscall_64+0x1b9/0x820 [ 703.681188] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 703.686559] ? syscall_return_slowpath+0x5e0/0x5e0 [ 703.691478] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 703.696304] ? trace_hardirqs_on_caller+0x310/0x310 [ 703.701305] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 703.706309] ? prepare_exit_to_usermode+0x291/0x3b0 [ 703.711312] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 703.716142] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 703.721320] RIP: 0033:0x457579 [ 703.724496] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 703.743380] RSP: 002b:00007f7e36aa9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 703.751072] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457579 [ 703.758328] RDX: fffffffffffffe4e RSI: 0000000020000000 RDI: 0000000000000003 [ 703.765580] RBP: 000000000072bf00 R08: 00000000200000c0 R09: 0000000000000006 [ 703.772892] R10: 00000000000000c0 R11: 0000000000000246 R12: 00007f7e36aaa6d4 [ 703.780145] R13: 00000000004c3929 R14: 00000000004d57c0 R15: 00000000ffffffff 03:05:36 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(0xffffffffffffffff, &(0x7f0000000140), 0x1c) r2 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r2, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:36 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x300]}, 0x6) 03:05:36 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000300)={0x0, 0x74}, &(0x7f0000000340)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x9, 0x0, 0x1, 0x7, 0xd74c, 0x5, 0x5, 0x101}, &(0x7f00000003c0)=0x20) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000400)={0x0, @in={{0x2, 0x4e20, @multicast1}}}, &(0x7f00000004c0)=0x84) getsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000540)={r1, 0x6}, &(0x7f0000000500)=0x8) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000180)={r2, 0xc5, "01441bc22a98db746aafa77ed09b20321caf837aea913fdb8f512ee881fa17f769eb61a737d39d0b89658e22f391c4f8194c342aa5572f0bf4d427727e0a934c98545e5ccd5626ac2b7b267653a6627ba8d84a35f34dc4a095c2a65f3533051dbbe14ad522517d0a4fb416e994038a7b2b37d7732c1488da92730d947db8104de2b7e408c230304296b72dd4a385d175b091b12872fca855680e3479c6d1e23d3077abc2fbf2d6cf912b8d42508c9ab8c5c4abe3e594a152042b53ba550c769814571806aa"}, &(0x7f0000000280)=0xcd) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) socketpair(0x9, 0x0, 0xdf, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$KVM_GET_ONE_REG(r3, 0x4010aeab, &(0x7f0000000040)={0x9, 0x5}) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000005480)='/dev/vga_arbiter\x00', 0x404000, 0x0) bind$bt_rfcomm(r4, &(0x7f00000054c0)={0x1f, {0x100, 0x8, 0x80000001, 0x20, 0x2, 0x5}, 0x5}, 0xa) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) 03:05:36 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x11000000]}, 0x6) 03:05:36 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0xfffff66b]}, 0x6) [ 703.793726] Task in /syz3 killed as a result of limit of /syz3 [ 703.799932] memory: usage 204764kB, limit 204800kB, failcnt 3143 [ 703.806214] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 703.814034] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 703.820381] Memory cgroup stats for /syz3: cache:0KB rss:164KB rss_huge:0KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:164KB inactive_file:0KB active_file:0KB unevictable:0KB [ 703.897133] Memory cgroup out of memory: Kill process 26596 (syz-executor3) score 161 or sacrifice child [ 703.928364] Killed process 26596 (syz-executor3) total-vm:70472kB, anon-rss:108kB, file-rss:32832kB, shmem-rss:0kB [ 703.950713] oom_reaper: reaped process 26596 (syz-executor3), now anon-rss:0kB, file-rss:32064kB, shmem-rss:0kB [ 703.972514] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=2, oom_score_adj=0 03:05:36 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x1100000000000000]}, 0x6) 03:05:36 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x3f00]}, 0x6) 03:05:36 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:36 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xa559]}, 0x6) 03:05:36 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x7fff, 0x10181003) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000001c0)={0xffffffffffffffff}, 0x111, 0x8}}, 0x20) write$RDMA_USER_CM_CMD_DESTROY_ID(r1, &(0x7f0000000240)={0x1, 0x10, 0xfa00, {&(0x7f0000000180), r2}}, 0x18) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) fsetxattr$security_selinux(r0, &(0x7f0000000040)='security.selinux\x00', &(0x7f0000000100)='system_u:object_r:ptmx_t:s0\x00', 0x1c, 0x3) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) r3 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000) ioctl$TIOCGPGRP(r3, 0x540f, &(0x7f0000000280)=0x0) sched_getparam(r4, &(0x7f00000002c0)) ioctl$UI_SET_LEDBIT(r3, 0x40045569, 0x3) [ 704.019457] syz-executor1 cpuset=syz1 mems_allowed=0 [ 704.046578] CPU: 1 PID: 26628 Comm: syz-executor1 Not tainted 4.19.0-rc6+ #265 [ 704.053955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 704.063311] Call Trace: [ 704.065909] dump_stack+0x1c4/0x2b4 [ 704.065932] ? dump_stack_print_info.cold.2+0x52/0x52 [ 704.065952] ? mark_held_locks+0x130/0x130 [ 704.078975] ? mark_held_locks+0x130/0x130 [ 704.078996] dump_header+0x27b/0xf72 [ 704.079025] ? pagefault_out_of_memory+0x197/0x197 [ 704.079043] ? check_preemption_disabled+0x48/0x200 [ 704.079059] ? check_preemption_disabled+0x48/0x200 [ 704.079083] ? graph_lock+0x170/0x170 [ 704.105797] ? graph_lock+0x170/0x170 [ 704.109633] ? print_usage_bug+0xc0/0xc0 [ 704.113773] ? find_held_lock+0x36/0x1c0 [ 704.118371] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 704.123931] ? find_held_lock+0x36/0x1c0 [ 704.128020] ? mark_held_locks+0xc7/0x130 [ 704.132193] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 704.137308] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 704.142424] ? lockdep_hardirqs_on+0x421/0x5c0 [ 704.147017] ? trace_hardirqs_on+0xbd/0x310 [ 704.151336] ? kasan_check_read+0x11/0x20 [ 704.155485] ? ___ratelimit+0x36f/0x655 [ 704.159463] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 704.164917] ? trace_hardirqs_on+0x310/0x310 [ 704.169328] ? lock_downgrade+0x900/0x900 [ 704.173486] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 704.178594] ? ___ratelimit+0xaa/0x655 [ 704.182483] ? idr_get_free+0xec0/0xec0 [ 704.186455] ? kasan_check_write+0x14/0x20 [ 704.190711] ? do_raw_spin_lock+0xc1/0x200 [ 704.194955] oom_kill_process.cold.27+0x10/0x903 [ 704.199717] ? kasan_check_write+0x14/0x20 [ 704.203956] ? do_raw_spin_lock+0xc1/0x200 [ 704.208202] ? oom_evaluate_task+0x540/0x540 [ 704.212617] ? cgroup_procs_next+0x70/0x70 [ 704.216871] ? _raw_spin_unlock_irq+0x60/0x80 [ 704.221366] ? oom_badness+0xaa0/0xaa0 [ 704.225259] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 704.230018] ? mem_cgroup_iter_break+0x30/0x30 [ 704.234616] ? mark_held_locks+0xc7/0x130 [ 704.238770] out_of_memory+0xa84/0x1430 [ 704.242742] ? lockdep_hardirqs_on+0x421/0x5c0 [ 704.247324] ? kasan_check_read+0x11/0x20 [ 704.251476] ? oom_killer_disable+0x3a0/0x3a0 [ 704.255973] ? kasan_check_write+0x14/0x20 [ 704.260208] ? do_raw_spin_lock+0xc1/0x200 [ 704.264458] mem_cgroup_out_of_memory+0x15e/0x210 [ 704.269304] ? memcg_memory_event+0x40/0x40 [ 704.273624] ? mem_cgroup_charge_skmem+0x1e4/0x390 [ 704.278558] ? page_counter_try_charge+0x1c1/0x220 [ 704.283492] try_charge+0xc43/0x1690 [ 704.287228] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 704.293297] ? tcp_sendmsg+0x2f/0x50 [ 704.297016] ? sock_sendmsg+0xd5/0x120 [ 704.300903] ? __sys_sendto+0x3d7/0x670 [ 704.304873] ? __x64_sys_sendto+0xe1/0x1a0 [ 704.309110] ? do_syscall_64+0x1b9/0x820 [ 704.313194] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 704.318558] ? graph_lock+0x170/0x170 [ 704.322366] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 704.327909] ? check_preemption_disabled+0x48/0x200 [ 704.332926] ? check_preemption_disabled+0x48/0x200 [ 704.337952] ? mark_held_locks+0xc7/0x130 [ 704.342098] ? __lock_is_held+0xb5/0x140 [ 704.346167] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 704.351112] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 704.356045] ? lockdep_hardirqs_on+0x421/0x5c0 [ 704.360632] ? __sk_mem_raise_allocated+0x642/0x1800 [ 704.365737] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 704.371199] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 704.376736] ? check_preemption_disabled+0x48/0x200 [ 704.381763] mem_cgroup_charge_skmem+0x1e4/0x390 [ 704.386535] ? mem_cgroup_sk_free+0x90/0x90 [ 704.390868] __sk_mem_raise_allocated+0x642/0x1800 [ 704.395807] ? sk_busy_loop_end+0x1c0/0x1c0 [ 704.400130] ? sk_alloc_sg+0xa00/0xa00 [ 704.404024] ? arch_local_save_flags+0x40/0x40 [ 704.408617] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 704.413635] ? skb_page_frag_refill+0x1eb/0x6a0 [ 704.418309] ? sock_kzfree_s+0x60/0x60 [ 704.422201] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 704.427219] ? sk_stream_alloc_skb+0x34b/0x970 [ 704.431806] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 704.437346] ? skb_entail+0x618/0x8c0 [ 704.441148] ? tcp_rate_check_app_limited+0x121/0x460 [ 704.446354] ? tcp_splice_data_recv+0x1b0/0x1b0 [ 704.451029] __sk_mem_schedule+0x6d/0xe0 [ 704.455092] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 704.460638] tcp_sendmsg_locked+0x1c86/0x3f00 [ 704.465185] ? tcp_sendpage+0x60/0x60 [ 704.469005] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 704.474538] ? aa_label_sk_perm+0x46d/0x8e0 [ 704.478870] ? find_held_lock+0x36/0x1c0 [ 704.482939] ? mark_held_locks+0xc7/0x130 [ 704.487108] ? __local_bh_enable_ip+0x160/0x260 [ 704.491776] ? __local_bh_enable_ip+0x160/0x260 [ 704.496450] ? trace_hardirqs_on+0xbd/0x310 [ 704.500770] ? lock_release+0x970/0x970 [ 704.504748] ? lock_sock_nested+0xe2/0x120 [ 704.508985] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 704.514436] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 704.519979] ? check_preemption_disabled+0x48/0x200 [ 704.524999] ? lock_sock_nested+0x9a/0x120 [ 704.529240] ? lock_sock_nested+0x9a/0x120 [ 704.533477] ? __local_bh_enable_ip+0x160/0x260 [ 704.538168] tcp_sendmsg+0x2f/0x50 [ 704.541720] inet_sendmsg+0x1a1/0x690 [ 704.545523] ? ipip_gro_receive+0x100/0x100 [ 704.549849] ? apparmor_socket_sendmsg+0x29/0x30 [ 704.554606] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 704.560146] ? security_socket_sendmsg+0x94/0xc0 [ 704.564956] ? ipip_gro_receive+0x100/0x100 [ 704.569283] sock_sendmsg+0xd5/0x120 [ 704.572998] __sys_sendto+0x3d7/0x670 [ 704.576819] ? __ia32_sys_getpeername+0xb0/0xb0 [ 704.581502] ? lock_release+0x970/0x970 [ 704.585482] ? arch_local_save_flags+0x40/0x40 [ 704.590068] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 704.595520] ? aa_af_perm+0x5a0/0x5a0 [ 704.599344] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 704.604882] ? put_timespec64+0x10f/0x1b0 [ 704.609031] ? nsecs_to_jiffies+0x30/0x30 [ 704.613208] ? do_syscall_64+0x9a/0x820 [ 704.617192] ? do_syscall_64+0x9a/0x820 [ 704.621178] ? lockdep_hardirqs_on+0x421/0x5c0 [ 704.625766] ? trace_hardirqs_on+0xbd/0x310 [ 704.630085] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 704.635627] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 704.640995] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 704.646448] __x64_sys_sendto+0xe1/0x1a0 [ 704.650515] do_syscall_64+0x1b9/0x820 [ 704.654402] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 704.659785] ? syscall_return_slowpath+0x5e0/0x5e0 [ 704.664728] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 704.669579] ? trace_hardirqs_on_caller+0x310/0x310 [ 704.674599] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 704.679618] ? prepare_exit_to_usermode+0x291/0x3b0 [ 704.684642] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 704.689494] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 704.694690] RIP: 0033:0x457579 [ 704.697888] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 704.716785] RSP: 002b:00007f2ad8052c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 704.724704] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457579 [ 704.731972] RDX: fffffffffffffe4e RSI: 0000000020000000 RDI: 0000000000000003 [ 704.739237] RBP: 000000000072bf00 R08: 00000000200000c0 R09: 0000000000000006 [ 704.746501] R10: 00000000000000c0 R11: 0000000000000246 R12: 00007f2ad80536d4 [ 704.753792] R13: 00000000004c3929 R14: 00000000004d57c0 R15: 00000000ffffffff [ 704.767674] Task in /syz1 killed as a result of limit of /syz1 [ 704.781147] memory: usage 204800kB, limit 204800kB, failcnt 4054 03:05:37 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x400000000000000]}, 0x6) 03:05:37 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x1400]}, 0x6) 03:05:37 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) [ 704.797766] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 704.808735] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 704.827109] Memory cgroup stats for /syz1: cache:224KB rss:4308KB rss_huge:4096KB shmem:224KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:4256KB inactive_file:0KB active_file:0KB unevictable:0KB 03:05:37 executing program 4: r0 = socket$inet(0x2, 0x1, 0x1003) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) 03:05:37 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:37 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) clock_settime(0x7, &(0x7f0000000000)={0x0, 0x989680}) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) [ 704.917495] Memory cgroup out of memory: Kill process 26627 (syz-executor1) score 181 or sacrifice child [ 704.952508] Killed process 26627 (syz-executor1) total-vm:70472kB, anon-rss:4204kB, file-rss:32768kB, shmem-rss:0kB [ 705.013407] syz-executor3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=0 [ 705.015195] oom_reaper: reaped process 26627 (syz-executor1), now anon-rss:0kB, file-rss:32000kB, shmem-rss:0kB [ 705.053385] syz-executor3 cpuset=syz3 mems_allowed=0 [ 705.059604] CPU: 1 PID: 26636 Comm: syz-executor3 Not tainted 4.19.0-rc6+ #265 [ 705.067004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 705.076357] Call Trace: [ 705.078961] dump_stack+0x1c4/0x2b4 [ 705.082603] ? dump_stack_print_info.cold.2+0x52/0x52 [ 705.087807] dump_header+0x27b/0xf72 [ 705.087833] ? mark_held_locks+0x130/0x130 [ 705.087849] ? pagefault_out_of_memory+0x197/0x197 [ 705.087866] ? check_preemption_disabled+0x48/0x200 [ 705.087881] ? check_preemption_disabled+0x48/0x200 [ 705.087905] ? graph_lock+0x170/0x170 [ 705.087927] ? graph_lock+0x170/0x170 [ 705.087943] ? print_usage_bug+0xc0/0xc0 [ 705.087967] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 705.087987] ? find_held_lock+0x36/0x1c0 [ 705.088009] ? mark_held_locks+0xc7/0x130 [ 705.088027] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 705.088041] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 705.088056] ? lockdep_hardirqs_on+0x421/0x5c0 [ 705.088073] ? trace_hardirqs_on+0xbd/0x310 [ 705.088085] ? kasan_check_read+0x11/0x20 [ 705.088100] ? ___ratelimit+0x36f/0x655 [ 705.088118] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 705.096058] ? trace_hardirqs_on+0x310/0x310 [ 705.105988] ? lock_downgrade+0x900/0x900 [ 705.179081] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 705.184173] ? ___ratelimit+0xaa/0x655 [ 705.188049] ? idr_get_free+0xec0/0xec0 [ 705.192006] ? kasan_check_write+0x14/0x20 [ 705.196226] ? do_raw_spin_lock+0xc1/0x200 [ 705.200447] oom_kill_process.cold.27+0x10/0x903 [ 705.205205] ? kasan_check_write+0x14/0x20 [ 705.209428] ? do_raw_spin_lock+0xc1/0x200 [ 705.213646] ? oom_evaluate_task+0x540/0x540 [ 705.218041] ? cgroup_procs_next+0x70/0x70 [ 705.222259] ? _raw_spin_unlock_irq+0x60/0x80 [ 705.226733] ? oom_badness+0xaa0/0xaa0 [ 705.230608] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 705.235347] ? mem_cgroup_iter_break+0x30/0x30 [ 705.239919] ? cgroup_file_notify+0x226/0x2f0 [ 705.244398] out_of_memory+0xa84/0x1430 [ 705.248357] ? lockdep_hardirqs_on+0x421/0x5c0 [ 705.252921] ? kasan_check_read+0x11/0x20 [ 705.257060] ? oom_killer_disable+0x3a0/0x3a0 [ 705.261542] ? kasan_check_write+0x14/0x20 [ 705.265756] ? do_raw_spin_lock+0xc1/0x200 [ 705.269999] mem_cgroup_out_of_memory+0x15e/0x210 [ 705.274825] ? memcg_memory_event+0x40/0x40 [ 705.279127] ? memcg_kmem_charge_memcg+0x7c/0x120 [ 705.283961] ? page_counter_try_charge+0x1c1/0x220 [ 705.288877] try_charge+0xc43/0x1690 [ 705.292573] ? lock_downgrade+0x900/0x900 [ 705.296705] ? check_preemption_disabled+0x48/0x200 [ 705.301757] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 705.307831] ? find_held_lock+0x36/0x1c0 [ 705.311921] ? get_mem_cgroup_from_mm+0x1e9/0x440 [ 705.316744] ? lock_downgrade+0x900/0x900 [ 705.320875] ? check_preemption_disabled+0x48/0x200 [ 705.326521] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 705.333261] ? kasan_check_read+0x11/0x20 [ 705.337394] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 705.343254] ? rcu_bh_qs+0xc0/0xc0 [ 705.346780] ? get_mem_cgroup_from_mm+0x206/0x440 [ 705.351623] memcg_kmem_charge_memcg+0x7c/0x120 [ 705.356276] ? memcg_kmem_put_cache+0xb0/0xb0 [ 705.360765] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 705.366143] memcg_kmem_charge+0x135/0x300 [ 705.370371] __alloc_pages_nodemask+0x72e/0xde0 [ 705.375036] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 705.380312] ? __alloc_pages_slowpath+0x2d80/0x2d80 [ 705.385309] ? check_preemption_disabled+0x48/0x200 [ 705.390316] ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0 [ 705.395946] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 705.401204] ? percpu_ref_put_many+0x13e/0x260 [ 705.405769] ? rcu_pm_notify+0xc0/0xc0 [ 705.409661] ? copy_process+0x1ff4/0x8780 [ 705.413797] ? rcu_read_lock_sched_held+0x108/0x120 [ 705.418798] ? kmem_cache_alloc_node+0x349/0x730 [ 705.423536] ? kasan_check_write+0x14/0x20 [ 705.427768] ? do_raw_spin_lock+0xc1/0x200 [ 705.431986] copy_process+0xa09/0x8780 [ 705.435905] ? print_usage_bug+0xc0/0xc0 [ 705.439969] ? __lock_acquire+0x7ec/0x4ec0 [ 705.444188] ? print_usage_bug+0xc0/0xc0 [ 705.448238] ? lock_downgrade+0x900/0x900 [ 705.452371] ? check_preemption_disabled+0x48/0x200 [ 705.457374] ? __cleanup_sighand+0x70/0x70 [ 705.461597] ? mark_held_locks+0x130/0x130 [ 705.465811] ? print_usage_bug+0xc0/0xc0 [ 705.469871] ? print_usage_bug+0xc0/0xc0 [ 705.473915] ? mark_held_locks+0x130/0x130 [ 705.478135] ? __lock_acquire+0x7ec/0x4ec0 [ 705.482363] ? __lock_acquire+0x7ec/0x4ec0 [ 705.487360] ? graph_lock+0x170/0x170 [ 705.491145] ? check_preemption_disabled+0x48/0x200 [ 705.497054] ? check_preemption_disabled+0x48/0x200 [ 705.502587] ? mark_held_locks+0x130/0x130 [ 705.506803] ? print_usage_bug+0xc0/0xc0 [ 705.510845] ? find_held_lock+0x36/0x1c0 [ 705.514894] ? find_held_lock+0x36/0x1c0 [ 705.518944] ? print_usage_bug+0xc0/0xc0 [ 705.522989] ? __lock_acquire+0x7ec/0x4ec0 [ 705.527209] ? lock_downgrade+0x900/0x900 [ 705.531341] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 705.536860] ? check_preemption_disabled+0x48/0x200 [ 705.541863] ? check_preemption_disabled+0x48/0x200 [ 705.546867] ? __lock_acquire+0x7ec/0x4ec0 [ 705.551088] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 705.556611] ? mark_held_locks+0x130/0x130 [ 705.560832] ? rcu_read_unlock+0x16/0x60 [ 705.564875] ? lock_downgrade+0x900/0x900 [ 705.569007] ? check_preemption_disabled+0x48/0x200 [ 705.574007] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 705.579786] ? kasan_check_read+0x11/0x20 [ 705.583940] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 705.589203] ? graph_lock+0x170/0x170 [ 705.592991] ? rcu_read_unlock+0x33/0x60 [ 705.597055] ? find_held_lock+0x36/0x1c0 [ 705.601102] ? graph_lock+0x170/0x170 [ 705.604886] ? delayacct_end+0x25/0x100 [ 705.608840] ? lock_downgrade+0x900/0x900 [ 705.612984] ? ktime_get+0x352/0x440 [ 705.616683] ? print_usage_bug+0xc0/0xc0 [ 705.620729] ? find_held_lock+0x36/0x1c0 [ 705.624775] ? delayacct_end+0xc5/0x100 [ 705.628731] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 705.633819] ? __lock_acquire+0x7ec/0x4ec0 [ 705.638039] ? trace_hardirqs_on+0xbd/0x310 [ 705.642340] ? kasan_check_read+0x11/0x20 [ 705.646471] ? delayacct_end+0xc5/0x100 [ 705.650435] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 705.655877] ? mark_held_locks+0x130/0x130 [ 705.660097] ? delayacct_end+0x5a/0x100 [ 705.664077] ? __delayacct_freepages_end+0xe0/0x140 [ 705.669076] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 705.674596] ? do_try_to_free_pages+0xe68/0x1290 [ 705.679338] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 705.684857] ? check_preemption_disabled+0x48/0x200 [ 705.689872] ? check_preemption_disabled+0x48/0x200 [ 705.694922] ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0 [ 705.700462] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 705.705722] ? rcu_pm_notify+0xc0/0xc0 [ 705.709597] ? graph_lock+0x170/0x170 [ 705.713381] ? try_to_free_mem_cgroup_pages+0x58b/0xca0 [ 705.718729] _do_fork+0x1cb/0x11d0 [ 705.722253] ? fork_idle+0x1d0/0x1d0 [ 705.725949] ? percpu_ref_put_many+0x11c/0x260 [ 705.730527] ? lock_downgrade+0x900/0x900 [ 705.734657] ? check_preemption_disabled+0x48/0x200 [ 705.739662] ? kasan_check_read+0x11/0x20 [ 705.743795] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 705.749054] ? rcu_bh_qs+0xc0/0xc0 [ 705.752578] ? get_mem_cgroup_from_mm+0x206/0x440 [ 705.757408] ? do_syscall_64+0x9a/0x820 [ 705.761365] ? do_syscall_64+0x9a/0x820 [ 705.765322] ? lockdep_hardirqs_on+0x421/0x5c0 [ 705.769889] ? trace_hardirqs_on+0xbd/0x310 [ 705.774194] ? trace_hardirqs_on+0x310/0x310 [ 705.778592] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 705.783942] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 705.789376] __x64_sys_clone+0xbf/0x150 [ 705.793353] do_syscall_64+0x1b9/0x820 [ 705.797240] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 705.802598] ? syscall_return_slowpath+0x5e0/0x5e0 [ 705.807523] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 705.812363] ? trace_hardirqs_on_caller+0x310/0x310 [ 705.817365] ? prepare_exit_to_usermode+0x291/0x3b0 [ 705.822366] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 705.827258] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 705.832429] RIP: 0033:0x459f49 [ 705.835603] Code: ff 48 85 f6 0f 84 47 8a fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 1e 8a fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 705.854663] RSP: 002b:0000000000a3fac8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 705.862358] RAX: ffffffffffffffda RBX: 00007f7e36aaa700 RCX: 0000000000459f49 [ 705.869612] RDX: 00007f7e36aaa9d0 RSI: 00007f7e36aa9db0 RDI: 00000000003d0f00 [ 705.876865] RBP: 0000000000a3fcd0 R08: 00007f7e36aaa700 R09: 00007f7e36aaa700 [ 705.884116] R10: 00007f7e36aaa9d0 R11: 0000000000000202 R12: 0000000000000000 [ 705.891367] R13: 0000000000a3fb7f R14: 00007f7e36aaa9c0 R15: 0000000000000000 [ 705.901259] Task in /syz3 killed as a result of limit of /syz3 [ 705.907368] memory: usage 204608kB, limit 204800kB, failcnt 3174 [ 705.913511] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 705.920315] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 705.926453] Memory cgroup stats for /syz3: cache:0KB rss:164KB rss_huge:0KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:112KB inactive_file:0KB active_file:0KB unevictable:0KB [ 705.946762] Memory cgroup out of memory: Kill process 26636 (syz-executor3) score 161 or sacrifice child [ 705.956523] Killed process 26636 (syz-executor3) total-vm:70340kB, anon-rss:108kB, file-rss:32768kB, shmem-rss:0kB [ 705.967715] oom_reaper: reaped process 26636 (syz-executor3), now anon-rss:0kB, file-rss:32064kB, shmem-rss:0kB [ 705.969051] syz-executor1 invoked oom-killer: gfp_mask=0x6040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null), order=1, oom_score_adj=0 [ 705.989936] syz-executor1 cpuset=syz1 mems_allowed=0 [ 705.999277] CPU: 1 PID: 26627 Comm: syz-executor1 Not tainted 4.19.0-rc6+ #265 [ 706.006650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 706.016009] Call Trace: [ 706.018584] dump_stack+0x1c4/0x2b4 [ 706.022201] ? dump_stack_print_info.cold.2+0x52/0x52 [ 706.027384] dump_header+0x27b/0xf72 [ 706.031083] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 706.036860] ? kasan_check_read+0x11/0x20 [ 706.041013] ? pagefault_out_of_memory+0x197/0x197 [ 706.045941] ? rcu_read_unlock+0x33/0x60 [ 706.049984] ? mem_cgroup_iter+0x514/0x1160 [ 706.054288] ? find_held_lock+0x36/0x1c0 [ 706.058337] ? mem_cgroup_nr_lru_pages+0x80/0x80 [ 706.063073] ? mark_held_locks+0xc7/0x130 [ 706.067207] ? _raw_spin_unlock_irq+0x27/0x80 [ 706.071689] ? _raw_spin_unlock_irq+0x27/0x80 [ 706.076174] ? lockdep_hardirqs_on+0x421/0x5c0 [ 706.080741] ? trace_hardirqs_on+0xbd/0x310 [ 706.085043] ? kasan_check_read+0x11/0x20 [ 706.089180] ? css_task_iter_end+0x222/0x490 [ 706.093597] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 706.099033] ? kasan_check_write+0x14/0x20 [ 706.103252] ? do_raw_spin_lock+0xc1/0x200 [ 706.107473] ? _raw_spin_unlock_irq+0x60/0x80 [ 706.111950] ? css_task_iter_end+0x2ce/0x490 [ 706.116342] ? cgroup_procs_next+0x70/0x70 [ 706.120563] ? _raw_spin_unlock_irq+0x60/0x80 [ 706.125040] ? oom_badness+0xaa0/0xaa0 [ 706.128926] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 706.133709] ? mem_cgroup_iter_break+0x30/0x30 [ 706.138278] ? cgroup_file_notify+0x226/0x2f0 [ 706.142757] out_of_memory.cold.30+0xf/0x184 [ 706.147150] ? lockdep_hardirqs_on+0x421/0x5c0 [ 706.151743] ? kasan_check_read+0x11/0x20 [ 706.155873] ? oom_killer_disable+0x3a0/0x3a0 [ 706.160353] ? kasan_check_write+0x14/0x20 [ 706.164569] ? do_raw_spin_lock+0xc1/0x200 [ 706.168793] mem_cgroup_out_of_memory+0x15e/0x210 [ 706.173618] ? memcg_memory_event+0x40/0x40 [ 706.177922] ? memcg_kmem_charge_memcg+0x7c/0x120 [ 706.182751] ? page_counter_try_charge+0x1c1/0x220 [ 706.187687] try_charge+0xc43/0x1690 [ 706.191401] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 706.196934] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 706.202990] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 706.208264] ? rcu_pm_notify+0xc0/0xc0 [ 706.212181] ? rcu_read_lock_sched_held+0x108/0x120 [ 706.217225] ? __alloc_pages_nodemask+0xb5a/0xde0 [ 706.222067] ? graph_lock+0x170/0x170 [ 706.225856] ? __alloc_pages_slowpath+0x2d80/0x2d80 [ 706.230851] ? graph_lock+0x170/0x170 [ 706.234637] ? find_held_lock+0x36/0x1c0 [ 706.238690] ? cache_grow_begin+0x5a4/0x8c0 [ 706.242997] memcg_kmem_charge_memcg+0x7c/0x120 [ 706.247652] ? memcg_kmem_put_cache+0xb0/0xb0 [ 706.252132] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 706.257654] cache_grow_begin+0x415/0x8c0 [ 706.261786] ? do_raw_spin_unlock+0xa7/0x2f0 [ 706.266184] fallback_alloc+0x203/0x2e0 [ 706.270145] ____cache_alloc_node+0x1c7/0x1e0 [ 706.274632] kmem_cache_alloc_node+0xe3/0x730 [ 706.279111] ? kasan_check_write+0x14/0x20 [ 706.283326] ? do_raw_spin_lock+0xc1/0x200 [ 706.287547] copy_process+0x1ff4/0x8780 [ 706.291506] ? print_usage_bug+0xc0/0xc0 [ 706.295548] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 706.301071] ? __lock_acquire+0x7ec/0x4ec0 [ 706.305296] ? __cleanup_sighand+0x70/0x70 [ 706.309521] ? mark_held_locks+0x130/0x130 [ 706.313739] ? print_usage_bug+0xc0/0xc0 [ 706.317795] ? find_held_lock+0x36/0x1c0 [ 706.321857] ? rcu_read_unlock_special.part.39+0x8a4/0x11f0 [ 706.327552] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 706.332638] ? __lock_acquire+0x7ec/0x4ec0 [ 706.337984] ? graph_lock+0x170/0x170 [ 706.342208] ? check_preemption_disabled+0x48/0x200 [ 706.348170] ? check_preemption_disabled+0x48/0x200 [ 706.354825] ? mark_held_locks+0x130/0x130 [ 706.359476] ? print_usage_bug+0xc0/0xc0 [ 706.363518] ? find_held_lock+0x36/0x1c0 [ 706.367569] ? find_held_lock+0x36/0x1c0 [ 706.371630] ? print_usage_bug+0xc0/0xc0 [ 706.375674] ? __lock_acquire+0x7ec/0x4ec0 [ 706.379913] ? lock_downgrade+0x900/0x900 [ 706.384061] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 706.389582] ? check_preemption_disabled+0x48/0x200 [ 706.394595] ? check_preemption_disabled+0x48/0x200 [ 706.399600] ? __lock_acquire+0x7ec/0x4ec0 [ 706.403824] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 706.409349] ? mark_held_locks+0x130/0x130 [ 706.413566] ? rcu_read_unlock+0x16/0x60 [ 706.417611] ? lock_downgrade+0x900/0x900 [ 706.421740] ? check_preemption_disabled+0x48/0x200 [ 706.426757] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 706.432536] ? kasan_check_read+0x11/0x20 [ 706.436682] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 706.441958] ? graph_lock+0x170/0x170 [ 706.445761] ? rcu_read_unlock+0x33/0x60 [ 706.449807] ? find_held_lock+0x36/0x1c0 [ 706.453882] ? graph_lock+0x170/0x170 [ 706.457669] ? delayacct_end+0x25/0x100 [ 706.461656] ? lock_downgrade+0x900/0x900 [ 706.465782] ? ktime_get+0x352/0x440 [ 706.469479] ? print_usage_bug+0xc0/0xc0 [ 706.473540] ? find_held_lock+0x36/0x1c0 [ 706.477591] ? delayacct_end+0xc5/0x100 [ 706.481551] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 706.486640] ? __lock_acquire+0x7ec/0x4ec0 [ 706.490870] ? trace_hardirqs_on+0xbd/0x310 [ 706.495191] ? kasan_check_read+0x11/0x20 [ 706.499325] ? delayacct_end+0xc5/0x100 [ 706.503552] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 706.509005] ? mark_held_locks+0x130/0x130 [ 706.513239] ? delayacct_end+0x5a/0x100 [ 706.517200] ? __delayacct_freepages_end+0xe0/0x140 [ 706.522202] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 706.527723] ? do_try_to_free_pages+0xe68/0x1290 [ 706.532464] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 706.537985] ? check_preemption_disabled+0x48/0x200 [ 706.542985] ? check_preemption_disabled+0x48/0x200 [ 706.547989] ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0 [ 706.553506] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 706.558776] ? rcu_pm_notify+0xc0/0xc0 [ 706.562649] ? graph_lock+0x170/0x170 [ 706.566431] ? try_to_free_mem_cgroup_pages+0x58b/0xca0 [ 706.571782] _do_fork+0x1cb/0x11d0 [ 706.575308] ? fork_idle+0x1d0/0x1d0 [ 706.579005] ? percpu_ref_put_many+0x11c/0x260 [ 706.583571] ? lock_downgrade+0x900/0x900 [ 706.587708] ? check_preemption_disabled+0x48/0x200 [ 706.592739] ? kasan_check_read+0x11/0x20 [ 706.596870] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 706.602132] ? rcu_bh_qs+0xc0/0xc0 [ 706.605664] ? get_mem_cgroup_from_mm+0x206/0x440 [ 706.610500] ? do_syscall_64+0x9a/0x820 [ 706.614457] ? do_syscall_64+0x9a/0x820 [ 706.618414] ? lockdep_hardirqs_on+0x421/0x5c0 [ 706.622978] ? trace_hardirqs_on+0xbd/0x310 [ 706.627280] ? trace_hardirqs_on+0x310/0x310 [ 706.631675] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 706.637036] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 706.642472] __x64_sys_clone+0xbf/0x150 [ 706.646430] do_syscall_64+0x1b9/0x820 [ 706.650307] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 706.655653] ? syscall_return_slowpath+0x5e0/0x5e0 [ 706.660566] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 706.665394] ? trace_hardirqs_on_caller+0x310/0x310 [ 706.670398] ? prepare_exit_to_usermode+0x291/0x3b0 [ 706.675397] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 706.680226] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 706.685396] RIP: 0033:0x459f49 [ 706.688577] Code: Bad RIP value. [ 706.691920] RSP: 002b:0000000000a3fac8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 706.699609] RAX: ffffffffffffffda RBX: 00007f2ad8032700 RCX: 0000000000459f49 [ 706.706858] RDX: 00007f2ad80329d0 RSI: 00007f2ad8031db0 RDI: 00000000003d0f00 [ 706.714123] RBP: 0000000000a3fcd0 R08: 00007f2ad8032700 R09: 00007f2ad8032700 [ 706.721375] R10: 00007f2ad80329d0 R11: 0000000000000202 R12: 0000000000000000 [ 706.728629] R13: 0000000000a3fb7f R14: 00007f2ad80329c0 R15: 0000000000000001 [ 706.746477] Memory limit reached of cgroup /syz1 [ 706.751329] memory: usage 191840kB, limit 204800kB, failcnt 4054 [ 706.757529] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 706.764293] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 03:05:39 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0xa]}, 0x6) 03:05:39 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0xe]}, 0x6) 03:05:39 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x8055000000000000]}, 0x6) 03:05:39 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:39 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x400, 0x0) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000040)={0x0, 0x13a15539, 0x101, 0x8001, 0x7, 0x2}, &(0x7f0000000100)=0x14) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000000140)={r2, 0x4}, &(0x7f0000000180)=0x8) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) 03:05:39 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x4002000000000000]}, 0x6) [ 706.771333] Memory cgroup stats for /syz1: cache:224KB rss:140KB rss_huge:0KB shmem:224KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:64KB inactive_file:0KB active_file:0KB unevictable:0KB [ 706.791415] Out of memory and no killable processes... 