0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x18, 0x0, &(0x7f0000000140)=[@acquire={0x40046304}, @clear_death], 0x0, 0x8126000, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r3, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x9, 0x125980) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:18:20 executing program 4: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:18:20 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) [ 2219.251341][T11461] binder: BINDER_SET_CONTEXT_MGR already set [ 2219.319231][T11461] binder: 11461:11461 ioctl 40046207 0 returned -16 05:18:20 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x18, 0x0, &(0x7f0000000140)=[@acquire={0x40046304}, @clear_death], 0x0, 0x8126000, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r3, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x9, 0x125980) set_thread_area(0x0) pivot_root(0x0, 0x0) [ 2219.594190][ T9215] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 2219.609324][ T9215] CPU: 1 PID: 9215 Comm: syz-executor.1 Not tainted 5.6.0-rc3-syzkaller #0 [ 2219.617959][ T9215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2219.628202][ T9215] Call Trace: [ 2219.631506][ T9215] dump_stack+0x1fb/0x318 [ 2219.635915][ T9215] dump_header+0xd8/0x960 [ 2219.640291][ T9215] oom_kill_process+0xee/0x370 [ 2219.645040][ T9215] out_of_memory+0x5dc/0x900 [ 2219.649770][ T9215] try_charge+0x128f/0x18a0 [ 2219.654310][ T9215] __memcg_kmem_charge_memcg+0x37/0x140 [ 2219.659856][ T9215] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2219.665386][ T9215] __memcg_kmem_charge+0x105/0x340 [ 2219.670504][ T9215] __alloc_pages_nodemask+0x29a/0x5d0 [ 2219.675895][ T9215] alloc_pages_current+0x2db/0x500 [ 2219.681126][ T9215] pte_alloc_one+0x1f/0x180 [ 2219.685845][ T9215] __pte_alloc+0x20/0x2f0 [ 2219.690367][ T9215] copy_page_range+0x2434/0x2950 [ 2219.695329][ T9215] ? __vma_link_rb+0x822/0x840 [ 2219.700085][ T9215] dup_mmap+0x9f1/0xdf0 [ 2219.704263][ T9215] dup_mm+0x9e/0x340 [ 2219.708147][ T9215] copy_process+0x2080/0x57b0 [ 2219.712845][ T9215] ? debug_smp_processor_id+0x9/0x20 [ 2219.718146][ T9215] _do_fork+0x13e/0x660 [ 2219.722299][ T9215] ? check_preemption_disabled+0x44/0x260 [ 2219.728016][ T9215] ? debug_smp_processor_id+0x9/0x20 [ 2219.733433][ T9215] ? check_preemption_disabled+0x44/0x260 [ 2219.739347][ T9215] ? debug_smp_processor_id+0x9/0x20 [ 2219.744768][ T9215] ? check_preemption_disabled+0x44/0x260 [ 2219.750692][ T9215] __x64_sys_clone+0x20b/0x250 [ 2219.755586][ T9215] do_syscall_64+0xf7/0x1c0 [ 2219.760096][ T9215] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2219.766024][ T9215] RIP: 0033:0x45aa4a [ 2219.769936][ T9215] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2219.789558][ T9215] RSP: 002b:00007ffc28d10e20 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2219.797955][ T9215] RAX: ffffffffffffffda RBX: 00007ffc28d10e20 RCX: 000000000045aa4a [ 2219.805912][ T9215] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2219.813868][ T9215] RBP: 00007ffc28d10e60 R08: 0000000000000001 R09: 0000000002844940 [ 2219.821824][ T9215] R10: 0000000002844c10 R11: 0000000000000246 R12: 0000000000000001 [ 2219.829809][ T9215] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffc28d10eb0 [ 2219.842221][ T9215] memory: usage 307200kB, limit 307200kB, failcnt 11660 [ 2219.849255][ T9215] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2219.857712][ T9215] Memory cgroup stats for /syz1: [ 2219.857807][ T9215] anon 117383168 [ 2219.857807][ T9215] file 122880 [ 2219.857807][ T9215] kernel_stack 28311552 [ 2219.857807][ T9215] slab 54505472 [ 2219.857807][ T9215] sock 131072 [ 2219.857807][ T9215] shmem 0 [ 2219.857807][ T9215] file_mapped 135168 [ 2219.857807][ T9215] file_dirty 0 [ 2219.857807][ T9215] file_writeback 0 [ 2219.857807][ T9215] anon_thp 0 [ 2219.857807][ T9215] inactive_anon 516096 [ 2219.857807][ T9215] active_anon 117071872 [ 2219.857807][ T9215] inactive_file 4096 [ 2219.857807][ T9215] active_file 0 [ 2219.857807][ T9215] unevictable 0 [ 2219.857807][ T9215] slab_reclaimable 10137600 [ 2219.857807][ T9215] slab_unreclaimable 44367872 [ 2219.857807][ T9215] pgfault 235620 [ 2219.857807][ T9215] pgmajfault 0 [ 2219.857807][ T9215] workingset_refault 1980 [ 2219.857807][ T9215] workingset_activate 495 [ 2219.857807][ T9215] workingset_nodereclaim 0 [ 2219.857807][ T9215] pgrefill 95824 [ 2219.857807][ T9215] pgscan 97226 [ 2219.857807][ T9215] pgsteal 3360 [ 2219.953493][ T9215] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=11461,uid=0 [ 2219.971366][ T9215] Memory cgroup out of memory: Killed process 11461 (syz-executor.1) total-vm:74836kB, anon-rss:164kB, file-rss:35808kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2220.132415][T11478] binder: BINDER_SET_CONTEXT_MGR already set [ 2220.138853][T11478] binder: 11478:11478 ioctl 40046207 0 returned -16 05:18:21 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @remote}}) write$tun(r0, &(0x7f00000021c0)={@void, @val={0x9}, @mpls={[], @ipv6=@icmpv6={0x0, 0x6, "9eef7b", 0xf98, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x3, 0x0, 0x0, 0x0, {0x0, 0x6, "6595c3", 0x0, 0x0, 0x0, @mcast2, @loopback, [@dstopts={0x11, 0x13, [0x0, 0x0, 0x0, 0x0, 0x2], [@padn={0x1, 0x1, [0x0]}, @enc_lim, @ra, @calipso={0x7, 0x30, {0x0, 0xa, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}}, @calipso={0x7, 0x40, {0x0, 0xe, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, @hao={0xc9, 0x10, @mcast2}, @jumbo, @pad1]}, @srh={0x2, 0xc, 0x4, 0x6, 0x0, 0x0, 0x0, [@loopback, @loopback, @remote, @mcast2, @local, @mcast2]}, @hopopts={0x0, 0x1b8, [], [@ra, @generic={0x0, 0xdbb, "0cad4f4a7eeb53720a5107b6d8001a2f2241086745756559ca43dcc86c24645dd1ca87e3caf5413013c6baee7f151d411bad8f23a85fadfe0f959c12d3393193f4499171ba7b0fdee3a48548863719a05490befc514e21c91ea0c4bcc0e488e1cec20d2c2a5a69ce3dd47d41718560907c58078035d2a51850b0d85282b4a9ab5626b195d85d2727ed7047b647859a72011ff3fa524341909f841651f63701526c6a7e741f3bded9c25d978a77f334d12931fdd5484306ec3d6b268311f46917b7e42efa149511bafa5415d17ac02ab8937249a68b2e3fddb941b0040ced142c2afedcbec1039d40f4923ea3d4475ac561a6a0e869569dd13e736bf127eacb110f8d010329fccadf8e48b27819c823ca0f507f87b3d63ef1869cba2fe3deb0ad1dbaa1a343ab0a856f3e248c6af4ddbfc11824031ce2beeae0991b79382da8b02e0d25715845fc86df5a6279d54d675789e58df953992123c28c532058750c5978a819ddaadbcbe1d7fc264cb688b91668e116227771f36e2a8eb8b7bc364dbda1b3225c6bf9d82ae1e69fe54b17ff692f8b47718b508b8a4e10735bcb55f90616e50d6ba8851388d0f1b39957374ddc9efb243ac2a2bc436e867f3e1499e62d9d158ac22d4d0350b45d1ff2db14ff9507defa68bd37bc5a2e4f7988329171dd59db16a044b748fb6e05e3ca8f863b2ddd8623495f0c3d183e1b610263f17d7629921562a42a3c45a515a30a2c3edc574dff264f881f61393447a1fd773a20e494ac3afc0df59da758af735fbd5e6ad689e95675e29c15617764084f5b6f4732435f63ccb423df6442ad322600e21be45296fd27ca9e08ee7f442a688a32817404d9300ce4a70c2b75ca422b2173a52e9a800f5e520f349525b4c493701ae68ae0efc5e117b9a20735e47c37ccd977686b30d6cabb18f8e7c07ef9721f7daaf4b2c1fd02ec9a2e6e2fd458fa93e4f54d96d5e25ebaca4f322994ae737ee0181b9fac284e952b71fa18ecc7f1c3752a6385a596c094d36654008db0a2a785bf55bcb973d3c5e45ea9ca7506c10ecc0472fd4dd568e38548e87f8557d90290d8a8985cfa43853de5ff75d5a6d8f697c2a6a727675ea5aa1779b1cc98b4ff9556933c7bfa3ae59ada5c8d49191cbea2f2b457dd53c62a4dd257e808b3804cd18a95d566a818797fdc09f4b607dc97b634a9d9e447cc2252f51dd8ad9f5a10ccf32b7154992623957d963731bc4331adfc90c48361e4e2239892c82ff9260ad221c2e83c2352095d95a3d44a402e874edaa8a304f2e1c3d6a383a0515eb5657589a67691a22f10b89fd74123f7cec086d434da40ba509b0dbdf1fa82f4b16f9f3e6df6b0b28c3a85ab272e50e064fc37f681fcb5cfa0c0899a9b88d0a483281032cb16a80202b96cfe473ba073fcb9a6eeeee0032afe23506facba3ed1d11608d21a580ab87eeef70d18d9331eae104f6d77a4bc96bce642815485f513bb71ddc560bc31e995aba9faccd7d1bf74c8fe2b5d7137e3b771a2f408ac06d24bad2f7f4c8f6d7d977d7248415ccbd3420688ff681cf9b00724b6981b2555b86bce142c5d3bef47ebf75e989b337cb8cb98ed24402a98a4224685ceb2ded92f347e5192903dff7f6ed980cbf1413b8eb68474a9abac3fb206ef1ebe0d08dd999