03:05:39 executing program 5: write$nbd(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r0, &(0x7f0000000140), 0x1c) r1 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r1, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x8, 0x0) 03:05:39 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = dup3(r0, r0, 0x80000) getsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000040)={0x0, 0x5}, &(0x7f0000000100)=0x8) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000140)={r2, 0x401, 0x8, 0xfff, 0x1, 0x480000}, 0x14) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) ioctl$sock_inet_SIOCSIFDSTADDR(r0, 0x8918, &(0x7f0000000000)={'ipddp0\x00', {0x2, 0x4e21, @multicast2}}) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) 03:05:39 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x983a000000000000]}, 0x6) 03:05:39 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0xe00000000000000]}, 0x6) 03:05:39 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:39 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xedf8ffff00000000]}, 0x6) 03:05:40 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x8]}, 0x6) 03:05:40 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:40 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @multicast1}, 0x6) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0x0, 0x1000c0, &(0x7f00000000c0)={0x2, 0x4e20}, 0x10) r1 = creat(&(0x7f0000000000)='./file0\x00', 0x8) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r1, 0x404c534a, &(0x7f0000000100)={0x8ed3, 0x401, 0x6}) 03:05:40 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0xa76a0000]}, 0x6) 03:05:40 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x200000000000000]}, 0x6) 03:05:40 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:40 executing program 4: r0 = socket$inet(0x2, 0xf, 0x8) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000000)={0x0, 0x4}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000100)={r1, 0x7fffffff}, &(0x7f0000000140)=0xc) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) 03:05:40 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xf4010000]}, 0x6) 03:05:40 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[], 0x0) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:40 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x9000000]}, 0x6) 03:05:40 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x4000000]}, 0x6) 03:05:40 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) socketpair(0xb, 0x7, 0x638, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$rds(r1, &(0x7f0000002b40)={&(0x7f0000000040)={0x2, 0x4e23, @rand_addr=0x6}, 0x10, &(0x7f0000000300)=[{&(0x7f0000000100)=""/103, 0x67}, {&(0x7f0000000180)=""/180, 0xb4}, {&(0x7f0000000240)=""/141, 0x8d}], 0x3, &(0x7f00000029c0)=[@mask_cswp={0x58, 0x114, 0x9, {{0xbe, 0x3ff}, &(0x7f0000000340)=0x9, &(0x7f0000000380)=0x4, 0x8, 0x2, 0x57, 0x10000, 0x7ae661859d539ea9, 0x6}}, @rdma_map={0x30, 0x114, 0x3, {{&(0x7f00000003c0)=""/4096, 0x1000}, &(0x7f00000013c0), 0x1}}, @fadd={0x58, 0x114, 0x6, {{0x5f95cab2, 0xe000000000000000}, &(0x7f0000001400)=0xfffffffffffffffd, &(0x7f0000001440)=0x100000001, 0x7ff, 0x4, 0x9, 0xc5ea, 0x0, 0xffffffffffffffff}}, @zcopy_cookie={0x18, 0x114, 0xc, 0x6}, @rdma_args={0x48, 0x114, 0x1, {{0x4, 0x80000001}, {&(0x7f0000001480)=""/150, 0x96}, &(0x7f0000002940)=[{&(0x7f0000001540)=""/157, 0x9d}, {&(0x7f0000001600)=""/215, 0xd7}, {&(0x7f0000001700)=""/226, 0xe2}, {&(0x7f0000001800)=""/4096, 0x1000}, {&(0x7f0000002800)=""/106, 0x6a}, {&(0x7f0000002880)=""/184, 0xb8}], 0x6, 0x58, 0x9}}, @rdma_dest={0x18, 0x114, 0x2, {0x20, 0xffffffff}}], 0x158, 0xc000}, 0x4000804) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) socket$inet(0x2, 0x3, 0x3) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) [ 707.564540] syz-executor3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=3, oom_score_adj=0 [ 707.584222] syz-executor3 cpuset=syz3 mems_allowed=0 [ 707.597178] CPU: 0 PID: 26739 Comm: syz-executor3 Not tainted 4.19.0-rc6+ #265 [ 707.604565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 707.613918] Call Trace: [ 707.616521] dump_stack+0x1c4/0x2b4 [ 707.620175] ? dump_stack_print_info.cold.2+0x52/0x52 [ 707.625391] ? mark_held_locks+0x130/0x130 [ 707.629639] ? mark_held_locks+0x130/0x130 [ 707.633888] dump_header+0x27b/0xf72 [ 707.637620] ? pagefault_out_of_memory+0x197/0x197 [ 707.637639] ? check_preemption_disabled+0x48/0x200 [ 707.637654] ? check_preemption_disabled+0x48/0x200 [ 707.637684] ? graph_lock+0x170/0x170 [ 707.656437] ? graph_lock+0x170/0x170 [ 707.660258] ? print_usage_bug+0xc0/0xc0 03:05:40 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0xe0ffffffffffffff]}, 0x6) 03:05:40 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[], 0x0) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) [ 707.664334] ? find_held_lock+0x36/0x1c0 [ 707.668415] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 707.674139] ? find_held_lock+0x36/0x1c0 [ 707.674175] ? mark_held_locks+0xc7/0x130 [ 707.674201] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 707.682732] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 707.682748] ? lockdep_hardirqs_on+0x421/0x5c0 [ 707.682768] ? trace_hardirqs_on+0xbd/0x310 [ 707.701847] ? kasan_check_read+0x11/0x20 [ 707.706033] ? ___ratelimit+0x36f/0x655 [ 707.710033] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 707.715502] ? trace_hardirqs_on+0x310/0x310 [ 707.719924] ? lock_downgrade+0x900/0x900 [ 707.724094] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 707.729520] ? ___ratelimit+0xaa/0x655 [ 707.734638] ? idr_get_free+0xec0/0xec0 [ 707.739852] ? kasan_check_write+0x14/0x20 [ 707.745691] ? do_raw_spin_lock+0xc1/0x200 [ 707.751696] oom_kill_process.cold.27+0x10/0x903 [ 707.756462] ? kasan_check_write+0x14/0x20 [ 707.760708] ? do_raw_spin_lock+0xc1/0x200 [ 707.764989] ? oom_evaluate_task+0x540/0x540 [ 707.769414] ? cgroup_procs_next+0x70/0x70 [ 707.773689] ? _raw_spin_unlock_irq+0x60/0x80 [ 707.778213] ? oom_badness+0xaa0/0xaa0 [ 707.782115] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 707.786907] ? mem_cgroup_iter_break+0x30/0x30 [ 707.791517] ? mark_held_locks+0xc7/0x130 [ 707.795682] out_of_memory+0xa84/0x1430 [ 707.799667] ? lockdep_hardirqs_on+0x421/0x5c0 [ 707.804290] ? kasan_check_read+0x11/0x20 [ 707.808455] ? oom_killer_disable+0x3a0/0x3a0 [ 707.812962] ? kasan_check_write+0x14/0x20 [ 707.817216] ? do_raw_spin_lock+0xc1/0x200 [ 707.821476] mem_cgroup_out_of_memory+0x15e/0x210 [ 707.826330] ? memcg_memory_event+0x40/0x40 [ 707.830668] ? mem_cgroup_charge_skmem+0x1e4/0x390 [ 707.835621] ? page_counter_try_charge+0x1c1/0x220 [ 707.840566] try_charge+0xc43/0x1690 [ 707.844299] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 707.850369] ? tcp_sendmsg+0x2f/0x50 [ 707.854290] ? sock_sendmsg+0xd5/0x120 [ 707.858199] ? __sys_sendto+0x3d7/0x670 [ 707.862188] ? __x64_sys_sendto+0xe1/0x1a0 [ 707.866423] ? do_syscall_64+0x1b9/0x820 [ 707.870484] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 707.875848] ? graph_lock+0x170/0x170 [ 707.879658] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 707.885208] ? check_preemption_disabled+0x48/0x200 [ 707.890226] ? check_preemption_disabled+0x48/0x200 [ 707.895254] ? mark_held_locks+0xc7/0x130 [ 707.899399] ? __lock_is_held+0xb5/0x140 [ 707.903462] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 707.908394] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 707.913324] ? lockdep_hardirqs_on+0x421/0x5c0 [ 707.917914] ? __sk_mem_raise_allocated+0x642/0x1800 [ 707.923017] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 707.928473] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 707.934012] ? check_preemption_disabled+0x48/0x200 [ 707.939040] mem_cgroup_charge_skmem+0x1e4/0x390 [ 707.943802] ? mem_cgroup_sk_free+0x90/0x90 [ 707.948137] __sk_mem_raise_allocated+0x642/0x1800 [ 707.953082] ? sk_busy_loop_end+0x1c0/0x1c0 [ 707.957414] ? arch_local_save_flags+0x40/0x40 [ 707.962009] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 707.967997] ? skb_page_frag_refill+0x1eb/0x6a0 [ 707.972674] ? sock_kzfree_s+0x60/0x60 [ 707.976567] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 707.981587] ? sk_stream_alloc_skb+0x34b/0x970 [ 707.986185] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 707.991726] ? skb_entail+0x618/0x8c0 [ 707.995526] ? tcp_rate_check_app_limited+0x121/0x460 [ 708.000716] ? tcp_splice_data_recv+0x1b0/0x1b0 [ 708.005394] __sk_mem_schedule+0x6d/0xe0 [ 708.009455] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 708.014998] tcp_sendmsg_locked+0x1c86/0x3f00 [ 708.019517] ? tcp_sendpage+0x60/0x60 [ 708.023324] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 708.028860] ? aa_label_sk_perm+0x46d/0x8e0 [ 708.033206] ? find_held_lock+0x36/0x1c0 [ 708.037278] ? mark_held_locks+0xc7/0x130 [ 708.041432] ? __local_bh_enable_ip+0x160/0x260 [ 708.046100] ? __local_bh_enable_ip+0x160/0x260 [ 708.050775] ? trace_hardirqs_on+0xbd/0x310 [ 708.055099] ? lock_release+0x970/0x970 [ 708.059072] ? lock_sock_nested+0xe2/0x120 [ 708.063311] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 708.068766] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 708.074312] ? check_preemption_disabled+0x48/0x200 [ 708.079333] ? lock_sock_nested+0x9a/0x120 [ 708.083569] ? lock_sock_nested+0x9a/0x120 [ 708.087814] ? __local_bh_enable_ip+0x160/0x260 [ 708.092494] tcp_sendmsg+0x2f/0x50 [ 708.096040] inet_sendmsg+0x1a1/0x690 [ 708.099846] ? ipip_gro_receive+0x100/0x100 [ 708.104178] ? apparmor_socket_sendmsg+0x29/0x30 [ 708.108940] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 708.114482] ? security_socket_sendmsg+0x94/0xc0 [ 708.119237] ? ipip_gro_receive+0x100/0x100 [ 708.123562] sock_sendmsg+0xd5/0x120 [ 708.127279] __sys_sendto+0x3d7/0x670 [ 708.131083] ? __ia32_sys_getpeername+0xb0/0xb0 [ 708.135752] ? lock_release+0x970/0x970 [ 708.139725] ? arch_local_save_flags+0x40/0x40 [ 708.144312] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 708.149759] ? aa_af_perm+0x5a0/0x5a0 [ 708.153582] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 708.159120] ? put_timespec64+0x10f/0x1b0 [ 708.163277] ? nsecs_to_jiffies+0x30/0x30 [ 708.167429] ? do_syscall_64+0x9a/0x820 [ 708.171407] ? do_syscall_64+0x9a/0x820 [ 708.175381] ? lockdep_hardirqs_on+0x421/0x5c0 [ 708.179963] ? trace_hardirqs_on+0xbd/0x310 [ 708.184286] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 708.189827] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 708.195204] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 708.200660] __x64_sys_sendto+0xe1/0x1a0 [ 708.204729] do_syscall_64+0x1b9/0x820 [ 708.208619] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 708.213984] ? syscall_return_slowpath+0x5e0/0x5e0 [ 708.218914] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 708.223758] ? trace_hardirqs_on_caller+0x310/0x310 [ 708.228780] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 708.233802] ? prepare_exit_to_usermode+0x291/0x3b0 [ 708.238827] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 708.243679] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 708.248873] RIP: 0033:0x457579 [ 708.252069] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 708.270963] RSP: 002b:00007f7e36aa9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 708.278671] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457579 [ 708.285937] RDX: fffffffffffffe4e RSI: 0000000020000000 RDI: 0000000000000003 [ 708.293896] RBP: 000000000072bf00 R08: 00000000200000c0 R09: 0000000000000006 [ 708.303167] R10: 00000000000000c0 R11: 0000000000000246 R12: 00007f7e36aaa6d4 03:05:41 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) pipe2(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) ioctl$UI_SET_ABSBIT(r1, 0x40045567, 0x2) ioctl$sock_inet_SIOCRTMSG(r0, 0x890d, &(0x7f0000000100)={0x6, {0x2, 0x4e24, @remote}, {0x2, 0x4e22}, {0x2, 0x7, @multicast2}, 0x4, 0xa0, 0xa, 0x200, 0x38, &(0x7f0000000000)='ip6gretap0\x00', 0x1, 0x10000, 0x2}) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) r3 = syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x7, 0x100) ioctl$EVIOCSREP(r3, 0x40084503, &(0x7f0000000180)=[0x7f, 0x2]) sendto$inet(r2, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r2, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) 03:05:41 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x30750000]}, 0x6) 03:05:41 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x80550000]}, 0x6) [ 708.311655] R13: 00000000004c3929 R14: 00000000004d57c0 R15: 00000000ffffffff 03:05:41 executing program 4: socket$inet_tcp(0x2, 0x1, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000100), 0x0, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @remote}, 0x212) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) signalfd4(r0, &(0x7f0000000000)={0x6}, 0x8, 0x80800) 03:05:41 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x6bf6ffff00000000]}, 0x6) [ 708.471415] Task in /syz3 killed as a result of limit of /syz3 [ 708.498173] memory: usage 204776kB, limit 204800kB, failcnt 3198 [ 708.523370] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 708.542968] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 03:05:41 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xa8050000]}, 0x6) 03:05:41 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x4c1d]}, 0x6) 03:05:41 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) r1 = syz_open_dev$admmidi(&(0x7f0000000180)='/dev/admmidi#\x00', 0x7413a7a4, 0x1) ioctl$VT_OPENQRY(r1, 0x5600, &(0x7f0000000140)) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) ioctl$sock_SIOCOUTQ(r0, 0x5411, &(0x7f0000000000)) [ 708.562846] Memory cgroup stats for /syz3: cache:0KB rss:4248KB rss_huge:4096KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:4256KB inactive_file:0KB active_file:0KB unevictable:0KB [ 708.584348] Memory cgroup out of memory: Kill process 26738 (syz-executor3) score 181 or sacrifice child [ 708.595041] Killed process 26738 (syz-executor3) total-vm:70472kB, anon-rss:4204kB, file-rss:32768kB, shmem-rss:0kB [ 708.608547] oom_reaper: reaped process 26738 (syz-executor3), now anon-rss:0kB, file-rss:32736kB, shmem-rss:0kB 03:05:41 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[], 0x0) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:41 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x59a5]}, 0x6) 03:05:41 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x400000000000000]}, 0x6) 03:05:41 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(0xffffffffffffffff) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:41 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r0, 0x84, 0x7, &(0x7f0000000280)={0x4}, 0x4) setsockopt$inet_buf(r0, 0x0, 0x2f, &(0x7f0000000100)="0dc5c68157d5288d9e169e478f286d00d13cb88ea081cf6ee5922e2fd30db9e3b61613f775faa60aa88551e737fab53fa487042849f02d2bae67244c1b33ab5596103167136a3ffc5d4c97bcb94db383fcfb59ae5e4a974ab60081f45e499a4d017dc5c1f727e53050efc41ed65fbe72b5906c170cbe37ddb25c0ea810b819123747db89312d87bd4891c4365c65aba429caca991ce21e5aab5a30e0f77e01a69d707a690d4716aadfcb7b45798aa6a0b5f72eab14d75ba54977ae118f18684587edd10875711f5e", 0xc8) ioctl$sock_inet_SIOCGARP(r0, 0x8954, &(0x7f0000000000)={{0x2, 0x4e23, @multicast2}, {0x8cb486875a6e8d17, @random="591b8899a0d9"}, 0x2, {0x2, 0x4e23, @multicast1}, 'bond_slave_0\x00'}) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x200200, 0x0) setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r1, 0x84, 0x4, &(0x7f0000000240)=0x7, 0x4) [ 708.712859] syz-executor3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=3, oom_score_adj=0 [ 708.757334] syz-executor3 cpuset=syz3 [ 708.781802] mems_allowed=0 [ 708.786892] CPU: 0 PID: 26806 Comm: syz-executor3 Not tainted 4.19.0-rc6+ #265 [ 708.794295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 708.803658] Call Trace: [ 708.806264] dump_stack+0x1c4/0x2b4 [ 708.809899] ? dump_stack_print_info.cold.2+0x52/0x52 [ 708.815092] ? mark_held_locks+0x130/0x130 [ 708.819330] ? mark_held_locks+0x130/0x130 [ 708.823578] dump_header+0x27b/0xf72 [ 708.828011] ? pagefault_out_of_memory+0x197/0x197 [ 708.834707] ? check_preemption_disabled+0x48/0x200 [ 708.839987] ? check_preemption_disabled+0x48/0x200 [ 708.845011] ? graph_lock+0x170/0x170 [ 708.848821] ? graph_lock+0x170/0x170 [ 708.852622] ? print_usage_bug+0xc0/0xc0 [ 708.856685] ? find_held_lock+0x36/0x1c0 [ 708.860753] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 708.866290] ? find_held_lock+0x36/0x1c0 [ 708.870360] ? mark_held_locks+0xc7/0x130 [ 708.874529] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 708.879633] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 708.884733] ? lockdep_hardirqs_on+0x421/0x5c0 [ 708.889321] ? trace_hardirqs_on+0xbd/0x310 [ 708.893637] ? kasan_check_read+0x11/0x20 [ 708.897786] ? ___ratelimit+0x36f/0x655 [ 708.901758] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 708.907215] ? trace_hardirqs_on+0x310/0x310 [ 708.911620] ? lock_downgrade+0x900/0x900 [ 708.915772] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 708.920876] ? ___ratelimit+0xaa/0x655 [ 708.924764] ? idr_get_free+0xec0/0xec0 [ 708.928737] ? kasan_check_write+0x14/0x20 [ 708.932974] ? do_raw_spin_lock+0xc1/0x200 [ 708.937219] oom_kill_process.cold.27+0x10/0x903 [ 708.941974] ? kasan_check_write+0x14/0x20 [ 708.946210] ? do_raw_spin_lock+0xc1/0x200 [ 708.950713] ? oom_evaluate_task+0x540/0x540 [ 708.955124] ? cgroup_procs_next+0x70/0x70 [ 708.959359] ? _raw_spin_unlock_irq+0x60/0x80 [ 708.963853] ? oom_badness+0xaa0/0xaa0 [ 708.967743] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 708.972501] ? mem_cgroup_iter_break+0x30/0x30 [ 708.977095] ? mark_held_locks+0xc7/0x130 [ 708.981244] out_of_memory+0xa84/0x1430 [ 708.985218] ? lockdep_hardirqs_on+0x421/0x5c0 [ 708.989801] ? kasan_check_read+0x11/0x20 [ 708.993947] ? oom_killer_disable+0x3a0/0x3a0 [ 708.998440] ? kasan_check_write+0x14/0x20 [ 709.002674] ? do_raw_spin_lock+0xc1/0x200 [ 709.006919] mem_cgroup_out_of_memory+0x15e/0x210 [ 709.011768] ? memcg_memory_event+0x40/0x40 [ 709.016085] ? mem_cgroup_charge_skmem+0x1e4/0x390 [ 709.021020] ? page_counter_try_charge+0x1c1/0x220 [ 709.025953] try_charge+0xc43/0x1690 [ 709.029682] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 709.035741] ? tcp_sendmsg+0x2f/0x50 [ 709.039452] ? sock_sendmsg+0xd5/0x120 [ 709.043334] ? __sys_sendto+0x3d7/0x670 [ 709.047609] ? graph_lock+0x170/0x170 [ 709.051406] ? graph_lock+0x170/0x170 [ 709.055212] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 709.060750] ? check_preemption_disabled+0x48/0x200 [ 709.065762] ? check_preemption_disabled+0x48/0x200 [ 709.070791] ? mark_held_locks+0xc7/0x130 [ 709.074939] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 709.079868] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 709.084795] ? lockdep_hardirqs_on+0x421/0x5c0 [ 709.089384] ? rcu_read_lock_sched_held+0x108/0x120 [ 709.094404] ? __sk_mem_raise_allocated+0x642/0x1800 [ 709.099507] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 709.104959] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 709.110497] ? check_preemption_disabled+0x48/0x200 [ 709.115518] mem_cgroup_charge_skmem+0x1e4/0x390 [ 709.120276] ? mem_cgroup_sk_free+0x90/0x90 [ 709.124608] __sk_mem_raise_allocated+0x642/0x1800 [ 709.129542] ? futex_wait_queue_me+0x55d/0x840 [ 709.134131] ? sk_busy_loop_end+0x1c0/0x1c0 [ 709.138460] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 709.144002] ? alloc_pages_current+0x114/0x210 [ 709.148587] ? skb_page_frag_refill+0x1eb/0x6a0 [ 709.153262] ? sock_kzfree_s+0x60/0x60 [ 709.157167] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 709.162198] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 709.168082] ? tcp_chrono_start+0x190/0x1e0 [ 709.173793] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 709.181505] ? skb_entail+0x618/0x8c0 [ 709.186190] ? tcp_rate_check_app_limited+0x121/0x460 [ 709.192861] ? tcp_splice_data_recv+0x1b0/0x1b0 [ 709.198994] __sk_mem_schedule+0x6d/0xe0 [ 709.204498] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 709.211610] tcp_sendmsg_locked+0x1c86/0x3f00 [ 709.217151] ? __fget+0x4a0/0x740 [ 709.220631] ? tcp_sendpage+0x60/0x60 [ 709.224432] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 709.229967] ? aa_label_sk_perm+0x46d/0x8e0 [ 709.234296] ? find_held_lock+0x36/0x1c0 [ 709.238370] ? mark_held_locks+0xc7/0x130 [ 709.242521] ? __local_bh_enable_ip+0x160/0x260 [ 709.247205] ? __local_bh_enable_ip+0x160/0x260 [ 709.251875] ? trace_hardirqs_on+0xbd/0x310 [ 709.256202] ? lock_release+0x970/0x970 [ 709.260190] ? lock_sock_nested+0xe2/0x120 [ 709.264429] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 709.269877] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 709.275413] ? check_preemption_disabled+0x48/0x200 [ 709.280430] ? lock_sock_nested+0x9a/0x120 [ 709.284679] ? lock_sock_nested+0x9a/0x120 [ 709.288919] ? __local_bh_enable_ip+0x160/0x260 [ 709.293593] tcp_sendmsg+0x2f/0x50 [ 709.297153] inet_sendmsg+0x1a1/0x690 [ 709.300971] ? ipip_gro_receive+0x100/0x100 [ 709.305312] ? apparmor_socket_sendmsg+0x29/0x30 [ 709.310068] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 709.315605] ? security_socket_sendmsg+0x94/0xc0 [ 709.320376] ? ipip_gro_receive+0x100/0x100 [ 709.324699] sock_sendmsg+0xd5/0x120 [ 709.328417] __sys_sendto+0x3d7/0x670 [ 709.332222] ? __ia32_sys_getpeername+0xb0/0xb0 [ 709.336887] ? lock_release+0x970/0x970 [ 709.340859] ? arch_local_save_flags+0x40/0x40 [ 709.345443] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 709.350893] ? aa_af_perm+0x5a0/0x5a0 [ 709.354716] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 709.360267] ? put_timespec64+0x10f/0x1b0 [ 709.364413] ? nsecs_to_jiffies+0x30/0x30 [ 709.368566] ? do_syscall_64+0x9a/0x820 [ 709.372539] ? do_syscall_64+0x9a/0x820 [ 709.376514] ? lockdep_hardirqs_on+0x421/0x5c0 [ 709.381095] ? trace_hardirqs_on+0xbd/0x310 [ 709.385416] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 709.390952] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 709.396589] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 709.402042] __x64_sys_sendto+0xe1/0x1a0 [ 709.406123] do_syscall_64+0x1b9/0x820 [ 709.410005] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 709.415372] ? syscall_return_slowpath+0x5e0/0x5e0 [ 709.420299] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 709.425140] ? trace_hardirqs_on_caller+0x310/0x310 [ 709.430173] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 709.435225] ? prepare_exit_to_usermode+0x291/0x3b0 [ 709.440247] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 709.445093] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 709.450277] RIP: 0033:0x457579 03:05:42 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x8055]}, 0x6) [ 709.453471] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 709.472369] RSP: 002b:00007f7e36aa9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 709.480079] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457579 [ 709.487341] RDX: fffffffffffffe4e RSI: 0000000020000000 RDI: 0000000000000003 [ 709.494605] RBP: 000000000072bf00 R08: 00000000200000c0 R09: 0000000000000006 [ 709.501901] R10: 00000000000000c0 R11: 0000000000000246 R12: 00007f7e36aaa6d4 [ 709.509178] R13: 00000000004c3929 R14: 00000000004d57c0 R15: 00000000ffffffff 03:05:42 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0xa00]}, 0x6) 03:05:42 executing program 4: r0 = socket$inet(0x2, 0x10e, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @remote}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f00000003c0)=ANY=[@ANYBLOB="7261770000000000ff7f00000000f52c4a010bfca6a961000048020000f8000000f8000000f8000000b0010000b0010000b00100000300000000000000000069b31600000000000000", @ANYPTR=&(0x7f0000000000)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'], @ANYBLOB="00000000e0000001ffffffffff0000007465716c30000000000000000000000076657468300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff000000000000000000000000000000bf0000420000000000000000000000000000c000f8000000000000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000a0000000000000038005345540000000000000000000000000000000000000000000000000000030400b804060002cc0900090014f1fffffaffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d3ffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800b80000000000000000000000000000000000000000000000000020005452414345000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000994a00000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff00000000"], 0x2a8) sendto$inet(r0, &(0x7f0000000200)="062d70932ff305eef9227c055b976b4bdf4fdec019dd83aa2cdb38f5fc5aff78b1a519c15498c3545387d5741e7dffd1ae62b74b056960da62f8e3fcfec0aa8f7380", 0x42, 0xc0, &(0x7f00000000c0)={0x2, 0x400000000000000}, 0x10) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(0xffffffffffffff9c, 0x84, 0x73, &(0x7f0000000040)={0x0, 0xfffffffffffffff8, 0x36c3cd199b74ba9c, 0x1, 0x1fa}, &(0x7f0000000100)=0x18) add_key$user(&(0x7f0000000180)='user\x00', &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000280)="d9dbdf2eccbed915e9aeda9ac734ab19209e5a687e02494fbb690797087746435e0c86ccfa3f5db29d66b1c85078e4bf9ab634e43e756f2a93362d856a65e91b19a9a4f5a86f125ba887d10f1fbf5a5c8ac1847261626969d8fd5b1ba8074eab3870d18d947400b1d3cd20e6368afde259c3a5379b05a6148c4c08963cddef26a6e1aee48e2177cb7044b41b2d55b78723f143ee8502754a452a3ce7b724e46e355fec45daf023bc608270cbc918794981187d6fc8e96c5fb3172c0b62efa0eec92ab968d83d8c75451d8f326de73a15ddcd5bd706012ca0bd56504fcf9b7897fb12b2a5c3916e2846a7afb0da05da5dc8089abe", 0xf4, 0xfffffffffffffff9) setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000140)={r1}, 0x8) [ 709.578521] Task in /syz3 killed as a result of limit of /syz3 [ 709.619782] memory: usage 204800kB, limit 204800kB, failcnt 3217 [ 709.638206] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 709.653325] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 03:05:42 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) [ 709.672518] Memory cgroup stats for /syz3: cache:0KB rss:4228KB rss_huge:4096KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:4248KB inactive_file:0KB active_file:0KB unevictable:0KB [ 709.727146] Memory cgroup out of memory: Kill process 26804 (syz-executor3) score 181 or sacrifice child 03:05:42 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x700]}, 0x6) 03:05:42 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x1100]}, 0x6) 03:05:42 executing program 4: r0 = socket$inet(0x2, 0x4002000000000001, 0x0) r1 = fcntl$dupfd(r0, 0x406, r0) ioctl$UI_END_FF_ERASE(r1, 0x400c55cb, &(0x7f0000000280)={0x9, 0xd4db, 0x3}) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) write(r0, &(0x7f0000000000), 0x0) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) getsockopt$inet_dccp_buf(r0, 0x21, 0x8f, &(0x7f0000000100)=""/237, &(0x7f0000000000)=0xed) 03:05:42 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xa5590000]}, 0x6) 03:05:42 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x3e8]}, 0x6) [ 709.779792] Killed process 26804 (syz-executor3) total-vm:70472kB, anon-rss:4204kB, file-rss:32768kB, shmem-rss:0kB [ 709.808211] oom_reaper: reaped process 26804 (syz-executor3), now anon-rss:0kB, file-rss:32724kB, shmem-rss:0kB 03:05:42 executing program 4: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vga_arbiter\x00', 0x80000, 0x0) ioctl$VT_GETSTATE(r0, 0x5603, &(0x7f0000000240)={0x2, 0x2, 0x1}) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r1, &(0x7f0000000180)="ccb0ef4db5767562e8a8b939878044c14b86f00dd0df1d11dc8d05677a82daa171638a58cefbe77d58b2544884e636e22b11b0b037c07a1e9f56afa1ae1f7eca53f6c6718c0d8c2550603011d60cf1dccf9964f0667c3e438bde3b10664ec66635c3fc8d1b0bdf591090d7bbd20b32274aad39c8bb381655d792a5e6c9283049a97e131f97c8", 0x0, 0x100020000802, &(0x7f0000000140)={0x2, 0x4e21}, 0x0) ioctl$FICLONE(r1, 0x40049409, r1) r2 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x4, 0x800) setsockopt$bt_BT_VOICE(r2, 0x112, 0xb, &(0x7f0000000280)=0x2, 0x1) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_INFO(r2, 0xc0bc5310, &(0x7f00000002c0)) sendto$inet(r1, &(0x7f0000000000), 0x398, 0xc3, &(0x7f00000000c0)={0x2, 0x4e21, @local}, 0x10) setsockopt$packet_int(r2, 0x107, 0x1b, &(0x7f0000000040)=0xd2dc, 0x4) 03:05:42 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0xf401000000000000]}, 0x6) 03:05:42 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setxattr$security_smack_transmute(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000100)='TRUE', 0x4, 0x3) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) [ 710.001621] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=2, oom_score_adj=0 [ 710.031065] syz-executor1 cpuset=syz1 mems_allowed=0 [ 710.036571] CPU: 0 PID: 26843 Comm: syz-executor1 Not tainted 4.19.0-rc6+ #265 03:05:42 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e21, 