c9ecf811d0706d0a705a23ae530d3775e978159dc3c73b86dcd18a61e1c6c8b810041fbd80e0a4c9ff8a73933bb3dae152514ced9ee050e059c6f1bd0dbf2e3517ee3c2d770c296e6596290cf800508715da0799efced72be1ab153bec534129279639ba1afde05179952bf9e80133865b60c5669ef3b6972483e2936ac87a69c8e296a0c24cc0b2ce8583c99414ce7d7309c404b0652f27e6911fdfb59877366fa8754e716e50aa99cd04cbf7eb2c8e118b1a17d9965d6611dc65ac8c6b3a4d5d3df3097c4163c354509b50df0cc2daf0291bbd384a34dec960fd84a67cb30b761ee8161bb25d389bd20e15bfcf7f5edd77005e96e90c5a9bbacd7b3f9f5bbdb880f0a7e1254572b86cb28b3c310ba3052d3785b024ed3f3fafabf1393cf2d882b8bacca30d69adc024baede50d9b0bc2ffcd2bf5c6fef2fc290390162b563b8e846d7b615115818623113f01a1c216b9f588b65db63a459bcfce53020debb6de6e746ef2f9f1c8276ba8995e1bd02d3194e9875e1692ea0255743ba2175c4a804f57a4c19a2c7a4f8f36557878deba2d485aa67c2f36ccbb582f3c569e5d00fe8636857f30854abea6758389bcc832d0de97635ea41e42efa0b7c06fd4f84deeaebccfa8852e3c5582ade34fbe462b5244156d4545bd32377c65e3b0303879f8cc8f177056e39f99591dbaf1b2640f9b68c4cf3989fdd442cb1298d62ce43a21c56bc9556eb27431c04ed337fcd37c26387772677c25c7be21ee74d087c7b88457f30b34a493acb519295f38f4b9bc6764fcbd763d4f9e061d0fd8cb7800e2e0ec18d0fbfdbddc9af8d817b3cf16ce82c91f184f5c8184736203e1bcdb4b8c03a2176926cac0ba9fcf7e21604973d53ee3fc38263e80cea9b1cd9a5016d3e03141426a6802e0926485e8afff7cf8be9bdd2ce685128a7631314c4414a6ade6a85975c1b2958d9c52e455174ca71562eaf6102654466c66f5d3e251e6cae5efd91a88a2513f0587d80b9aafd1936b43beb4054bc35f1c42c0381618bbba181f0de8f4e7aa15f87bc7bb4609f88eadbb83bcc13f8caf7eca20a938c35378f8d3a810a7463d8a2487a157871a7402ab05b54bed456fb2d4c440976ccb4e724a20ba1941f3b3db4f8a185982bd719362b7e190052b5579835d1da2adcfdbec002fdb5f7b187fd365eb601432bf984ad6ee59e13aafba08485997587417b70f8cdf4f7370f04d94df49e135ed3012b87e50b93b27c78e1409f05a4bc0b75e6322068de9b0af459fdc40e3649fb2a7fb1296e00e7d48315705ecbb7815fedb45b8773309489e47aaa4009952604df5d6cd57ec310fc387ecdb296c11376715286df3d15f651310461e83c2ae6d407db6f81784b291e6c8f42907dd4c473cb72dedeb930668d6e5efd95bd1f69d9e818a744557689f7106d0d2a3c3e6f79c98559f9c31ca32307011fa3d70963cc2801babc9a23f73f5fa4bcd04285927f6ef7c5099a4620b85ca8dff2a56fe8aac89949dac74cf869739610d87068e3d32fdba1d5b7460b7857249091cb62b6d9f824ffb9b88a02ea4926da7b8b672ad08ec8c7508a3c5ba901e7c8c8a19e63bbc148a8bb307c6f5d87c736c9d6bcfaabdc7da7102a8bc466c6c11c0bf1973aaf9bc181f996b8aa726dc952dd26df33d6b2aa8de037308df7935ef3390e5939fd9cdf2044b40422197fac93f1762ad342d293162c109f39a369e48977af8ea32a7a098fd9cd7cd979b41a104b8359038cd6741a73968c72d09e9b9869d8dc5fc36b9bfdc89b8cffcede960561a9d1e4aa2453f712caecd2a4206947d3588190e3433bdb87a9241e08686dc78f00162f8239d660b74d42ae1d534ffc3a51fc308f98a5ac00f4da9bdcee4e6d0bf627d17366691a3ab8569b730ad31dcc5324c8835b19b65a11845a03434e10329c5feeeb1088b13a3bc3fe65c3eb6e549003d8d211b87823a44910b2a42e340dd2176a17a2e6ebb45cc59baa9a3bbfd74e6ee8d2c512a825292bdd7abe5ff7ede61b74376e5bc37faf8d69346fa32708df690b2d5b5f18727e4bdb899718e38dae959bb56d95ac153beb1426f3cca03105d5fed56e597822bfc31bb284a9848f1b6b9a1910ad2af8b76887cdd2b1de1f81cd542e0c889e89737d61f5e50ef964205a3b4c77c72271f83015e34989d60ef6d0d6c307902975d5dbe90a23ee1cde956cf70135c91a199d9f75500dc95604b9e7eb365ea858d90377601bad95e07a0f156ffc02778365315b67093aebe32a2a5f00ba8b0eae6fb0414eabe117fd590bc39e9208b4137977b5a8610462f2e83cff2b16edcb444b5d33035d0a80bcb1da228247cad6c11369c5026c5a8320d97cbac232b0ecc0b201552e0f41ab143040324217ad67e8606b34a3349e4ef0c34f9cf56d5b6d157c09b178b358491eb270093a99f522afa3aedaf5dc705fe1842b12515dfe1650dd92ab489bed299677eeff81da531569a3ad832ae273a0b47627561a35da92a6c1b161dbf496248f04feb5a407d99968d6ba0174f453d94708be5a57d82b980bd7751b4a9590dc7b4d38c912a8571ebc39150f7e52efad66cb6d3996710bc5a3e89576182a6a1e15d95dbd74c1ab791bee657547ffb645feb8566ed8db97003f1ff2312946a0404c8dfc0f0a240d8320795c83e66f1429eb56db9ba6e1cee43cbc9e95bd10ceccf1f2ff6b8264ed4e83928e0c5056ad07ba0dad0bb21bec76d7b6ee05a2f0bac88f17004e2e299ccb2679099cc838e25f78685509b69d3164c1fae4c538e683af818d223e8806f50da7504008173b9fc69eafb649dc4b516e4554edbe8c9a0ba46db39c962af343e9caada22d55e3d7ad01e5e5d7d146edfc3a93ce8afde8416b8e9a929b8d88909e11554f1b934a98be2d6e6e0ae2ff66f10be722958a0c0c3766f69d590fc56ed8ae47c289413d62310e8022369e8102d0407bfd30c103fb743c81360752a71f36be5a511c43ebdb493d96a7b2eb80494a028f6cc76a2d0eb0aa1f1392bb50a2ba71384f071473d0774e425dd2d212b537f8f654458e0a5d300780c3d29ddcabe9fdd95c14e6cbd924d1aad9eaa2e00d45278609ef27fdec8d81c9221d07b59370db0911550fdddc9ef3ba760109ba384b3ad7ba5747aa50e0b9832bf39cbf5244de38af8c273d497597be8d4e5575d13a580584436621bb5b7878d23991a6221381af19ef2be71e2c7dea6e5fc9dbe0039ccb02d13d978eebdd411727ee7faed65ca6c872bf9c37322ede378709e9f6a61a1b07c7ceeb94b7719d78a8a3d8221695ba"}]}], "4011c6ed3ec831c0a859df4fd6a1cf59a90c42b433580b288a28728fb104cc462f4e92a1a4d50c2d9d75ce8b5ae9b1d6e9a4a79cae905957835e850585441d5cb5c76b06ad60a5a9003ebacf0d40fb6c636fd81af39f9d170ef5af99cd3e3e7ff54f71ca5d83d2b122ebbbc1333a2c811bc4095b572ebbcb83561044b2794ae54b33e99f48eac0eb"}}}}}}, 0xfca) 05:18:21 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000005000000000000000", 0x32) 05:18:21 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000003a00000000000000", 0x32) 05:18:21 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:18:21 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0xa}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 05:18:21 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x18, 0x0, &(0x7f0000000140)=[@acquire={0x40046304}, @clear_death], 0x0, 0x8126000, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r3, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x9, 0x125980) set_thread_area(0x0) pivot_root(0x0, 0x0) [ 2220.334046][ T9215] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 2220.399911][ T9215] CPU: 0 PID: 9215 Comm: syz-executor.1 Not tainted 5.6.0-rc3-syzkaller #0 [ 2220.408552][ T9215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2220.418626][ T9215] Call Trace: [ 2220.421938][ T9215] dump_stack+0x1fb/0x318 [ 2220.426295][ T9215] dump_header+0xd8/0x960 [ 2220.430654][ T9215] oom_kill_process+0xee/0x370 [ 2220.435460][ T9215] out_of_memory+0x5dc/0x900 [ 2220.440087][ T9215] try_charge+0x128f/0x18a0 05:18:21 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000005100000000000000", 0x32) 05:18:21 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000003b00000000000000", 0x32) [ 2220.444731][ T9215] __memcg_kmem_charge_memcg+0x37/0x140 [ 2220.451287][ T9215] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2220.456857][ T9215] __memcg_kmem_charge+0x105/0x340 [ 2220.462239][ T9215] __alloc_pages_nodemask+0x29a/0x5d0 [ 2220.467757][ T9215] alloc_pages_current+0x2db/0x500 [ 2220.473209][ T9215] pte_alloc_one+0x1f/0x180 [ 2220.477735][ T9215] __pte_alloc+0x20/0x2f0 [ 2220.482091][ T9215] copy_page_range+0x2434/0x2950 [ 2220.487105][ T9215] ? __vma_link_rb+0x822/0x840 [ 2220.491906][ T9215] dup_mmap+0x9f1/0xdf0 [ 2220.496098][ T9215] dup_mm+0x9e/0x340 [ 2220.500024][ T9215] copy_process+0x2080/0x57b0 [ 2220.507613][ T9215] ? debug_smp_processor_id+0x9/0x20 [ 2220.513065][ T9215] _do_fork+0x13e/0x660 [ 2220.517247][ T9215] ? check_preemption_disabled+0x44/0x260 [ 2220.522974][ T9215] ? debug_smp_processor_id+0x9/0x20 [ 2220.528502][ T9215] ? check_preemption_disabled+0x44/0x260 [ 2220.534340][ T9215] ? debug_smp_processor_id+0x9/0x20 [ 2220.539833][ T9215] ? check_preemption_disabled+0x44/0x260 [ 2220.545712][ T9215] __x64_sys_clone+0x20b/0x250 [ 2220.550533][ T9215] do_syscall_64+0xf7/0x1c0 [ 2220.555041][ T9215] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2220.561412][ T9215] RIP: 0033:0x45aa4a [ 2220.565301][ T9215] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2220.585443][ T9215] RSP: 002b:00007ffc28d10e20 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2220.593958][ T9215] RAX: ffffffffffffffda RBX: 00007ffc28d10e20 RCX: 000000000045aa4a [ 2220.601962][ T9215] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2220.609929][ T9215] RBP: 00007ffc28d10e60 R08: 0000000000000001 R09: 0000000002844940 [ 2220.618189][ T9215] R10: 0000000002844c10 R11: 0000000000000246 R12: 0000000000000001 [ 2220.626167][ T9215] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffc28d10eb0 [ 2220.643451][ T9215] memory: usage 307200kB, limit 307200kB, failcnt 11668 [ 2220.651264][ T9215] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2220.658885][ T9215] Memory cgroup stats for /syz1: [ 2220.659733][ T9215] anon 117231616 [ 2220.659733][ T9215] file 122880 [ 2220.659733][ T9215] kernel_stack 28311552 [ 2220.659733][ T9215] slab 54505472 [ 2220.659733][ T9215] sock 131072 [ 2220.659733][ T9215] shmem 0 [ 2220.659733][ T9215] file_mapped 135168 [ 2220.659733][ T9215] file_dirty 0 [ 2220.659733][ T9215] file_writeback 0 [ 2220.659733][ T9215] anon_thp 0 [ 2220.659733][ T9215] inactive_anon 516096 [ 2220.659733][ T9215] active_anon 116936704 [ 2220.659733][ T9215] inactive_file 4096 [ 2220.659733][ T9215] active_file 0 [ 2220.659733][ T9215] unevictable 0 [ 2220.659733][ T9215] slab_reclaimable 10137600 [ 2220.659733][ T9215] slab_unreclaimable 44367872 [ 2220.659733][ T9215] pgfault 235686 [ 2220.659733][ T9215] pgmajfault 0 [ 2220.659733][ T9215] workingset_refault 1980 [ 2220.659733][ T9215] workingset_activate 495 [ 2220.659733][ T9215] workingset_nodereclaim 0 [ 2220.659733][ T9215] pgrefill 95923 [ 2220.659733][ T9215] pgscan 97325 [ 2220.659733][ T9215] pgsteal 3360 [ 2220.757944][ T9215] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=21370,uid=0 [ 2220.776782][ T9215] Memory cgroup out of memory: Killed process 21370 (syz-executor.1) total-vm:74836kB, anon-rss:164kB, file-rss:35804kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2220.927428][T11484] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2220.940279][T11484] CPU: 0 PID: 11484 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2220.948964][T11484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2220.959032][T11484] Call Trace: [ 2220.962343][T11484] dump_stack+0x1fb/0x318 [ 2220.966688][T11484] dump_header+0xd8/0x960 [ 2220.971183][T11484] oom_kill_process+0xee/0x370 [ 2220.975983][T11484] out_of_memory+0x5dc/0x900 [ 2220.980636][T11484] try_charge+0x128f/0x18a0 [ 2220.985201][T11484] __memcg_kmem_charge_memcg+0x37/0x140 [ 2220.991282][T11484] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2220.996863][T11484] __memcg_kmem_charge+0x105/0x340 [ 2221.002008][T11484] __alloc_pages_nodemask+0x29a/0x5d0 [ 2221.007416][T11484] alloc_pages_current+0x2db/0x500 [ 2221.013514][T11484] get_zeroed_page+0x17/0x40 [ 2221.018128][T11484] __pud_alloc+0x37/0x210 [ 2221.022492][T11484] copy_page_range+0x2600/0x2950 [ 2221.027472][T11484] ? anon_vma_fork+0x4a5/0x540 [ 2221.032269][T11484] ? vma_gap_callbacks_rotate+0x1fc/0x230 [ 2221.038022][T11484] ? init_admin_reserve+0xc0/0xc0 [ 2221.043093][T11484] dup_mmap+0x9f1/0xdf0 [ 2221.047297][T11484] dup_mm+0x9e/0x340 [ 2221.051248][T11484] copy_process+0x2080/0x57b0 [ 2221.055958][T11484] ? retint_kernel+0x2b/0x2b [ 2221.060603][T11484] _do_fork+0x13e/0x660 [ 2221.064777][T11484] ? retint_kernel+0x2b/0x2b [ 2221.069511][T11484] ? trace_hardirqs_on_caller+0x74/0x80 [ 2221.075070][T11484] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2221.080612][T11484] __x64_sys_clone+0x20b/0x250 [ 2221.085435][T11484] do_syscall_64+0xf7/0x1c0 [ 2221.090098][T11484] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2221.095983][T11496] binder: BINDER_SET_CONTEXT_MGR already set [ 2221.096005][T11496] binder: 11496:11496 ioctl 40046207 0 returned -16 [ 2221.101973][T11484] RIP: 0033:0x45c479 [ 2221.101985][T11484] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2221.101990][T11484] RSP: 002b:00007fe0b78f1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2221.102000][T11484] RAX: ffffffffffffffda RBX: 00007fe0b78f26d4 RCX: 000000000045c479 [ 2221.102007][T11484] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 2221.102012][T11484] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2221.102019][T11484] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2221.102025][T11484] R13: 0000000000000074 R14: 00000000004c2d06 R15: 000000000076bf2c [ 2221.104223][T11484] memory: usage 307200kB, limit 307200kB, failcnt 15482 [ 2221.190593][T11484] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2221.197709][T11484] Memory cgroup stats for /syz4: [ 2221.198240][T11484] anon 118272000 [ 2221.198240][T11484] file 16384 [ 2221.198240][T11484] kernel_stack 28975104 [ 2221.198240][T11484] slab 52461568 [ 2221.198240][T11484] sock 0 [ 2221.198240][T11484] shmem 73728 [ 2221.198240][T11484] file_mapped 0 [ 2221.198240][T11484] file_dirty 0 [ 2221.198240][T11484] file_writeback 0 [ 2221.198240][T11484] anon_thp 0 [ 2221.198240][T11484] inactive_anon 786432 [ 2221.198240][T11484] active_anon 117583872 [ 2221.198240][T11484] inactive_file 98304 [ 2221.198240][T11484] active_file 0 [ 2221.198240][T11484] unevictable 0 [ 2221.198240][T11484] slab_reclaimable 7839744 [ 2221.198240][T11484] slab_unreclaimable 44621824 [ 2221.198240][T11484] pgfault 244167 [ 2221.198240][T11484] pgmajfault 0 [ 2221.198240][T11484] workingset_refault 3630 [ 2221.198240][T11484] workingset_activate 1749 [ 2221.198240][T11484] workingset_nodereclaim 0 [ 2221.198240][T11484] pgrefill 131414 [ 2221.198240][T11484] pgscan 149081 [ 2221.198240][T11484] pgsteal 20006 [ 2221.294704][T11484] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8872,uid=0 [ 2221.311416][T11484] Memory cgroup out of memory: Killed process 8872 (syz-executor.4) total-vm:74836kB, anon-rss:168kB, file-rss:35816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 05:18:22 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(0x0, &(0x7f0000000280)) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x18, 0x0, &(0x7f0000000140)=[@acquire={0x40046304}, @clear_death], 0x0, 0x8126000, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r3, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x9, 0x125980) set_thread_area(0x0) pivot_root(0x0, 0x0) [ 2221.360330][ T1143] oom_reaper: reaped process 8872 (syz-executor.4), now anon-rss:0kB, file-rss:34856kB, shmem-rss:0kB [ 2221.444142][ T9215] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 2221.458971][ T9215] CPU: 0 PID: 9215 Comm: syz-executor.1 Not tainted 5.6.0-rc3-syzkaller #0 [ 2221.467605][ T9215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2221.477675][ T9215] Call Trace: [ 2221.480999][ T9215] dump_stack+0x1fb/0x318 [ 2221.485525][ T9215] dump_header+0xd8/0x960 [ 2221.489911][ T9215] oom_kill_process+0xee/0x370 [ 2221.494804][ T9215] out_of_memory+0x5dc/0x900 [ 2221.499433][ T9215] try_charge+0x128f/0x18a0 [ 2221.504009][ T9215] __memcg_kmem_charge_memcg+0x37/0x140 [ 2221.509575][ T9215] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2221.515778][ T9215] __memcg_kmem_charge+0x105/0x340 [ 2221.520924][ T9215] __alloc_pages_nodemask+0x29a/0x5d0 [ 2221.526344][ T9215] alloc_pages_current+0x2db/0x500 [ 2221.531489][ T9215] pte_alloc_one+0x1f/0x180 [ 2221.536366][ T9215] __pte_alloc+0x20/0x2f0 05:18:22 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000005200000000000000", 0x32) 05:18:22 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000003c00000000000000", 0x32) [ 2221.540755][ T9215] copy_page_range+0x2434/0x2950 [ 2221.545760][ T9215] ? init_admin_reserve+0xc0/0xc0 [ 2221.550817][ T9215] dup_mmap+0x9f1/0xdf0 [ 2221.555011][ T9215] dup_mm+0x9e/0x340 [ 2221.558931][ T9215] copy_process+0x2080/0x57b0 [ 2221.563643][ T9215] ? debug_smp_processor_id+0x9/0x20 [ 2221.568980][ T9215] _do_fork+0x13e/0x660 [ 2221.573162][ T9215] ? check_preemption_disabled+0x44/0x260 [ 2221.578906][ T9215] ? debug_smp_processor_id+0x9/0x20 [ 2221.584216][ T9215] ? check_preemption_disabled+0x44/0x260 [ 2221.590738][ T9215] ? debug_smp_processor_id+0x9/0x20 [ 2221.596044][ T9215] ? check_preemption_disabled+0x44/0x260 [ 2221.601795][ T9215] __x64_sys_clone+0x20b/0x250 [ 2221.606601][ T9215] do_syscall_64+0xf7/0x1c0 [ 2221.611134][ T9215] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2221.617039][ T9215] RIP: 0033:0x45aa4a [ 2221.620948][ T9215] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2221.640673][ T9215] RSP: 002b:00007ffc28d10e20 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2221.649102][ T9215] RAX: ffffffffffffffda RBX: 00007ffc28d10e20 RCX: 000000000045aa4a [ 2221.657092][ T9215] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2221.665086][ T9215] RBP: 00007ffc28d10e60 R08: 0000000000000001 R09: 0000000002844940 [ 2221.673250][ T9215] R10: 0000000002844c10 R11: 0000000000000246 R12: 0000000000000001 [ 2221.681239][ T9215] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffc28d10eb0 05:18:22 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) [ 2221.794031][ T9215] memory: usage 307200kB, limit 307200kB, failcnt 11683 [ 2221.802773][ T9215] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2221.811168][ T9215] Memory cgroup stats for /syz1: [ 2221.811264][ T9215] anon 117366784 [ 2221.811264][ T9215] file 122880 [ 2221.811264][ T9215] kernel_stack 28311552 [ 2221.811264][ T9215] slab 54505472 [ 2221.811264][ T9215] sock 131072 [ 2221.811264][ T9215] shmem 0 [ 2221.811264][ T9215] file_mapped 135168 [ 2221.811264][ T9215] file_dirty 0 [ 2221.811264][ T9215] file_writeback 0 [ 2221.811264][ T9215] anon_thp 0 [ 2221.811264][ T9215] inactive_anon 516096 [ 2221.811264][ T9215] active_anon 116936704 [ 2221.811264][ T9215] inactive_file 4096 [ 2221.811264][ T9215] active_file 0 [ 2221.811264][ T9215] unevictable 0 [ 2221.811264][ T9215] slab_reclaimable 10137600 [ 2221.811264][ T9215] slab_unreclaimable 44367872 [ 2221.811264][ T9215] pgfault 235785 [ 2221.811264][ T9215] pgmajfault 0 [ 2221.811264][ T9215] workingset_refault 1980 [ 2221.811264][ T9215] workingset_activate 495 [ 2221.811264][ T9215] workingset_nodereclaim 0 [ 2221.811264][ T9215] pgrefill 96022 [ 2221.811264][ T9215] pgscan 97426 [ 2221.811264][ T9215] pgsteal 3360 [ 2221.913320][ T9215] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=21072,uid=0 [ 2221.933344][ T9215] Memory cgroup out of memory: Killed process 21072 (syz-executor.1) total-vm:74836kB, anon-rss:164kB, file-rss:35804kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2221.952678][ T1143] oom_reaper: reaped process 21072 (syz-executor.1), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB [ 2222.329391][T11527] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2222.341828][T11527] CPU: 1 PID: 11527 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2222.350513][T11527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2222.360581][T11527] Call Trace: [ 2222.363891][T11527] dump_stack+0x1fb/0x318 [ 2222.368372][T11527] dump_header+0xd8/0x960 [ 2222.372764][T11527] oom_kill_process+0xee/0x370 [ 2222.377553][T11527] out_of_memory+0x5dc/0x900 [ 2222.382173][T11527] try_charge+0x128f/0x18a0 [ 2222.386738][T11527] __memcg_kmem_charge_memcg+0x37/0x140 [ 2222.392303][T11527] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2222.397884][T11527] __memcg_kmem_charge+0x105/0x340 [ 2222.403032][T11527] __alloc_pages_nodemask+0x29a/0x5d0 [ 2222.408450][T11527] alloc_pages_current+0x2db/0x500 [ 2222.413591][T11527] pte_alloc_one+0x1f/0x180 [ 2222.418119][T11527] __pte_alloc+0x20/0x2f0 [ 2222.422474][T11527] copy_page_range+0x2434/0x2950 [ 2222.427487][T11527] ? __vma_link_rb+0x822/0x840 [ 2222.432300][T11527] dup_mmap+0x9f1/0xdf0 [ 2222.436504][T11527] dup_mm+0x9e/0x340 [ 2222.440460][T11527] copy_process+0x2080/0x57b0 [ 2222.445174][T11527] ? debug_smp_processor_id+0x9/0x20 [ 2222.450482][T11527] _do_fork+0x13e/0x660 [ 2222.454652][T11527] ? retint_kernel+0x2b/0x2b [ 2222.459270][T11527] ? trace_hardirqs_on_caller+0x74/0x80 [ 2222.464840][T11527] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2222.470325][T11527] __x64_sys_clone+0x20b/0x250 [ 2222.475128][T11527] do_syscall_64+0xf7/0x1c0 [ 2222.479658][T11527] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2222.485562][T11527] RIP: 0033:0x45c479 [ 2222.489467][T11527] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2222.509098][T11527] RSP: 002b:00007fe0b78f1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2222.517521][T11527] RAX: ffffffffffffffda RBX: 00007fe0b78f26d4 RCX: 000000000045c479 [ 2222.525513][T11527] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 2222.533516][T11527] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2222.541509][T11527] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2222.549487][T11527] R13: 0000000000000074 R14: 00000000004c2d06 R15: 000000000076bf2c [ 2222.557682][T11527] memory: usage 307200kB, limit 307200kB, failcnt 15523 [ 2222.564952][T11527] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2222.572023][T11527] Memory cgroup stats for /syz4: [ 2222.572746][T11527] anon 118407168 [ 2222.572746][T11527] file 16384 [ 2222.572746][T11527] kernel_stack 29011968 [ 2222.572746][T11527] slab 52461568 [ 2222.572746][T11527] sock 0 [ 2222.572746][T11527] shmem 73728 [ 2222.572746][T11527] file_mapped 0 [ 2222.572746][T11527] file_dirty 0 [ 2222.572746][T11527] file_writeback 0 [ 2222.572746][T11527] anon_thp 0 [ 2222.572746][T11527] inactive_anon 786432 [ 2222.572746][T11527] active_anon 117719040 [ 2222.572746][T11527] inactive_file 98304 [ 2222.572746][T11527] active_file 0 [ 2222.572746][T11527] unevictable 0 [ 2222.572746][T11527] slab_reclaimable 7839744 [ 2222.572746][T11527] slab_unreclaimable 44621824 [ 2222.572746][T11527] pgfault 244299 [ 2222.572746][T11527] pgmajfault 0 [ 2222.572746][T11527] workingset_refault 3630 [ 2222.572746][T11527] workingset_activate 1749 [ 2222.572746][T11527] workingset_nodereclaim 0 [ 2222.572746][T11527] pgrefill 131778 [ 2222.572746][T11527] pgscan 149446 [ 2222.572746][T11527] pgsteal 20006 [ 2222.667826][T11527] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=5638,uid=0 [ 2222.683803][T11527] Memory cgroup out of memory: Killed process 5638 (syz-executor.4) total-vm:74704kB, anon-rss:160kB, file-rss:35824kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 2222.708820][ T1143] oom_reaper: reaped process 5638 (syz-executor.4), now anon-rss:0kB, file-rss:34864kB, shmem-rss:0kB 05:18:24 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @remote}}) write$tun(r0, &(0x7f00000021c0)={@void, @val={0x9}, @mpls={[], @ipv6=@icmpv6={0x0, 0x6, "9eef7b", 0xf98, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x3, 0x0, 0x0, 0x0, {0x0, 0x6, "6595c3", 0x0, 0x0, 0x0, @mcast2, @loopback, [@dstopts={0x11, 0x13, [0x0, 0x0, 0x0, 0x0, 0x3], [@padn={0x1, 0x1, [0x0]}, @enc_lim, @ra, @calipso={0x7, 0x30, {0x0, 0xa, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}}, @calipso={0x7, 0x40, {0x0, 0xe, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, @hao={0xc9, 0x10, @mcast2}, @jumbo, @pad1]}, @srh={0x2, 0xc, 0x4, 0x6, 0x0, 0x0, 0x0, [@loopback, @loopback, @remote, @mcast2, @local, @mcast2]}, @hopopts={0x0, 0x1b8, [], [@ra, @generic={0x0, 