0x6, @mcast1, 0x1}, @in6={0xa, 0x4e21, 0x7, @dev={0xfe, 0x80, [], 0x15}, 0xfffffffffffffffe}, @in={0x2, 0x4e21, @rand_addr=0x401}, @in6={0xa, 0x4e23, 0x3, @dev={0xfe, 0x80, [], 0xf}, 0xb1}, @in={0x2, 0x4e23, @loopback}], 0x74) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) [ 710.043943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 710.053305] Call Trace: [ 710.055906] dump_stack+0x1c4/0x2b4 [ 710.059553] ? dump_stack_print_info.cold.2+0x52/0x52 [ 710.064767] ? mark_held_locks+0x130/0x130 [ 710.069017] ? mark_held_locks+0x130/0x130 [ 710.073264] dump_header+0x27b/0xf72 [ 710.076998] ? pagefault_out_of_memory+0x197/0x197 [ 710.081947] ? check_preemption_disabled+0x48/0x200 [ 710.086986] ? check_preemption_disabled+0x48/0x200 [ 710.087013] ? graph_lock+0x170/0x170 [ 710.087037] ? graph_lock+0x170/0x170 03:05:42 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000040), 0x0, 0xc0, &(0x7f00000000c0)={0x2, 0x2000}, 0x10) socketpair$inet(0x2, 0x800, 0x3ff, &(0x7f0000000000)) [ 710.087057] ? print_usage_bug+0xc0/0xc0 [ 710.095869] ? find_held_lock+0x36/0x1c0 [ 710.107765] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 710.113314] ? find_held_lock+0x36/0x1c0 [ 710.117386] ? mark_held_locks+0xc7/0x130 [ 710.117406] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 710.117422] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 710.117438] ? lockdep_hardirqs_on+0x421/0x5c0 [ 710.117456] ? trace_hardirqs_on+0xbd/0x310 [ 710.117469] ? kasan_check_read+0x11/0x20 [ 710.117485] ? ___ratelimit+0x36f/0x655 [ 710.117505] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 710.156095] ? trace_hardirqs_on+0x310/0x310 [ 710.156112] ? lock_downgrade+0x900/0x900 [ 710.156135] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 710.156169] ? ___ratelimit+0xaa/0x655 [ 710.164710] ? idr_get_free+0xec0/0xec0 [ 710.177659] ? kasan_check_write+0x14/0x20 [ 710.181907] ? do_raw_spin_lock+0xc1/0x200 [ 710.186175] oom_kill_process.cold.27+0x10/0x903 [ 710.192000] ? kasan_check_write+0x14/0x20 [ 710.196419] ? do_raw_spin_lock+0xc1/0x200 03:05:42 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0x0, 0x200007fe, &(0x7f0000000000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) [ 710.200676] ? oom_evaluate_task+0x540/0x540 [ 710.205102] ? cgroup_procs_next+0x70/0x70 [ 710.209357] ? _raw_spin_unlock_irq+0x60/0x80 [ 710.213866] ? oom_badness+0xaa0/0xaa0 [ 710.217770] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 710.222541] ? mem_cgroup_iter_break+0x30/0x30 [ 710.227149] ? mark_held_locks+0xc7/0x130 [ 710.231335] out_of_memory+0xa84/0x1430 [ 710.235318] ? lockdep_hardirqs_on+0x421/0x5c0 [ 710.239909] ? kasan_check_read+0x11/0x20 [ 710.244071] ? oom_killer_disable+0x3a0/0x3a0 [ 710.248576] ? kasan_check_write+0x14/0x20 [ 710.252824] ? do_raw_spin_lock+0xc1/0x200 [ 710.257083] mem_cgroup_out_of_memory+0x15e/0x210 [ 710.261932] ? memcg_memory_event+0x40/0x40 [ 710.266260] ? mem_cgroup_charge_skmem+0x1e4/0x390 [ 710.271217] ? page_counter_try_charge+0x1c1/0x220 [ 710.276171] try_charge+0xc43/0x1690 [ 710.279915] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 710.285982] ? mark_held_locks+0xc7/0x130 [ 710.286002] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 710.286019] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 710.286038] ? lockdep_hardirqs_on+0x421/0x5c0 [ 710.295119] ? trace_hardirqs_on+0xbd/0x310 [ 710.295140] ? check_preemption_disabled+0x48/0x200 [ 710.295168] ? __sk_mem_raise_allocated+0x642/0x1800 [ 710.295196] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 710.324529] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 710.330080] ? mark_held_locks+0xc7/0x130 [ 710.334850] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 710.339966] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 710.344908] ? lockdep_hardirqs_on+0x421/0x5c0 [ 710.349509] ? __sk_mem_raise_allocated+0x642/0x1800 [ 710.354626] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 710.360089] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 710.365644] ? check_preemption_disabled+0x48/0x200 [ 710.370672] ? __sk_mem_raise_allocated+0x721/0x1800 [ 710.375800] mem_cgroup_charge_skmem+0x1e4/0x390 [ 710.380572] ? mem_cgroup_sk_free+0x90/0x90 [ 710.384902] __sk_mem_raise_allocated+0x642/0x1800 [ 710.389822] ? sk_busy_loop_end+0x1c0/0x1c0 [ 710.394131] ? sk_alloc_sg+0xa00/0xa00 [ 710.398005] ? arch_local_save_flags+0x40/0x40 [ 710.402580] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 710.407585] ? skb_page_frag_refill+0x1eb/0x6a0 [ 710.412241] ? sock_kzfree_s+0x60/0x60 [ 710.416115] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 710.421641] ? sk_stream_alloc_skb+0x34b/0x970 [ 710.426213] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 710.431736] ? skb_entail+0x618/0x8c0 [ 710.435536] ? tcp_rate_check_app_limited+0x121/0x460 [ 710.440715] ? tcp_splice_data_recv+0x1b0/0x1b0 [ 710.445371] __sk_mem_schedule+0x6d/0xe0 [ 710.449418] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 710.454946] tcp_sendmsg_locked+0x1c86/0x3f00 [ 710.459441] ? tcp_sendpage+0x60/0x60 [ 710.463233] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 710.468753] ? aa_label_sk_perm+0x46d/0x8e0 [ 710.473079] ? find_held_lock+0x36/0x1c0 [ 710.477131] ? mark_held_locks+0xc7/0x130 [ 710.481266] ? __local_bh_enable_ip+0x160/0x260 [ 710.485935] ? __local_bh_enable_ip+0x160/0x260 [ 710.490601] ? trace_hardirqs_on+0xbd/0x310 [ 710.494909] ? lock_release+0x970/0x970 [ 710.498868] ? lock_sock_nested+0xe2/0x120 [ 710.503091] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 710.508528] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 710.514060] ? check_preemption_disabled+0x48/0x200 [ 710.519076] ? lock_sock_nested+0x9a/0x120 [ 710.523306] ? lock_sock_nested+0x9a/0x120 [ 710.527530] ? __local_bh_enable_ip+0x160/0x260 [ 710.532199] tcp_sendmsg+0x2f/0x50 [ 710.535737] inet_sendmsg+0x1a1/0x690 [ 710.539548] ? ipip_gro_receive+0x100/0x100 [ 710.543860] ? apparmor_socket_sendmsg+0x29/0x30 [ 710.548611] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 710.554158] ? security_socket_sendmsg+0x94/0xc0 [ 710.558939] ? ipip_gro_receive+0x100/0x100 [ 710.563261] sock_sendmsg+0xd5/0x120 [ 710.566976] __sys_sendto+0x3d7/0x670 [ 710.570780] ? __ia32_sys_getpeername+0xb0/0xb0 [ 710.575432] ? lock_release+0x970/0x970 [ 710.579423] ? arch_local_save_flags+0x40/0x40 [ 710.583994] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 710.589470] ? aa_af_perm+0x5a0/0x5a0 [ 710.593272] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 710.598795] ? put_timespec64+0x10f/0x1b0 [ 710.602928] ? nsecs_to_jiffies+0x30/0x30 [ 710.607169] ? do_syscall_64+0x9a/0x820 [ 710.612616] ? do_syscall_64+0x9a/0x820 [ 710.617358] ? lockdep_hardirqs_on+0x421/0x5c0 [ 710.621926] ? trace_hardirqs_on+0xbd/0x310 [ 710.626267] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 710.631793] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 710.637967] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 710.643408] __x64_sys_sendto+0xe1/0x1a0 [ 710.647457] do_syscall_64+0x1b9/0x820 [ 710.651331] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 710.656696] ? syscall_return_slowpath+0x5e0/0x5e0 [ 710.662155] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 710.667018] ? trace_hardirqs_on_caller+0x310/0x310 [ 710.672037] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 710.677055] ? prepare_exit_to_usermode+0x291/0x3b0 [ 710.682082] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 710.686931] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 710.692124] RIP: 0033:0x457579 [ 710.695320] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 710.715346] RSP: 002b:00007f2ad8052c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 710.723500] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457579 [ 710.730771] RDX: fffffffffffffe4e RSI: 0000000020000000 RDI: 0000000000000003 [ 710.738041] RBP: 000000000072bf00 R08: 00000000200000c0 R09: 0000000000000006 [ 710.745309] R10: 00000000000000c0 R11: 0000000000000246 R12: 00007f2ad80536d4 03:05:43 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x0, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:43 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x28c5080000000000]}, 0x6) [ 710.752575] R13: 00000000004c3929 R14: 00000000004d57c0 R15: 00000000ffffffff [ 710.768981] Task in /syz1 killed as a result of limit of /syz1 [ 710.777234] memory: usage 204732kB, limit 204800kB, failcnt 4073 [ 710.783483] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 710.790386] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 710.797773] Memory cgroup stats for /syz1: cache:224KB rss:4288KB rss_huge:4096KB shmem:224KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:4260KB inactive_file:0KB active_file:0KB unevictable:0KB 03:05:43 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x7000000]}, 0x6) 03:05:43 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) clock_gettime(0x0, &(0x7f000000c180)={0x0, 0x0}) recvmmsg(r0, &(0x7f000000bf40)=[{{&(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @broadcast}}}, 0x80, &(0x7f0000002300)=[{&(0x7f0000000100)=""/229, 0xe5}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/110, 0x6e}, {&(0x7f0000001280)=""/4096, 0x1000}, {&(0x7f0000002280)=""/47, 0x2f}, {&(0x7f00000022c0)=""/59, 0x3b}], 0x6, &(0x7f0000002380)=""/93, 0x5d, 0x2}, 0x7}, {{&(0x7f0000002400)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000002780)=[{&(0x7f0000002480)=""/34, 0x22}, {&(0x7f00000024c0)=""/104, 0x68}, {&(0x7f0000002540)=""/200, 0xc8}, {&(0x7f0000002640)=""/16, 0x10}, {&(0x7f0000002680)=""/202, 0xca}], 0x5, &(0x7f0000002800)=""/102, 0x66, 0x4}}, {{&(0x7f0000002880)=@ethernet={0x0, @local}, 0x80, &(0x7f0000004bc0)=[{&(0x7f0000002900)=""/148, 0x94}, {&(0x7f00000029c0)=""/231, 0xe7}, {&(0x7f0000002ac0)=""/111, 0x6f}, {&(0x7f0000002b40)=""/45, 0x2d}, {&(0x7f0000002b80)=""/4096, 0x1000}, {&(0x7f0000003b80)=""/4096, 0x1000}, {&(0x7f0000004b80)=""/27, 0x1b}], 0x7, &(0x7f0000004c40)=""/177, 0xb1, 0xec09}, 0x6}, {{&(0x7f0000004d00)=@alg, 0x80, &(0x7f0000005e40)=[{&(0x7f0000004d80)=""/4096, 0x1000}, {&(0x7f0000005d80)=""/172, 0xac}], 0x2, 0x0, 0x0, 0x4}, 0x9}, {{0x0, 0x0, &(0x7f0000005f80)=[{&(0x7f0000005e80)=""/91, 0x5b}, {&(0x7f0000005f00)=""/43, 0x2b}, {&(0x7f0000005f40)=""/53, 0x35}], 0x3, &(0x7f0000005fc0)=""/95, 0x5f, 0x101}, 0x5}, {{&(0x7f0000006040)=@ethernet={0x0, @random}, 0x80, &(0x7f0000008600)=[{&(0x7f00000060c0)=""/135, 0x87}, {&(0x7f0000006180)=""/255, 0xff}, {&(0x7f0000006280)=""/160, 0xa0}, {&(0x7f0000006340)=""/55, 0x37}, {&(0x7f0000006380)=""/4096, 0x1000}, {&(0x7f0000007380)=""/129, 0x81}, {&(0x7f0000007440)=""/4096, 0x1000}, {&(0x7f0000008440)=""/71, 0x47}, {&(0x7f00000084c0)=""/129, 0x81}, {&(0x7f0000008580)=""/74, 0x4a}], 0xa, &(0x7f00000086c0)=""/35, 0x23, 0x4}, 0x5}, {{&(0x7f0000008700)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @rand_addr}}}, 0x80, &(0x7f0000008900)=[{&(0x7f0000008780)=""/143, 0x8f}, {&(0x7f0000008840)=""/168, 0xa8}], 0x2, &(0x7f0000008940)=""/4096, 0x1000, 0x9}, 0x75}, {{&(0x7f0000009940)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @loopback}}}, 0x80, &(0x7f0000009a40)=[{&(0x7f00000099c0)=""/101, 0x65}], 0x1, 0x0, 0x0, 0xf01}, 0x4}, {{&(0x7f0000009a80)=@pptp={0x18, 0x2, {0x0, @remote}}, 0x80, &(0x7f000000be40)=[{&(0x7f0000009b00)=""/205, 0xcd}, {&(0x7f0000009c00)=""/36, 0x24}, {&(0x7f0000009c40)=""/4096, 0x1000}, {&(0x7f000000ac40)=""/46, 0x2e}, {&(0x7f000000ac80)=""/169, 0xa9}, {&(0x7f000000ad40)=""/112, 0x70}, {&(0x7f000000adc0)=""/123, 0x7b}, {&(0x7f000000ae40)=""/4096, 0x1000}], 0x8, &(0x7f000000bec0)=""/101, 0x65, 0xe}, 0x401}], 0x9, 0x40000000, &(0x7f000000c1c0)={r1, r2+10000000}) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f000000c200)={0x0, @in6={{0xa, 0x4e24, 0x10000, @remote, 0x2}}}, &(0x7f000000c2c0)=0x84) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, &(0x7f000000c300)={r4, 0x4}, &(0x7f000000c340)=0x8) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) 03:05:43 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0xe803]}, 0x6) 03:05:43 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0xe000000]}, 0x6) 03:05:43 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x240]}, 0x6) [ 710.856082] Memory cgroup out of memory: Kill process 26841 (syz-executor1) score 181 or sacrifice child [ 710.865887] Killed process 26841 (syz-executor1) total-vm:70472kB, anon-rss:4204kB, file-rss:32768kB, shmem-rss:0kB [ 710.879666] oom_reaper: reaped process 26841 (syz-executor1), now anon-rss:0kB, file-rss:32740kB, shmem-rss:0kB [ 710.976287] syz-executor1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=3, oom_score_adj=0 [ 711.001498] syz-executor1 cpuset=syz1 mems_allowed=0 [ 711.010224] CPU: 0 PID: 26894 Comm: syz-executor1 Not tainted 4.19.0-rc6+ #265 03:05:43 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0xe8030000]}, 0x6) 03:05:43 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xe00]}, 0x6) [ 711.017610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 711.026972] Call Trace: [ 711.029589] dump_stack+0x1c4/0x2b4 [ 711.033240] ? dump_stack_print_info.cold.2+0x52/0x52 [ 711.038447] ? mark_held_locks+0x130/0x130 [ 711.042694] ? mark_held_locks+0x130/0x130 [ 711.046948] dump_header+0x27b/0xf72 [ 711.050685] ? pagefault_out_of_memory+0x197/0x197 [ 711.050706] ? check_preemption_disabled+0x48/0x200 [ 711.050723] ? check_preemption_disabled+0x48/0x200 [ 711.050749] ? graph_lock+0x170/0x170 [ 711.050771] ? graph_lock+0x170/0x170 03:05:43 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x3400]}, 0x6) [ 711.060712] ? print_usage_bug+0xc0/0xc0 [ 711.060732] ? find_held_lock+0x36/0x1c0 [ 711.060751] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 711.060772] ? find_held_lock+0x36/0x1c0 [ 711.060795] ? mark_held_locks+0xc7/0x130 [ 711.060814] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 711.100321] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 711.105437] ? lockdep_hardirqs_on+0x421/0x5c0 [ 711.110029] ? trace_hardirqs_on+0xbd/0x310 [ 711.114360] ? kasan_check_read+0x11/0x20 [ 711.118525] ? ___ratelimit+0x36f/0x655 03:05:43 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x700]}, 0x6) [ 711.122516] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 711.127977] ? trace_hardirqs_on+0x310/0x310 [ 711.132397] ? lock_downgrade+0x900/0x900 [ 711.136568] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 711.142732] ? ___ratelimit+0xaa/0x655 [ 711.146636] ? idr_get_free+0xec0/0xec0 [ 711.150623] ? kasan_check_write+0x14/0x20 [ 711.154872] ? do_raw_spin_lock+0xc1/0x200 [ 711.159124] oom_kill_process.cold.27+0x10/0x903 [ 711.163898] ? kasan_check_write+0x14/0x20 [ 711.168142] ? do_raw_spin_lock+0xc1/0x200 [ 711.172410] ? oom_evaluate_task+0x540/0x540 03:05:43 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x2e000000]}, 0x6) [ 711.176834] ? cgroup_procs_next+0x70/0x70 [ 711.181085] ? _raw_spin_unlock_irq+0x60/0x80 [ 711.185601] ? oom_badness+0xaa0/0xaa0 [ 711.189504] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 711.194271] ? mem_cgroup_iter_break+0x30/0x30 [ 711.198878] ? mark_held_locks+0xc7/0x130 [ 711.203042] out_of_memory+0xa84/0x1430 [ 711.207026] ? lockdep_hardirqs_on+0x421/0x5c0 [ 711.211619] ? kasan_check_read+0x11/0x20 [ 711.215784] ? oom_killer_disable+0x3a0/0x3a0 [ 711.220289] ? kasan_check_write+0x14/0x20 [ 711.224533] ? do_raw_spin_lock+0xc1/0x200 [ 711.224565] mem_cgroup_out_of_memory+0x15e/0x210 [ 711.224580] ? memcg_memory_event+0x40/0x40 [ 711.224602] ? mem_cgroup_charge_skmem+0x1e4/0x390 [ 711.233674] ? page_counter_try_charge+0x1c1/0x220 [ 711.233696] try_charge+0xc43/0x1690 [ 711.233726] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 711.233746] ? tcp_sendmsg+0x2f/0x50 [ 711.261350] ? sock_sendmsg+0xd5/0x120 [ 711.265252] ? __sys_sendto+0x3d7/0x670 [ 711.269240] ? graph_lock+0x170/0x170 [ 711.273056] ? graph_lock+0x170/0x170 [ 711.276872] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 711.282419] ? check_preemption_disabled+0x48/0x200 [ 711.287442] ? check_preemption_disabled+0x48/0x200 [ 711.292480] ? mark_held_locks+0xc7/0x130 [ 711.296640] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 711.301581] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 711.306524] ? lockdep_hardirqs_on+0x421/0x5c0 [ 711.311122] ? rcu_read_lock_sched_held+0x108/0x120 [ 711.316213] ? __sk_mem_raise_allocated+0x642/0x1800 [ 711.321335] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 711.326795] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 711.332345] ? check_preemption_disabled+0x48/0x200 [ 711.337376] mem_cgroup_charge_skmem+0x1e4/0x390 [ 711.342145] ? mem_cgroup_sk_free+0x90/0x90 [ 711.346507] __sk_mem_raise_allocated+0x642/0x1800 [ 711.351452] ? futex_wait_queue_me+0x55d/0x840 [ 711.356051] ? sk_busy_loop_end+0x1c0/0x1c0 [ 711.360385] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 711.365945] ? alloc_pages_current+0x114/0x210 [ 711.370531] ? skb_page_frag_refill+0x1eb/0x6a0 [ 711.375214] ? sock_kzfree_s+0x60/0x60 [ 711.379102] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 711.384113] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 711.389129] ? tcp_chrono_start+0x190/0x1e0 [ 711.393441] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 711.398965] ? skb_entail+0x618/0x8c0 [ 711.402753] ? tcp_rate_check_app_limited+0x121/0x460 [ 711.407939] ? tcp_splice_data_recv+0x1b0/0x1b0 [ 711.412601] __sk_mem_schedule+0x6d/0xe0 [ 711.416646] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 711.422186] tcp_sendmsg_locked+0x1c86/0x3f00 [ 711.426674] ? __fget+0x4a0/0x740 [ 711.430124] ? tcp_sendpage+0x60/0x60 [ 711.433911] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 711.439694] ? aa_label_sk_perm+0x46d/0x8e0 [ 711.444007] ? find_held_lock+0x36/0x1c0 [ 711.448057] ? mark_held_locks+0xc7/0x130 [ 711.452200] ? __local_bh_enable_ip+0x160/0x260 [ 711.456855] ? __local_bh_enable_ip+0x160/0x260 [ 711.461513] ? trace_hardirqs_on+0xbd/0x310 [ 711.465819] ? lock_release+0x970/0x970 [ 711.469791] ? lock_sock_nested+0xe2/0x120 [ 711.474025] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 711.479465] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 711.484988] ? check_preemption_disabled+0x48/0x200 [ 711.489999] ? lock_sock_nested+0x9a/0x120 [ 711.494234] ? lock_sock_nested+0x9a/0x120 [ 711.498456] ? __local_bh_enable_ip+0x160/0x260 [ 711.503112] tcp_sendmsg+0x2f/0x50 [ 711.506638] inet_sendmsg+0x1a1/0x690 [ 711.510440] ? ipip_gro_receive+0x100/0x100 [ 711.514761] ? apparmor_socket_sendmsg+0x29/0x30 [ 711.519504] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 711.525820] ? security_socket_sendmsg+0x94/0xc0 [ 711.530561] ? ipip_gro_receive+0x100/0x100 [ 711.534868] sock_sendmsg+0xd5/0x120 [ 711.538579] __sys_sendto+0x3d7/0x670 [ 711.542380] ? __ia32_sys_getpeername+0xb0/0xb0 [ 711.547034] ? lock_release+0x970/0x970 [ 711.551001] ? arch_local_save_flags+0x40/0x40 [ 711.555582] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 711.561015] ? aa_af_perm+0x5a0/0x5a0 [ 711.564819] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 711.570343] ? put_timespec64+0x10f/0x1b0 [ 711.574478] ? nsecs_to_jiffies+0x30/0x30 [ 711.578614] ? do_syscall_64+0x9a/0x820 [ 711.582584] ? do_syscall_64+0x9a/0x820 [ 711.586558] ? lockdep_hardirqs_on+0x421/0x5c0 [ 711.591126] ? trace_hardirqs_on+0xbd/0x310 [ 711.595432] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 711.600959] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 711.606308] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 711.611747] __x64_sys_sendto+0xe1/0x1a0 [ 711.615824] do_syscall_64+0x1b9/0x820 [ 711.619704] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 711.625068] ? syscall_return_slowpath+0x5e0/0x5e0 [ 711.629981] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 711.634851] ? trace_hardirqs_on_caller+0x310/0x310 [ 711.639868] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 711.644871] ? prepare_exit_to_usermode+0x291/0x3b0 [ 711.649877] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 711.654721] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 711.659938] RIP: 0033:0x457579 [ 711.663119] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 711.682003] RSP: 002b:00007f2ad8052c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 711.689699] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457579 [ 711.696959] RDX: fffffffffffffe4e RSI: 0000000020000000 RDI: 0000000000000003 [ 711.704232] RBP: 000000000072bf00 R08: 00000000200000c0 R09: 0000000000000006 [ 711.711486] R10: 00000000000000c0 R11: 0000000000000246 R12: 00007f2ad80536d4 [ 711.718744] R13: 00000000004c3929 R14: 00000000004d57c0 R15: 00000000ffffffff [ 711.753748] Task in /syz1 killed as a result of limit of /syz1 [ 711.760249] memory: usage 185892kB, limit 204800kB, failcnt 4092 [ 711.766565] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 711.773577] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 711.779935] Memory cgroup stats for /syz1: cache:224KB rss:4276KB rss_huge:4096KB shmem:224KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:4248KB inactive_file:0KB active_file:0KB unevictable:0KB 03:05:44 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0), 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:44 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0xe00]}, 0x6) 03:05:44 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x3f00]}, 0x6) 03:05:44 executing program 4: r0 = socket$inet(0x2, 0x80802, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @remote}, 0xfffffffffffffff7) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='ipddp0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) [ 711.800697] Memory cgroup out of memory: Kill process 26893 (syz-executor1) score 181 or sacrifice child [ 711.800754] Killed process 26893 (syz-executor1) total-vm:70340kB, anon-rss:4204kB, file-rss:32768kB, shmem-rss:0kB [ 711.823473] oom_reaper: reaped process 26893 (syz-executor1), now anon-rss:0kB, file-rss:32724kB, shmem-rss:0kB 03:05:44 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0xfffffffe]}, 0x6) [ 711.855739] oom_reaper: reaped process 26891 (syz-executor3), now anon-rss:0kB, file-rss:32740kB, shmem-rss:0kB 03:05:44 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xfffff8eb]}, 0x6) 03:05:44 executing program 4: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x20000, 0x0) ioctl$EVIOCGLED(r0, 0x80404519, &(0x7f0000000440)=""/249) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000200)={0x0, @in6={{0xa, 0x4e20, 0x5975, @remote, 0x9}}, 0x765, 0x5}, &(0x7f0000000040)=0x90) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f00000002c0)={r1, 0x8}, &(0x7f0000000300)=0x8) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={0xffffffffffffffff, r0, 0x0, 0x7, &(0x7f0000000100)='wlan1:\x00'}, 0x30) waitid(0x0, r3, &(0x7f0000000180), 0x4, &(0x7f0000000340)) bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r2, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r2, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x600241, 0x0) 03:05:44 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xa]}, 0x6) 03:05:44 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x2e00]}, 0x6) 03:05:44 executing program 4: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x6) ioctl$sock_bt(r0, 0x8907, &(0x7f0000000040)="c79f4d1079e389e64a25cadee644178141507b0dd9016104ded00b73b2376ea8e24c78") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r1, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r1, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) 03:05:44 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xe803000000000000]}, 0x6) 03:05:44 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) r1 = syz_open_dev$dmmidi(&(0x7f0000000100)='/dev/dmmidi#\x00', 0x10, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) r2 = getpid() sched_setscheduler(r2, 0x5, &(0x7f0000000200)) mq_notify(0xffffffffffffffff, 0xffffffffffffffff) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) getsockopt$bt_BT_SECURITY(r1, 0x112, 0x4, &(0x7f0000000000), 0x2) 03:05:45 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0xf401]}, 0x6) 03:05:45 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x5a8]}, 0x6) 03:05:45 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0xffffffffffffffff]}, 0x6) 03:05:45 executing program 4: r0 = socket$inet(0x2, 0x6, 0x3e) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) r1 = open(&(0x7f0000000000)='./file0\x00', 0x400000, 0x100) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffff9c, 0x84, 0x1b, &(0x7f0000000100)={0x0, 0xe9, "d0d7dc11dc16a2bb14026d92822d709ca5a555efd3a15555cee6d1ed71e07ca4fc3cf78603c882d6389186a3d6a08e80b42e0aaf69593020d0d20f9bd87c7b48354752da3148dbcd8071413963fcd056869e5221a27532ae7dcb739ddaa0dafd98c5bb6cb9651bb8fe86124076e713d702b0f98da4d44cafe1db409b302d759010b3a545d51e49c714adea5f18295339f312a0b14aafb6241396653d112404d47154078e68b3bfa29fcb89bbd0d1ba1eddc38eff5a4384e258279f80cd3e1906484e118f58d3332bd7b407339c74bd8f913cf8015132968f8571d3dd936c7eca0c2f3bf0d3f577b9bf"}, &(0x7f0000000040)=0xf1) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000000200)={r2}, 0x8) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) 03:05:45 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(0xffffffffffffffff, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:45 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x3075000000000000]}, 0x6) 03:05:45 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(0xffffffffffffffff, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:45 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x3075]}, 0x6) 03:05:45 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/ip_tables_targets\x00') ioctl$ASHMEM_GET_NAME(r1, 0x81007702, &(0x7f0000000100)=""/4096) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10) mq_unlink(&(0x7f0000001240)='net/ip_tables_targets\x00') write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000001100)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000040)={0xffffffffffffffff}, 0x13f, 0x8}}, 0x20) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000001280)={0x0}, &(0x7f00000012c0)=0xc) move_pages(r3, 0x1, &(0x7f0000001300)=[&(0x7f0000ffd000/0x2000)=nil], &(0x7f0000001340)=[0x6e708edf, 0x1, 0x63], &(0x7f0000001380)=[0x0, 0x0, 0x0, 0x0], 0x2) write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000001140)={0x3, 0x40, 0xfa00, {{0xa, 0x4e20, 0x1, @remote, 0x7}, {0xa, 0x4e23, 0x6, @dev={0xfe, 0x80, [], 0xc}, 0xfffffffffffffffb}, r2, 0x80}}, 0x48) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f00000011c0)=0x0) sched_getparam(r4, &(0x7f0000001200)) openat$urandom(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/urandom\x00', 0xc000, 0x0) 03:05:45 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xf401000000000000]}, 0x6) 03:05:45 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(0xffffffffffffffff, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:45 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x8000000]}, 0x6) 03:05:45 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0xa00000000000000]}, 0x6) 03:05:45 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x4]}, 0x6) 03:05:45 executing program 4: r0 = socket$inet(0x2, 0x4000000000000002, 0x7) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x101400, 0x0) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) socket$inet_icmp_raw(0x2, 0x3, 0x1) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) socket$xdp(0x2c, 0x3, 0x0) 03:05:45 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x0, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:45 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xe8030000]}, 0x6) 03:05:46 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) getsockopt$EBT_SO_GET_INIT_ENTRIES(r0, 0x0, 0x83, &(0x7f0000000180)={'broute\x00', 0x0, 0x4, 0x41, [], 0x2, &(0x7f0000000000)=[{}, {}], &(0x7f0000000100)=""/65}, &(0x7f0000000040)=0x78) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) 03:05:46 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x3400000000000000]}, 0x6) 03:05:46 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x0, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:46 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x983a0000]}, 0x6) 03:05:46 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000000)={0x0, 0x7}, &(0x7f0000000040)=0x8) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snapshot\x00', 0x4000, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f0000000140)={{{@in=@multicast2, @in6=@local}}, {{@in6=@dev}, 0x0, @in=@local}}, &(0x7f0000000240)=0xe8) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000001180)=ANY=[@ANYRES32=r1, @ANYBLOB="0010000006852433f35933c25b1d714079e1d96090055e073048499a4beea732ac9f9f55809860749f96e667f87469601bfd68e7f61223c132f0695a81b35885da205151daeaeb3c2db14ee844a1ea028e4bd6d5590b8da67dfac8cc7744d4fc1e20177c7a8b2e17fd2b6de52fe27a26661b4649e94ca4844904ddd61a4101baf2b57a6850869eba5caf3614fe05bc693fd7b16ba36362ad03eb25c7bb470f392e4be06acae2f22737f7abccecf56f2fcf61ba81615b65da2faabb87fd71cd068e82914f0f3616c61f352b58b39f1da4f28e6d4b0ce4a0c2aaa09e2cb59d9e0a4b8b17337fe5322c499097379d8c9bce278930db9ad30ffb8d325b579ae6b22100ef082a9557eece03e8c75174ffd5a7ef7154ed5acd3c14ad95398d701b66ec9f921624ceea16132ca324096d4004763849a17cdc0e032556daa11bcb225398969f83eee3f4b2fdfeea0d0bff79ff6ea8c153351fb80f5e9d019b8adde01e8fe468d713b18903446a746f16e6293c4591c43756acce5af2efc94b66d246c92f3c73e01091ddfe23ac6922945d4a9582b822eef021de368494a819372403fb4183a97857dd91e2d76390ec8288df637e571c21984d33fe425481f561d1814bd8d0d375e8dc1e8fbccda6acd3357e6f71e045886837a47f2f97f5220c10476da04ecfc81cee1748c05fb58b1581d0ee265db6fbb5a2c4c5023995af4d8ec613ae761992b70d492b05afe193586711e3f7ba4ead0cabcbf0b2267e08fbf04ee434d94aaa431663b86a42ae0cecbe3f099752407303c242d20f6f3f8950e07153f209cb8206bd9508cee57b2499c00235039ea935e58a81af65d9a934acda160df1291f965aba44ec03b7d0c4f6a74f219771bdc8f4b61090348cb40fbb058d5ce8e53019b8ef0d43f988d53143da3ba7e52ca45bd622b49e311416c3a347b6cf70a30a73c9db0c1a6436e2915ed90e05898d5a7fd1626a385fd12b5d64c75cdc829e6e989c247b4afb6ec26624444ca8b1f4161c5f3481a3d9c0aa7dc615363862275baed9efd65fdcdecd0a2011ccb0ad78ff3a6c7f50c44cac847d465d910a1c723e21c69794ebfdf9e5629b43fdf5e30f319af41273245bb06b6991c93517727a4b9dbc43c1910fe852d7bb9b0df3d7c24696b627b725620ae1dbc18a5d4a54226a74f3e9f46e1ca0067726dd7b3f7b7b39a61ddacd90960040d2be80732335f2a7d3ca3c7950b34da1faa9acb0befd637e0cf127f7589999f15d34120e3bc02987e196513024bdd8b1be7cfc0a04943187adf6c7f23299d329f0fd652dd33e85b0933ecbd5b19d1b2122c31c47247831f73f9382eb6ab866d16d6f3ff79eeaf1646d315b66afa2d44142438d03a26d46d6c5456b7e6e39c5b928386b0d7ce525d426ad3d32a55042e23fdb10aab9f185164bcfb8265af384f8052e230c0e3456f05618fe612727dc99070626c10f613894d66ef996d7407eef46341d8ed6c5b685197713a22ff2025c3e9e0f39a7f7b802b4d461c3f129050a5fe70209ae41a68b6384cd7077841896f75c927983a80b1e2016b7aef7a8b14f5305ecf129b6940ef1b36605d2407893983acf636bde839fb37e962d2c7731559ceaf891e497470dc22354df619b48a5de1c741ba58e019d8aa3d8243f93fd61019eed50fc0d5fb38d6b8cd0c11715f7c3b1ff9a3072e7ba961dc07b3a8a464fcefcda2a384e97c851f9d86eee22882ac815be608e0fa7b9cb8741ec9a3b57e3fd48d0e9ec889e608fb553ae77f70ff6fc037413f3a98a80ab4961db63b96606868691e01a5cfbf9df26dcd28a90d61657de3d29969b8ed5c2b88336c1f95339fdcf620243aed0d130faea44914503e5148a80c63fcadbd2e44df8b77bef9c7f2353d4479bce5366dca4aac09fcff60f2b70b3b3b62740e1f7e2d592bc240995dc54ee9d95f6e62de4b8aba3abf08d14eb9603e2d439e72e0303278b6183abe224626fe7d5e529205bf740283c14c9081037f8eb68a6dedec3eada7a416c7d23666979bf70c8f8769073984740df997488df192ccb784706d067381c67c158e7b6432423cf2319bb84d397102e872b40f97bac98279bcda4b978f131088713e65fda23f921b897894f1db765aa72ec155ffa52d47e1d0f4b5756a885484b2100f36231485278591dbf771e13797fdb89caa2ceb5594b543a8c6111478af062438596d5dc1487fffc061e1f32d9953b967c8ad3056f8a8595179b79587e56fe2c1d8098fdab649f028021809e07bed2db5b34fe8d3820e49e3694ca05b324c7fb3e4f7dc2e80c1897f9f544fdb998bd119b0215fdfece8abc9bdd4e82e42adfd3490825d9a78abe01a617a5567d63dfea80349b16de8de8def4bcba3151421e28f01340a72c0e324163915a51ff59037480f9e2fd677be6188c48228feff22fed7a75d043e3608738ba376d0a5ddf55f12186a68f0153c2cd3a1a00c38860ddc82bf100912f6fa88fc80d5753cc502cf203d4f6c8882356212d2841f7f8a7d4eeb34d4a4fe2ded19db6e327699c5d43e4b1f3fc61bb3933f03b80f2589dbfcfaa85a5cc0604f114a53465d0ff69131b2b5843f664ebbb40cb84480bb96d307839de4d74bf8d0dea144b6a49f1508d4dfb3092938ca635e54b4be1fde4586ec55862ec1518ea3319c4c5126755968a3a1eda7b79135d77e1da4f7c2c06f60dd2bae0fe0559accfa0bab78621dfc7e80ff45ec9ce64a4835ca34f9fce21461ae3033e547c36e532f4c4829f7c5a0147514a99a3c6f6ce6def29243823167608efdfc86e9677f44da9cbd138eccd807c061a847d57a47ccb8f8b3ce1c3cf8e08c17a53916d7c752b741ec57b423dd85169edff24dc74375b7c9367918199e795c66f81d6921c5ccdcd7a16c82ae4a204ee008e2af545fa28d617cc84d4f4b7c3d29021e0c900c825323df4a2d196cd1d2596d8877dfa7a067c3d171d834590e83cadb52c5a45d8343122f2dd9c59426bf3f0913d718d415d61dae504ff53a5c26af4766333f790fa30a26e643e6ea626d759f245f8cdbfb5b0578d9a5d74e8f96fae059c32a34e44b30374e33165b75630df9f36c6f22c74f6c67ac94485ddc4d03dd6df18f63e383ce2b457c9d02a594da4307ec9438f991765af03e704e91f6935ddaf331a8ae2de6c95467e0a45a81fbad0f75f504f23a957fe2e3acc35a2e23840336df342aeeea84c0a5d0a68da7fac937ff67a590140cb0982694fb0fdd3f486f2c3bef58d3d7afbe3779a2630b7555f73067f96d29e105d7650639eda72f95d6e7fe66781cf66181f47a22fd2c4961981bd912cb931c36d634b605eda75796229b36ffd4efc45c53b73a572b82933a65c0049f8257f8104d0ae390f25925c8def80563f3459c2951f38ef8e25b5c3923632de7d35c737a65f78e3a20bf6d6c30560232603ab144349db28f83004281c36156c829bb9729082ce46b0229f222f2d83c144bf08836db0af8fd1bec2b49545a470582b4d54cce8718e963cc0a23abab9e71e0b122ac326e5c254664c6f2cea81edfa88e7381964e638c1cbcaff82b80653af19f20dfc818bdd1bd471037e5b167131972a258d7efe218c0857d9aedbd14114fcc7379a77729374e820e96a8fe1a2876423b56e498c426b5e1c85d5dc7a21031329428d2806dba0809d4187662ffa39f9ef4bdb43936567aa15016e6aeaab915096a5fb7bb0b7d900620e39ac9e47cb79e264d647d45a3a3827ab0a38785d17c69f95492fb5513efd25208682357b7e154b26476a14efb361b6d7a35b37fb03af72bcd977f64501c8a2cf5e40ffdb29a240c331c68e6b1135deb955777beda0b3beab502ddc10b1a312315fa0bac51fa699ee876c0354523bb33818c93d346b89cdbcb90b5618b46d96b2e83388799dce629fc5219bcdbbc315520b5e8dd032ae8c5c1b4bca9e8ef2aa6a3549cd34c8a6e06dd7400768a2ec1247e3965155a96d79df7d574f287ad9ac8858771f60da2b62773a817b5cb3dd1efe999da96c8565d0b8fbec53d1eb8a19ed7d352cc945ac6b2871c7f53b7d82b8de74f55972a828a13b56384efc40e757a98165e544acd11ca02864ca60b4acf4e801fc6b93d408f4de474de2fb8af28e861e10b70f2fb5d6fc0c9992542bb1f7838e06689cfc4d7c64468f0d43c277f7cf5861ed63b53573e01f25d75420774105f811b0fc2a26e706fea56b01233b68841656c074131f34c27cff67eb3643ff9f21e0f7f9f978682f0dc05c917a08fe466f4ba7ba6933c1731c32eff924aa4459b84957ae7c48e2a6e8a14a94febfec318820ca0f6beb211ddfea917ac02e14da97b90a12f3d0294d1d86d0d82764a0a88d8706aa81f7c246c8eee5e6653b7ce743115f3d6bed56269e2044d0c2ff4c4ae81a8ba4f56c9dea1de125159db5899ca68489dce337ba67aafda51110ef8637398b668a09d34d2eba545ada0598c0058452a6f9407409b6179bf83e49d5965f78e39ff2f7f8bd6327d3904d59a77864639932bb2259f76325127532d5c9f27ee9be01a295eb9958a8daf475edd779663a430d7eb44bdb6e5bcfdcb05482867bb296597b760c8abd4ed300a63a4be773bd8fb3d73ab2b57ef23250a5e95c648622565b750f459fb09921af10f330dfa2a2a646ab6adcef9beb1278f1c2c679a29ab8248150bd0c146d770c5bc9dc7941a8030e6ac32a97714abbfb421ed360747b527e29b88dbeb1ba20db2314db9db971cabb71334eb47c521f069953fcee641bcb8bfc0bce8c1b4739edff93d75158a876eabe5281c9b935e87fb4084720bfe573b85182c4a492a8b16648fd223669cd8ae110f883b3ca850a7cd5b4b221187da4b38125a3eb443893f8ac1c67d32ffd224f2458c8b1b9507ba57bd87394f5998f6277678e81692b1a4ef3b58da867744230a9cb3627ef91f6d7355c4580facb2087b950d0eb04d32620915d496b87781d292d846bebd20b30ce8a99c8d20584749ee38c11afc11884867c56e1dff28d8af357c28ca9e53fa7657287ea0038048f0afbe1ddbc0ec0c267986804cb72b44ab54ea838c30bb9d878309732618f976978218af8ec1370b2a731861d738154724c78a221bccb7117b2552c12210c04198425a4f5c2d1ae41182b439756a7ad727a0745ee7575bc91cdebbf7f09da79738556aa749fa8a4c66240e31d22b779f086ab22ab11c118798a8ead9dcac3f1d4356208baca7bb96af0e2113099642adce21f6e7bc98a647c63baab69b1bc4a89c64491f5b2ce9a76914231620f3a79236c46af22f52c66d12b5ee23cc4e1f3dbcd3a7d1865e143ebd1dcce1d4a054d721ac82e5986039fcb657a66f4a9e36a170f212541cf13a69b7d2831112d359fb630c03d8475d4d48eb75b46495fc8b18e2d89425be452bf341c534901513b7c110dbe47bc4b18de9c73bb1bef7f7d080dc62c5b33f512deb97eb27b7ea51e1e4b40b2d33f77df45c158908eeaa495d8afe75bbe42d256ed2127a5860bb5c3b34bc5ee029490ade42632daf1bd3af05fd1f4cbc55103e2edc9ed97c838c1b1dd87de498041e5ea649f09811443919d09f81a3f38e05ccce2f49d9e694a563c8ead4568b1bd361c9ac00344deff95b530b5d8edeefb9611c3527cf792fdc15a32344719c65bafe7b71a2a9a8a5222f4ae3175ee0a54b49eddcd19288119a5926cd5ecc5bd30e3eaecc0c1858eef36c8aa00f33f6c1a9ebe96977781e13a24a605ba3c67e9d6fb1f8f4b17569bc606c7c5012e984ebeeda1ef22816ce9eeb100000000000000000000005b03cb5e8e33c01e3e0f2ed1058676f79b323b4a9846050042ac44187b4e842a93bc2ecdc483009063cc3eaf726ddd3120cb06aae8682711fd5293af8f8744ba53bd47a6ccbfa251704bbe9bdebd2fee"], &(0x7f0000001140)=0x1008) ioctl$DRM_IOCTL_AGP_RELEASE(r2, 0x6431) 03:05:46 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0xa805000000000000]}, 0x6) 03:05:46 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xe000000]}, 0x6) 03:05:46 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x1000000]}, 0x6) 03:05:46 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @remote}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) 03:05:46 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x0, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:46 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x5580]}, 0x6) 03:05:46 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000000)={0x0, 0x2}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000100)={r1, 0xc1, 0x97, "66a138f47f87ab9c55dca2d2b6275460a48c2062ba36a4023bf95223ea93f66e30ccffce5d9ba59596208e49b8aa007fea3148ddba44eb54721b8063a9aed0a4afd81cb511254b8e6119733895e3cf498f75ccfab8153660eaa48995c5af6ae10fab54618c6759ab9cc0d47629a88323e1c37d6c513958d51e1b2884f8d1358ec04d544906ccbae74619a5dcb0e0c2c0cb607c8e6217d7"}, 0x9f) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) r2 = mq_open(&(0x7f00000001c0)='-wlan0@\x00', 0x40, 0x1, &(0x7f0000000200)={0x51e0, 0x1, 0x200, 0xcf, 0x3, 0xfffffffffffff2af, 0x800, 0x3}) r3 = getpgid(0x0) mq_notify(r2, &(0x7f0000000240)={0x0, 0x30, 0x4, @tid=r3}) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) 03:05:46 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x34000000]}, 0x6) [ 713.726933] syz-executor3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=3, oom_score_adj=0 03:05:46 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x0) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) [ 713.777813] syz-executor3 cpuset=syz3 mems_allowed=0 [ 713.800804] CPU: 0 PID: 27067 Comm: syz-executor3 Not tainted 4.19.0-rc6+ #265 [ 713.808203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 713.817559] Call Trace: [ 713.820174] dump_stack+0x1c4/0x2b4 [ 713.823828] ? dump_stack_print_info.cold.2+0x52/0x52 [ 713.829038] ? mark_held_locks+0x130/0x130 [ 713.833284] ? mark_held_locks+0x130/0x130 [ 713.837534] dump_header+0x27b/0xf72 [ 713.841272] ? pagefault_out_of_memory+0x197/0x197 [ 713.846223] ? check_preemption_disabled+0x48/0x200 [ 713.851251] ? check_preemption_disabled+0x48/0x200 [ 713.856462] ? graph_lock+0x170/0x170 [ 713.860282] ? graph_lock+0x170/0x170 [ 713.864096] ? print_usage_bug+0xc0/0xc0 [ 713.868181] ? find_held_lock+0x36/0x1c0 [ 713.872261] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 713.877814] ? find_held_lock+0x36/0x1c0 [ 713.881895] ? mark_held_locks+0xc7/0x130 [ 713.886054] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 713.891191] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 713.896312] ? lockdep_hardirqs_on+0x421/0x5c0 [ 713.900906] ? trace_hardirqs_on+0xbd/0x310 [ 713.905235] ? kasan_check_read+0x11/0x20 [ 713.909393] ? ___ratelimit+0x36f/0x655 [ 713.913387] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 713.918849] ? trace_hardirqs_on+0x310/0x310 [ 713.923271] ? lock_downgrade+0x900/0x900 [ 713.927443] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 713.932561] ? ___ratelimit+0xaa/0x655 [ 713.936463] ? idr_get_free+0xec0/0xec0 [ 713.940441] ? kasan_check_write+0x14/0x20 [ 713.944681] ? do_raw_spin_lock+0xc1/0x200 [ 713.948926] oom_kill_process.cold.27+0x10/0x903 [ 713.953684] ? kasan_check_write+0x14/0x20 [ 713.957920] ? do_raw_spin_lock+0xc1/0x200 [ 713.962169] ? oom_evaluate_task+0x540/0x540 [ 713.966590] ? cgroup_procs_next+0x70/0x70 [ 713.970869] ? _raw_spin_unlock_irq+0x60/0x80 [ 713.975377] ? oom_badness+0xaa0/0xaa0 [ 713.979271] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 713.984030] ? mem_cgroup_iter_break+0x30/0x30 [ 713.988629] ? mark_held_locks+0xc7/0x130 [ 713.992783] out_of_memory+0xa84/0x1430 [ 713.996753] ? lockdep_hardirqs_on+0x421/0x5c0 [ 714.001333] ? kasan_check_read+0x11/0x20 [ 714.005482] ? oom_killer_disable+0x3a0/0x3a0 [ 714.009980] ? kasan_check_write+0x14/0x20 [ 714.014221] ? do_raw_spin_lock+0xc1/0x200 [ 714.018469] mem_cgroup_out_of_memory+0x15e/0x210 [ 714.023313] ? memcg_memory_event+0x40/0x40 [ 714.027635] ? mem_cgroup_charge_skmem+0x1e4/0x390 [ 714.032573] ? page_counter_try_charge+0x1c1/0x220 [ 714.037508] try_charge+0xc43/0x1690 [ 714.041234] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 714.047292] ? tcp_sendmsg+0x2f/0x50 [ 714.051005] ? sock_sendmsg+0xd5/0x120 [ 714.054893] ? __sys_sendto+0x3d7/0x670 [ 714.058868] ? __x64_sys_sendto+0xe1/0x1a0 [ 714.063104] ? do_syscall_64+0x1b9/0x820 [ 714.067170] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 714.072543] ? graph_lock+0x170/0x170 [ 714.076352] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 714.081893] ? check_preemption_disabled+0x48/0x200 [ 714.086908] ? check_preemption_disabled+0x48/0x200 [ 714.091934] ? mark_held_locks+0xc7/0x130 [ 714.096079] ? __lock_is_held+0xb5/0x140 [ 714.100147] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 714.105091] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 714.110023] ? lockdep_hardirqs_on+0x421/0x5c0 [ 714.114614] ? __sk_mem_raise_allocated+0x642/0x1800 [ 714.119723] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 714.125194] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 714.130736] ? check_preemption_disabled+0x48/0x200 [ 714.135762] mem_cgroup_charge_skmem+0x1e4/0x390 [ 714.140520] ? mem_cgroup_sk_free+0x90/0x90 [ 714.144853] __sk_mem_raise_allocated+0x642/0x1800 [ 714.149791] ? sk_busy_loop_end+0x1c0/0x1c0 [ 714.154117] ? arch_local_save_flags+0x40/0x40 [ 714.158724] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 714.163741] ? skb_page_frag_refill+0x1eb/0x6a0 [ 714.168421] ? sock_kzfree_s+0x60/0x60 [ 714.172311] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 714.177330] ? sk_stream_alloc_skb+0x34b/0x970 [ 714.181922] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 714.187458] ? skb_entail+0x618/0x8c0 [ 714.191262] ? tcp_rate_check_app_limited+0x121/0x460 [ 714.196456] ? tcp_splice_data_recv+0x1b0/0x1b0 [ 714.201131] __sk_mem_schedule+0x6d/0xe0 [ 714.205203] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 714.210749] tcp_sendmsg_locked+0x1c86/0x3f00 [ 714.215268] ? tcp_sendpage+0x60/0x60 [ 714.219076] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 714.224616] ? aa_label_sk_perm+0x46d/0x8e0 [ 714.228950] ? find_held_lock+0x36/0x1c0 [ 714.233044] ? mark_held_locks+0xc7/0x130 [ 714.237212] ? __local_bh_enable_ip+0x160/0x260 [ 714.241881] ? __local_bh_enable_ip+0x160/0x260 [ 714.246552] ? trace_hardirqs_on+0xbd/0x310 [ 714.250873] ? lock_release+0x970/0x970 [ 714.254846] ? lock_sock_nested+0xe2/0x120 [ 714.259081] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 714.264530] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 714.270073] ? check_preemption_disabled+0x48/0x200 [ 714.275090] ? lock_sock_nested+0x9a/0x120 [ 714.279327] ? lock_sock_nested+0x9a/0x120 [ 714.283565] ? __local_bh_enable_ip+0x160/0x260 [ 714.288246] tcp_sendmsg+0x2f/0x50 [ 714.291791] inet_sendmsg+0x1a1/0x690 [ 714.295600] ? ipip_gro_receive+0x100/0x100 [ 714.299923] ? apparmor_socket_sendmsg+0x29/0x30 [ 714.304709] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 714.310268] ? security_socket_sendmsg+0x94/0xc0 [ 714.315024] ? ipip_gro_receive+0x100/0x100 [ 714.321885] sock_sendmsg+0xd5/0x120 [ 714.325601] __sys_sendto+0x3d7/0x670 [ 714.329408] ? __ia32_sys_getpeername+0xb0/0xb0 [ 714.334080] ? lock_release+0x970/0x970 [ 714.338059] ? arch_local_save_flags+0x40/0x40 [ 714.342646] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 714.348098] ? aa_af_perm+0x5a0/0x5a0 [ 714.351924] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 714.357461] ? put_timespec64+0x10f/0x1b0 [ 714.361609] ? nsecs_to_jiffies+0x30/0x30 [ 714.365762] ? do_syscall_64+0x9a/0x820 [ 714.369754] ? do_syscall_64+0x9a/0x820 [ 714.373731] ? lockdep_hardirqs_on+0x421/0x5c0 [ 714.378313] ? trace_hardirqs_on+0xbd/0x310 [ 714.382637] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 714.388192] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 714.393560] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 714.399016] __x64_sys_sendto+0xe1/0x1a0 [ 714.403084] do_syscall_64+0x1b9/0x820 [ 714.406970] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 714.412340] ? syscall_return_slowpath+0x5e0/0x5e0 [ 714.417280] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 714.422124] ? trace_hardirqs_on_caller+0x310/0x310 [ 714.427167] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 714.432204] ? prepare_exit_to_usermode+0x291/0x3b0 [ 714.437234] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 714.442099] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 714.447300] RIP: 0033:0x457579 [ 714.450495] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 714.469395] RSP: 002b:00007f7e36aa9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 714.477101] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457579 [ 714.484369] RDX: fffffffffffffe4e RSI: 0000000020000000 RDI: 0000000000000003 [ 714.491650] RBP: 000000000072bf00 R08: 00000000200000c0 R09: 0000000000000006 03:05:46 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x5580]}, 0x6) 03:05:47 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x3e8]}, 0x6) 03:05:47 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x10000000000]}, 0x6) [ 714.498931] R10: 00000000000000c0 R11: 0000000000000246 R12: 00007f7e36aaa6d4 [ 714.506201] R13: 00000000004c3929 R14: 00000000004d57c0 R15: 00000000ffffffff 03:05:47 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x7) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0x0, 0xc0, &(0x7f00000000c0), 0x10) [ 714.588237] Task in /syz3 killed as a result of limit of /syz3 [ 714.616658] memory: usage 204792kB, limit 204800kB, failcnt 3250 [ 714.641756] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 714.668736] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 714.682749] Memory cgroup stats for /syz3: cache:0KB rss:4240KB rss_huge:4096KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:4256KB inactive_file:0KB active_file:0KB unevictable:0KB [ 714.705460] Memory cgroup out of memory: Kill process 27066 (syz-executor3) score 181 or sacrifice child [ 714.728105] Killed process 27066 (syz-executor3) total-vm:70472kB, anon-rss:4204kB, file-rss:32768kB, shmem-rss:0kB [ 714.742379] oom_reaper: reaped process 27066 (syz-executor3), now anon-rss:0kB, file-rss:32000kB, shmem-rss:0kB 03:05:47 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x9]}, 0x6) 03:05:47 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x15]}, 0x6) 03:05:47 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x240]}, 0x6) 03:05:47 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x0) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:47 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x4000000000000000]}, 0x6) 03:05:47 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) 03:05:47 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x4000000000000000]}, 0x6) 03:05:47 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) fsetxattr$security_evm(r0, &(0x7f0000000000)='security.evm\x00', &(0x7f0000000040)=@v1={0x2, "835cb0c1bb189bda"}, 0x9, 0x3) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) 03:05:47 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x0) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:47 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xe00000000000000]}, 0x6) 03:05:47 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x300000000000000]}, 0x6) 03:05:47 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0xffffffffffffffff) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x2, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffff9c, 0x29, 0x23, &(0x7f0000000100)={{{@in=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in6=@remote}}, &(0x7f0000000040)=0xe8) sendmsg$can_raw(r1, &(0x7f00000002c0)={&(0x7f0000000200)={0x1d, r2}, 0x10, &(0x7f0000000280)={&(0x7f0000000240)=@can={{0x0, 0x7, 0x3, 0x1}, 0x3, 0x2, 0x0, 0x0, "70f84614b3514203"}, 0x10}, 0x1, 0x0, 0x0, 0x20000000}, 0x1) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) 03:05:47 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x10000000000]}, 0x6) 03:05:47 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(0xffffffffffffffff, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:48 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0xfdffffff00000000]}, 0x6) 03:05:48 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x14280000000000]}, 0x6) 03:05:48 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e1f, @dev}, 0xec) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) 03:05:48 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xa559000000000000]}, 0x6) 03:05:48 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(0xffffffffffffffff, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:48 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) r1 = accept4$inet(r0, &(0x7f0000000000)={0x2, 0x0, @local}, &(0x7f0000000040)=0x10, 0x800) ioctl$FIGETBSZ(r1, 0x2, &(0x7f0000000100)) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) 03:05:48 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(0xffffffffffffffff, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) [ 715.440297] syz-executor3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=1, oom_score_adj=0 [ 715.471034] syz-executor3 cpuset=syz3 mems_allowed=0 [ 715.485653] CPU: 0 PID: 27179 Comm: syz-executor3 Not tainted 4.19.0-rc6+ #265 [ 715.493028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 715.502389] Call Trace: [ 715.505027] dump_stack+0x1c4/0x2b4 [ 715.508676] ? dump_stack_print_info.cold.2+0x52/0x52 [ 715.513885] ? mark_held_locks+0x130/0x130 [ 715.518131] ? mark_held_locks+0x130/0x130 [ 715.522391] dump_header+0x27b/0xf72 [ 715.526134] ? pagefault_out_of_memory+0x197/0x197 [ 715.531096] ? check_preemption_disabled+0x48/0x200 [ 715.536122] ? check_preemption_disabled+0x48/0x200 [ 715.541159] ? graph_lock+0x170/0x170 [ 715.545002] ? graph_lock+0x170/0x170 [ 715.548818] ? print_usage_bug+0xc0/0xc0 [ 715.552914] ? find_held_lock+0x36/0x1c0 [ 715.556991] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 715.562548] ? find_held_lock+0x36/0x1c0 [ 715.566644] ? mark_held_locks+0xc7/0x130 [ 715.570804] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 715.575916] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 715.581024] ? lockdep_hardirqs_on+0x421/0x5c0 [ 715.585619] ? trace_hardirqs_on+0xbd/0x310 [ 715.589948] ? kasan_check_read+0x11/0x20 [ 715.594107] ? ___ratelimit+0x36f/0x655 [ 715.598096] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 715.603561] ? trace_hardirqs_on+0x310/0x310 [ 715.608000] ? lock_downgrade+0x900/0x900 [ 715.612174] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 715.617295] ? ___ratelimit+0xaa/0x655 [ 715.617314] ? idr_get_free+0xec0/0xec0 [ 715.617333] ? kasan_check_write+0x14/0x20 [ 715.625208] ? do_raw_spin_lock+0xc1/0x200 [ 715.625234] oom_kill_process.cold.27+0x10/0x903 03:05:48 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xf4010000]}, 0x6) 03:05:48 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x400000000000) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) 03:05:48 executing program 4: r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x8e8, 0x200) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000040)={0x0, 0x1, 0x0, 0x4, 0x3ff, 0xffffffffffff99e7}, &(0x7f0000000100)=0x14) getsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000140)=@assoc_value={r1, 0xfffffffffffffd1c}, &(0x7f0000000180)=0x8) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r2, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r2, &(0x7f00000001c0)="732b2e6130760bcf72c5a57684e38ff6ba6f483dfa317d530a4e59e6a6dfb2901d6191916515f1f556297c2c4f066ae56f6eb9580fc64a8510fec658863c9b1b70d9de1d1d0985fecf1b3daf5a7a6ded161116944c62780231bf434f55198dae573affdfa31df1e9282176f58c939091771ff78320bb19b17bbccae36580bf99d8411c81969dbd327b3c47aa7b9e213f7a05587d66cb90da9ce002e7358abde5a766530f8b63925f6aa91adaed03457c25e56ca22f76c4a4b6cad46d01625eb08974a607133adc8c1661772435c314e8bbfbc525", 0x0, 0xc0, &(0x7f00000000c0)={0x2, 0x3, @multicast2}, 0xffffffffffffffc2) [ 715.625252] ? kasan_check_write+0x14/0x20 [ 715.625272] ? do_raw_spin_lock+0xc1/0x200 [ 715.646920] ? oom_evaluate_task+0x540/0x540 [ 715.651345] ? cgroup_procs_next+0x70/0x70 [ 715.655598] ? _raw_spin_unlock_irq+0x60/0x80 [ 715.660103] ? oom_badness+0xaa0/0xaa0 [ 715.664000] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 715.668766] ? mem_cgroup_iter_break+0x30/0x30 [ 715.673374] ? mark_held_locks+0xc7/0x130 [ 715.677542] out_of_memory+0xa84/0x1430 [ 715.681530] ? lockdep_hardirqs_on+0x421/0x5c0 [ 715.686123] ? kasan_check_read+0x11/0x20 [ 715.690301] ? oom_killer_disable+0x3a0/0x3a0 [ 715.694810] ? kasan_check_write+0x14/0x20 [ 715.699056] ? do_raw_spin_lock+0xc1/0x200 [ 715.703315] mem_cgroup_out_of_memory+0x15e/0x210 [ 715.708177] ? memcg_memory_event+0x40/0x40 [ 715.712515] ? mem_cgroup_charge_skmem+0x1e4/0x390 [ 715.717461] ? page_counter_try_charge+0x1c1/0x220 [ 715.722406] try_charge+0xc43/0x1690 [ 715.726145] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 715.732232] ? tcp_sendmsg+0x2f/0x50 [ 715.735967] ? sock_sendmsg+0xd5/0x120 [ 715.739858] ? __sys_sendto+0x3d7/0x670 [ 715.743840] ? __x64_sys_sendto+0xe1/0x1a0 [ 715.748085] ? do_syscall_64+0x1b9/0x820 [ 715.752153] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 715.757545] ? graph_lock+0x170/0x170 [ 715.761363] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 715.766912] ? check_preemption_disabled+0x48/0x200 [ 715.771942] ? check_preemption_disabled+0x48/0x200 [ 715.776976] ? mark_held_locks+0xc7/0x130 [ 715.776990] ? __lock_is_held+0xb5/0x140 [ 715.777010] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 715.785220] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 715.795054] ? lockdep_hardirqs_on+0x421/0x5c0 [ 715.799655] ? __sk_mem_raise_allocated+0x642/0x1800 [ 715.806513] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 715.811977] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 715.817557] ? check_preemption_disabled+0x48/0x200 [ 715.822568] mem_cgroup_charge_skmem+0x1e4/0x390 [ 715.827312] ? mem_cgroup_sk_free+0x90/0x90 [ 715.831666] __sk_mem_raise_allocated+0x642/0x1800 [ 715.836593] ? sk_busy_loop_end+0x1c0/0x1c0 [ 715.840904] ? sk_alloc_sg+0xa00/0xa00 [ 715.844778] ? arch_local_save_flags+0x40/0x40 [ 715.849382] ? lockdep_hardirqs_on+0x421/0x5c0 [ 715.854202] ? retint_kernel+0x2d/0x2d [ 715.858075] ? trace_hardirqs_on_caller+0xc0/0x310 [ 715.862994] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 715.867737] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 715.872742] ? skb_page_frag_refill+0x1eb/0x6a0 [ 715.877412] ? sock_kzfree_s+0x60/0x60 [ 715.881284] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 715.886288] ? sk_stream_alloc_skb+0x34b/0x970 [ 715.890859] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 715.896381] ? skb_entail+0x618/0x8c0 [ 715.900176] ? tcp_splice_data_recv+0x1b0/0x1b0 [ 715.904840] __sk_mem_schedule+0x6d/0xe0 [ 715.908888] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 715.914415] tcp_sendmsg_locked+0x1c86/0x3f00 [ 715.918907] ? tcp_sendpage+0x60/0x60 [ 715.922695] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 715.928221] ? aa_label_sk_perm+0x46d/0x8e0 [ 715.932537] ? find_held_lock+0x36/0x1c0 [ 715.936586] ? mark_held_locks+0xc7/0x130 [ 715.940736] ? __local_bh_enable_ip+0x160/0x260 [ 715.945405] ? __local_bh_enable_ip+0x160/0x260 [ 715.950063] ? trace_hardirqs_on+0xbd/0x310 [ 715.954368] ? lock_release+0x970/0x970 [ 715.958329] ? lock_sock_nested+0xe2/0x120 [ 715.962549] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 715.967986] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 715.973512] ? check_preemption_disabled+0x48/0x200 [ 715.978518] ? lock_sock_nested+0x9a/0x120 [ 715.982746] ? lock_sock_nested+0x9a/0x120 [ 715.986978] ? __local_bh_enable_ip+0x160/0x260 [ 715.991645] tcp_sendmsg+0x2f/0x50 [ 715.995188] inet_sendmsg+0x1a1/0x690 [ 715.999051] ? ipip_gro_receive+0x100/0x100 [ 716.003373] ? apparmor_socket_sendmsg+0x29/0x30 [ 716.008121] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 716.013650] ? security_socket_sendmsg+0x94/0xc0 [ 716.018393] ? ipip_gro_receive+0x100/0x100 [ 716.022745] sock_sendmsg+0xd5/0x120 [ 716.026446] __sys_sendto+0x3d7/0x670 [ 716.030235] ? __ia32_sys_getpeername+0xb0/0xb0 [ 716.034892] ? lock_release+0x970/0x970 [ 716.038851] ? arch_local_save_flags+0x40/0x40 [ 716.043451] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 716.048888] ? aa_af_perm+0x5a0/0x5a0 [ 716.052688] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 716.058211] ? put_timespec64+0x10f/0x1b0 [ 716.062355] ? nsecs_to_jiffies+0x30/0x30 [ 716.066499] ? do_syscall_64+0x9a/0x820 [ 716.070458] ? do_syscall_64+0x9a/0x820 [ 716.074417] ? lockdep_hardirqs_on+0x421/0x5c0 [ 716.079009] ? trace_hardirqs_on+0xbd/0x310 [ 716.083331] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 716.088853] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 716.094207] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 716.099646] __x64_sys_sendto+0xe1/0x1a0 [ 716.103701] do_syscall_64+0x1b9/0x820 [ 716.107576] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 716.112925] ? syscall_return_slowpath+0x5e0/0x5e0 [ 716.117840] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 716.122667] ? trace_hardirqs_on_caller+0x310/0x310 [ 716.127669] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 716.132671] ? prepare_exit_to_usermode+0x291/0x3b0 [ 716.137678] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 716.142519] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 716.147696] RIP: 0033:0x457579 [ 716.150876] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 716.169763] RSP: 002b:00007f7e36aa9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 716.177458] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457579 [ 716.184712] RDX: fffffffffffffe4e RSI: 0000000020000000 RDI: 0000000000000003 [ 716.191969] RBP: 000000000072bf00 R08: 00000000200000c0 R09: 0000000000000006 [ 716.199229] R10: 00000000000000c0 R11: 0000000000000246 R12: 00007f7e36aaa6d4 [ 716.206495] R13: 00000000004c3929 R14: 00000000004d57c0 R15: 00000000ffffffff [ 716.234004] Task in /syz3 killed as a result of limit of /syz3 [ 716.247287] memory: usage 204796kB, limit 204800kB, failcnt 3264 [ 716.256003] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 716.265959] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 03:05:49 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x80040200]}, 0x6) 03:05:49 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000040), 0xffffffffffffff4f, 0x200007ff, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0xfffffffffffffce1) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) 03:05:49 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x4c1d]}, 0x6) 03:05:49 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x0, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:49 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x2000000]}, 0x6) 03:05:49 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0xffffffff00000000]}, 0x6) [ 716.272181] Memory cgroup stats for /syz3: cache:0KB rss:2172KB rss_huge:2048KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2208KB inactive_file:0KB active_file:0KB unevictable:0KB [ 716.292825] Memory cgroup out of memory: Kill process 27174 (syz-executor3) score 171 or sacrifice child [ 716.302707] Killed process 27174 (syz-executor3) total-vm:70472kB, anon-rss:2156kB, file-rss:32768kB, shmem-rss:0kB [ 716.314888] oom_reaper: reaped process 27174 (syz-executor3), now anon-rss:0kB, file-rss:32000kB, shmem-rss:0kB 03:05:49 