0xdbb, "0cad4f4a7eeb53720a5107b6d8001a2f2241086745756559ca43dcc86c24645dd1ca87e3caf5413013c6baee7f151d411bad8f23a85fadfe0f959c12d3393193f4499171ba7b0fdee3a48548863719a05490befc514e21c91ea0c4bcc0e488e1cec20d2c2a5a69ce3dd47d41718560907c58078035d2a51850b0d85282b4a9ab5626b195d85d2727ed7047b647859a72011ff3fa524341909f841651f63701526c6a7e741f3bded9c25d978a77f334d12931fdd5484306ec3d6b268311f46917b7e42efa149511bafa5415d17ac02ab8937249a68b2e3fddb941b0040ced142c2afedcbec1039d40f4923ea3d4475ac561a6a0e869569dd13e736bf127eacb110f8d010329fccadf8e48b27819c823ca0f507f87b3d63ef1869cba2fe3deb0ad1dbaa1a343ab0a856f3e248c6af4ddbfc11824031ce2beeae0991b79382da8b02e0d25715845fc86df5a6279d54d675789e58df953992123c28c532058750c5978a819ddaadbcbe1d7fc264cb688b91668e116227771f36e2a8eb8b7bc364dbda1b3225c6bf9d82ae1e69fe54b17ff692f8b47718b508b8a4e10735bcb55f90616e50d6ba8851388d0f1b39957374ddc9efb243ac2a2bc436e867f3e1499e62d9d158ac22d4d0350b45d1ff2db14ff9507defa68bd37bc5a2e4f7988329171dd59db16a044b748fb6e05e3ca8f863b2ddd8623495f0c3d183e1b610263f17d7629921562a42a3c45a515a30a2c3edc574dff264f881f61393447a1fd773a20e494ac3afc0df59da758af735fbd5e6ad689e95675e29c15617764084f5b6f4732435f63ccb423df6442ad322600e21be45296fd27ca9e08ee7f442a688a32817404d9300ce4a70c2b75ca422b2173a52e9a800f5e520f349525b4c493701ae68ae0efc5e117b9a20735e47c37ccd977686b30d6cabb18f8e7c07ef9721f7daaf4b2c1fd02ec9a2e6e2fd458fa93e4f54d96d5e25ebaca4f322994ae737ee0181b9fac284e952b71fa18ecc7f1c3752a6385a596c094d36654008db0a2a785bf55bcb973d3c5e45ea9ca7506c10ecc0472fd4dd568e38548e87f8557d90290d8a8985cfa43853de5ff75d5a6d8f697c2a6a727675ea5aa1779b1cc98b4ff9556933c7bfa3ae59ada5c8d49191cbea2f2b457dd53c62a4dd257e808b3804cd18a95d566a818797fdc09f4b607dc97b634a9d9e447cc2252f51dd8ad9f5a10ccf32b7154992623957d963731bc4331adfc90c48361e4e2239892c82ff9260ad221c2e83c2352095d95a3d44a402e874edaa8a304f2e1c3d6a383a0515eb5657589a67691a22f10b89fd74123f7cec086d434da40ba509b0dbdf1fa82f4b16f9f3e6df6b0b28c3a85ab272e50e064fc37f681fcb5cfa0c0899a9b88d0a483281032cb16a80202b96cfe473ba073fcb9a6eeeee0032afe23506facba3ed1d11608d21a580ab87eeef70d18d9331eae104f6d77a4bc96bce642815485f513bb71ddc560bc31e995aba9faccd7d1bf74c8fe2b5d7137e3b771a2f408ac06d24bad2f7f4c8f6d7d977d7248415ccbd3420688ff681cf9b00724b6981b2555b86bce142c5d3bef47ebf75e989b337cb8cb98ed24402a98a4224685ceb2ded92f347e5192903dff7f6ed980cbf1413b8eb68474a9abac3fb206ef1ebe0d08dd999c9ecf811d0706d0a705a23ae530d3775e978159dc3c73b86dcd18a61e1c6c8b810041fbd80e0a4c9ff8a73933bb3dae152514ced9ee050e059c6f1bd0dbf2e3517ee3c2d770c296e6596290cf800508715da0799efced72be1ab153bec534129279639ba1afde05179952bf9e80133865b60c5669ef3b6972483e2936ac87a69c8e296a0c24cc0b2ce8583c99414ce7d7309c404b0652f27e6911fdfb59877366fa8754e716e50aa99cd04cbf7eb2c8e118b1a17d9965d6611dc65ac8c6b3a4d5d3df3097c4163c354509b50df0cc2daf0291bbd384a34dec960fd84a67cb30b761ee8161bb25d389bd20e15bfcf7f5edd77005e96e90c5a9bbacd7b3f9f5bbdb880f0a7e1254572b86cb28b3c310ba3052d3785b024ed3f3fafabf1393cf2d882b8bacca30d69adc024baede50d9b0bc2ffcd2bf5c6fef2fc290390162b563b8e846d7b615115818623113f01a1c216b9f588b65db63a459bcfce53020debb6de6e746ef2f9f1c8276ba8995e1bd02d3194e9875e1692ea0255743ba2175c4a804f57a4c19a2c7a4f8f36557878deba2d485aa67c2f36ccbb582f3c569e5d00fe8636857f30854abea6758389bcc832d0de97635ea41e42efa0b7c06fd4f84deeaebccfa8852e3c5582ade34fbe462b5244156d4545bd32377c65e3b0303879f8cc8f177056e39f99591dbaf1b2640f9b68c4cf3989fdd442cb1298d62ce43a21c56bc9556eb27431c04ed337fcd37c26387772677c25c7be21ee74d087c7b88457f30b34a493acb519295f38f4b9bc6764fcbd763d4f9e061d0fd8cb7800e2e0ec18d0fbfdbddc9af8d817b3cf16ce82c91f184f5c8184736203e1bcdb4b8c03a2176926cac0ba9fcf7e21604973d53ee3fc38263e80cea9b1cd9a5016d3e03141426a6802e0926485e8afff7cf8be9bdd2ce685128a7631314c4414a6ade6a85975c1b2958d9c52e455174ca71562eaf6102654466c66f5d3e251e6cae5efd91a88a2513f0587d80b9aafd1936b43beb4054bc35f1c42c0381618bbba181f0de8f4e7aa15f87bc7bb4609f88eadbb83bcc13f8caf7eca20a938c35378f8d3a810a7463d8a2487a157871a7402ab05b54bed456fb2d4c440976ccb4e724a20ba1941f3b3db4f8a185982bd719362b7e190052b5579835d1da2adcfdbec002fdb5f7b187fd365eb601432bf984ad6ee59e13aafba08485997587417b70f8cdf4f7370f04d94df49e135ed3012b87e50b93b27c78e1409f05a4bc0b75e6322068de9b0af459fdc40e3649fb2a7fb1296e00e7d48315705ecbb7815fedb45b8773309489e47aaa4009952604df5d6cd57ec310fc387ecdb296c11376715286df3d15f651310461e83c2ae6d407db6f81784b291e6c8f42907dd4c473cb72dedeb930668d6e5efd95bd1f69d9e818a744557689f7106d0d2a3c3e6f79c98559f9c31ca32307011fa3d70963cc2801babc9a23f73f5fa4bcd04285927f6ef7c5099a4620b85ca8dff2a56fe8aac89949dac74cf869739610d87068e3d32fdba1d5b7460b7857249091cb62b6d9f824ffb9b88a02ea4926da7b8b672ad08ec8c7508a3c5ba901e7c8c8a19e63bbc148a8bb307c6f5d87c736c9d6bcfaabdc7da7102a8bc466c6c11c0bf1973aaf9bc181f996b8aa726dc952dd26df33d6b2aa8de037308df7935ef3390e5939fd9cdf2044b40422197fac93f1762ad342d293162c109f39a369e48977af8ea32a7a098fd9cd7cd979b41a104b8359038cd6741a73968c72d09e9b9869d8dc5fc36b9bfdc89b8cffcede960561a9d1e4aa2453f712caecd2a4206947d3588190e3433bdb87a9241e08686dc78f00162f8239d660b74d42ae1d534ffc3a51fc308f98a5ac00f4da9bdcee4e6d0bf627d17366691a3ab8569b730ad31dcc5324c8835b19b65a11845a03434e10329c5feeeb1088b13a3bc3fe65c3eb6e549003d8d211b87823a44910b2a42e340dd2176a17a2e6ebb45cc59baa9a3bbfd74e6ee8d2c512a825292bdd7abe5ff7ede61b74376e5bc37faf8d69346fa32708df690b2d5b5f18727e4bdb899718e38dae959bb56d95ac153beb1426f3cca03105d5fed56e597822bfc31bb284a9848f1b6b9a1910ad2af8b76887cdd2b1de1f81cd542e0c889e89737d61f5e50ef964205a3b4c77c72271f83015e34989d60ef6d0d6c307902975d5dbe90a23ee1cde956cf70135c91a199d9f75500dc95604b9e7eb365ea858d90377601bad95e07a0f156ffc02778365315b67093aebe32a2a5f00ba8b0eae6fb0414eabe117fd590bc39e9208b4137977b5a8610462f2e83cff2b16edcb444b5d33035d0a80bcb1da228247cad6c11369c5026c5a8320d97cbac232b0ecc0b201552e0f41ab143040324217ad67e8606b34a3349e4ef0c34f9cf56d5b6d157c09b178b358491eb270093a99f522afa3aedaf5dc705fe1842b12515dfe1650dd92ab489bed299677eeff81da531569a3ad832ae273a0b47627561a35da92a6c1b161dbf496248f04feb5a407d99968d6ba0174f453d94708be5a57d82b980bd7751b4a9590dc7b4d38c912a8571ebc39150f7e52efad66cb6d3996710bc5a3e89576182a6a1e15d95dbd74c1ab791bee657547ffb645feb8566ed8db97003f1ff2312946a0404c8dfc0f0a240d8320795c83e66f1429eb56db9ba6e1cee43cbc9e95bd10ceccf1f2ff6b8264ed4e83928e0c5056ad07ba0dad0bb21bec76d7b6ee05a2f0bac88f17004e2e299ccb2679099cc838e25f78685509b69d3164c1fae4c538e683af818d223e8806f50da7504008173b9fc69eafb649dc4b516e4554edbe8c9a0ba46db39c962af343e9caada22d55e3d7ad01e5e5d7d146edfc3a93ce8afde8416b8e9a929b8d88909e11554f1b934a98be2d6e6e0ae2ff66f10be722958a0c0c3766f69d590fc56ed8ae47c289413d62310e8022369e8102d0407bfd30c103fb743c81360752a71f36be5a511c43ebdb493d96a7b2eb80494a028f6cc76a2d0eb0aa1f1392bb50a2ba71384f071473d0774e425dd2d212b537f8f654458e0a5d300780c3d29ddcabe9fdd95c14e6cbd924d1aad9eaa2e00d45278609ef27fdec8d81c9221d07b59370db0911550fdddc9ef3ba760109ba384b3ad7ba5747aa50e0b9832bf39cbf5244de38af8c273d497597be8d4e5575d13a580584436621bb5b7878d23991a6221381af19ef2be71e2c7dea6e5fc9dbe0039ccb02d13d978eebdd411727ee7faed65ca6c872bf9c37322ede378709e9f6a61a1b07c7ceeb94b7719d78a8a3d8221695ba"}]}], "4011c6ed3ec831c0a859df4fd6a1cf59a90c42b433580b288a28728fb104cc462f4e92a1a4d50c2d9d75ce8b5ae9b1d6e9a4a79cae905957835e850585441d5cb5c76b06ad60a5a9003ebacf0d40fb6c636fd81af39f9d170ef5af99cd3e3e7ff54f71ca5d83d2b122ebbbc1333a2c811bc4095b572ebbcb83561044b2794ae54b33e99f48eac0eb"}}}}}}, 0xfca) 05:18:24 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000003d00000000000000", 0x32) 05:18:24 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0xb}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 05:18:24 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000005300000000000000", 0x32) 05:18:24 executing program 4: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:18:24 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(0x0, &(0x7f0000000280)) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x18, 0x0, &(0x7f0000000140)=[@acquire={0x40046304}, @clear_death], 0x0, 0x8126000, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r3, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x9, 0x125980) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:18:24 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000005400000000000000", 0x32) [ 2223.105651][ T9215] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 2223.143871][ T9215] CPU: 1 PID: 9215 Comm: syz-executor.1 Not tainted 5.6.0-rc3-syzkaller #0 [ 2223.152649][ T9215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2223.162716][ T9215] Call Trace: [ 2223.166030][ T9215] dump_stack+0x1fb/0x318 [ 2223.170649][ T9215] dump_header+0xd8/0x960 [ 2223.175070][ T9215] oom_kill_process+0xee/0x370 [ 2223.179834][ T9215] out_of_memory+0x5dc/0x900 [ 2223.184479][ T9215] try_charge+0x128f/0x18a0 [ 2223.189322][ T9215] __memcg_kmem_charge_memcg+0x37/0x140 [ 2223.195113][ T9215] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2223.200806][ T9215] __memcg_kmem_charge+0x105/0x340 [ 2223.206224][ T9215] __alloc_pages_nodemask+0x29a/0x5d0 [ 2223.211600][ T9215] alloc_pages_current+0x2db/0x500 [ 2223.216798][ T9215] __pmd_alloc+0x39/0x3d0 [ 2223.221225][ T9215] copy_page_range+0x2555/0x2950 [ 2223.226203][ T9215] ? vma_gap_callbacks_rotate+0x1ee/0x230 [ 2223.232072][ T9215] ? init_admin_reserve+0xc0/0xc0 [ 2223.237412][ T9215] dup_mmap+0x9f1/0xdf0 [ 2223.241686][ T9215] dup_mm+0x9e/0x340 [ 2223.245624][ T9215] copy_process+0x2080/0x57b0 [ 2223.250304][ T9215] ? debug_smp_processor_id+0x9/0x20 [ 2223.255844][ T9215] _do_fork+0x13e/0x660 [ 2223.260006][ T9215] ? check_preemption_disabled+0x44/0x260 [ 2223.265827][ T9215] ? debug_smp_processor_id+0x9/0x20 [ 2223.271197][ T9215] ? check_preemption_disabled+0x44/0x260 [ 2223.277046][ T9215] ? debug_smp_processor_id+0x9/0x20 [ 2223.282348][ T9215] ? check_preemption_disabled+0x44/0x260 [ 2223.288146][ T9215] __x64_sys_clone+0x20b/0x250 [ 2223.292981][ T9215] do_syscall_64+0xf7/0x1c0 [ 2223.297646][ T9215] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2223.303531][ T9215] RIP: 0033:0x45aa4a [ 2223.307410][ T9215] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2223.327381][ T9215] RSP: 002b:00007ffc28d10e20 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2223.335963][ T9215] RAX: ffffffffffffffda RBX: 00007ffc28d10e20 RCX: 000000000045aa4a [ 2223.344061][ T9215] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 05:18:24 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000003e00000000000000", 0x32) [ 2223.352190][ T9215] RBP: 00007ffc28d10e60 R08: 0000000000000001 R09: 0000000002844940 [ 2223.360400][ T9215] R10: 0000000002844c10 R11: 0000000000000246 R12: 0000000000000001 [ 2223.368524][ T9215] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffc28d10eb0 [ 2223.386540][ T9215] memory: usage 307200kB, limit 307200kB, failcnt 11704 [ 2223.397148][ T9215] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2223.404920][ T9215] Memory cgroup stats for /syz1: [ 2223.405014][ T9215] anon 117227520 [ 2223.405014][ T9215] file 122880 [ 2223.405014][ T9215] kernel_stack 28311552 [ 2223.405014][ T9215] slab 54505472 [ 2223.405014][ T9215] sock 131072 [ 2223.405014][ T9215] shmem 0 [ 2223.405014][ T9215] file_mapped 135168 [ 2223.405014][ T9215] file_dirty 0 [ 2223.405014][ T9215] file_writeback 0 [ 2223.405014][ T9215] anon_thp 0 [ 2223.405014][ T9215] inactive_anon 516096 [ 2223.405014][ T9215] active_anon 116801536 [ 2223.405014][ T9215] inactive_file 4096 [ 2223.405014][ T9215] active_file 0 [ 2223.405014][ T9215] unevictable 0 [ 2223.405014][ T9215] slab_reclaimable 10137600 [ 2223.405014][ T9215] slab_unreclaimable 44367872 [ 2223.405014][ T9215] pgfault 235851 [ 2223.405014][ T9215] pgmajfault 0 [ 2223.405014][ T9215] workingset_refault 1980 [ 2223.405014][ T9215] workingset_activate 495 [ 2223.405014][ T9215] workingset_nodereclaim 0 [ 2223.405014][ T9215] pgrefill 96253 [ 2223.405014][ T9215] pgscan 97661 [ 2223.405014][ T9215] pgsteal 3360 [ 2223.505720][ T9215] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=11528,uid=0 [ 2223.521975][ T9215] Memory cgroup out of memory: Killed process 11528 (syz-executor.1) total-vm:74836kB, anon-rss:164kB, file-rss:35808kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2223.565716][T11549] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2223.578230][T11549] CPU: 1 PID: 11549 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2223.587061][T11549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2223.597261][T11549] Call Trace: [ 2223.600667][T11549] dump_stack+0x1fb/0x318 [ 2223.605031][T11549] dump_header+0xd8/0x960 [ 2223.609504][T11549] oom_kill_process+0xee/0x370 [ 2223.614489][T11549] out_of_memory+0x5dc/0x900 [ 2223.619094][T11549] try_charge+0x128f/0x18a0 [ 2223.623813][T11549] __memcg_kmem_charge_memcg+0x37/0x140 [ 2223.629378][T11549] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2223.635103][T11549] __memcg_kmem_charge+0x105/0x340 [ 2223.640235][T11549] __alloc_pages_nodemask+0x29a/0x5d0 [ 2223.645667][T11549] alloc_pages_current+0x2db/0x500 [ 2223.650843][T11549] __get_free_pages+0xc/0x30 [ 2223.655444][T11549] pgd_alloc+0x21/0x250 [ 2223.659624][T11549] mm_init+0x44f/0x6e0 [ 2223.663759][T11549] dup_mm+0x8a/0x340 [ 2223.667664][T11549] copy_process+0x2080/0x57b0 [ 2223.672493][T11549] ? debug_smp_processor_id+0x9/0x20 [ 2223.677832][T11549] _do_fork+0x13e/0x660 [ 2223.682022][T11549] ? check_preemption_disabled+0x44/0x260 [ 2223.687752][T11549] ? debug_smp_processor_id+0x9/0x20 [ 2223.693169][T11549] ? check_preemption_disabled+0x44/0x260 [ 2223.698896][T11549] ? debug_smp_processor_id+0x9/0x20 [ 2223.704241][T11549] ? check_preemption_disabled+0x44/0x260 [ 2223.709995][T11549] __x64_sys_clone+0x20b/0x250 [ 2223.714931][T11549] do_syscall_64+0xf7/0x1c0 [ 2223.719614][T11549] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2223.725639][T11549] RIP: 0033:0x45c479 [ 2223.729542][T11549] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2223.745793][T11550] ref_ctr_offset mismatch. inode: 0x4844 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfffffff6 [ 2223.749307][T11549] RSP: 002b:00007fe0b78f1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2223.749320][T11549] RAX: ffffffffffffffda RBX: 00007fe0b78f26d4 RCX: 000000000045c479 [ 2223.749325][T11549] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 2223.749330][T11549] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2223.749335][T11549] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2223.749340][T11549] R13: 0000000000000074 R14: 00000000004c2d06 R15: 000000000076bf2c [ 2223.749986][T11549] memory: usage 307200kB, limit 307200kB, failcnt 15573 [ 2223.749996][T11549] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2223.750002][T11549] Memory cgroup stats for /syz4: [ 2223.750095][T11549] anon 118407168 [ 2223.750095][T11549] file 16384 [ 2223.750095][T11549] kernel_stack 29011968 [ 2223.750095][T11549] slab 52461568 [ 2223.750095][T11549] sock 0 [ 2223.750095][T11549] shmem 73728 [ 2223.750095][T11549] file_mapped 0 [ 2223.750095][T11549] file_dirty 0 [ 2223.750095][T11549] file_writeback 0 [ 2223.750095][T11549] anon_thp 0 [ 2223.750095][T11549] inactive_anon 786432 [ 2223.750095][T11549] active_anon 117719040 [ 2223.750095][T11549] inactive_file 98304 [ 2223.750095][T11549] active_file 0 [ 2223.750095][T11549] unevictable 0 [ 2223.750095][T11549] slab_reclaimable 7839744 [ 2223.750095][T11549] slab_unreclaimable 44621824 [ 2223.750095][T11549] pgfault 244398 [ 2223.750095][T11549] pgmajfault 0 [ 2223.750095][T11549] workingset_refault 3630 [ 2223.750095][T11549] workingset_activate 1749 [ 2223.750095][T11549] workingset_nodereclaim 0 [ 2223.750095][T11549] pgrefill 132075 [ 2223.750095][T11549] pgscan 149712 [ 2223.750095][T11549] pgsteal 20006 [ 2223.750113][T11549] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=5170,uid=0 [ 2223.750207][T11549] Memory cgroup out of memory: Killed process 5170 (syz-executor.4) total-vm:74704kB, anon-rss:160kB, file-rss:35824kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 2223.960463][ T1143] oom_reaper: reaped process 5170 (syz-executor.4), now anon-rss:0kB, file-rss:34864kB, shmem-rss:0kB [ 2224.001769][T11535] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2224.012442][T11535] CPU: 1 PID: 11535 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2224.021152][T11535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2224.031789][T11535] Call Trace: [ 2224.035117][T11535] dump_stack+0x1fb/0x318 [ 2224.039475][T11535] dump_header+0xd8/0x960 [ 2224.043992][T11535] oom_kill_process+0xee/0x370 [ 2224.048789][T11535] out_of_memory+0x5dc/0x900 [ 2224.053417][T11535] try_charge+0x128f/0x18a0 [ 2224.057998][T11535] mem_cgroup_try_charge+0x216/0x550 [ 2224.063429][T11535] mem_cgroup_try_charge_delay+0x25/0xa0 [ 2224.069235][T11535] do_anonymous_page+0x382/0x1640 [ 2224.074563][T11535] handle_mm_fault+0x1c17/0x2900 [ 2224.079564][T11535] do_user_addr_fault+0x588/0xaf0 [ 2224.084751][T11535] do_page_fault+0x13b/0x250 [ 2224.089351][T11535] page_fault+0x39/0x40 [ 2224.093523][T11535] RIP: 0033:0x413c6f [ 2224.097428][T11535] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 2224.117364][T11535] RSP: 002b:00007ffeb3531060 