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) clone(0x40000000, &(0x7f0000000100)="54e8117a20bb0fb80b8358a56eb1584000af37426528d6c42a53e99b42d305d7eebe3673c7a2060142cd807843c0b521adc7b72ea7bdedeffafe2260457e5c3bcddec49e99aabaec61b999c01f86f4dfb6d9a77a7e7f0080c9f0b666944c49372ec6bcf210f4ccf13f0f48c9a6cdf4c47b82e1848165123a7fb193fdd15fc905794bb42d6faaac8fcf8af9ed69bae09f750653a24c468643582dd0d299f8a9568d3cf6d00616a7389e84c2503e491b83324b2bd104b820aad939ae38735f6e83efcf8c704f9dfb52c808ece0e86344758e368320f21bf24f1c60f3b5cee24ea1a937928e356c40423d0ebe4d813899117170bff3bfdb183b9cd8db2260d7d2b7f1d88e13c8a53134bb177c25b128af660c1a2f4b7137ea6a21113e2eb0927624cd0c2df093cea1b64241ea53f9836e07d0375f332940310b321668d7e912659f1a40ba1faea1a6a9d12868958c73df8db1d8ad37643e213fd0f0b0532f67c3ef10342cb1c8d865a75f7b81d4c826deaf4c20bb131b8d201cf7a9f4b8375f26038bc508f28348bd98771acd04d7af7ce60eff498348ac5a06093d7810ff804f2d02ee0884629095dc5ce6dc280c98d84c747f251ef17d0c34cc2f16397035cc3c3e4cfda78ecf9b862b98d3867a8fe10521ac0107ad964876f1e94767e641e1ab401e112001f40327d9da469a1b21f1da043c96fd3850462d45838be432eddac887361475be9449199dfb89659607dee6f2ce64a57440c966f8cf003720764e90471d3ff2c984ebafbb3c46f937084f2bfd92ea800f3343c2b2c12e01ab78371599575c054604c1d52cd96b730da14027193bd922bf7b505111b360077b070b3476c352cef374f72cc228951f0587a8c49e487792da9f9d90fa4917c4a7cdfdcd6d829382b5228e63e978213878ed80d4cb43f4afb07138b8969a7b128334ea49c4d39ee32e0399bbc0a3fd9896f35f0606a969870462105ecd134d707556cf061330723612bd6e4b4315f8bc0764fa48bf20d17e0ca0091a38bf96a5e643945b50d5da70b15a261701ebd7b122c6e056b193c05e6688385c55aaaddf93c5787e16fb0c9d14e089e5b208d3c92d4e710d14b308192edf3f22534b34fcc4048aceb57e3fb4436f93916ee4b0e99b64ebdcc6cb3e310ebbd3080faef115dc85aaf962902120ed507681d0700faf39458aa985584a1ce15e405dae07fbcc4be0593200a74fa2c7f1b00b698dd812302b6e174ea60fc405dede193d015646b17bac75d0cc380a617b56e0d1e59c104716d4ce04cdb5bdc3e72dc179524f0b4ade8d9a158562a350561a09e0ff30078663c29c22720b02224f4269ab71f72dff5ae26f3a335b31606a0a6fd94ee7159653051c27ce448ec333d966f438cd2f1b2e68850ec71255c7ca38813505c46d55622aa35b9959221d0c61305579fbd63171f4e345b91823eefc64954232d3b9776c11ecfe3c19fd1a20145614c84243fefa8ab05a125a96e8c9656bbb26d2ae8ca609ab7bb686ed4b8be5847bb54c962a7d102bfbd7eb3f2612e3ade256490d37cd5faf35f98d5a71347dbb045b54419d130d11e09ace08b02a78de59376c92d329c64b00654dc3e39057a8da69c5f9887fbbb5348d98d848f08d9a5584fb8d4f01a7a908bb4d473ea43e08a2ffe648897f2b6e2560d2fbc184bc599ae5c55dac8b06a7d6eea8221ea1a82bbc4107ac0f919738607540fe77197b05924190fcb5a81e80b7b1c535d1fdfa04b9f0128fe29420739eba51fab05297c3de1571461d9b0233c80277c2c6ff82cf1cb01848a140acef77f97c8726b6c722d3531191c99077fa8dae411c85fe5a32a88fa2480f4772251d71722cba896b586b0c8449a7f9424ad02b916636f2e49d2b51cbb8f220025a815527374771a3e66f52666e5d0bd4c1bfbc3551c85e6e39588f35ddd2b04c76aa4197a23afb1930c4d72482900e2122c4e8b3fce7f04dcc2a8d3431965ef87cca401990327622c68d8a53615e735c818073bfa6941cf89d494799d713f9fb0a3a29db3a97b4250e78b1af1f8d1328b1c66f7cb45a02e26a6196b2103e05bd064f26916f14cfac11b9955338d77da8e6de6f3945dc5532b906e8874278621def4defbc26b127ddccea55015aa6b7622540547715e1dd1311152d20bb24ab3617b82ba6c818e00863cf4cb89eab63dcce6182fc9fd669207393cb8011ecacffb22ee8e0a1868f6e348190a5389c156399f362ff366094ef6091393ca0780f7f5011e28058316f7319a3efbf211b1cc45df4da784544a8a1f8606b2998df51ef197bd7df244d2df4b16b2b49ac49e49c4ab2c33fb1c34f512df8061b237c1abe7b341e7f9bc64c5b09f2fc3cc0d8a00a7333502d641b18fa9d7bd9217ede6e9f58596bb3e5b877c9dbf39355d1a473a83103c7844d6f15702a69cdf24c339b25084c95782ddfd2e03ba2ce28853a0451be6b9ce974006b77877b7e8edbb79232dd747648813669ef883d0176d7431f0c26aa9a37fbcbef2f7fccd09d8ad9d1258785135039999e37aef6db8bcd472b520d06604ec469c10cc4a5d6f8c730439b3d44a18073b8526eb2b424c836b90a2cb764f31eb19f80942725931f88cdbd880154455cb088f757cd75027f593c7b43475389a44657b43f90cabb386061c80b3b5671619efb0bcb754b71fdf328574c7cc7bcf36522a85f9d410e7459f4bc09babb25f0f93b2fa7bd3a7d50c31cbf658ea7c585b68daaea865abeb42ee1dafb8bc85a8874d6beff6af0e2487f89b32f5f148fbd7b4427b1216b28702781f0e953739b6abf48894534028e4f825b54bde9f1ff925f1d2c9e0ac9d600bfe433811bfe852c1cea23310512cee0ec4f1414b250331ddc9d2f0639d0d7d889d03f2a464f86d5cfb0f1fea8317bf02a9e0283ecf702c7aa3b7c099945a8ecc9d30431a13397d0629316d2c559f80fd045d9297aad7de75cc9eb0b749b3c674198d7f97aa6211ad0d97d4d7e7c26eec53f2fe2c956cc5a3e8d9c086cfb96bea4047392fc73fa51bd275f170edc835ae3c43e976dbe531037071c7f5f41cc82e99f28097a65a75e7af490dce02de646106e5756fd1cbb5b508e2a8f39f6761ec8d29b107671271eb72501c48d7619e0d04ba637ef66419fcc1d78b75fd51a7a27d178ccaa36f3b30aa838d81c4cb4d5ba0c1e3b9c16b24c2e0e9ab63e3b1db2cb9d19d0f208709b58ac783591070597d960efa7b46c2ce94734e5c0addf344cbf5aef6c6e1e0419d653670af9cc25a87dfc79702e0ed4d344e4201b687623c823c6c40bcf816f2fa67c1cb7ab686e2e26ce24c39d3d1d0cd0ce0b9e4d44e8d4c76277b69df1f5ff1ec6b97448761113ab60a4fda414de1ce6c009fc194f1ab1c89765b668dca605f3dcc54bfe47866305cf5780995cc2bfbb7e3324bde5d54b8a26607bdb0f3ec6c88976cf33830a023cf3ccdf6d6e8459fdfb89b701744d6e13cef759ab42796be447e5f8053b75d05a4316e36400166e756b64918f49ae7a419857e18e61c7df9bd8e9ee02d0d20da37f1ef594672a59d6b308d5192ac10dc97716d8f6c107ac885eb657f0bb8be0ce8b02a877b88e26290397ff9050bc3479b35c7a700ef4a0c006344fb18f27b3d672894e80fedb7f5dfe048875223c4d296de6cce3c978931ccd2a551df6c5a6237883aefccf14cf4dd31b268182682e135a4f40c1226a39f6f3ff10b01c24d424db772a07d10fd19c4dcdf244204f9be4ea8beb4d2aeaadccd7beb22e953f4550ca1b51ad6ba350416fe55e90a73350360a01f8b4312d2552d151f97eb6f5a590634fda2858f69b90b495ea6a70eb4b9b14ed46858f8954337a480834286313ae43b1c0af779cb7f9815052f39bfa19d5cdd612575e51d396d583736e12a3923e7f2fc4a0e171ffe7b7574830cf53bbaccb88985b3cc5a44d668fe9030071d17c20cd13f5b21c573ab2edef4e67d954b36a9b79199fd6454c2ac72476aa308c801feb4ce0b1aec1be38bd9325cb0a4e854f3f348474b2e62896d721d529f7f75a48a983e39616a7a1b68468913ba891443d4876b66c6a6c7bc609ad2e861a428f020103aded0cb16edcb4adf0e469e42e1347e5480beae5250357c7be6ac9cc985e5ab9f921fe2f92edf22628515d630b14d5ebd31d9b4acd5d2791c6ffd65a1e5bcd9e36d23dfef35e6f9f3d668abc08081aedcb1d5714624928dd617c8496ac3f11915b64ab6f143c7761574fd92bab13f9199d557d9093becc4f997affffe92c4e6f6f1a1d0c52caf94059435e2db89efa0ad3dea83a895d878bcc3ad190af79aaf607df96c39fd71e915e506e85a0747a78566e1d019f1faaf32bc3373498c94eff792f0d4cb0b1bc576d24247124d7017aada8904999a727c063f8d9aecda345d39cafcd8899316cf14c9637c16e70209f44eb429e05580d75241d1b771c47e5bf2f4593936f13c599feeabb93f5eb7c7112a18ecdb8a22b663c17983f56b861c8e3248b48e42a8ccce9fbb8f33a7f2b3e8272b41afdbc43101dedf880db8fc2d1bae7ece81de984a8142f2de9b56d9c8fc1a00c33f2f36f20bb623baf977f3221bfdaeff4622f3b6dfeb0186980372a5fbc45117847d3eea5f7979429f5c664a78540a6be00791c5df6cdca350aea2403a09c3f70dea4c378f64ee9ee9008782263ca7a38ef1e48f2fbb7856da49cbf30859134c93de8df53b9c1641cc8513429f0f3251682ef729e8e25dd0c016edba65dcb03a42134242a6910b663f1549ca15c1fa77801f0f05790b7b38679563ca01061541bef291a6ff1bd68b3e23b84165261427c51f3485bddfe71cee2b7c0ff5f058adfbe37383b432e763bb2e1375d22c0624d057636513247661e8f96ede63d950ab4debb4b62f6e1f2123be3020fd4981956d08124d54bc67f3cbd2406793e255468ae2696b22f2e71bcebb671497dce527a0fa7a05f05254669c2df657b2da9c014f7b9f6f9d7c77cb0c7dbf02480ba74a3663af917f754faa03ecbb238c4208b731c280be35ccc28e891d7885bd5de9a32ce4e4300de810af2f6aaf64440bbdfdd8117fca96e804d31adb62e1a9431004906b54a37a293ec0f2fc26bd27f6d83b9d44e3f0c188d25c73850de4ac07ad8566e1a747e6ec73e6f01eb5e6f80055930d5887bbc91624763ff234d447fa625f4f30ebb78c05f4308275cb4da846f62e29cfbe6731f1432099831b63a2e6c513b907a8ea66068a09b13b45be406b309fcf52d3699490bf533c1d46a89960b1ea4e54bac98f82da260835c8347fa16361eaedef749f2673d9c84a3e335bed2b8c47b74c0949ceac167a7682883eb0c9b0a1d3b0ddd769e649d2224a8499fb9f2a53f8486e0f58fbab630f219729635d57160aa4a1704f0d5d52f009d6c20b008a85da1d11f1389b6dd562e674afbe1118c253e6eff631930a27228ccb51e2faf410dbd84fa5987e9ce68d815ea60a6a9471cf55a41ce37bce2d6946af012252c8432f1ab36d9e3c32fb15d537fe7ffeab6fb31936bcc58b6cf777a0ec23afb3d494f1e7a777416cfeb00be54d2d5b46f62dcd2617439247c0c5a5c86a5cdaa86e5d10e9a7499fd21337874d7140632117370b5a5f8b717cb91efaf55b803ad2b0bece584c651fd916f8afe747aebea270dcdffbb9e5661e1859c0772d5a83c938711f63ad4476336205345a2423a49b176fbb3b004c313267448dec64a444e59a180538d4024ddbcf433100be6dfa96dd1608be67dc2e7a2f5993201ee0baf8ca5f3857f96dd842c93f93579dc91", &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000001100)="53004d8445a193c877e4184e5c2133c59e7424a983f381d8a3fa5edf44a7fb04b75cc2d637b0a958fc96a4d5491082160c5295c8d7faae88cd2e109e9949ac3dd5080302cc55073ab8285d8131b9043e3271edd74aac796dbe4f7d19d8bf604bc7e9f8c2477ca22ed9e803d6fd7617260904072633accec52e051351635b34111ab302bec45a8457bf978ede887f8ee53413c0f586cd7d4e1fd6bd5dde019468a2152898609192d742f42110de1a1b88777bfe996a08e151e2f7440b1e3083f76a59e9796dce510a7fd1af8c8542f18a59116c64ae3929a4c3ccfe4e4a4fceb7edd74b1a117dc89e9aa1f1fd4d521c0d23dfaa") bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) 03:05:49 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x0, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:49 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x2e00000000000000]}, 0x6) 03:05:49 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x900000000000000]}, 0x6) 03:05:49 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x0, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) [ 716.548570] IPVS: ftp: loaded support on port[0] = 21 03:05:49 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xebf8ffff]}, 0x6) 03:05:49 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:49 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x67f6ffff]}, 0x6) 03:05:49 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xa000000]}, 0x6) 03:05:49 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x700000000000000]}, 0x6) 03:05:49 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:49 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0xa000000]}, 0x6) [ 716.852700] IPVS: ftp: loaded support on port[0] = 21 03:05:49 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = creat(&(0x7f0000000180)='./file0\x00', 0x63) ioctl$GIO_UNISCRNMAP(r1, 0x4b69, &(0x7f00000001c0)=""/25) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast2}, 0xfffffe1f) sendto$inet(r0, &(0x7f0000000000), 0x0, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @multicast1}, 0x10) r2 = syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1000, 0x40000) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000340)={'vcan0\x00', 0x0}) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x7, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x9}, [@map={0x18, 0x1, 0x1, 0x0, r1}, @jmp={0x5, 0x8, 0x4, 0x3, 0x0, 0x8, 0xfffffffffffffffc}]}, &(0x7f0000000240)='GPL\x00', 0x9, 0xa8, &(0x7f0000000280)=""/168, 0x40f00, 0x1, [], r3, 0xc}, 0x48) ioctl$KVM_ASSIGN_SET_INTX_MASK(r2, 0x4040aea4, &(0x7f0000000140)={0xfffffffffffffffe, 0x2, 0x100000001, 0x1, 0x10001}) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) getsockopt$inet_mreq(r0, 0x0, 0x24, &(0x7f0000000000)={@dev, @dev}, &(0x7f0000000040)=0x8) 03:05:49 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x9000000]}, 0x6) 03:05:49 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:49 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0xfffffffd]}, 0x6) 03:05:49 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x4000]}, 0x6) 03:05:49 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xe8030000]}, 0x6) 03:05:49 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xa00]}, 0x6) 03:05:50 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488d") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:50 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x8000000000004e24, @dev}, 0xffffffce) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x2000, 0x0) ioctl$IOC_PR_CLEAR(r1, 0x401070cd, &(0x7f0000000040)={0x8}) setsockopt$IP_VS_SO_SET_ZERO(r1, 0x0, 0x48f, &(0x7f0000000100)={0x33, @dev={0xac, 0x14, 0x14, 0x11}, 0x4e22, 0x0, 'dh\x00', 0x2, 0x9, 0x12}, 0x2c) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) 03:05:50 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x1400000000000000]}, 0x6) 03:05:50 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488d") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:50 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x2]}, 0x6) 03:05:50 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0xe803000000000000]}, 0x6) 03:05:50 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x3075]}, 0x6) 03:05:50 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x3075000000000000]}, 0x6) 03:05:50 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, 0x0, 0x0) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x34c00, 0x0) write$cgroup_type(r1, &(0x7f0000000100)='threaded\x00', 0x9) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @multicast1}, 0x10) 03:05:50 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488d") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:50 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x3000000]}, 0x6) 03:05:50 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x4002000000000000]}, 0x6) 03:05:50 executing program 4: setxattr$security_selinux(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='security.selinux\x00', &(0x7f0000000180)='system_u:system_r:kernel_t:s0\x00', 0x1e, 0x1) r0 = accept4$unix(0xffffffffffffff9c, &(0x7f00000001c0), &(0x7f0000000240)=0x6e, 0x80800) bind$unix(r0, &(0x7f0000000300)=@abs={0x1, 0x0, 0x4e24}, 0x6e) bind$unix(r0, &(0x7f0000000280)=@abs={0x1, 0x0, 0x4e23}, 0x6e) setxattr$security_ima(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='security.ima\x00', &(0x7f0000000400)=@md5={0x1, "cb350fbb362e57c84dd89b18a98f4302"}, 0x11, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) fsetxattr$security_evm(r1, &(0x7f0000000000)='security.evm\x00', &(0x7f0000000040)=@sha1={0x1, "c6dfc48983d422e84af6621bf5b070003428c833"}, 0x15, 0x3) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r1, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r1, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) 03:05:50 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x1c48]}, 0x6) 03:05:50 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d72") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:50 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0xffffffe0]}, 0x6) 03:05:50 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x142800]}, 0x6) 03:05:50 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x14280000000000]}, 0x6) 03:05:50 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x7000000]}, 0x6) 03:05:50 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d72") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:50 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xffffffff00000000]}, 0x6) 03:05:50 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) getresuid(&(0x7f0000000040), &(0x7f0000000100), &(0x7f0000000140)=0x0) getgroups(0x6, &(0x7f0000000180)=[0xee00, 0xee00, 0xffffffffffffffff, 0xee00, 0xee00, 0xffffffffffffffff]) chown(&(0x7f0000000000)='./file0\x00', r1, r2) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) 03:05:51 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x481c000000000000]}, 0x6) 03:05:51 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d72") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:51 executing program 4: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x7) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000140)={r0}) setsockopt$inet6_int(r1, 0x29, 0xa, &(0x7f0000000180)=0x2, 0x4) seccomp(0x1, 0x1, &(0x7f0000000040)={0x4, &(0x7f0000000000)=[{0x1, 0x5, 0x7ff, 0x1ff}, {0x2, 0x4, 0xffff, 0xde}, {0x0, 0x0, 0x7, 0x7d2}, {0x9, 0x2, 0x3, 0x2}]}) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) socket(0x1b, 0x80000, 0x10000) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x8080, 0x0) 03:05:51 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x1100]}, 0x6) 03:05:51 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x1000000]}, 0x6) 03:05:51 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x66f6ffff]}, 0x6) 03:05:51 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d7260") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:51 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000100)={0x0, 0x7, 0xd6b1, 0x6ff1894a, 0x0, 0xffffffff, 0x40, 0xe364, {0x0, @in6={{0xa, 0x4e23, 0x8, @loopback, 0x60000000000000}}, 0x40, 0x8, 0x7fffffff, 0xfffffffffffffffd, 0x1}}, &(0x7f0000000000)=0xb0) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000040)={r1, 0x6c, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @multicast2}, @in={0x2, 0x4e21}, @in={0x2, 0x4e22, @remote}, @in6={0xa, 0x4e21, 0x1, @loopback, 0x100000000}, @in={0x2, 0x4e23, @broadcast}, @in={0x2, 0x4e22, @multicast2}]}, &(0x7f0000000240)=0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) 03:05:51 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d7260") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:51 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x3]}, 0x6) 03:05:51 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x8004020000000000]}, 0x6) 03:05:51 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x142800]}, 0x6) 03:05:51 executing program 4: r0 = socket$inet(0x2, 0x2, 0x40) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) r1 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x101, 0x6000) write$P9_RMKNOD(r1, &(0x7f0000000040)={0x14, 0x13, 0x2, {0x1, 0x2, 0x4}}, 0x14) 03:05:51 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d7260") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:51 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x4c1d000000000000]}, 0x6) 03:05:51 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x40200, 0x0) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) 03:05:51 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x69f6ffff]}, 0x6) 03:05:51 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x900000000000000]}, 0x6) 03:05:51 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:51 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) prctl$setmm(0x23, 0x7, &(0x7f0000ffc000/0x1000)=nil) 03:05:51 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x40000000]}, 0x6) 03:05:51 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x15000000]}, 0x6) 03:05:51 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffff9c, 0xc0086420, &(0x7f0000000040)={0x0}) ioctl$DRM_IOCTL_SWITCH_CTX(r1, 0x40086424, &(0x7f0000000100)={r2, 0x2}) 03:05:51 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x80550000]}, 0x6) 03:05:52 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:52 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:52 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x481c0000]}, 0x6) 03:05:52 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0x0, 0xc0, &(0x7f00000000c0)={0x2, 0x2}, 0x10) 03:05:52 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x20000]}, 0x6) 03:05:52 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x11000000]}, 0x6) 03:05:52 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xa000000]}, 0x6) 03:05:52 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:52 executing program 4: socketpair$inet6_udp(0xa, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$addseals(r0, 0x409, 0x1) getsockopt$IP6T_SO_GET_REVISION_MATCH(r0, 0x29, 0x44, &(0x7f0000000180)={'NETMAP\x00'}, &(0x7f00000001c0)=0x1e) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) socket$bt_bnep(0x1f, 0x3, 0x4) modify_ldt$read(0x0, &(0x7f0000000300)=""/159, 0x9f) sendto$inet(r1, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r1, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) bind$inet(r1, &(0x7f00000003c0)={0x2, 0x4e21, @broadcast}, 0x10) r2 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0xff, 0x200) ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000000200)=""/222) ioctl$SNDRV_TIMER_IOCTL_STATUS(r2, 0x80605414, &(0x7f0000000100)=""/105) 03:05:52 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:52 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x900]}, 0x6) 03:05:52 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x4000000]}, 0x6) 03:05:52 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) syz_open_dev$rtc(&(0x7f0000000000)='/dev/rtc#\x00', 0x4, 0x40000) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x2000, 0x0) sendto$inet(r1, &(0x7f0000000100)="8eaa373542a4620ac0bf3c5e14302cdc61cc4c3128ce4045924fe7e56f33a6b3da3965397f9aff9a4a93afa5e8131e36777befcd73594bc47004f4073f77768a1935a0a96848f6a72254d674572e62d9", 0xffffffffffffffe6, 0x4, &(0x7f00000000c0)={0x2, 0xfffffffffffffffd, @broadcast}, 0xfffffffffffffde2) 03:05:52 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:52 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0xa000000]}, 0x6) 03:05:52 executing program 4: r0 = socket$inet(0x2, 0x7, 0xfffffffffffffffb) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e22, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f00000000c0)="17b7f664c088c149db8322827e469239058d31a3474753bad954cfc9dc77ee863d7162d358f68e31bf684279302e559557b7f8cb1729ef401b9552f5712f3727f47038ba60c380c4c0eccdeb1e99b26cf9d31b8a91ddf4c0767b3a1cf6db18ae5d7d6bb188c15ffb1d0e090be88afd405b25b8a445559657710494ccc37fdac262775d4d54211c92e9a3cd710e3b7d53dda8b030713a9af3f356c503139f208e36ff99605160e8b90121a4f231d8b201f4108238053f868d6186c9d6f12ada3063a459e1a73a664ec8460eb35014515846fa2fc1c9c6c6e91315b1937f689cd8f2a9c76f5d0bf9e12eba540925479f553e1384fd1c91dab26d58beee1719a5174664d8b3d63f52c3e4c56644fdd3dac717e9cdb9dc6781bc6c5ed347807db27f8b456fc81607760d9dbdba5cc724c549d2c194e57358f2d5cd8a21d6917fa1204306a23d640f9b4a26f8ac995214cf9ec00ec126c5d77693b1c82d528af2e712315012f1193b152a031bde44ddb61877c38ea94813550d9023eb4e4e9d3772e2b08ecc6b7e7fbacfd70b032f16562e7faa769693c4cf11e90542ee91e1123085925f1e3a4aa9db435b3c4c6d26683594e5646273ec81bb76f1770316c8cce00f6e6b5c482e27ef26fae8ffe872002ac67442913387eec3cf487a7b823f1e3a32cb5c302cd96a3dad53f155a9d555cccf57cae8a2a4aba05f35eef29f52de7cd30db423d4403f8b2f651280884db7da85da37628660bc8960f9548905cd1baaef2fec4a73b08ad58a453517d2478505ba334986beaebe7e4ddb75c878f99ce2885f15f16443c102148fc0e88b1d79363161598ee4b1281569e6bd1368922f94e755b67382af86205217d34bab991c2ceda062f45a396df6ee7ed3e5babccb3d55e82561013ea286cdf866647f7df3ccca9aa959e3946dbfd6652a01745f4d7e22f0e230f6574593d2d6d32e0d2a947f2a58aeeaaf183f6952bf965943493e1792115116eb344b7cd885fb82eba1c50c3b35260fa29dc47e612a8fb5c2674dc28d3ed18fe655a381ac7216eb8abebd7217da7c8ca267735d310319f46948f5e402cff12a39038d64a181dae1247704df71e48fed2813c6cdecb52fe972b328e73d2933190ac1c70b52a60808d91a1e74f0ea5ead14397774e89ff6c9963ae35ef764fbb9e3c9a89fac08307eeebf99f2209ce4130ef51d736f6d4eaf00a4c2907c953a0d642303ecf92f4c02103c6df7abd122704fe930438cb0ea1bcc294b9bb7320f2b0a61af7a93ac392facdf821510177d0ad55a317854581a3df6fe1e130fd13ce6bef330b8e6cf11c454892fec3f31b209f5cdced8449b0326b80011a6b07a6a9f03ea2d696d6d9edb36f961b5da21bb99294042dca0c4d44a202214a8bdca01918d215894566d2ebfcb1995cc6c03d46453b5678c87ef61a7cd9cee420476f8b7d74b43b7b96e50871bd17d8aca67316516babe04561984f0a9f057134ddc41d81b4f03edc7d5b4175c73deee5c7fbb67a0f8849654cc228b48f85451404c1a8b877e7724c8d9f4a09eeb06b3b5c24c9e5d8e6a07d59bfbcfd1cc3c6dffd4bfb8534d814dd882eed7fcb77f486bb4f8c16d21ad64e64eb852cf2ce65c27981b9620dabeba89c2c7bc63512e06cf01b8cddac8e0fd560974b12848c10b752608e14e965c46071441a65a6f355074695f2198e7099a9ea4e27a56841d1641f5a434b97cee20f018e6afbfd52cfe47136ec5d970e01be8405359970237b69e0083bdd8cbc70fd5072853c813eede426624e526fbe12ef9816fa31e1998b7bd4f34cabb984939625a1d6fd2611b189ab361a8cf16b595774fc793d05ae9109c1b7d1d9962379789519c70926efd934874ece375e0ce6418578a777ea9356b2c2d0ea1bd437a31096ab8ad49056a6c2bbcd9bdf3fadba828e1ce5ee894cf0982a7ec86a1eaf30b89af7c1f46d5acad528fc2e8cc1a1a6e02076b618a249fbd719fcd0282342cff0bee57926ceea0d74685462fcf984ea65a808c5df746af266acbba9c9782688d0586886370c23be1a7593916d76c09cbb456c3414b1c00b1e6ae77c4459bd302c9eba6f3b7c37cc9e76466f31deac07ad0da34b2d80a70e431563e782788ea74c8216f0038191747cd1b0b581709441b68ef441f52e626feaf7f4ce2d856b3c7fe0b45c32c4d05d7e96f5929988a718dd46680d56fe408cc9305536492fc7f2203152afd8d310fc33157b5a75ddc3ed85b5d9cbd93a617ba5d4a057905cd7425d2471656911376a26f0192625724d001206b11854938486fe32474b00836b295177869e92f651e9a70b40c034160ee4a250ea026109ee9f9899367dd37cf07e243b71ec7d46813fb3d2d076efb07cb80cc2e7a9f8ac13fe1246111cdad46bc16804e202b49fdf965e8b769182b018a3e290055592fac2f3ab667128d6458b9e24ea22dc0f9ca656c66de6fe5e5f200ba51813d761f9d20a36103fa87cedba4493d98979704061040e5ea2419410885417d3dd29849fa248d6dd6fc59ee744f4c30a9959f8f88379b680fa0e5cae1f0516be0869c484a6447cd8da312a686aa61a6bb1540aa9be34fdf02ca2cd473186763566ec200c4e8adc3b4158d7225ec13e084b164d081845920822f2c75e6fc6ea641ea357029cb33f2a3cb4efba05e335c3ddae4e76550e32244cc43c7becb29e4de0c3a431975bbb5eed1a66579f8789cc17e32940d32326e7577dcbe0634203ace2f9d700ad440294ccec4b27538d4ea84dbc4a5f52d6b9dfd1f04c889efe5f84eac08bf19067c0dd53d0b031f0d13eda6209c2fdc5981c9784fdea77fc6bceab904b8e59887d70b33e1f21912f20ba8a813aa65c0756729a732ca1f1c82fec9c9f68edeb42c7a0ba087bc9caa958bc705a0435a84dccce7a7edd4c6f83f03a2f4eae0bc90391d4adfd3e5819ee4b93c12d33d60c4134cac3381c1fc66017a3cda6ded4a1b8014a61e7af2b4bfe8e089d256a7db180cb6c8ce0d2c97b740540224a4044bf78034d86d65088328adfa79ec0517837501b4a34bcd64d86c2e3299dd1349c8f032e4e875a85e4046e1ce3f0fdc9a6c53dca7126a952f82a35253d5387e11d8acc7907d73ef7caa322b06675024c0b1e6ac4341bbae26e98277593ffc0a24fced64108f12ae283a7a1f065e6238dc6edeb377301ad87f6cf26a33228dcc303b18d6e315305687aeaf620a740980d921f994c50412a2dcfae492be3a23489e6ba5a199c83a74e011dc33024de9f53f8cd71a143175b9b2be27e8bf8c1d5fd0f08abe9333f934512c80db8ea6cfb5e3aa21fc9ffcbac4b9d78158363b7a88f3da8068744fa6bb4f9da1af3e13d47272f45a5b65fecb38bcfa3a00651d5b6ba0a100a5798dc528fca0e60371fd97c4338c8293e94479522fea737a19dbff894d61e7bdce42475e73eb82ced4edaf1dbde5ab4011e6b3a17dd259ae4425add1dc5e5401a05c27f808546fb632d8879c4f935d05e812aca06462a7a1d248528695e97c1a9fe70c09a9c647b6d39619e0f28a4dd187545b5675e606a403e56a9c7bf5e499696502c03df8646a06f5a0c0613e6d4b44598c0d148de2d09cd8a3a6f1e3f539bd11d3d7545232b97d4215e7ed9499103f97e83f3d6a00c12c51faf2b559935428ea6f80bcd2cb3ad566acba8eac4a0b870c82d8dcd0f33cc547ab889b7b32f807d3ddacdecbc98d01df4f25eeb450e7911b8271da6c1fa079080963502720d567068587d4668fc6c86bbe9ec6247ecd8c207a99eff5e0eaa565e77880c3c6a0ddc9175ed3cdcf2db62baf3de91175336902c3085ad9ecfd0aaf5b9d68d965bfe63061a5563cba3a38177c55adf56b0bca6f6a548fbf94c3b9577c8be7471491de5577b5238d10a21bbf4d69090aeb31beeab471e216f57a50b1a962a8e2bc31b9fcfcba96bcc8d5e413c20408cfd28bacd4fa3143e14bb8403e73b2980d05fdc8b74908b747b9e937edfd6357d790397a78bff9c0d7ca8cf87a4d39e3dbf9a99f51461079b889071f8e89d760930c0a8442c2efecae3cff5c6332ddf5a7822d20b86309868c32fdb0cfc784a99410f7fc1a76baa6c35e88c72427ee919356e9b0cc906382b7a022ee63fe48ef28423507dcbf3845fb4f4f52e5ca8e8f50e211008655cbc66fd06e91751acb23a1c0669c978ed1365526056931b4a3186979e98310bd13a5fc892b10de22ce92c234cabeb1681d9f913d205893821cf7ae9ae4988f9866f576c206c0511bb01869dafdd558a8a69f96072a7d1b489acbf0c7b9740549275c65e4ca6700ce67485422ce176d9e7a8cf06b0cfa91e59f635dd073e8d4cc0285b2987d90c7dac345f613ed0f7558ad6b5ee88c318973924dd4f23021878269c0088e9d23125a3fc431ac80fdfba7bbf6805d8ded8a2b04cd442d7670860200e7501842f4fd24941b62f2c687adc57797695ccfd65476b8689fcdcd09cff2ca0dd97ddbcadc0c14822aa39581980bcdcd8378cd73e855b3a2827c6a1f775d7b0a113624b5fe9f593ad95c6a1e835e319cb9ab96b53cfdb5475699c7397a446c9d00e227e4b856a25768510b0506819880c59c0234194172f5b2989cd143383d842f57068b16324840757b27051229875cd561676ba8c99b74de0ab7c6edb67c746fc4be552d5832ac402430bb380ea4014862ee79c39d3640ad1409ff7912f5b7462aa32476e79394ce689ae252285cc11a7651d40d53c20a5987f243862a7b3b7c01044c7ff37c9d3806b01ad5f8657fb582de4ecc7503228162667dfab53e78be5541a1af8e33d49fd0da4a6bb846e23208588168afbca12060bb7ed0b67dbf515393bcd3b8cd90f9d84846c9c9b3a2d76576561816eff07cd343e7c7a88586578a985bfcc0b647af8d01ace266492a47109388e7db9500bd077d23818de4bdcfb65c667dc0a64a574e96e2af34eb30fb88aa4c0ba6e735ad5202d79669034f20e88b653262319b37e8a079917c7e38d37eaaec56a4c19923877cad5adeeff62c44f2dd8673ed3c3444a64f54bfedd19a742def0ad0709c252aa841794bb4a08a7473cd9c912ff97578d2ba6896b287f4668237a693de412eb3002a7ab91ed3842036a3f0bd6b2ce5575d4aec2dca1142a67e1f9519be6d65f27ab664fd55ca647fe9de1d34bd58454f7ad41c74422ee4cb50d3864ef290a412b9af166d3df97ab0991f5b2bf5b3b40e7030d67e21dba8dd851d306605a28329facfc93289bb30758888b058da209dfcd13e8f839f05e3e4782287018dfb7525fe88afe34e9a428a0490ac7cf6f8f3848e2ae8f9254e1a9e8cb0dc36294517245765d57a42c4add7538658202911d943d39ae3643686c7ee5b73bbe505b418a10817d60c878f6ff833a88bafdf9bf58ea5000c8c7aa8a2c3fa2eda3cba43d6fc7e2093c15cedb4c159e546ac27d8ee3130aec211cc793d8da88d0f0f87e292124916f3a51be1dffbf2996aefd353bd55b813530215f334ec8cdf6c8b314a369d1d4b0068a239d600fcac77c7c5ff9295aeb2c408fe9e2d53f8ad7c54756a6c4e4ff3e7122b885987efc6ba1ae2c0f93ef50bd8732f586fcc85a6731e364f3ba652f75a51b99edcac2a0410ac033ea83344cfc82eb23e3d0fc455feb47a5c83037acbf4cefb5e5b248527b1bad52ccc4f6f6940f5c581a39b0b6c40691d1758ae035ee065b876a1ae5b6068aac7221e5f6a202e881d192a232d6b9d4811a5e51d2a9b4368ea8d11604a5834712db442194eeb7d1f36ce9f02811b8421b09da272b1278d", 0x1000, 0x8000, &(0x7f0000000040)={0x2, 0x4e22, @remote}, 0x10) sendto$inet(r0, &(0x7f0000000040), 0x0, 0xc0, &(0x7f0000000000), 0x10) 03:05:52 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x983a]}, 0x6) 03:05:52 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xe]}, 0x6) 03:05:52 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x11000000]}, 0x6) 03:05:52 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r0, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r1, &(0x7f0000000140), 0x1c) r2 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r2, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x8, 0x0) 03:05:52 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x8, 0x0) 03:05:52 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x3a98]}, 0x6) 03:05:52 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x0) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) [ 720.154300] syz-executor3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=2, oom_score_adj=0 [ 720.229837] syz-executor3 cpuset=syz3 mems_allowed=0 [ 720.235162] CPU: 0 PID: 27545 Comm: syz-executor3 Not tainted 4.19.0-rc6+ #265 [ 720.242557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 720.251908] Call Trace: [ 720.254504] dump_stack+0x1c4/0x2b4 [ 720.258142] ? dump_stack_print_info.cold.2+0x52/0x52 [ 720.263365] ? mark_held_locks+0x130/0x130 [ 720.267614] ? mark_held_locks+0x130/0x130 [ 720.271860] dump_header+0x27b/0xf72 [ 720.275595] ? pagefault_out_of_memory+0x197/0x197 [ 720.280534] ? check_preemption_disabled+0x48/0x200 [ 720.285553] ? check_preemption_disabled+0x48/0x200 [ 720.290583] ? graph_lock+0x170/0x170 [ 720.294391] ? graph_lock+0x170/0x170 [ 720.298206] ? print_usage_bug+0xc0/0xc0 [ 720.302276] ? find_held_lock+0x36/0x1c0 [ 720.306346] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 720.311936] ? find_held_lock+0x36/0x1c0 [ 720.316033] ? mark_held_locks+0xc7/0x130 [ 720.320198] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 720.325306] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 720.330413] ? lockdep_hardirqs_on+0x421/0x5c0 [ 720.334996] ? trace_hardirqs_on+0xbd/0x310 [ 720.339318] ? kasan_check_read+0x11/0x20 [ 720.343465] ? ___ratelimit+0x36f/0x655 [ 720.347445] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 720.352926] ? trace_hardirqs_on+0x310/0x310 [ 720.357352] ? lock_downgrade+0x900/0x900 [ 720.361507] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 720.366611] ? ___ratelimit+0xaa/0x655 [ 720.370501] ? idr_get_free+0xec0/0xec0 [ 720.374477] ? kasan_check_write+0x14/0x20 [ 720.378717] ? do_raw_spin_lock+0xc1/0x200 [ 720.382958] oom_kill_process.cold.27+0x10/0x903 [ 