EFLAGS: 00010206 [ 2224.123582][T11535] RAX: 00007fe0b78b1000 RBX: 0000000000020000 RCX: 000000000045c4ca [ 2224.131688][T11535] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 2224.139852][T11535] RBP: 00007ffeb3531140 R08: ffffffffffffffff R09: 0000000000000000 [ 2224.147975][T11535] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffeb3531230 [ 2224.156097][T11535] R13: 00007fe0b78d1700 R14: 0000000000000001 R15: 000000000076bfcc [ 2224.167456][T11535] memory: usage 306916kB, limit 307200kB, failcnt 15728 [ 2224.174889][T11535] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2224.182325][T11535] Memory cgroup stats for /syz4: [ 2224.182416][T11535] anon 118267904 [ 2224.182416][T11535] file 16384 [ 2224.182416][T11535] kernel_stack 28975104 [ 2224.182416][T11535] slab 52461568 [ 2224.182416][T11535] sock 0 [ 2224.182416][T11535] shmem 73728 [ 2224.182416][T11535] file_mapped 0 [ 2224.182416][T11535] file_dirty 0 [ 2224.182416][T11535] file_writeback 0 [ 2224.182416][T11535] anon_thp 0 [ 2224.182416][T11535] inactive_anon 786432 [ 2224.182416][T11535] active_anon 117583872 [ 2224.182416][T11535] inactive_file 98304 [ 2224.182416][T11535] active_file 0 [ 2224.182416][T11535] unevictable 0 [ 2224.182416][T11535] slab_reclaimable 7839744 [ 2224.182416][T11535] slab_unreclaimable 44621824 [ 2224.182416][T11535] pgfault 244398 [ 2224.182416][T11535] pgmajfault 0 [ 2224.182416][T11535] workingset_refault 3630 [ 2224.182416][T11535] workingset_activate 1749 [ 2224.182416][T11535] workingset_nodereclaim 0 [ 2224.182416][T11535] pgrefill 133758 [ 2224.182416][T11535] pgscan 151428 [ 2224.182416][T11535] pgsteal 20006 [ 2224.235268][T11559] binder: BINDER_SET_CONTEXT_MGR already set [ 2224.279533][T11535] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=4663,uid=0 [ 2224.307037][T11535] Memory cgroup out of memory: Killed process 4663 (syz-executor.4) total-vm:74836kB, anon-rss:168kB, file-rss:35816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 05:18:25 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000005500000000000000", 0x32) 05:18:25 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000003f00000000000000", 0x32) [ 2224.348180][T11559] binder: 11552:11559 ioctl 40046207 0 returned -16 05:18:25 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(0x0, &(0x7f0000000280)) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x18, 0x0, &(0x7f0000000140)=[@acquire={0x40046304}, @clear_death], 0x0, 0x8126000, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r3, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x9, 0x125980) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:18:25 executing program 4: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) [ 2224.590404][ T9215] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 2224.627746][ T9215] CPU: 1 PID: 9215 Comm: syz-executor.1 Not tainted 5.6.0-rc3-syzkaller #0 [ 2224.636677][ T9215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2224.646941][ T9215] Call Trace: [ 2224.650253][ T9215] dump_stack+0x1fb/0x318 [ 2224.654613][ T9215] dump_header+0xd8/0x960 [ 2224.659027][ T9215] oom_kill_process+0xee/0x370 [ 2224.663938][ T9215] out_of_memory+0x5dc/0x900 [ 2224.668570][ T9215] try_charge+0x128f/0x18a0 [ 2224.673157][ T9215] __memcg_kmem_charge_memcg+0x37/0x140 [ 2224.678780][ T9215] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2224.684382][ T9215] __memcg_kmem_charge+0x105/0x340 [ 2224.689552][ T9215] __alloc_pages_nodemask+0x29a/0x5d0 [ 2224.695109][ T9215] alloc_pages_current+0x2db/0x500 [ 2224.700352][ T9215] __pmd_alloc+0x39/0x3d0 [ 2224.704693][ T9215] copy_page_range+0x2555/0x2950 [ 2224.709660][ T9215] ? vma_gap_callbacks_rotate+0x1ee/0x230 [ 2224.715441][ T9215] ? init_admin_reserve+0xc0/0xc0 [ 2224.720593][ T9215] dup_mmap+0x9f1/0xdf0 [ 2224.724830][ T9215] dup_mm+0x9e/0x340 [ 2224.728751][ T9215] copy_process+0x2080/0x57b0 [ 2224.733619][ T9215] ? debug_smp_processor_id+0x9/0x20 [ 2224.738979][ T9215] _do_fork+0x13e/0x660 [ 2224.743320][ T9215] ? check_preemption_disabled+0x44/0x260 [ 2224.749145][ T9215] ? debug_smp_processor_id+0x9/0x20 [ 2224.755012][ T9215] ? check_preemption_disabled+0x44/0x260 [ 2224.761000][ T9215] ? debug_smp_processor_id+0x9/0x20 [ 2224.766397][ T9215] ? check_preemption_disabled+0x44/0x260 [ 2224.772204][ T9215] __x64_sys_clone+0x20b/0x250 [ 2224.777023][ T9215] do_syscall_64+0xf7/0x1c0 [ 2224.782139][ T9215] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2224.788142][ T9215] RIP: 0033:0x45aa4a [ 2224.792241][ T9215] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2224.813284][ T9215] RSP: 002b:00007ffc28d10e20 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2224.821912][ T9215] RAX: ffffffffffffffda RBX: 00007ffc28d10e20 RCX: 000000000045aa4a [ 2224.829901][ T9215] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2224.837886][ T9215] RBP: 00007ffc28d10e60 R08: 0000000000000001 R09: 0000000002844940 [ 2224.845866][ T9215] R10: 0000000002844c10 R11: 0000000000000246 R12: 0000000000000001 [ 2224.853846][ T9215] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffc28d10eb0 [ 2224.864849][ T9215] memory: usage 307200kB, limit 307200kB, failcnt 11732 [ 2224.871970][ T9215] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2224.878879][ T9215] Memory cgroup stats for /syz1: [ 2224.878969][ T9215] anon 117362688 [ 2224.878969][ T9215] file 122880 [ 2224.878969][ T9215] kernel_stack 28311552 [ 2224.878969][ T9215] slab 54505472 [ 2224.878969][ T9215] sock 131072 [ 2224.878969][ T9215] shmem 0 [ 2224.878969][ T9215] file_mapped 135168 [ 2224.878969][ T9215] file_dirty 0 [ 2224.878969][ T9215] file_writeback 0 [ 2224.878969][ T9215] anon_thp 0 [ 2224.878969][ T9215] inactive_anon 516096 [ 2224.878969][ T9215] active_anon 116936704 [ 2224.878969][ T9215] inactive_file 4096 [ 2224.878969][ T9215] active_file 0 [ 2224.878969][ T9215] unevictable 0 [ 2224.878969][ T9215] slab_reclaimable 10137600 [ 2224.878969][ T9215] slab_unreclaimable 44367872 [ 2224.878969][ T9215] pgfault 235950 [ 2224.878969][ T9215] pgmajfault 0 [ 2224.878969][ T9215] workingset_refault 1980 [ 2224.878969][ T9215] workingset_activate 495 [ 2224.878969][ T9215] workingset_nodereclaim 0 [ 2224.878969][ T9215] pgrefill 96352 [ 2224.878969][ T9215] pgscan 97760 [ 2224.878969][ T9215] pgsteal 3360 [ 2224.976202][ T9215] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=11561,uid=0 [ 2224.992003][ T9215] Memory cgroup out of memory: Killed process 11561 (syz-executor.1) total-vm:74836kB, anon-rss:164kB, file-rss:35804kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2225.223694][T11588] binder: BINDER_SET_CONTEXT_MGR already set [ 2225.240034][T11588] binder: 11588:11588 ioctl 40046207 0 returned -16 05:18:26 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @remote}}) write$tun(r0, &(0x7f00000021c0)={@void, @val={0x9}, @mpls={[], @ipv6=@icmpv6={0x0, 0x6, "9eef7b", 0xf98, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x3, 0x0, 0x0, 0x0, {0x0, 0x6, "6595c3", 0x0, 0x0, 0x0, @mcast2, @loopback, [@dstopts={0x11, 0x13, [0x0, 0x0, 0x0, 0x0, 0x4], [@padn={0x1, 0x1, [0x0]}, @enc_lim, @ra, @calipso={0x7, 0x30, {0x0, 0xa, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}}, @calipso={0x7, 0x40, {0x0, 0xe, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, @hao={0xc9, 0x10, @mcast2}, @jumbo, @pad1]}, @srh={0x2, 0xc, 0x4, 0x6, 0x0, 0x0, 0x0, [@loopback, @loopback, @remote, @mcast2, @local, @mcast2]}, @hopopts={0x0, 0x1b8, [], [@ra, @generic={0x0, 