720.387716] ? kasan_check_write+0x14/0x20 [ 720.391952] ? do_raw_spin_lock+0xc1/0x200 [ 720.396206] ? oom_evaluate_task+0x540/0x540 [ 720.400622] ? cgroup_procs_next+0x70/0x70 [ 720.404863] ? _raw_spin_unlock_irq+0x60/0x80 [ 720.409361] ? oom_badness+0xaa0/0xaa0 [ 720.413256] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 720.418016] ? mem_cgroup_iter_break+0x30/0x30 [ 720.422610] ? mark_held_locks+0xc7/0x130 [ 720.426759] out_of_memory+0xa84/0x1430 [ 720.430736] ? lockdep_hardirqs_on+0x421/0x5c0 [ 720.435321] ? kasan_check_read+0x11/0x20 [ 720.439475] ? oom_killer_disable+0x3a0/0x3a0 [ 720.443972] ? kasan_check_write+0x14/0x20 [ 720.448219] ? do_raw_spin_lock+0xc1/0x200 [ 720.452466] mem_cgroup_out_of_memory+0x15e/0x210 [ 720.457327] ? memcg_memory_event+0x40/0x40 [ 720.461647] ? mem_cgroup_charge_skmem+0x1e4/0x390 [ 720.466579] ? page_counter_try_charge+0x1c1/0x220 [ 720.471611] try_charge+0xc43/0x1690 [ 720.475341] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 720.481397] ? tcp_sendmsg+0x2f/0x50 [ 720.485113] ? sock_sendmsg+0xd5/0x120 [ 720.488997] ? __sys_sendto+0x3d7/0x670 [ 720.492973] ? graph_lock+0x170/0x170 [ 720.496771] ? graph_lock+0x170/0x170 [ 720.500574] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 720.506115] ? check_preemption_disabled+0x48/0x200 [ 720.511147] ? check_preemption_disabled+0x48/0x200 [ 720.516221] ? mark_held_locks+0xc7/0x130 [ 720.520377] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 720.525307] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 720.530235] ? lockdep_hardirqs_on+0x421/0x5c0 [ 720.534819] ? rcu_read_lock_sched_held+0x108/0x120 [ 720.539840] ? __sk_mem_raise_allocated+0x642/0x1800 [ 720.544947] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 720.550399] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 720.555940] ? check_preemption_disabled+0x48/0x200 [ 720.560968] mem_cgroup_charge_skmem+0x1e4/0x390 [ 720.565729] ? mem_cgroup_sk_free+0x90/0x90 [ 720.570066] __sk_mem_raise_allocated+0x642/0x1800 [ 720.575001] ? sk_busy_loop_end+0x1c0/0x1c0 [ 720.579327] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 720.584891] ? alloc_pages_current+0x114/0x210 [ 720.589479] ? skb_page_frag_refill+0x1eb/0x6a0 [ 720.594156] ? sock_kzfree_s+0x60/0x60 [ 720.598062] ? _copy_from_iter_full+0x2b3/0xd20 [ 720.602734] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 720.608277] ? tcp_rate_check_app_limited+0x121/0x460 [ 720.613474] ? iov_iter_advance+0x1460/0x1460 [ 720.617977] __sk_mem_schedule+0x6d/0xe0 [ 720.622040] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 720.627582] tcp_sendmsg_locked+0x1c86/0x3f00 [ 720.632103] ? tcp_sendpage+0x60/0x60 [ 720.635909] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 720.641444] ? aa_label_sk_perm+0x46d/0x8e0 [ 720.645776] ? find_held_lock+0x36/0x1c0 [ 720.649863] ? mark_held_locks+0xc7/0x130 [ 720.654055] ? __local_bh_enable_ip+0x160/0x260 [ 720.658725] ? __local_bh_enable_ip+0x160/0x260 [ 720.663426] ? trace_hardirqs_on+0xbd/0x310 [ 720.667770] ? lock_release+0x970/0x970 [ 720.671773] ? lock_sock_nested+0xe2/0x120 [ 720.676007] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 720.681458] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 720.686997] ? check_preemption_disabled+0x48/0x200 [ 720.692017] ? lock_sock_nested+0x9a/0x120 [ 720.696255] ? lock_sock_nested+0x9a/0x120 [ 720.700493] ? __local_bh_enable_ip+0x160/0x260 [ 720.705176] tcp_sendmsg+0x2f/0x50 [ 720.708733] inet_sendmsg+0x1a1/0x690 [ 720.712536] ? ipip_gro_receive+0x100/0x100 [ 720.716863] ? apparmor_socket_sendmsg+0x29/0x30 [ 720.722111] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 720.727650] ? security_socket_sendmsg+0x94/0xc0 [ 720.732406] ? ipip_gro_receive+0x100/0x100 [ 720.736729] sock_sendmsg+0xd5/0x120 [ 720.740445] __sys_sendto+0x3d7/0x670 [ 720.744251] ? __ia32_sys_getpeername+0xb0/0xb0 [ 720.748919] ? lock_release+0x970/0x970 [ 720.752893] ? arch_local_save_flags+0x40/0x40 [ 720.757478] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 720.762928] ? aa_af_perm+0x5a0/0x5a0 [ 720.766754] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 720.772295] ? put_timespec64+0x10f/0x1b0 [ 720.776443] ? nsecs_to_jiffies+0x30/0x30 [ 720.780628] ? do_syscall_64+0x9a/0x820 [ 720.784600] ? do_syscall_64+0x9a/0x820 [ 720.788576] ? lockdep_hardirqs_on+0x421/0x5c0 [ 720.793160] ? trace_hardirqs_on+0xbd/0x310 [ 720.797498] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 720.803039] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 720.808403] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 720.813860] __x64_sys_sendto+0xe1/0x1a0 [ 720.817930] do_syscall_64+0x1b9/0x820 [ 720.821817] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 720.827202] ? syscall_return_slowpath+0x5e0/0x5e0 [ 720.832137] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 720.836988] ? trace_hardirqs_on_caller+0x310/0x310 [ 720.842006] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 720.847025] ? prepare_exit_to_usermode+0x291/0x3b0 [ 720.852049] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 720.856897] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 720.862083] RIP: 0033:0x457579 03:05:53 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0xfffffffffffffffc) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) 03:05:53 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x7]}, 0x6) 03:05:53 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x1000000]}, 0x6) [ 720.865277] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 720.884183] RSP: 002b:00007f7e36aa9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 720.891899] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457579 [ 720.899172] RDX: fffffffffffffe4e RSI: 0000000020000000 RDI: 0000000000000003 [ 720.906445] RBP: 000000000072bf00 R08: 00000000200000c0 R09: 0000000000000006 [ 720.913711] R10: 00000000000000c0 R11: 0000000000000246 R12: 00007f7e36aaa6d4 [ 720.920993] R13: 00000000004c3929 R14: 00000000004d57c0 R15: 00000000ffffffff [ 720.972269] Task in /syz3 killed as a result of limit of /syz3 [ 721.001852] memory: usage 204796kB, limit 204800kB, failcnt 3309 03:05:53 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x1100000000000000]}, 0x6) [ 721.036472] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 721.069433] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 03:05:53 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x3a98]}, 0x6) [ 721.087394] Memory cgroup stats for /syz3: cache:0KB rss:2184KB rss_huge:2048KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2212KB inactive_file:0KB active_file:0KB unevictable:0KB 03:05:53 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) getsockopt$inet_tcp_int(r0, 0x6, 0x0, &(0x7f0000000000), &(0x7f0000000040)=0x4) [ 721.147126] Memory cgroup out of memory: Kill process 27544 (syz-executor3) score 171 or sacrifice child 03:05:54 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x40020000]}, 0x6) [ 721.210817] Killed process 27544 (syz-executor3) total-vm:70472kB, anon-rss:2156kB, file-rss:32768kB, shmem-rss:0kB [ 721.298457] oom_reaper: reaped process 27544 (syz-executor3), now anon-rss:0kB, file-rss:32740kB, shmem-rss:0kB 03:05:54 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xe]}, 0x6) 03:05:54 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0xe000000]}, 0x6) 03:05:54 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x0, 0x0) 03:05:54 executing program 4: r0 = socket$inet(0x2, 0x0, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000000)={0x0, 0x10000, 0x2, [0x7, 0x6]}, &(0x7f0000000040)=0xc) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f0000000100)={r1, @in6={{0xa, 0x4e21, 0xfffffffffffffff7, @local, 0x4}}, [0x1ff, 0x3f, 0x2, 0x6, 0x400, 0x3, 0x7, 0x0, 0x3ff, 0x80000000, 0x1, 0x5, 0xffffffffffffffec, 0x9, 0x5]}, &(0x7f0000000200)=0x100) 03:05:54 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x281400]}, 0x6) 03:05:54 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x34000000]}, 0x6) 03:05:54 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x0, 0x0) 03:05:54 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x1100000000000000]}, 0x6) 03:05:54 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000100)="a2b65cba1ee36ecd728983d15ac16ca2d940a1fdcecbba7959a4932e977b19a321309d9a20b33f64e8ebaf06ae18c79e36e9d2b3a997439f2ec8e56686b63fbc18fe8bec2a4e4c28dbbe3cadc1f5f5c260d44961e719014ee7943273f81ec67e85813a0f9e6ceb9b063155a44f0d9d9e620dfc803367dbeffe07e936b4a4c0521c5ae89938caf2e616bb2d30a4c58fdffc2c54fd5da57b781be17528862dec19672c0dbc72dae97ba00485dc0096", 0xae, 0x20000010, &(0x7f0000000000)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) fcntl$setsig(r0, 0xa, 0x25) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) 03:05:54 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x0, 0x0) 03:05:54 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x2000000]}, 0x6) 03:05:54 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xfeffffff00000000]}, 0x6) 03:05:54 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0xe00]}, 0x6) 03:05:54 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0xe803000000000000]}, 0x6) 03:05:54 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x28c50800]}, 0x6) 03:05:54 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x4]}, 0x6) 03:05:54 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x900]}, 0x6) 03:05:54 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xa00000000000000]}, 0x6) 03:05:54 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x3e8]}, 0x6) 03:05:55 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x281400]}, 0x6) 03:05:55 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x4000000]}, 0x6) 03:05:55 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x2e]}, 0x6) 03:05:55 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x100000000000000]}, 0x6) 03:05:55 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) r1 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0xc9fe, 0x408000) ioctl$UI_BEGIN_FF_ERASE(r1, 0xc00c55ca, &(0x7f00000002c0)={0x2, 0x7f, 0x8000}) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000040)=r1, 0x4) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) ioctl(r0, 0x54fb55db, &(0x7f0000000100)="e32e86cf85577979c03a2b96a11e0d7e2adb37c9acf57e8fe8f86205f6815d5209aa923ed4ecb21d8250881a42caf1f8b1348c2fee38f148a9e1f3934c5d146511d497b5937252258e7effd829e012434c17b0753ae6fea109013cc6b06ec25c3483ae975c24d94399cf5414dc5e882516701feea937dbaebfc6811ee7a15069b0b694a9bb69f136a8c800e8b64a9930a94525d61f2f0b403c51ff24be514e0c6c76649679eb422521005f99b854ae09961d714e845a") sendto$inet(r0, &(0x7f0000000240)="1783ea09b717b27b58428dae328d923b974146e4974832ad4ddd9926b0cc4a826ad82d22a456cc41ba3af8fb4e048f92e67ad83e48aa5132dd186737b5165b1cb3a94b3494669ffe80ea8a01000000000000000527d8d7a92dbdf0cf805fe2d37e99cfcdaa0ab488ba3b31fe6b8141397e07dece1286fdc085ff2dd55db97f", 0x7f, 0x400c1, &(0x7f00000000c0), 0x10) timerfd_settime(r1, 0x1, &(0x7f00000001c0)={{}, {0x0, 0x989680}}, &(0x7f0000000200)) 03:05:55 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x4]}, 0x6) [ 722.603539] syz-executor3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=2, oom_score_adj=0 [ 722.644977] syz-executor3 cpuset=syz3 mems_allowed=0 [ 722.662891] CPU: 0 PID: 27688 Comm: syz-executor3 Not tainted 4.19.0-rc6+ #265 [ 722.670270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 722.679629] Call Trace: [ 722.682237] dump_stack+0x1c4/0x2b4 [ 722.685884] ? dump_stack_print_info.cold.2+0x52/0x52 [ 722.691089] ? mark_held_locks+0x130/0x130 [ 722.695332] ? mark_held_locks+0x130/0x130 [ 722.699580] dump_header+0x27b/0xf72 [ 722.703316] ? pagefault_out_of_memory+0x197/0x197 [ 722.708256] ? check_preemption_disabled+0x48/0x200 [ 722.713279] ? check_preemption_disabled+0x48/0x200 [ 722.718310] ? graph_lock+0x170/0x170 [ 722.722547] ? graph_lock+0x170/0x170 [ 722.726372] ? print_usage_bug+0xc0/0xc0 [ 722.730446] ? find_held_lock+0x36/0x1c0 [ 722.734514] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 722.740061] ? find_held_lock+0x36/0x1c0 [ 722.744139] ? mark_held_locks+0xc7/0x130 [ 722.748326] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 722.753437] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 722.758548] ? lockdep_hardirqs_on+0x421/0x5c0 [ 722.763150] ? trace_hardirqs_on+0xbd/0x310 [ 722.767499] ? kasan_check_read+0x11/0x20 [ 722.771659] ? ___ratelimit+0x36f/0x655 [ 722.775636] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 722.781075] ? trace_hardirqs_on+0x310/0x310 [ 722.785471] ? lock_downgrade+0x900/0x900 [ 722.789608] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 722.794699] ? ___ratelimit+0xaa/0x655 [ 722.798577] ? idr_get_free+0xec0/0xec0 [ 722.802539] ? kasan_check_write+0x14/0x20 [ 722.806774] ? do_raw_spin_lock+0xc1/0x200 [ 722.811012] oom_kill_process.cold.27+0x10/0x903 [ 722.815764] ? kasan_check_write+0x14/0x20 [ 722.820043] ? do_raw_spin_lock+0xc1/0x200 [ 722.824270] ? oom_evaluate_task+0x540/0x540 [ 722.828667] ? cgroup_procs_next+0x70/0x70 [ 722.832890] ? _raw_spin_unlock_irq+0x60/0x80 [ 722.837369] ? oom_badness+0xaa0/0xaa0 [ 722.841244] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 722.846067] ? mem_cgroup_iter_break+0x30/0x30 [ 722.850674] ? mark_held_locks+0xc7/0x130 [ 722.854828] out_of_memory+0xa84/0x1430 [ 722.858787] ? lockdep_hardirqs_on+0x421/0x5c0 [ 722.863355] ? kasan_check_read+0x11/0x20 [ 722.867504] ? oom_killer_disable+0x3a0/0x3a0 [ 722.872012] ? kasan_check_write+0x14/0x20 [ 722.876247] ? do_raw_spin_lock+0xc1/0x200 [ 722.880474] mem_cgroup_out_of_memory+0x15e/0x210 [ 722.885301] ? memcg_memory_event+0x40/0x40 [ 722.889605] ? mem_cgroup_charge_skmem+0x1e4/0x390 [ 722.894535] ? page_counter_try_charge+0x1c1/0x220 [ 722.899464] try_charge+0xc43/0x1690 [ 722.903179] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 722.909236] ? tcp_sendmsg+0x2f/0x50 [ 722.912936] ? sock_sendmsg+0xd5/0x120 [ 722.916806] ? __sys_sendto+0x3d7/0x670 [ 722.920767] ? graph_lock+0x170/0x170 [ 722.924556] ? graph_lock+0x170/0x170 [ 722.928351] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 722.933892] ? check_preemption_disabled+0x48/0x200 [ 722.938909] ? check_preemption_disabled+0x48/0x200 [ 722.943915] ? mark_held_locks+0xc7/0x130 [ 722.948053] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 722.952979] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 722.957909] ? lockdep_hardirqs_on+0x421/0x5c0 [ 722.962483] ? rcu_read_lock_sched_held+0x108/0x120 [ 722.967487] ? __sk_mem_raise_allocated+0x642/0x1800 [ 722.972577] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 722.978014] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 722.983540] ? check_preemption_disabled+0x48/0x200 [ 722.988545] mem_cgroup_charge_skmem+0x1e4/0x390 [ 722.993290] ? mem_cgroup_sk_free+0x90/0x90 [ 722.997613] __sk_mem_raise_allocated+0x642/0x1800 [ 723.002554] ? sk_busy_loop_end+0x1c0/0x1c0 [ 723.006874] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 723.012420] ? alloc_pages_current+0x114/0x210 [ 723.017004] ? retint_kernel+0x2d/0x2d [ 723.020880] ? skb_page_frag_refill+0x1eb/0x6a0 [ 723.025557] ? sock_kzfree_s+0x60/0x60 [ 723.029435] ? _copy_from_iter_full+0x2b3/0xd20 [ 723.034092] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 723.039624] ? tcp_rate_check_app_limited+0x121/0x460 [ 723.044804] ? iov_iter_advance+0x1460/0x1460 [ 723.049294] __sk_mem_schedule+0x6d/0xe0 [ 723.053343] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 723.058869] tcp_sendmsg_locked+0x1c86/0x3f00 [ 723.063362] ? tcp_sendpage+0x60/0x60 [ 723.067150] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 723.072691] ? aa_label_sk_perm+0x46d/0x8e0 [ 723.077008] ? find_held_lock+0x36/0x1c0 [ 723.081059] ? mark_held_locks+0xc7/0x130 [ 723.085206] ? __local_bh_enable_ip+0x160/0x260 [ 723.089875] ? __local_bh_enable_ip+0x160/0x260 [ 723.094567] ? trace_hardirqs_on+0xbd/0x310 [ 723.098886] ? lock_release+0x970/0x970 [ 723.102862] ? lock_sock_nested+0xe2/0x120 [ 723.107106] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 723.112544] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 723.118081] ? check_preemption_disabled+0x48/0x200 [ 723.123093] ? lock_sock_nested+0x9a/0x120 [ 723.127316] ? lock_sock_nested+0x9a/0x120 [ 723.131553] ? __local_bh_enable_ip+0x160/0x260 [ 723.136228] tcp_sendmsg+0x2f/0x50 [ 723.139757] inet_sendmsg+0x1a1/0x690 [ 723.143545] ? ipip_gro_receive+0x100/0x100 [ 723.147854] ? apparmor_socket_sendmsg+0x29/0x30 [ 723.152595] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 723.158120] ? security_socket_sendmsg+0x94/0xc0 [ 723.162885] ? ipip_gro_receive+0x100/0x100 [ 723.167207] sock_sendmsg+0xd5/0x120 [ 723.170949] __sys_sendto+0x3d7/0x670 [ 723.174749] ? __ia32_sys_getpeername+0xb0/0xb0 [ 723.179402] ? lock_release+0x970/0x970 [ 723.183360] ? arch_local_save_flags+0x40/0x40 [ 723.187929] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 723.193375] ? aa_af_perm+0x5a0/0x5a0 [ 723.197202] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 723.202730] ? put_timespec64+0x10f/0x1b0 [ 723.206874] ? nsecs_to_jiffies+0x30/0x30 [ 723.211026] ? do_syscall_64+0x9a/0x820 [ 723.214988] ? do_syscall_64+0x9a/0x820 [ 723.218949] ? lockdep_hardirqs_on+0x421/0x5c0 [ 723.223520] ? trace_hardirqs_on+0xbd/0x310 [ 723.227828] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 723.233354] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 723.238707] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 723.244144] __x64_sys_sendto+0xe1/0x1a0 [ 723.248209] do_syscall_64+0x1b9/0x820 [ 723.252083] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 723.257435] ? syscall_return_slowpath+0x5e0/0x5e0 [ 723.262357] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 723.267201] ? trace_hardirqs_on_caller+0x310/0x310 [ 723.272216] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 723.277225] ? prepare_exit_to_usermode+0x291/0x3b0 [ 723.282241] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 723.287088] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 723.292259] RIP: 0033:0x457579 [ 723.295437] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 723.314322] RSP: 002b:00007f7e36aa9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 723.322013] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457579 [ 723.329266] RDX: fffffffffffffe4e RSI: 0000000020000000 RDI: 0000000000000003 [ 723.336516] RBP: 000000000072bf00 R08: 00000000200000c0 R09: 0000000000000006 03:05:56 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0xe803000000000000]}, 0x6) 03:05:56 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) pwrite64(r0, &(0x7f0000000200)="9dec93ee226b0de712dae520eb0acc8e847fe0f1577ac622369f53fd3d343d0503739f01ab268e140d200e809e8894a2d77f1075cfced7576dee7420112c3e5d01756f3df2844bb5b0beacbb5ca4461efef03c434bde814dd760c56b618ff6daedae4b26c43d44afca077b730747b0fa72e406c2c33c41d6a04710b591ceec7d97cf242d56a2a0bcf50f8836b4e4aeeb165b8405a5930a4184445b60c40a2365bcfd6cece1caba9409d91f3b7a65580e100aa64c9d3c937f63abbcc6", 0xbc, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000100)="67e5d4685ec559266956bcd201132723fd28eb3deb53ce6f3e9f193f6b89f3bae9f5a662e6360c140f20d4bba990a84f36fa369cd1044cde1631b6bd5b5389582cde3551a5f0d55c61acbdc98f29821cc52b79fe30bcee15e781d281866a7eb669938d180c7bdb495d2f46dc6186e89a2c803d1c62614fc6c9873540df347cfd53798f0c0133fb6b2a02225f46fd31ba06dc33f23e15e7263762af0171922b1acd37d004f91b5d8686d2f48dd347994083a01fc482cb215f9faca657b82efdc5209f02280dd0a1a5205fe28260e7ce98d372f721de31ab99", 0xd8, 0x200007ff, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vga_arbiter\x00', 0x206401, 0x0) setsockopt$l2tp_PPPOL2TP_SO_LNSMODE(r1, 0x111, 0x4, 0x0, 0x4) 03:05:56 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0xa]}, 0x6) 03:05:56 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x2000000000000]}, 0x6) [ 723.343770] R10: 00000000000000c0 R11: 0000000000000246 R12: 00007f7e36aaa6d4 [ 723.351024] R13: 00000000004c3929 R14: 00000000004d57c0 R15: 00000000ffffffff [ 723.370212] Task in /syz3 killed as a result of limit of /syz3 [ 723.376241] memory: usage 204788kB, limit 204800kB, failcnt 3330 [ 723.382589] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 723.389884] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 723.396038] Memory cgroup stats for /syz3: cache:0KB rss:4232KB rss_huge:4096KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:4256KB inactive_file:0KB active_file:0KB unevictable:0KB 03:05:56 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0xfffff669]}, 0x6) 03:05:56 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0x0, 0xc4, &(0x7f00000000c0), 0x10) 03:05:56 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x40000000]}, 0x6) [ 723.505294] Memory cgroup out of memory: Kill process 27685 (syz-executor3) score 181 or sacrifice child [ 723.528550] Killed process 27685 (syz-executor3) total-vm:70472kB, anon-rss:4204kB, file-rss:32768kB, shmem-rss:0kB 03:05:56 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xa]}, 0x6) 03:05:56 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x983a000000000000]}, 0x6) [ 723.568230] oom_reaper: reaped process 27685 (syz-executor3), now anon-rss:0kB, file-rss:32000kB, shmem-rss:0kB 03:05:56 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffff9c, 0x29, 0x23, &(0x7f0000000280)={{{@in=@rand_addr, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@broadcast}, 0x0, @in6=@mcast1}}, &(0x7f0000000380)=0xe8) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f00000003c0)={@empty, @dev={0xac, 0x14, 0x14, 0x18}, r1}, 0xc) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000040), &(0x7f0000000100)=0x14) ioctl$TUNSETNOCSUM(r2, 0x400454c8, 0x1) ioctl$KVM_GET_MP_STATE(r2, 0x8004ae98, &(0x7f0000000140)) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) [ 723.677742] syz-executor3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=3, oom_score_adj=0 [ 723.731844] syz-executor3 cpuset=syz3 mems_allowed=0 [ 723.742808] CPU: 0 PID: 27727 Comm: syz-executor3 Not tainted 4.19.0-rc6+ #265 [ 723.750206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 723.759567] Call Trace: [ 723.762195] dump_stack+0x1c4/0x2b4 [ 723.765847] ? dump_stack_print_info.cold.2+0x52/0x52 [ 723.771051] ? mark_held_locks+0x130/0x130 [ 723.775302] ? mark_held_locks+0x130/0x130 [ 723.779557] dump_header+0x27b/0xf72 [ 723.783294] ? pagefault_out_of_memory+0x197/0x197 [ 723.788236] ? check_preemption_disabled+0x48/0x200 [ 723.793258] ? check_preemption_disabled+0x48/0x200 [ 723.798292] ? graph_lock+0x170/0x170 [ 723.802110] ? graph_lock+0x170/0x170 [ 723.805913] ? print_usage_bug+0xc0/0xc0 [ 723.809980] ? find_held_lock+0x36/0x1c0 [ 723.814048] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 723.819592] ? find_held_lock+0x36/0x1c0 [ 723.823666] ? mark_held_locks+0xc7/0x130 [ 723.827818] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 723.832921] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 723.838026] ? lockdep_hardirqs_on+0x421/0x5c0 [ 723.842609] ? trace_hardirqs_on+0xbd/0x310 [ 723.846927] ? kasan_check_read+0x11/0x20 [ 723.851083] ? ___ratelimit+0x36f/0x655 [ 723.855254] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 723.860708] ? trace_hardirqs_on+0x310/0x310 [ 723.865118] ? lock_downgrade+0x900/0x900 [ 723.869277] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 723.874381] ? ___ratelimit+0xaa/0x655 [ 723.878275] ? idr_get_free+0xec0/0xec0 [ 723.882250] ? kasan_check_write+0x14/0x20 [ 723.886488] ? do_raw_spin_lock+0xc1/0x200 [ 723.890736] oom_kill_process.cold.27+0x10/0x903 [ 723.895493] ? kasan_check_write+0x14/0x20 [ 723.899728] ? do_raw_spin_lock+0xc1/0x200 [ 723.903972] ? oom_evaluate_task+0x540/0x540 [ 723.908386] ? cgroup_procs_next+0x70/0x70 [ 723.912625] ? _raw_spin_unlock_irq+0x60/0x80 [ 723.917120] ? oom_badness+0xaa0/0xaa0 [ 723.921014] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 723.925775] ? mem_cgroup_iter_break+0x30/0x30 [ 723.930370] ? mark_held_locks+0xc7/0x130 [ 723.934521] out_of_memory+0xa84/0x1430 [ 723.938494] ? lockdep_hardirqs_on+0x421/0x5c0 [ 723.943074] ? kasan_check_read+0x11/0x20 [ 723.947229] ? oom_killer_disable+0x3a0/0x3a0 [ 723.951725] ? kasan_check_write+0x14/0x20 [ 723.955959] ? do_raw_spin_lock+0xc1/0x200 [ 723.960219] mem_cgroup_out_of_memory+0x15e/0x210 [ 723.965062] ? memcg_memory_event+0x40/0x40 [ 723.969386] ? mem_cgroup_charge_skmem+0x1e4/0x390 [ 723.974321] ? page_counter_try_charge+0x1c1/0x220 [ 723.979258] try_charge+0xc43/0x1690 [ 723.982989] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 723.989050] ? tcp_sendmsg+0x2f/0x50 [ 723.992761] ? sock_sendmsg+0xd5/0x120 [ 723.996646] ? __sys_sendto+0x3d7/0x670 [ 724.000620] ? graph_lock+0x170/0x170 [ 724.004422] ? graph_lock+0x170/0x170 [ 724.008231] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 724.013773] ? check_preemption_disabled+0x48/0x200 [ 724.018794] ? check_preemption_disabled+0x48/0x200 [ 724.023821] ? mark_held_locks+0xc7/0x130 [ 724.027971] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 724.032900] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 724.037834] ? lockdep_hardirqs_on+0x421/0x5c0 [ 724.042420] ? rcu_read_lock_sched_held+0x108/0x120 [ 724.047442] ? __sk_mem_raise_allocated+0x642/0x1800 [ 724.052550] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 724.058003] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 724.063549] ? check_preemption_disabled+0x48/0x200 [ 724.068578] mem_cgroup_charge_skmem+0x1e4/0x390 [ 724.073340] ? mem_cgroup_sk_free+0x90/0x90 [ 724.077677] __sk_mem_raise_allocated+0x642/0x1800 [ 724.082612] ? futex_wait_queue_me+0x55d/0x840 [ 724.087212] ? sk_busy_loop_end+0x1c0/0x1c0 [ 724.091538] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 724.097082] ? alloc_pages_current+0x114/0x210 [ 724.101671] ? skb_page_frag_refill+0x1eb/0x6a0 [ 724.106345] ? sock_kzfree_s+0x60/0x60 [ 724.110235] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 724.115255] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 724.120271] ? tcp_chrono_start+0x190/0x1e0 [ 724.124597] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 724.130139] ? skb_entail+0x618/0x8c0 [ 724.133947] ? tcp_rate_check_app_limited+0x121/0x460 [ 724.139142] ? tcp_splice_data_recv+0x1b0/0x1b0 [ 724.143826] __sk_mem_schedule+0x6d/0xe0 [ 724.147887] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 724.153427] tcp_sendmsg_locked+0x1c86/0x3f00 [ 724.157933] ? __fget+0x4a0/0x740 [ 724.161401] ? tcp_sendpage+0x60/0x60 [ 724.165213] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 724.170754] ? aa_label_sk_perm+0x46d/0x8e0 [ 724.175102] ? find_held_lock+0x36/0x1c0 [ 724.179204] ? mark_held_locks+0xc7/0x130 [ 724.183359] ? __local_bh_enable_ip+0x160/0x260 [ 724.188030] ? __local_bh_enable_ip+0x160/0x260 [ 724.192706] ? trace_hardirqs_on+0xbd/0x310 [ 724.197031] ? lock_release+0x970/0x970 [ 724.201006] ? lock_sock_nested+0xe2/0x120 [ 724.205244] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 724.210695] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 724.216236] ? check_preemption_disabled+0x48/0x200 [ 724.221258] ? lock_sock_nested+0x9a/0x120 [ 724.225493] ? lock_sock_nested+0x9a/0x120 [ 724.229731] ? __local_bh_enable_ip+0x160/0x260 [ 724.234411] tcp_sendmsg+0x2f/0x50 [ 724.237959] inet_sendmsg+0x1a1/0x690 [ 724.241762] ? ipip_gro_receive+0x100/0x100 [ 724.246102] ? apparmor_socket_sendmsg+0x29/0x30 [ 724.250858] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 724.256401] ? security_socket_sendmsg+0x94/0xc0 [ 724.261158] ? ipip_gro_receive+0x100/0x100 [ 724.265496] sock_sendmsg+0xd5/0x120 [ 724.269222] __sys_sendto+0x3d7/0x670 [ 724.273026] ? __ia32_sys_getpeername+0xb0/0xb0 [ 724.277700] ? lock_release+0x970/0x970 [ 724.281679] ? arch_local_save_flags+0x40/0x40 [ 724.286266] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 724.291714] ? aa_af_perm+0x5a0/0x5a0 [ 724.295540] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 724.301080] ? put_timespec64+0x10f/0x1b0 [ 724.305234] ? nsecs_to_jiffies+0x30/0x30 [ 724.309388] ? do_syscall_64+0x9a/0x820 [ 724.313367] ? do_syscall_64+0x9a/0x820 [ 724.317342] ? lockdep_hardirqs_on+0x421/0x5c0 [ 724.321929] ? trace_hardirqs_on+0xbd/0x310 [ 724.326249] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 724.331786] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 724.337150] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 724.342615] __x64_sys_sendto+0xe1/0x1a0 [ 724.346684] do_syscall_64+0x1b9/0x820 [ 724.350572] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 724.355952] ? syscall_return_slowpath+0x5e0/0x5e0 [ 724.360891] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 724.365800] ? trace_hardirqs_on_caller+0x310/0x310 [ 724.370819] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 724.375835] ? prepare_exit_to_usermode+0x291/0x3b0 [ 724.380874] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 724.385722] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 724.390913] RIP: 0033:0x457579 [ 724.394138] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 724.413041] RSP: 002b:00007f7e36aa9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 724.420754] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457579 [ 724.428021] RDX: fffffffffffffe4e RSI: 0000000020000000 RDI: 0000000000000003 03:05:57 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x4000000000000000]}, 0x6) 03:05:57 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0xe803000000000000]}, 0x6) [ 724.435288] RBP: 000000000072bf00 R08: 00000000200000c0 R09: 0000000000000006 [ 724.442553] R10: 00000000000000c0 R11: 0000000000000246 R12: 00007f7e36aaa6d4 [ 724.449909] R13: 00000000004c3929 R14: 00000000004d57c0 R15: 00000000ffffffff 03:05:57 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x200000000000000]}, 0x6) 03:05:57 executing program 4: r0 = socket$inet(0x2, 0xa, 0x109) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x10000, 0x0) ioctl$DRM_IOCTL_CONTROL(r1, 0x40086414, &(0x7f0000000040)={0x3, 0x5}) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000100)='tls\x00', 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) 03:05:57 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0xe00000000000000]}, 0x6) 03:05:57 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x141b0800]}, 0x6) [ 724.592337] Task in /syz3 killed as a result of limit of /syz3 [ 724.604636] memory: usage 204800kB, limit 204800kB, failcnt 3360 [ 724.621291] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 03:05:57 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x4c1d0000]}, 0x6) [ 724.643033] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 724.650993] Memory cgroup stats for /syz3: cache:0KB rss:4212KB rss_huge:4096KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:4256KB inactive_file:0KB active_file:0KB unevictable:0KB 03:05:57 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) restart_syscall() [ 724.698453] Memory cgroup out of memory: Kill process 27726 (syz-executor3) score 181 or sacrifice child 03:05:57 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x3f000000]}, 0x6) [ 724.753739] Killed process 27726 (syz-executor3) total-vm:70472kB, anon-rss:4204kB, file-rss:32768kB, shmem-rss:0kB [ 724.780547] oom_reaper: reaped process 27726 (syz-executor3), now anon-rss:0kB, file-rss:32000kB, shmem-rss:0kB 03:05:57 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0xfeffffff]}, 0x6) 03:05:57 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000)="5466f91f70cd0c4af7b71e31b476cd6f6b78062ef27484eae10f3807e62bba4b415bd45d108057039841aa5ded30bf91bdb4d42a00000000", 0xfffffffffffffd3b, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) flistxattr(r0, &(0x7f0000000040)=""/57, 0x39) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) 03:05:57 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x700000000000000]}, 0x6) 03:05:57 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x2000000]}, 0x6) [ 724.965252] syz-executor3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=3, oom_score_adj=0 [ 724.980817] syz-executor3 cpuset=syz3 mems_allowed=0 [ 724.987257] CPU: 1 PID: 27783 Comm: syz-executor3 Not tainted 4.19.0-rc6+ #265 [ 724.994643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 725.004005] Call Trace: [ 725.006611] dump_stack+0x1c4/0x2b4 [ 725.010263] ? dump_stack_print_info.cold.2+0x52/0x52 [ 725.015471] ? mark_held_locks+0x130/0x130 [ 725.019725] ? mark_held_locks+0x130/0x130 [ 725.023999] dump_header+0x27b/0xf72 [ 725.027746] ? pagefault_out_of_memory+0x197/0x197 [ 725.032698] ? check_preemption_disabled+0x48/0x200 [ 725.037729] ? check_preemption_disabled+0x48/0x200 [ 725.042778] ? graph_lock+0x170/0x170 [ 725.046598] ? graph_lock+0x170/0x170 [ 725.050413] ? print_usage_bug+0xc0/0xc0 [ 725.054490] ? find_held_lock+0x36/0x1c0 [ 725.058570] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 725.064118] ? find_held_lock+0x36/0x1c0 [ 725.064144] ? mark_held_locks+0xc7/0x130 [ 725.064163] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 725.064192] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 725.072401] ? lockdep_hardirqs_on+0x421/0x5c0 [ 725.072420] ? trace_hardirqs_on+0xbd/0x310 [ 725.072433] ? kasan_check_read+0x11/0x20 [ 725.072453] ? ___ratelimit+0x36f/0x655 [ 725.091525] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 725.091544] ? trace_hardirqs_on+0x310/0x310 [ 725.091559] ? lock_downgrade+0x900/0x900 [ 725.091580] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 725.099724] ? ___ratelimit+0xaa/0x655 [ 725.099744] ? idr_get_free+0xec0/0xec0 [ 725.099759] ? kasan_check_write+0x14/0x20 [ 725.099779] ? do_raw_spin_lock+0xc1/0x200 [ 725.113767] oom_kill_process.cold.27+0x10/0x903 [ 725.113785] ? kasan_check_write+0x14/0x20 [ 725.113805] ? do_raw_spin_lock+0xc1/0x200 [ 725.122787] ? oom_evaluate_task+0x540/0x540 [ 725.122809] ? cgroup_procs_next+0x70/0x70 [ 725.122831] ? _raw_spin_unlock_irq+0x60/0x80 [ 725.161501] ? oom_badness+0xaa0/0xaa0 [ 725.165380] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 725.170140] ? mem_cgroup_iter_break+0x30/0x30 [ 725.174743] ? mark_held_locks+0xc7/0x130 [ 725.178883] out_of_memory+0xa84/0x1430 [ 725.182848] ? lockdep_hardirqs_on+0x421/0x5c0 [ 725.187430] ? kasan_check_read+0x11/0x20 [ 725.191580] ? oom_killer_disable+0x3a0/0x3a0 [ 725.196061] ? kasan_check_write+0x14/0x20 [ 725.200296] ? do_raw_spin_lock+0xc1/0x200 [ 725.204530] mem_cgroup_out_of_memory+0x15e/0x210 [ 725.209393] ? memcg_memory_event+0x40/0x40 [ 725.213706] ? mem_cgroup_charge_skmem+0x1e4/0x390 [ 725.218625] ? page_counter_try_charge+0x1c1/0x220 [ 725.223563] try_charge+0xc43/0x1690 [ 725.227286] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 725.233334] ? tcp_sendmsg+0x2f/0x50 [ 725.237036] ? sock_sendmsg+0xd5/0x120 [ 725.240907] ? __sys_sendto+0x3d7/0x670 [ 725.244870] ? graph_lock+0x170/0x170 [ 725.248654] ? graph_lock+0x170/0x170 [ 725.252453] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 725.257997] ? check_preemption_disabled+0x48/0x200 [ 725.263036] ? check_preemption_disabled+0x48/0x200 [ 725.268050] ? mark_held_locks+0xc7/0x130 [ 725.272194] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 725.277125] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 725.282053] ? lockdep_hardirqs_on+0x421/0x5c0 [ 725.286623] ? rcu_read_lock_sched_held+0x108/0x120 [ 725.291628] ? __sk_mem_raise_allocated+0x642/0x1800 [ 725.296731] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 725.302181] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 725.307714] ? check_preemption_disabled+0x48/0x200 [ 725.312723] mem_cgroup_charge_skmem+0x1e4/0x390 [ 725.317477] ? mem_cgroup_sk_free+0x90/0x90 [ 725.321806] __sk_mem_raise_allocated+0x642/0x1800 [ 725.326725] ? futex_wait_queue_me+0x55d/0x840 [ 725.331312] ? sk_busy_loop_end+0x1c0/0x1c0 [ 725.335644] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 725.341201] ? alloc_pages_current+0x114/0x210 [ 725.345784] ? skb_page_frag_refill+0x1eb/0x6a0 [ 725.350558] ? sock_kzfree_s+0x60/0x60 [ 725.354459] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 725.359467] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 725.364472] ? tcp_chrono_start+0x190/0x1e0 [ 725.368783] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 725.374307] ? skb_entail+0x618/0x8c0 [ 725.378097] ? tcp_rate_check_app_limited+0x121/0x460 [ 725.383272] ? tcp_splice_data_recv+0x1b0/0x1b0 [ 725.387941] __sk_mem_schedule+0x6d/0xe0 [ 725.392000] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 725.397529] tcp_sendmsg_locked+0x1c86/0x3f00 [ 725.402016] ? __fget+0x4a0/0x740 [ 725.405467] ? tcp_sendpage+0x60/0x60 [ 725.409280] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 725.414805] ? aa_label_sk_perm+0x46d/0x8e0 [ 725.419130] ? find_held_lock+0x36/0x1c0 [ 725.423191] ? mark_held_locks+0xc7/0x130 [ 725.427329] ? __local_bh_enable_ip+0x160/0x260 [ 725.431987] ? __local_bh_enable_ip+0x160/0x260 [ 725.436644] ? trace_hardirqs_on+0xbd/0x310 [ 725.440954] ? lock_release+0x970/0x970 [ 725.444918] ? lock_sock_nested+0xe2/0x120 [ 725.449140] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 725.454597] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 725.460148] ? check_preemption_disabled+0x48/0x200 [ 725.465185] ? lock_sock_nested+0x9a/0x120 [ 725.469434] ? lock_sock_nested+0x9a/0x120 [ 725.473661] ? __local_bh_enable_ip+0x160/0x260 [ 725.478322] tcp_sendmsg+0x2f/0x50 [ 725.481852] inet_sendmsg+0x1a1/0x690 [ 725.485656] ? ipip_gro_receive+0x100/0x100 [ 725.489987] ? apparmor_socket_sendmsg+0x29/0x30 [ 725.494733] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 725.500261] ? security_socket_sendmsg+0x94/0xc0 [ 725.505004] ? ipip_gro_receive+0x100/0x100 [ 725.509319] sock_sendmsg+0xd5/0x120 [ 725.513022] __sys_sendto+0x3d7/0x670 [ 725.516812] ? __ia32_sys_getpeername+0xb0/0xb0 [ 725.521467] ? lock_release+0x970/0x970 [ 725.525426] ? arch_local_save_flags+0x40/0x40 [ 725.529997] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 725.535434] ? aa_af_perm+0x5a0/0x5a0 [ 725.539234] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 725.544757] ? put_timespec64+0x10f/0x1b0 [ 725.548891] ? nsecs_to_jiffies+0x30/0x30 [ 725.553029] ? do_syscall_64+0x9a/0x820 [ 725.556997] ? do_syscall_64+0x9a/0x820 [ 725.560967] ? lockdep_hardirqs_on+0x421/0x5c0 [ 725.565534] ? trace_hardirqs_on+0xbd/0x310 [ 725.569841] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 725.575363] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 725.580716] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 725.586157] __x64_sys_sendto+0xe1/0x1a0 [ 725.590217] do_syscall_64+0x1b9/0x820 [ 725.594089] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 725.599438] ? syscall_return_slowpath+0x5e0/0x5e0 [ 725.604351] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 725.609189] ? trace_hardirqs_on_caller+0x310/0x310 [ 725.614202] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 725.619213] ? prepare_exit_to_usermode+0x291/0x3b0 [ 725.624221] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 725.629052] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 725.634226] RIP: 0033:0x457579 [ 725.637408] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 725.656291] RSP: 002b:00007f7e36aa9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c 03:05:58 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x0, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:58 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) 03:05:58 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x983a]}, 0x6) 03:05:58 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x700]}, 0x6) 03:05:58 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0xffe0]}, 0x6) [ 725.663984] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457579 [ 725.671245] RDX: fffffffffffffe4e RSI: 0000000020000000 RDI: 0000000000000003 [ 725.678513] RBP: 000000000072bf00 R08: 00000000200000c0 R09: 0000000000000006 [ 725.685765] R10: 00000000000000c0 R11: 0000000000000246 R12: 00007f7e36aaa6d4 [ 725.693019] R13: 00000000004c3929 R14: 00000000004d57c0 R15: 00000000ffffffff [ 725.768362] Task in /syz3 killed as a result of limit of /syz3 [ 725.805784] memory: usage 204800kB, limit 204800kB, failcnt 3379 03:05:58 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xf401]}, 0x6) [ 725.827154] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 725.847417] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 03:05:58 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = syz_open_dev$audion(&(0x7f0000000180)='/dev/audio#\x00', 0x37, 0x101000) getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r1, 0x84, 0x7, &(0x7f00000001c0), &(0x7f0000000200)=0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f0000000000)=[@in6={0xa, 0x4e24, 0x800, @loopback, 0x7fffffff}], 0x1c) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x0, 0x485, 0x0, 0x0) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) 03:05:58 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x4c1d000000000000]}, 0x6) 03:05:58 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x0, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) [ 725.868913] Memory cgroup stats for /syz3: cache:0KB rss:4200KB rss_huge:4096KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:4252KB inactive_file:0KB active_file:0KB unevictable:0KB 03:05:58 executing program 4: ioctl$SNDRV_CTL_IOCTL_ELEM_READ(0xffffffffffffffff, 0xc4c85512, &(0x7f0000000100)={{0x0, 0x6, 0x10001, 0x2, '\x00', 0x2}, 0x0, [0x81, 0xfffffffffffffffd, 0x7ff, 0x401, 0x5, 0x2, 0xd1, 0x80000001, 0x80000001, 0x1f, 0x8, 0x9, 0x4, 0x5, 0x7ff, 0x7ff, 0xfffffffffffffffe, 0x0, 0x1, 0x4, 0x8000, 0x9, 0x37, 0x8, 0x7, 0xfd, 0x9, 0x100000001, 0xffffffffffffff7f, 0x7, 0x7, 0x9, 0x1000, 0x0, 0x0, 0x101, 0x6, 0xd2d, 0x6, 0x3, 0x3f, 0x676, 0x4b, 0x8, 0xc4, 0x6, 0x5, 0x1, 0x4, 0x3ff, 0x6e5, 0x3ff, 0x4c, 0x9, 0x7, 0x3, 0x1000, 0x8, 0x2, 0x3f8000000, 0x39, 0xff, 0x1826, 0xee, 0x6, 0x401, 0x3, 0xfb4, 0x96, 0xfffffffffffffffd, 0x800000000000, 0x1f, 0x2, 0x7, 0x1, 0xff, 0x80000000, 0x8001, 0x10000, 0x2, 0xa99, 0x4, 0x0, 0x7, 0x0, 0x200, 0x1, 0x7, 0xfffa, 0x9, 0x400, 0x2, 0x7, 0x4, 0x4, 0x1f, 0x3, 0x101, 0xd35, 0x101, 0xd67, 0x5, 0x7, 0x7, 0x4, 0x2, 0x4, 0x7fff, 0xc965, 0x7b9, 0x17f, 0x11, 0xfb60, 0x20, 0x7, 0x1f, 0x6abce80a, 0x0, 0x80000001, 0x100, 0x100000000, 0x8235, 0x7, 0x37, 0x0, 0x1, 0x2, 0x8], {0x77359400}}) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x0) [ 725.991886] Memory cgroup out of memory: Kill process 27781 (syz-executor3) score 181 or sacrifice child [ 726.015683] Killed process 27781 (syz-executor3) total-vm:70472kB, anon-rss:4204kB, file-rss:32768kB, shmem-rss:0kB [ 726.087776] oom_reaper: reaped process 27781 (syz-executor3), now anon-rss:0kB, file-rss:32000kB, shmem-rss:0kB 03:05:58 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x1000000000000000]}, 0x6) 03:05:58 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x2]}, 0x6) 03:05:58 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x0, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:58 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x34]}, 0x6) 03:05:58 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x3f00]}, 0x6) 03:05:58 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) r1 = syz_open_dev$sndpcmc(0xffffffffffffffff, 0x4, 0x408080) ioctl$SG_GET_ACCESS_COUNT(r1, 0x2289, &(0x7f0000000000)) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) 03:05:59 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x11]}, 0x6) 03:05:59 executing program 4: r0 = socket$inet(0x2, 0x2, 0x0) r1 = semget$private(0x0, 0x1, 0x8) semctl$GETNCNT(r1, 0x2, 0xe, &(0x7f0000000100)=""/146) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) 03:05:59 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x0, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:59 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0xa00000000000000]}, 0x6) 03:05:59 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000001100)="dd5ffaf7e1cc3ed999d867896e75eccc07a1a53994c80577b91ef86173e42b46504b94fcac3129345d5101c0bc873a2e57871b2338c65cce6c84d97479b65a78b22ad289e5c0cf9eaf210fe0d7ff", 0x4e, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) getsockopt(r0, 0xfc, 0x80000001, &(0x7f0000000100)=""/4096, &(0x7f0000000000)=0x1000) 03:05:59 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x0, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:59 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xfeffffff]}, 0x6) 03:05:59 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x1500000000000000]}, 0x6) 03:05:59 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0xff) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) r1 = syz_open_dev$midi(&(0x7f0000000280)='/dev/midi#\x00', 0x3, 0x100) write$P9_RSTATFS(r1, &(0x7f00000002c0)={0x43, 0x9, 0x1, {0x772e5803, 0xffffffff, 0x4, 0x79a3, 0x7ff, 0xfff, 0x3, 0x1, 0x4}}, 0x43) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) r2 = syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x100000001, 0x0) ioctl$PIO_FONTX(r2, 0x4b6c, &(0x7f0000000340)="0a8297da236b0c0584bf1b29f7318016e439d322ba664eb2c76ae55a6b358c1f7ba00e16a1e7634cb93f7763c008bb507c7d5222ffcf9a0aa846e8856cb9be94c8528de4b69c7f7c115485e34b42a1af628e6c1010d2df0e5bc3bfcbe6066345869715168699d010c528383e8d6eebd15d4bff5534c0ad83cbe36ec1a8bc38e243c8d86640b8b61416da20c2b49cbec21bf3c4308ec4b1a38a774e89b442fd9be65c544a6641d8bde47e1f8566c19b9f9a0524c717de905ade500a7c") ioctl$UI_DEV_DESTROY(r2, 0x5502) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/current\x00', 0x2, 0x0) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x8000, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r3, 0xc08c5335, &(0x7f0000000100)={0x8001, 0xf32, 0x7, 'queue0\x00', 0x7ff}) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) socket$inet_dccp(0x2, 0x6, 0x0) r4 = gettid() perf_event_open(&(0x7f00000001c0)={0x5, 0x70, 0x4, 0xffffffff, 0x3f, 0x7fffffff, 0x0, 0xf, 0x0, 0x4, 0x100, 0x1b, 0x231b8a9f, 0x8, 0xffffffffffffffc0, 0x1, 0x0, 0x101, 0x1, 0x71f9, 0x6, 0x7, 0x100000001, 0x7, 0x1, 0x100, 0x1ff, 0x20, 0x6, 0x1, 0x2, 0x10001, 0x7, 0x4, 0x6, 0x8, 0x10000, 0x3, 0x0, 0x8, 0x0, @perf_config_ext={0x0, 0x80000000}, 0x40, 0x0, 0x0, 0x7, 0x5, 0x6, 0x9}, r4, 0x6, r3, 0x3) 03:05:59 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xe0ffffff]}, 0x6) 03:05:59 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0xe803000000000000]}, 0x6) 03:05:59 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x30750000]}, 0x6) 03:05:59 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) socket$inet6(0xa, 0x0, 0x800000000000008) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:59 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f00000007c0)=@nat={'nat\x00', 0x19, 0x6, 0x640, [0x20000180, 0x0, 0x0, 0x20000290, 0x200004a8], 0x0, &(0x7f0000000040), &(0x7f0000000980)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff010000001d0000000000000088be626373663000000000000000000000006c6f00000000000000000000000000007663616e30000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaabbff00ff00ff00aaaaaaaaaaaa0000ff0000ff0000b0000000b0000000e000000064657667726f7570000000000000000000000000000000000000000000000000180000000000000008000000ffffffff080000000400000097dd00000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000feffffff020000001100000011000000e80964756d6d793000000000000000000000626f6e645f736c6176655f3000000000766574302bcea96831000000000000000000000069705f767469300000000000000000004a90cc78941dff00000000000180c2000001ff00ffff00ff000070000000e000000018010000736e6174000000000000000000000000000000000000000000000000000000001000000000000000ffffffffffff0000feffffff000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000cb0000ffffffff0000000061f2707265706c790000000000000000000000000000000000000000000000001000000000000000ffff0000ffffffff0000000003000000000000009b017465616d5f736c6176655f3100000000766c616e30000000000000000000000069705f7674693000000000000000000076657468315f746f5f62726964676500aaaaaaaaaaaa0000ffffff00aaaaaaaaaa1c0000000000ff0000a0000000a0000000d00000006367726f7570000000000000000000000000000000000000000000000000feff07000000000000000000000001000000434f4e4e5345434d41524b000000000000000000000000000000000000000000080000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000020000000300000001000000001864756d6d79300000000000000000000076657468305f746f5f626f6e64000000626f6e6430000000000000000000000069705f767469300000000000000000000180c200ff01000000ffffffaaaaaaaaaaaaff000000ff000000b0000000b0000000e800000071756f7461000000000000000000000000000000000000000000000000000000180000000000000001000000080000000000000000000000e1020000000000006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000000000fdffffff0000000007000000000000008b01766c616e30000000000000000000000076657468305f746f5f7465616d00000073797a5f74756e0000000000000000107465616d300000000000000000000000aaaaaaaaaa11ffff000000000180c200000effff000000ff000070000000f0000000280100006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000ffffffff000000005241544545535400000000000000000000000000000000000000000000000000200000000000000073797a31000000000000000000000000001d00000000000008000000000000006172707265706c79000000000000000040000000b2b46667e4b150e400000000000000000000000010000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000005000000ffffffff010000001d00000008000000e8e773797a5f74756e00000000000000000069703667726530000000000000000000626f6e645f736c6176655f3000000000766c616e300000000000000000000000aaaaaaaaaaaaff005c82a76a69176a9f000effffff16000000007000000070000000a80000006172707265706c790000000000000000000000000000000000000000000000001000000000000000ffffffffffff0000ffffffff0000000000000000d96df60bb1c972aa63f7db693af72ac402eba5868ef0f5db312fc47b1a28b77c00907bce1a5d59b58eb4d92fb64a79ad7b771d20d02ec2586ee601c176cfb1"]}, 0x703) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) syz_open_dev$adsp(&(0x7f0000000940)='/dev/adsp#\x00', 0x6, 0x101001) getsockopt$bt_hci(r0, 0x0, 0x3, &(0x7f0000000840)=""/155, &(0x7f0000000900)=0x9b) r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x4964, 0x0) eventfd(0x10000) ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f0000000100)={{0x2, 0x4e21, @multicast2}, {0x306, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xf}}, 0x10, {0x2, 0x4e22, @remote}, 'veth0_to_team\x00'}) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) [ 727.003314] kernel msg: ebtables bug: please report to author: Wrong len argument 03:05:59 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x100000000000000]}, 0x6) 03:05:59 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:05:59 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x4c1d0000]}, 0x6) [ 727.078351] kernel msg: ebtables bug: please report to author: Wrong len argument 03:05:59 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x481c]}, 0x6) 03:06:00 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) r1 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x0, 0x309001) ioctl$sock_bt_bnep_BNEPCONNDEL(r1, 0x400442c9, &(0x7f0000000040)={0x3, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) 03:06:00 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x1100]}, 0x6) 03:06:00 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:06:00 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x8055]}, 0x6) 03:06:00 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x1500]}, 0x6) 03:06:00 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:06:00 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0x0, 0x20000804, &(0x7f0000000040)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) r1 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x9, 0x200000) accept4(r0, &(0x7f0000000100)=@xdp={0x2c, 0x0, 0x0}, &(0x7f0000000180)=0x80, 0x800) sendmsg$can_raw(r1, &(0x7f0000000280)={&(0x7f00000001c0)={0x1d, r2}, 0x10, &(0x7f0000000240)={&(0x7f0000000200)=@can={{0x0, 0x1ff, 0x9}, 0x5, 0x2, 0x0, 0x0, "c53bc148c6e7c06a"}, 0x10}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) 03:06:00 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:06:00 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x1100]}, 0x6) 03:06:00 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x1f4]}, 0x6) 03:06:00 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xe803]}, 0x6) 03:06:00 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x8000000]}, 0x6) 03:06:00 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x20000]}, 0x6) 03:06:00 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r2, &(0x7f0000000140), 0x1c) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:06:00 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xe803]}, 0x6) 03:06:00 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x4002]}, 0x6) 03:06:00 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xe0ff]}, 0x6) 03:06:00 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x1500000000000000]}, 0x6) 03:06:01 executing program 4: r0 = socket$inet(0x2, 0x2, 0x80000000) bind$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @dev}, 0x10) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x8040, 0x0) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x40, 0x0) ioctl$KVM_PPC_GET_PVINFO(r2, 0x4080aea1, &(0x7f0000000180)=""/142) fanotify_mark(r1, 0x10, 0x8020010, r2, &(0x7f0000000100)='./file0\x00') ioctl$FUSE_DEV_IOC_CLONE(r1, 0x8004e500, &(0x7f0000000080)=r1) 03:06:01 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x80550000]}, 0x6) 03:06:01 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0xa8050000]}, 0x6) 03:06:01 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x1500]}, 0x6) [ 728.495677] Unknown ioctl -2147162880 03:06:01 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x10]}, 0x6) [ 728.522596] Unknown ioctl -2147162880 03:06:01 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x4000000]}, 0x6) 03:06:01 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e27, @rand_addr}, 0x309) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) 03:06:01 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(0xffffffffffffffff, &(0x7f0000000140), 0x1c) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:06:01 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x4002000000000000]}, 0x6) 03:06:01 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x4002]}, 0x6) 03:06:01 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xa8050000]}, 0x6) 03:06:01 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x1f4]}, 0x6) 03:06:01 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) [ 728.906616] syz-executor3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=2, oom_score_adj=0 [ 728.933333] syz-executor3 cpuset=syz3 mems_allowed=0 [ 728.944435] CPU: 0 PID: 28030 Comm: syz-executor3 Not tainted 4.19.0-rc6+ #265 [ 728.951807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 728.961163] Call Trace: [ 728.963789] dump_stack+0x1c4/0x2b4 [ 728.967430] ? dump_stack_print_info.cold.2+0x52/0x52 [ 728.972640] ? mark_held_locks+0x130/0x130 [ 728.976884] ? mark_held_locks+0x130/0x130 [ 728.981133] dump_header+0x27b/0xf72 [ 728.984874] ? pagefault_out_of_memory+0x197/0x197 [ 728.989813] ? check_preemption_disabled+0x48/0x200 [ 728.994835] ? check_preemption_disabled+0x48/0x200 [ 728.999869] ? graph_lock+0x170/0x170 03:06:01 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x3f000000]}, 0x6) 03:06:01 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x1f4]}, 0x6) 03:06:01 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x30750000]}, 0x6) 03:06:01 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) [ 729.003683] ? graph_lock+0x170/0x170 [ 729.007493] ? print_usage_bug+0xc0/0xc0 [ 729.011566] ? find_held_lock+0x36/0x1c0 [ 729.015634] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 729.021197] ? find_held_lock+0x36/0x1c0 [ 729.021223] ? mark_held_locks+0xc7/0x130 [ 729.021242] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 729.021257] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 729.021273] ? lockdep_hardirqs_on+0x421/0x5c0 [ 729.021292] ? trace_hardirqs_on+0xbd/0x310 [ 729.048548] ? kasan_check_read+0x11/0x20 [ 729.048566] ? ___ratelimit+0x36f/0x655 [ 729.048583] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 729.048600] ? trace_hardirqs_on+0x310/0x310 [ 729.048619] ? lock_downgrade+0x900/0x900 [ 729.066584] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 729.075818] ? ___ratelimit+0xaa/0x655 [ 729.079720] ? idr_get_free+0xec0/0xec0 [ 729.083709] ? kasan_check_write+0x14/0x20 [ 729.087954] ? do_raw_spin_lock+0xc1/0x200 [ 729.092227] oom_kill_process.cold.27+0x10/0x903 [ 729.096994] ? kasan_check_write+0x14/0x20 [ 729.101241] ? do_raw_spin_lock+0xc1/0x200 [ 729.105498] ? oom_evaluate_task+0x540/0x540 [ 729.109924] ? cgroup_procs_next+0x70/0x70 [ 729.114183] ? _raw_spin_unlock_irq+0x60/0x80 [ 729.118715] ? oom_badness+0xaa0/0xaa0 [ 729.122629] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 729.127403] ? mem_cgroup_iter_break+0x30/0x30 [ 729.132008] ? mark_held_locks+0xc7/0x130 [ 729.136185] out_of_memory+0xa84/0x1430 [ 729.140188] ? lockdep_hardirqs_on+0x421/0x5c0 [ 729.144790] ? kasan_check_read+0x11/0x20 [ 729.148960] ? oom_killer_disable+0x3a0/0x3a0 [ 729.153472] ? kasan_check_write+0x14/0x20 03:06:01 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) [ 729.157720] ? do_raw_spin_lock+0xc1/0x200 [ 729.162009] mem_cgroup_out_of_memory+0x15e/0x210 [ 729.166897] ? memcg_memory_event+0x40/0x40 [ 729.171232] ? mem_cgroup_charge_skmem+0x1e4/0x390 [ 729.176188] ? page_counter_try_charge+0x1c1/0x220 [ 729.181147] try_charge+0xc43/0x1690 [ 729.184901] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 729.190969] ? tcp_sendmsg+0x2f/0x50 [ 729.194710] ? sock_sendmsg+0xd5/0x120 [ 729.198609] ? __sys_sendto+0x3d7/0x670 [ 729.202594] ? graph_lock+0x170/0x170 03:06:01 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x100000000000000]}, 0x6) [ 729.206408] ? graph_lock+0x170/0x170 [ 729.210283] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 729.215831] ? check_preemption_disabled+0x48/0x200 [ 729.220861] ? check_preemption_disabled+0x48/0x200 [ 729.225904] ? mark_held_locks+0xc7/0x130 [ 729.230067] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 729.235009] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 729.239953] ? lockdep_hardirqs_on+0x421/0x5c0 [ 729.244550] ? rcu_read_lock_sched_held+0x108/0x120 [ 729.249585] ? __sk_mem_raise_allocated+0x642/0x1800 03:06:02 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) [ 729.254707] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 729.260183] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 729.265773] ? check_preemption_disabled+0x48/0x200 [ 729.270808] mem_cgroup_charge_skmem+0x1e4/0x390 [ 729.275577] ? mem_cgroup_sk_free+0x90/0x90 [ 729.279922] __sk_mem_raise_allocated+0x642/0x1800 [ 729.284866] ? sk_busy_loop_end+0x1c0/0x1c0 [ 729.289225] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 729.294779] ? alloc_pages_current+0x114/0x210 [ 729.299378] ? skb_page_frag_refill+0x1eb/0x6a0 [ 729.304066] ? sock_kzfree_s+0x60/0x60 [ 729.307968] ? _copy_from_iter_full+0x2b3/0xd20 [ 729.312660] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 729.318224] ? tcp_rate_check_app_limited+0x121/0x460 [ 729.323431] ? iov_iter_advance+0x1460/0x1460 [ 729.327942] __sk_mem_schedule+0x6d/0xe0 [ 729.332016] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 729.337567] tcp_sendmsg_locked+0x1c86/0x3f00 [ 729.342093] ? tcp_sendpage+0x60/0x60 [ 729.345906] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 729.351452] ? aa_label_sk_perm+0x46d/0x8e0 [ 729.355792] ? find_held_lock+0x36/0x1c0 [ 729.359874] ? mark_held_locks+0xc7/0x130 [ 729.364040] ? __local_bh_enable_ip+0x160/0x260 [ 729.368726] ? __local_bh_enable_ip+0x160/0x260 [ 729.373414] ? trace_hardirqs_on+0xbd/0x310 [ 729.377750] ? lock_release+0x970/0x970 [ 729.381735] ? lock_sock_nested+0xe2/0x120 [ 729.385981] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 729.391453] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 729.397001] ? check_preemption_disabled+0x48/0x200 [ 729.402029] ? lock_sock_nested+0x9a/0x120 [ 729.406283] ? lock_sock_nested+0x9a/0x120 [ 729.410527] ? __local_bh_enable_ip+0x160/0x260 [ 729.415226] tcp_sendmsg+0x2f/0x50 [ 729.418778] inet_sendmsg+0x1a1/0x690 [ 729.422586] ? ipip_gro_receive+0x100/0x100 [ 729.426915] ? apparmor_socket_sendmsg+0x29/0x30 [ 729.431677] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 729.437227] ? security_socket_sendmsg+0x94/0xc0 [ 729.441993] ? ipip_gro_receive+0x100/0x100 [ 729.446327] sock_sendmsg+0xd5/0x120 [ 729.450067] __sys_sendto+0x3d7/0x670 [ 729.453885] ? __ia32_sys_getpeername+0xb0/0xb0 [ 729.453902] ? lock_release+0x970/0x970 [ 729.453922] ? arch_local_save_flags+0x40/0x40 [ 729.462551] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 729.462565] ? aa_af_perm+0x5a0/0x5a0 [ 729.462605] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 729.481916] ? put_timespec64+0x10f/0x1b0 [ 729.486072] ? nsecs_to_jiffies+0x30/0x30 [ 729.490234] ? do_syscall_64+0x9a/0x820 [ 729.494223] ? do_syscall_64+0x9a/0x820 [ 729.498220] ? lockdep_hardirqs_on+0x421/0x5c0 [ 729.502811] ? trace_hardirqs_on+0xbd/0x310 [ 729.507145] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 729.512710] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 729.518084] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 729.523549] __x64_sys_sendto+0xe1/0x1a0 [ 729.527620] do_syscall_64+0x1b9/0x820 [ 729.531510] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 729.536884] ? syscall_return_slowpath+0x5e0/0x5e0 [ 729.541816] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 729.546664] ? trace_hardirqs_on_caller+0x310/0x310 [ 729.551686] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 729.556710] ? prepare_exit_to_usermode+0x291/0x3b0 [ 729.561742] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 729.566598] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 729.571789] RIP: 0033:0x457579 [ 729.574985] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 729.593884] RSP: 002b:00007f7e36aa9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 729.601596] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457579 [ 729.608866] RDX: fffffffffffffe4e RSI: 0000000020000000 RDI: 0000000000000003 [ 729.616136] RBP: 000000000072bf00 R08: 00000000200000c0 R09: 0000000000000006 [ 729.623418] R10: 00000000000000c0 R11: 0000000000000246 R12: 00007f7e36aaa6d4 [ 729.630692] R13: 00000000004c3929 R14: 00000000004d57c0 R15: 00000000ffffffff [ 729.649132] Task in /syz3 killed as a result of limit of /syz3 [ 729.656233] memory: usage 204800kB, limit 204800kB, failcnt 3393 [ 729.673910] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 729.694535] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 729.706728] Memory cgroup stats for /syz3: cache:0KB rss:4236KB rss_huge:4096KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:4248KB inactive_file:0KB active_file:0KB unevictable:0KB [ 729.732222] Memory cgroup out of memory: Kill process 28026 (syz-executor3) score 181 or sacrifice child [ 729.742110] Killed process 28026 (syz-executor3) total-vm:70472kB, anon-rss:4204kB, file-rss:32768kB, shmem-rss:0kB 03:06:02 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0xe00000000000000]}, 0x6) 03:06:02 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x3]}, 0x6) 03:06:02 executing program 5: write$nbd(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r0, &(0x7f0000000140), 0x1c) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x8, 0x0) 03:06:02 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x3075000000000000]}, 0x6) 03:06:02 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x900000000000000]}, 0x6) 03:06:02 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x4c1d]}, 0x6) [ 729.755030] oom_reaper: reaped process 28026 (syz-executor3), now anon-rss:0kB, file-rss:32744kB, shmem-rss:0kB 03:06:02 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x4c1d]}, 0x6) 03:06:02 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:06:02 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x4]}, 0x6) 03:06:02 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x2e]}, 0x6) 03:06:02 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x4c1d]}, 0x6) 03:06:02 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:06:02 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0xf401000000000000]}, 0x6) 03:06:02 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x40020000]}, 0x6) 03:06:02 executing program 4 (fault-call:10 fault-nth:0): pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:06:03 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0xe803000000000000]}, 0x6) 03:06:03 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:06:03 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x2]}, 0x6) [ 730.294011] FAULT_INJECTION: forcing a failure. [ 730.294011] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 730.317223] CPU: 1 PID: 28116 Comm: syz-executor4 Not tainted 4.19.0-rc6+ #265 [ 730.324612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 730.333971] Call Trace: [ 730.336581] dump_stack+0x1c4/0x2b4 [ 730.340240] ? dump_stack_print_info.cold.2+0x52/0x52 [ 730.345461] should_fail.cold.4+0xa/0x17 [ 730.346285] syz-executor3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=3, oom_score_adj=0 [ 730.349531] ? mark_held_locks+0x130/0x130 [ 730.349597] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 730.349613] ? graph_lock+0x170/0x170 [ 730.349632] ? find_held_lock+0x36/0x1c0 [ 730.366053] syz-executor3 cpuset= [ 730.369797] ? mark_held_locks+0xc7/0x130 [ 730.369821] ? check_noncircular+0x20/0x20 [ 730.369837] ? print_usage_bug+0xc0/0xc0 [ 730.369859] ? ima_match_policy+0x848/0x1560 [ 730.369878] ? print_usage_bug+0xc0/0xc0 [ 730.369895] ? print_usage_bug+0xc0/0xc0 [ 730.369909] ? print_usage_bug+0xc0/0xc0 [ 730.369921] ? kasan_check_read+0x11/0x20 [ 730.369938] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 730.369957] ? __lock_acquire+0x7ec/0x4ec0 [ 730.369987] __alloc_pages_nodemask+0x34b/0xde0 [ 730.370001] ? __lock_acquire+0x7ec/0x4ec0 [ 730.370023] ? __alloc_pages_slowpath+0x2d80/0x2d80 [ 730.370047] ? mark_held_locks+0x130/0x130 [ 730.370063] ? print_usage_bug+0xc0/0xc0 [ 730.370092] ? mark_held_locks+0x130/0x130 [ 730.370109] ? print_usage_bug+0xc0/0xc0 [ 730.370127] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 730.370146] alloc_pages_current+0x10c/0x210 [ 730.374227] syz3 [ 730.378035] skb_page_frag_refill+0x45f/0x6a0 [ 730.381932] mems_allowed=0 [ 730.385616] ? __lock_acquire+0x7ec/0x4ec0 [ 730.385637] ? sock_kzfree_s+0x60/0x60 [ 730.385654] ? print_usage_bug+0xc0/0xc0 [ 730.385671] ? graph_lock+0x170/0x170 [ 730.385698] ? mark_held_locks+0x130/0x130 [ 730.385725] sk_page_frag_refill+0x55/0x1f0 [ 730.498378] sk_alloc_sg+0x1e9/0xa00 [ 730.502111] ? sk_page_frag_refill+0x1f0/0x1f0 [ 730.506713] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 730.512182] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 730.517738] ? check_preemption_disabled+0x48/0x200 [ 730.522767] ? lock_sock_nested+0x9a/0x120 [ 730.527012] ? lock_sock_nested+0x9a/0x120 [ 730.531266] alloc_encrypted_sg+0x8b/0x110 [ 730.535516] tls_sw_sendpage+0x733/0xef0 [ 730.539646] ? tls_sw_sendmsg+0x1310/0x1310 [ 730.543979] ? mutex_trylock+0x2b0/0x2b0 [ 730.548052] ? lock_downgrade+0x900/0x900 [ 730.552215] ? check_preemption_disabled+0x48/0x200 [ 730.557252] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 730.563054] ? kasan_check_read+0x11/0x20 [ 730.567220] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 730.572505] ? rcu_bh_qs+0xc0/0xc0 [ 730.576059] ? tls_sw_sendmsg+0x1310/0x1310 [ 730.580394] inet_sendpage+0x1de/0x740 [ 730.584296] ? inet_sendmsg+0x690/0x690 [ 730.588276] ? find_held_lock+0x36/0x1c0 [ 730.592355] kernel_sendpage+0x93/0xf0 [ 730.596248] ? inet_sendmsg+0x690/0x690 [ 730.600235] sock_sendpage+0x8c/0xc0 [ 730.603961] ? kernel_sendpage+0xf0/0xf0 [ 730.608030] pipe_to_sendpage+0x2d0/0x400 [ 730.612198] ? generic_pipe_buf_nosteal+0x10/0x10 [ 730.617050] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 730.622595] ? splice_from_pipe_next.part.10+0x296/0x340 [ 730.628058] __splice_from_pipe+0x38b/0x7c0 [ 730.632388] ? generic_pipe_buf_nosteal+0x10/0x10 [ 730.637251] splice_from_pipe+0x1ec/0x340 [ 730.641409] ? generic_pipe_buf_nosteal+0x10/0x10 [ 730.646257] ? splice_shrink_spd+0xd0/0xd0 [ 730.650509] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 730.656057] ? security_file_permission+0x1c2/0x230 [ 730.661084] generic_splice_sendpage+0x3c/0x50 [ 730.665669] ? splice_from_pipe+0x340/0x340 [ 730.670004] do_splice+0x64a/0x1430 [ 730.670020] ? __sb_end_write+0xd9/0x110 [ 730.670045] ? opipe_prep.part.13+0x3b0/0x3b0 [ 730.670070] __x64_sys_splice+0x2c1/0x330 [ 730.686371] do_syscall_64+0x1b9/0x820 [ 730.690268] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe 03:06:03 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[], 0x0) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) [ 730.695649] ? syscall_return_slowpath+0x5e0/0x5e0 [ 730.700584] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 730.705443] ? trace_hardirqs_on_caller+0x310/0x310 [ 730.710472] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 730.715502] ? prepare_exit_to_usermode+0x291/0x3b0 [ 730.720537] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 730.725579] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 730.730780] RIP: 0033:0x457579 03:06:03 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[], 0x0) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) [ 730.733980] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 730.752883] RSP: 002b:00007f27ee26ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 730.760602] RAX: ffffffffffffffda RBX: 00007f27ee26ac90 RCX: 0000000000457579 [ 730.767876] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000003 [ 730.775153] RBP: 000000000072bf00 R08: 0000000000000008 R09: 0000000000000000 [ 730.782445] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f27ee26b6d4 [ 730.789722] R13: 00000000004c4f63 R14: 00000000004d7a40 R15: 0000000000000006 [ 730.800804] CPU: 0 PID: 28110 Comm: syz-executor3 Not tainted 4.19.0-rc6+ #265 [ 730.808200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 730.817561] Call Trace: [ 730.820167] dump_stack+0x1c4/0x2b4 [ 730.823826] ? dump_stack_print_info.cold.2+0x52/0x52 [ 730.829029] ? mark_held_locks+0x130/0x130 [ 730.833271] ? mark_held_locks+0x130/0x130 [ 730.837518] dump_header+0x27b/0xf72 [ 730.837548] ? pagefault_out_of_memory+0x197/0x197 [ 730.837566] ? check_preemption_disabled+0x48/0x200 [ 730.837587] ? check_preemption_disabled+0x48/0x200 [ 730.846223] ? graph_lock+0x170/0x170 [ 730.860027] ? graph_lock+0x170/0x170 [ 730.863839] ? print_usage_bug+0xc0/0xc0 [ 730.867917] ? find_held_lock+0x36/0x1c0 [ 730.871998] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 730.877553] ? find_held_lock+0x36/0x1c0 [ 730.881636] ? mark_held_locks+0xc7/0x130 [ 730.885805] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 730.890922] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 730.896032] ? lockdep_hardirqs_on+0x421/0x5c0 [ 730.900619] ? trace_hardirqs_on+0xbd/0x310 [ 730.900633] ? kasan_check_read+0x11/0x20 [ 730.900649] ? ___ratelimit+0x36f/0x655 [ 730.900668] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 730.918525] ? trace_hardirqs_on+0x310/0x310 [ 730.922944] ? lock_downgrade+0x900/0x900 [ 730.927112] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 730.932225] ? ___ratelimit+0xaa/0x655 [ 730.936116] ? idr_get_free+0xec0/0xec0 [ 730.940092] ? kasan_check_write+0x14/0x20 [ 730.944333] ? do_raw_spin_lock+0xc1/0x200 [ 730.948583] oom_kill_process.cold.27+0x10/0x903 [ 730.953342] ? kasan_check_write+0x14/0x20 [ 730.957584] ? do_raw_spin_lock+0xc1/0x200 [ 730.961827] ? oom_evaluate_task+0x540/0x540 [ 730.966247] ? cgroup_procs_next+0x70/0x70 [ 730.970487] ? _raw_spin_unlock_irq+0x60/0x80 [ 730.974988] ? oom_badness+0xaa0/0xaa0 [ 730.978882] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 730.983647] ? mem_cgroup_iter_break+0x30/0x30 [ 730.988251] ? mark_held_locks+0xc7/0x130 [ 730.992405] out_of_memory+0xa84/0x1430 [ 730.996381] ? lockdep_hardirqs_on+0x421/0x5c0 [ 731.000969] ? kasan_check_read+0x11/0x20 [ 731.005126] ? oom_killer_disable+0x3a0/0x3a0 [ 731.009624] ? kasan_check_write+0x14/0x20 [ 731.013865] ? do_raw_spin_lock+0xc1/0x200 [ 731.018121] mem_cgroup_out_of_memory+0x15e/0x210 [ 731.022965] ? memcg_memory_event+0x40/0x40 [ 731.027293] ? mem_cgroup_charge_skmem+0x1e4/0x390 [ 731.032235] ? page_counter_try_charge+0x1c1/0x220 [ 731.037186] try_charge+0xc43/0x1690 [ 731.040926] ? mem_cgroup_count_precharge_pte_range+0x760/0x760 [ 731.046989] ? tcp_sendmsg+0x2f/0x50 [ 731.050717] ? sock_sendmsg+0xd5/0x120 [ 731.054612] ? __sys_sendto+0x3d7/0x670 [ 731.058600] ? __x64_sys_sendto+0xe1/0x1a0 [ 731.062845] ? do_syscall_64+0x1b9/0x820 [ 731.066917] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 731.072287] ? graph_lock+0x170/0x170 [ 731.076110] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 731.081658] ? check_preemption_disabled+0x48/0x200 [ 731.086685] ? check_preemption_disabled+0x48/0x200 [ 731.091719] ? mark_held_locks+0xc7/0x130 [ 731.095874] ? __lock_is_held+0xb5/0x140 [ 731.099944] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 731.104877] ? mem_cgroup_charge_skmem+0x1cf/0x390 [ 731.109812] ? lockdep_hardirqs_on+0x421/0x5c0 [ 731.114417] ? __sk_mem_raise_allocated+0x642/0x1800 [ 731.119532] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 731.124992] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 731.130541] ? check_preemption_disabled+0x48/0x200 [ 731.135579] mem_cgroup_charge_skmem+0x1e4/0x390 [ 731.140344] ? mem_cgroup_sk_free+0x90/0x90 [ 731.144683] __sk_mem_raise_allocated+0x642/0x1800 [ 731.149635] ? sk_busy_loop_end+0x1c0/0x1c0 [ 731.153967] ? sk_alloc_sg+0xa00/0xa00 [ 731.157863] ? arch_local_save_flags+0x40/0x40 [ 731.162465] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 731.167494] ? skb_page_frag_refill+0x1eb/0x6a0 [ 731.172187] ? sock_kzfree_s+0x60/0x60 [ 731.176099] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 731.181131] ? sk_stream_alloc_skb+0x34b/0x970 [ 731.185738] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 731.191285] ? skb_entail+0x618/0x8c0 [ 731.195091] ? tcp_rate_check_app_limited+0x121/0x460 [ 731.195109] ? tcp_splice_data_recv+0x1b0/0x1b0 [ 731.204965] __sk_mem_schedule+0x6d/0xe0 [ 731.209043] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 731.214595] tcp_sendmsg_locked+0x1c86/0x3f00 [ 731.219161] ? tcp_sendpage+0x60/0x60 [ 731.222997] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 731.228542] ? aa_label_sk_perm+0x46d/0x8e0 [ 731.232886] ? find_held_lock+0x36/0x1c0 [ 731.236958] ? mark_held_locks+0xc7/0x130 [ 731.241121] ? __local_bh_enable_ip+0x160/0x260 03:06:03 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[], 0x0) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:06:03 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x4c1d0000]}, 0x6) 03:06:03 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(0xffffffffffffffff) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:06:03 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x4c1d]}, 0x6) [ 731.245798] ? __local_bh_enable_ip+0x160/0x260 [ 731.250485] ? trace_hardirqs_on+0xbd/0x310 [ 731.254812] ? lock_release+0x970/0x970 [ 731.258797] ? lock_sock_nested+0xe2/0x120 [ 731.263047] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 731.268525] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 731.274070] ? check_preemption_disabled+0x48/0x200 [ 731.279074] ? lock_sock_nested+0x9a/0x120 [ 731.283297] ? lock_sock_nested+0x9a/0x120 [ 731.287519] ? __local_bh_enable_ip+0x160/0x260 [ 731.292184] tcp_sendmsg+0x2f/0x50 [ 731.295715] inet_sendmsg+0x1a1/0x690 [ 731.299500] ? ipip_gro_receive+0x100/0x100 [ 731.303808] ? apparmor_socket_sendmsg+0x29/0x30 [ 731.308546] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 731.314067] ? security_socket_sendmsg+0x94/0xc0 [ 731.318806] ? ipip_gro_receive+0x100/0x100 [ 731.323128] sock_sendmsg+0xd5/0x120 [ 731.326824] __sys_sendto+0x3d7/0x670 [ 731.330608] ? __ia32_sys_getpeername+0xb0/0xb0 [ 731.335266] ? lock_release+0x970/0x970 [ 731.339226] ? arch_local_save_flags+0x40/0x40 [ 731.343791] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 731.349225] ? aa_af_perm+0x5a0/0x5a0 [ 731.353022] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 731.358596] ? put_timespec64+0x10f/0x1b0 [ 731.362729] ? nsecs_to_jiffies+0x30/0x30 [ 731.366861] ? do_syscall_64+0x9a/0x820 [ 731.370816] ? do_syscall_64+0x9a/0x820 [ 731.374773] ? lockdep_hardirqs_on+0x421/0x5c0 [ 731.379338] ? trace_hardirqs_on+0xbd/0x310 [ 731.383642] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 731.389162] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 731.394522] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 731.400226] __x64_sys_sendto+0xe1/0x1a0 [ 731.404273] do_syscall_64+0x1b9/0x820 [ 731.408147] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 731.413502] ? syscall_return_slowpath+0x5e0/0x5e0 [ 731.418422] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 731.423249] ? trace_hardirqs_on_caller+0x310/0x310 [ 731.428248] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 731.433248] ? prepare_exit_to_usermode+0x291/0x3b0 [ 731.438249] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 731.443091] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 731.448264] RIP: 0033:0x457579 [ 731.451442] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 731.470324] RSP: 002b:00007f7e36aa9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 731.478015] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457579 [ 731.485265] RDX: fffffffffffffe4e RSI: 0000000020000000 RDI: 0000000000000003 [ 731.492515] RBP: 000000000072bf00 R08: 00000000200000c0 R09: 0000000000000006 [ 731.499765] R10: 00000000000000c0 R11: 0000000000000246 R12: 00007f7e36aaa6d4 [ 731.507118] R13: 00000000004c3929 R14: 00000000004d57c0 R15: 00000000ffffffff [ 731.516677] Task in /syz3 killed as a result of limit of /syz3 [ 731.548569] memory: usage 204784kB, limit 204800kB, failcnt 3418 [ 731.554735] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 731.563256] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 731.570308] Memory cgroup stats for /syz3: cache:0KB rss:2168KB rss_huge:2048KB shmem:0KB mapped_file:132KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2204KB inactive_file:0KB active_file:0KB unevictable:0KB 03:06:04 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x4000000000000000]}, 0x6) 03:06:04 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:06:04 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x3a98]}, 0x6) 03:06:04 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x4002000000000000]}, 0x6) 03:06:04 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x3f00000000000000]}, 0x6) 03:06:04 executing program 4 (fault-call:10 fault-nth:1): pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) r3 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r3, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) [ 731.591820] Memory cgroup out of memory: Kill process 28109 (syz-executor3) score 171 or sacrifice child [ 731.602362] Killed process 28109 (syz-executor3) total-vm:70472kB, anon-rss:2156kB, file-rss:32768kB, shmem-rss:0kB [ 731.615892] oom_reaper: reaped process 28109 (syz-executor3), now anon-rss:0kB, file-rss:32000kB, shmem-rss:0kB [ 731.697475] FAULT_INJECTION: forcing a failure. [ 731.697475] name failslab, interval 1, probability 0, space 0, times 0 [ 731.727061] CPU: 1 PID: 28159 Comm: syz-executor4 Not tainted 4.19.0-rc6+ #265 [ 731.734480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 731.743841] Call Trace: [ 731.746453] dump_stack+0x1c4/0x2b4 [ 731.750099] ? dump_stack_print_info.cold.2+0x52/0x52 [ 731.755316] should_fail.cold.4+0xa/0x17 [ 731.759399] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 731.764517] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 731.769547] ? __sk_mem_raise_allocated+0x721/0x1800 [ 731.774663] ? graph_lock+0x170/0x170 [ 731.778502] ? graph_lock+0x170/0x170 [ 731.782318] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 731.787874] ? find_held_lock+0x36/0x1c0 [ 731.791978] ? __lock_is_held+0xb5/0x140 [ 731.796061] ? ___might_sleep+0x1ed/0x300 [ 731.800219] ? arch_local_save_flags+0x40/0x40 [ 731.804840] __should_failslab+0x124/0x180 [ 731.809092] should_failslab+0x9/0x14 [ 731.812901] __kmalloc+0x2d4/0x760 [ 731.816455] ? tls_push_record+0x107/0x1480 [ 731.820792] tls_push_record+0x107/0x1480 [ 731.824948] ? check_preemption_disabled+0x48/0x200 [ 731.829976] ? lock_sock_nested+0x9a/0x120 [ 731.834231] ? lock_sock_nested+0x9a/0x120 [ 731.838487] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 731.844043] tls_sw_sendpage+0x5fb/0xef0 [ 731.848139] ? tls_sw_sendmsg+0x1310/0x1310 [ 731.852948] ? mutex_trylock+0x2b0/0x2b0 [ 731.857021] ? lock_downgrade+0x900/0x900 [ 731.861197] ? check_preemption_disabled+0x48/0x200 [ 731.866235] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 731.872044] ? kasan_check_read+0x11/0x20 [ 731.876210] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 731.876228] ? rcu_bh_qs+0xc0/0xc0 [ 731.876248] ? tls_sw_sendmsg+0x1310/0x1310 [ 731.876269] inet_sendpage+0x1de/0x740 [ 731.885079] ? inet_sendmsg+0x690/0x690 [ 731.885095] ? find_held_lock+0x36/0x1c0 [ 731.885121] kernel_sendpage+0x93/0xf0 [ 731.885140] ? inet_sendmsg+0x690/0x690 [ 731.909204] sock_sendpage+0x8c/0xc0 [ 731.912930] ? kernel_sendpage+0xf0/0xf0 [ 731.917005] pipe_to_sendpage+0x2d0/0x400 [ 731.921180] ? generic_pipe_buf_nosteal+0x10/0x10 [ 731.926036] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 731.931584] ? splice_from_pipe_next.part.10+0x296/0x340 [ 731.937055] __splice_from_pipe+0x38b/0x7c0 [ 731.941398] ? generic_pipe_buf_nosteal+0x10/0x10 03:06:04 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x300000000000000]}, 0x6) [ 731.946268] splice_from_pipe+0x1ec/0x340 [ 731.950431] ? generic_pipe_buf_nosteal+0x10/0x10 [ 731.955290] ? splice_shrink_spd+0xd0/0xd0 [ 731.959546] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 731.965101] ? security_file_permission+0x1c2/0x230 [ 731.970134] generic_splice_sendpage+0x3c/0x50 [ 731.974743] ? splice_from_pipe+0x340/0x340 [ 731.979080] do_splice+0x64a/0x1430 [ 731.982726] ? __sb_end_write+0xd9/0x110 [ 731.986809] ? opipe_prep.part.13+0x3b0/0x3b0 [ 731.991324] __x64_sys_splice+0x2c1/0x330 03:06:04 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x20000000]}, 0x6) [ 731.995498] do_syscall_64+0x1b9/0x820 [ 731.999395] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 732.004771] ? syscall_return_slowpath+0x5e0/0x5e0 [ 732.009718] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 732.014577] ? trace_hardirqs_on_caller+0x310/0x310 [ 732.019606] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 732.019626] ? prepare_exit_to_usermode+0x291/0x3b0 [ 732.019648] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 732.019672] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 732.019685] RIP: 0033:0x457579 [ 732.019708] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 732.019722] RSP: 002b:00007f27ee26ac78 EFLAGS: 00000246 [ 732.029733] ORIG_RAX: 0000000000000113 [ 732.029744] RAX: ffffffffffffffda RBX: 00007f27ee26ac90 RCX: 0000000000457579 [ 732.029753] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000003 [ 732.029762] RBP: 000000000072bf00 R08: 0000000000000008 R09: 0000000000000000 03:06:04 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x200000000000000]}, 0x6) 03:06:04 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x7000000]}, 0x6) 03:06:04 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x4c1d000000000000]}, 0x6) [ 732.029772] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f27ee26b6d4 [ 732.029782] R13: 00000000004c4f63 R14: 00000000004d7a40 R15: 0000000000000006 03:06:05 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x3400]}, 0x6) 03:06:05 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x8055000000000000]}, 0x6) [ 732.307397] kasan: CONFIG_KASAN_INLINE enabled [ 732.317233] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 732.347298] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 732.353555] CPU: 0 PID: 28159 Comm: syz-executor4 Not tainted 4.19.0-rc6+ #265 [ 732.360914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 732.370280] RIP: 0010:scatterwalk_copychunks+0x4b7/0x660 [ 732.375745] Code: 4c 89 f0 48 c1 e8 03 80 3c 08 00 0f 85 2b 01 00 00 49 8d 45 08 4d 89 2e 48 bf 00 00 00 00 00 fc ff df 48 89 45 b0 48 c1 e8 03 <0f> b6 04 38 84 c0 74 08 3c 03 0f 8e f4 00 00 00 48 8b 45 c8 45 8b [ 732.394677] RSP: 0018:ffff8801780fed90 EFLAGS: 00010202 [ 732.395880] kobject: 'loop1' (00000000b32d88e3): kobject_uevent_env [ 732.400042] RAX: 0000000000000001 RBX: 000000000000001e RCX: dffffc0000000000 [ 732.400052] RDX: 0000000000040000 RSI: ffffffff8388dd22 RDI: dffffc0000000000 [ 732.400061] RBP: ffff8801780fedf0 R08: ffff8801ce47e4c0 R09: ffffed002e915001 [ 732.400075] R10: ffffed002e915003 R11: ffff8801748a801d R12: 000000000000001e [ 732.435494] R13: 0000000000000000 R14: ffff8801780fee38 R15: 0000000000000001 [ 732.442760] FS: 00007f27ee26b700(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000 [ 732.450977] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 732.456853] CR2: 00007f2ad8010db8 CR3: 00000001c7c3c000 CR4: 00000000001426f0 [ 732.464119] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 732.471398] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 732.478671] Call Trace: [ 732.481291] scatterwalk_map_and_copy+0x1df/0x2c0 [ 732.486135] ? scatterwalk_copychunks+0x660/0x660 [ 732.490979] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 732.496512] ? kernel_fpu_enable+0x23/0x40 [ 732.500755] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 732.506291] gcmaes_crypt_by_sg+0x1246/0x2110 [ 732.510796] ? aesni_gcm_enc_avx2+0x180/0x180 [ 732.515285] ? graph_lock+0x170/0x170 [ 732.519118] ? graph_lock+0x170/0x170 [ 732.522923] ? find_held_lock+0x36/0x1c0 [ 732.527003] ? is_bpf_text_address+0xac/0x170 [ 732.531499] ? lock_downgrade+0x900/0x900 [ 732.535658] ? is_bpf_text_address+0xd3/0x170 [ 732.540153] ? kernel_text_address+0x79/0xf0 [ 732.544614] ? __kernel_text_address+0xd/0x40 [ 732.549165] ? unwind_get_return_address+0x61/0xa0 [ 732.554117] ? __save_stack_trace+0x8d/0xf0 [ 732.558438] gcmaes_encrypt.constprop.15+0x7d7/0x1190 [ 732.563648] ? generic_gcmaes_decrypt+0x190/0x190 [ 732.568505] ? tls_push_record+0x107/0x1480 [ 732.572823] ? tls_sw_sendpage+0x5fb/0xef0 [ 732.577057] ? inet_sendpage+0x1de/0x740 [ 732.581112] ? kernel_sendpage+0x93/0xf0 [ 732.585166] ? sock_sendpage+0x8c/0xc0 [ 732.589067] ? pipe_to_sendpage+0x2d0/0x400 [ 732.593384] ? __splice_from_pipe+0x38b/0x7c0 [ 732.597874] ? splice_from_pipe+0x1ec/0x340 [ 732.602202] ? generic_splice_sendpage+0x3c/0x50 [ 732.606960] ? do_syscall_64+0x1b9/0x820 [ 732.611024] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 732.616383] ? find_held_lock+0x36/0x1c0 [ 732.620444] ? graph_lock+0x170/0x170 [ 732.624246] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 732.629785] ? check_preemption_disabled+0x48/0x200 [ 732.634826] ? check_preemption_disabled+0x48/0x200 [ 732.639848] generic_gcmaes_encrypt+0x12d/0x186 [ 732.644514] ? generic_gcmaes_encrypt+0x12d/0x186 [ 732.649358] ? helper_rfc4106_encrypt+0x4a0/0x4a0 [ 732.654208] ? rcu_read_lock_sched_held+0x108/0x120 [ 732.659231] ? __kmalloc+0x5de/0x760 [ 732.662978] gcmaes_wrapper_encrypt+0x162/0x200 [ 732.667650] tls_push_record+0x9ca/0x1480 [ 732.671797] ? check_preemption_disabled+0x48/0x200 [ 732.676835] tls_sw_sendpage+0x5fb/0xef0 [ 732.680902] ? tls_sw_sendmsg+0x1310/0x1310 [ 732.685230] ? mutex_trylock+0x2b0/0x2b0 [ 732.689286] ? lock_downgrade+0x900/0x900 [ 732.693432] ? check_preemption_disabled+0x48/0x200 [ 732.698452] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 732.704247] ? kasan_check_read+0x11/0x20 [ 732.708393] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 732.713665] ? rcu_bh_qs+0xc0/0xc0 [ 732.717239] ? tls_sw_sendmsg+0x1310/0x1310 [ 732.722024] inet_sendpage+0x1de/0x740 [ 732.725912] ? inet_sendmsg+0x690/0x690 [ 732.729882] ? find_held_lock+0x36/0x1c0 [ 732.733947] kernel_sendpage+0x93/0xf0 [ 732.737831] ? inet_sendmsg+0x690/0x690 [ 732.741803] sock_sendpage+0x8c/0xc0 [ 732.745516] ? kernel_sendpage+0xf0/0xf0 [ 732.749575] pipe_to_sendpage+0x2d0/0x400 [ 732.753721] ? generic_pipe_buf_nosteal+0x10/0x10 [ 732.758560] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 732.764095] ? splice_from_pipe_next.part.10+0x296/0x340 [ 732.769548] __splice_from_pipe+0x38b/0x7c0 [ 732.773867] ? generic_pipe_buf_nosteal+0x10/0x10 [ 732.778730] splice_from_pipe+0x1ec/0x340 [ 732.782892] ? generic_pipe_buf_nosteal+0x10/0x10 [ 732.787733] ? splice_shrink_spd+0xd0/0xd0 [ 732.791967] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 732.797505] ? security_file_permission+0x1c2/0x230 [ 732.802523] generic_splice_sendpage+0x3c/0x50 [ 732.807101] ? splice_from_pipe+0x340/0x340 [ 732.811420] do_splice+0x64a/0x1430 [ 732.815045] ? __sb_end_write+0xd9/0x110 [ 732.819124] ? opipe_prep.part.13+0x3b0/0x3b0 [ 732.823626] __x64_sys_splice+0x2c1/0x330 [ 732.827776] do_syscall_64+0x1b9/0x820 [ 732.831664] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 732.837027] ? syscall_return_slowpath+0x5e0/0x5e0 [ 732.841955] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 732.846799] ? trace_hardirqs_on_caller+0x310/0x310 [ 732.851819] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 732.856836] ? prepare_exit_to_usermode+0x291/0x3b0 [ 732.861851] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 732.866698] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 732.871897] RIP: 0033:0x457579 [ 732.875091] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 732.893989] RSP: 002b:00007f27ee26ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 732.901700] RAX: ffffffffffffffda RBX: 00007f27ee26ac90 RCX: 0000000000457579 [ 732.908964] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000003 [ 732.916242] RBP: 000000000072bf00 R08: 0000000000000008 R09: 0000000000000000 [ 732.923506] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f27ee26b6d4 [ 732.930769] R13: 00000000004c4f63 R14: 00000000004d7a40 R15: 0000000000000006 [ 732.938040] Modules linked in: [ 732.945043] kobject: 'loop1' (00000000b32d88e3): fill_kobj_path: path = '/devices/virtual/block/loop1' 03:06:05 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x0, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r2, &(0x7f0000000140), 0x1c) splice(r0, 0x0, r1, 0x0, 0x8, 0x0) 03:06:05 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xa000000]}, 0x6) [ 732.962414] ---[ end trace 9a2843960bfac602 ]--- [ 732.977520] RIP: 0010:scatterwalk_copychunks+0x4b7/0x660 [ 732.988444] kobject: 'loop5' (0000000065afd762): kobject_uevent_env [ 732.994880] kobject: 'loop5' (0000000065afd762): fill_kobj_path: path = '/devices/virtual/block/loop5' 03:06:05 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x80550000]}, 0x6) 03:06:05 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x700]}, 0x6) [ 733.009621] Code: 4c 89 f0 48 c1 e8 03 80 3c 08 00 0f 85 2b 01 00 00 49 8d 45 08 4d 89 2e 48 bf 00 00 00 00 00 fc ff df 48 89 45 b0 48 c1 e8 03 <0f> b6 04 38 84 c0 74 08 3c 03 0f 8e f4 00 00 00 48 8b 45 c8 45 8b [ 733.040849] RSP: 0018:ffff8801780fed90 EFLAGS: 00010202 [ 733.046300] RAX: 0000000000000001 RBX: 000000000000001e RCX: dffffc0000000000 [ 733.061019] kobject: 'loop2' (000000005023f4ba): kobject_uevent_env [ 733.073868] kobject: 'loop2' (000000005023f4ba): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 733.083515] RDX: 0000000000040000 RSI: ffffffff8388dd22 RDI: dffffc0000000000 [ 733.103125] RBP: ffff8801780fedf0 R08: ffff8801ce47e4c0 R09: ffffed002e915001 [ 733.113272] R10: ffffed002e915003 R11: ffff8801748a801d R12: 000000000000001e [ 733.117056] kobject: 'loop3' (00000000a5f23177): kobject_uevent_env [ 733.126070] R13: 0000000000000000 R14: ffff8801780fee38 R15: 0000000000000001 [ 733.134629] FS: 00007f27ee26b700(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000 [ 733.143710] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 733.151277] kobject: 'loop3' (00000000a5f23177): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 733.151868] CR2: 0000000000625208 CR3: 00000001c7c3c000 CR4: 00000000001426f0 [ 733.168695] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 733.177566] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 733.186142] Kernel panic - not syncing: Fatal exception [ 733.192593] Kernel Offset: disabled [ 733.196214] Rebooting in 86400 seconds..