0xdbb, "0cad4f4a7eeb53720a5107b6d8001a2f2241086745756559ca43dcc86c24645dd1ca87e3caf5413013c6baee7f151d411bad8f23a85fadfe0f959c12d3393193f4499171ba7b0fdee3a48548863719a05490befc514e21c91ea0c4bcc0e488e1cec20d2c2a5a69ce3dd47d41718560907c58078035d2a51850b0d85282b4a9ab5626b195d85d2727ed7047b647859a72011ff3fa524341909f841651f63701526c6a7e741f3bded9c25d978a77f334d12931fdd5484306ec3d6b268311f46917b7e42efa149511bafa5415d17ac02ab8937249a68b2e3fddb941b0040ced142c2afedcbec1039d40f4923ea3d4475ac561a6a0e869569dd13e736bf127eacb110f8d010329fccadf8e48b27819c823ca0f507f87b3d63ef1869cba2fe3deb0ad1dbaa1a343ab0a856f3e248c6af4ddbfc11824031ce2beeae0991b79382da8b02e0d25715845fc86df5a6279d54d675789e58df953992123c28c532058750c5978a819ddaadbcbe1d7fc264cb688b91668e116227771f36e2a8eb8b7bc364dbda1b3225c6bf9d82ae1e69fe54b17ff692f8b47718b508b8a4e10735bcb55f90616e50d6ba8851388d0f1b39957374ddc9efb243ac2a2bc436e867f3e1499e62d9d158ac22d4d0350b45d1ff2db14ff9507defa68bd37bc5a2e4f7988329171dd59db16a044b748fb6e05e3ca8f863b2ddd8623495f0c3d183e1b610263f17d7629921562a42a3c45a515a30a2c3edc574dff264f881f61393447a1fd773a20e494ac3afc0df59da758af735fbd5e6ad689e95675e29c15617764084f5b6f4732435f63ccb423df6442ad322600e21be45296fd27ca9e08ee7f442a688a32817404d9300ce4a70c2b75ca422b2173a52e9a800f5e520f349525b4c493701ae68ae0efc5e117b9a20735e47c37ccd977686b30d6cabb18f8e7c07ef9721f7daaf4b2c1fd02ec9a2e6e2fd458fa93e4f54d96d5e25ebaca4f322994ae737ee0181b9fac284e952b71fa18ecc7f1c3752a6385a596c094d36654008db0a2a785bf55bcb973d3c5e45ea9ca7506c10ecc0472fd4dd568e38548e87f8557d90290d8a8985cfa43853de5ff75d5a6d8f697c2a6a727675ea5aa1779b1cc98b4ff9556933c7bfa3ae59ada5c8d49191cbea2f2b457dd53c62a4dd257e808b3804cd18a95d566a818797fdc09f4b607dc97b634a9d9e447cc2252f51dd8ad9f5a10ccf32b7154992623957d963731bc4331adfc90c48361e4e2239892c82ff9260ad221c2e83c2352095d95a3d44a402e874edaa8a304f2e1c3d6a383a0515eb5657589a67691a22f10b89fd74123f7cec086d434da40ba509b0dbdf1fa82f4b16f9f3e6df6b0b28c3a85ab272e50e064fc37f681fcb5cfa0c0899a9b88d0a483281032cb16a80202b96cfe473ba073fcb9a6eeeee0032afe23506facba3ed1d11608d21a580ab87eeef70d18d9331eae104f6d77a4bc96bce642815485f513bb71ddc560bc31e995aba9faccd7d1bf74c8fe2b5d7137e3b771a2f408ac06d24bad2f7f4c8f6d7d977d7248415ccbd3420688ff681cf9b00724b6981b2555b86bce142c5d3bef47ebf75e989b337cb8cb98ed24402a98a4224685ceb2ded92f347e5192903dff7f6ed980cbf1413b8eb68474a9abac3fb206ef1ebe0d08dd999c9ecf811d0706d0a705a23ae530d3775e978159dc3c73b86dcd18a61e1c6c8b810041fbd80e0a4c9ff8a73933bb3dae152514ced9ee050e059c6f1bd0dbf2e3517ee3c2d770c296e6596290cf800508715da0799efced72be1ab153bec534129279639ba1afde05179952bf9e80133865b60c5669ef3b6972483e2936ac87a69c8e296a0c24cc0b2ce8583c99414ce7d7309c404b0652f27e6911fdfb59877366fa8754e716e50aa99cd04cbf7eb2c8e118b1a17d9965d6611dc65ac8c6b3a4d5d3df3097c4163c354509b50df0cc2daf0291bbd384a34dec960fd84a67cb30b761ee8161bb25d389bd20e15bfcf7f5edd77005e96e90c5a9bbacd7b3f9f5bbdb880f0a7e1254572b86cb28b3c310ba3052d3785b024ed3f3fafabf1393cf2d882b8bacca30d69adc024baede50d9b0bc2ffcd2bf5c6fef2fc290390162b563b8e846d7b615115818623113f01a1c216b9f588b65db63a459bcfce53020debb6de6e746ef2f9f1c8276ba8995e1bd02d3194e9875e1692ea0255743ba2175c4a804f57a4c19a2c7a4f8f36557878deba2d485aa67c2f36ccbb582f3c569e5d00fe8636857f30854abea6758389bcc832d0de97635ea41e42efa0b7c06fd4f84deeaebccfa8852e3c5582ade34fbe462b5244156d4545bd32377c65e3b0303879f8cc8f177056e39f99591dbaf1b2640f9b68c4cf3989fdd442cb1298d62ce43a21c56bc9556eb27431c04ed337fcd37c26387772677c25c7be21ee74d087c7b88457f30b34a493acb519295f38f4b9bc6764fcbd763d4f9e061d0fd8cb7800e2e0ec18d0fbfdbddc9af8d817b3cf16ce82c91f184f5c8184736203e1bcdb4b8c03a2176926cac0ba9fcf7e21604973d53ee3fc38263e80cea9b1cd9a5016d3e03141426a6802e0926485e8afff7cf8be9bdd2ce685128a7631314c4414a6ade6a85975c1b2958d9c52e455174ca71562eaf6102654466c66f5d3e251e6cae5efd91a88a2513f0587d80b9aafd1936b43beb4054bc35f1c42c0381618bbba181f0de8f4e7aa15f87bc7bb4609f88eadbb83bcc13f8caf7eca20a938c35378f8d3a810a7463d8a2487a157871a7402ab05b54bed456fb2d4c440976ccb4e724a20ba1941f3b3db4f8a185982bd719362b7e190052b5579835d1da2adcfdbec002fdb5f7b187fd365eb601432bf984ad6ee59e13aafba08485997587417b70f8cdf4f7370f04d94df49e135ed3012b87e50b93b27c78e1409f05a4bc0b75e6322068de9b0af459fdc40e3649fb2a7fb1296e00e7d48315705ecbb7815fedb45b8773309489e47aaa4009952604df5d6cd57ec310fc387ecdb296c11376715286df3d15f651310461e83c2ae6d407db6f81784b291e6c8f42907dd4c473cb72dedeb930668d6e5efd95bd1f69d9e818a744557689f7106d0d2a3c3e6f79c98559f9c31ca32307011fa3d70963cc2801babc9a23f73f5fa4bcd04285927f6ef7c5099a4620b85ca8dff2a56fe8aac89949dac74cf869739610d87068e3d32fdba1d5b7460b7857249091cb62b6d9f824ffb9b88a02ea4926da7b8b672ad08ec8c7508a3c5ba901e7c8c8a19e63bbc148a8bb307c6f5d87c736c9d6bcfaabdc7da7102a8bc466c6c11c0bf1973aaf9bc181f996b8aa726dc952dd26df33d6b2aa8de037308df7935ef3390e5939fd9cdf2044b40422197fac93f1762ad342d293162c109f39a369e48977af8ea32a7a098fd9cd7cd979b41a104b8359038cd6741a73968c72d09e9b9869d8dc5fc36b9bfdc89b8cffcede960561a9d1e4aa2453f712caecd2a4206947d3588190e3433bdb87a9241e08686dc78f00162f8239d660b74d42ae1d534ffc3a51fc308f98a5ac00f4da9bdcee4e6d0bf627d17366691a3ab8569b730ad31dcc5324c8835b19b65a11845a03434e10329c5feeeb1088b13a3bc3fe65c3eb6e549003d8d211b87823a44910b2a42e340dd2176a17a2e6ebb45cc59baa9a3bbfd74e6ee8d2c512a825292bdd7abe5ff7ede61b74376e5bc37faf8d69346fa32708df690b2d5b5f18727e4bdb899718e38dae959bb56d95ac153beb1426f3cca03105d5fed56e597822bfc31bb284a9848f1b6b9a1910ad2af8b76887cdd2b1de1f81cd542e0c889e89737d61f5e50ef964205a3b4c77c72271f83015e34989d60ef6d0d6c307902975d5dbe90a23ee1cde956cf70135c91a199d9f75500dc95604b9e7eb365ea858d90377601bad95e07a0f156ffc02778365315b67093aebe32a2a5f00ba8b0eae6fb0414eabe117fd590bc39e9208b4137977b5a8610462f2e83cff2b16edcb444b5d33035d0a80bcb1da228247cad6c11369c5026c5a8320d97cbac232b0ecc0b201552e0f41ab143040324217ad67e8606b34a3349e4ef0c34f9cf56d5b6d157c09b178b358491eb270093a99f522afa3aedaf5dc705fe1842b12515dfe1650dd92ab489bed299677eeff81da531569a3ad832ae273a0b47627561a35da92a6c1b161dbf496248f04feb5a407d99968d6ba0174f453d94708be5a57d82b980bd7751b4a9590dc7b4d38c912a8571ebc39150f7e52efad66cb6d3996710bc5a3e89576182a6a1e15d95dbd74c1ab791bee657547ffb645feb8566ed8db97003f1ff2312946a0404c8dfc0f0a240d8320795c83e66f1429eb56db9ba6e1cee43cbc9e95bd10ceccf1f2ff6b8264ed4e83928e0c5056ad07ba0dad0bb21bec76d7b6ee05a2f0bac88f17004e2e299ccb2679099cc838e25f78685509b69d3164c1fae4c538e683af818d223e8806f50da7504008173b9fc69eafb649dc4b516e4554edbe8c9a0ba46db39c962af343e9caada22d55e3d7ad01e5e5d7d146edfc3a93ce8afde8416b8e9a929b8d88909e11554f1b934a98be2d6e6e0ae2ff66f10be722958a0c0c3766f69d590fc56ed8ae47c289413d62310e8022369e8102d0407bfd30c103fb743c81360752a71f36be5a511c43ebdb493d96a7b2eb80494a028f6cc76a2d0eb0aa1f1392bb50a2ba71384f071473d0774e425dd2d212b537f8f654458e0a5d300780c3d29ddcabe9fdd95c14e6cbd924d1aad9eaa2e00d45278609ef27fdec8d81c9221d07b59370db0911550fdddc9ef3ba760109ba384b3ad7ba5747aa50e0b9832bf39cbf5244de38af8c273d497597be8d4e5575d13a580584436621bb5b7878d23991a6221381af19ef2be71e2c7dea6e5fc9dbe0039ccb02d13d978eebdd411727ee7faed65ca6c872bf9c37322ede378709e9f6a61a1b07c7ceeb94b7719d78a8a3d8221695ba"}]}], "4011c6ed3ec831c0a859df4fd6a1cf59a90c42b433580b288a28728fb104cc462f4e92a1a4d50c2d9d75ce8b5ae9b1d6e9a4a79cae905957835e850585441d5cb5c76b06ad60a5a9003ebacf0d40fb6c636fd81af39f9d170ef5af99cd3e3e7ff54f71ca5d83d2b122ebbbc1333a2c811bc4095b572ebbcb83561044b2794ae54b33e99f48eac0eb"}}}}}}, 0xfca) 05:18:26 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000005600000000000000", 0x32) 05:18:26 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0xc}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 05:18:26 executing program 4: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:18:26 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000004000000000000000", 0x32) 05:18:26 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x18, 0x0, &(0x7f0000000140)=[@acquire={0x40046304}, @clear_death], 0x0, 0x8126000, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r3, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x9, 0x125980) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:18:26 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000005700000000000000", 0x32) [ 2225.556894][T11601] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2225.569378][T11601] CPU: 1 PID: 11601 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2225.578168][T11601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2225.588388][T11601] Call Trace: [ 2225.591713][T11601] dump_stack+0x1fb/0x318 [ 2225.596084][T11601] dump_header+0xd8/0x960 [ 2225.600446][T11601] oom_kill_process+0xee/0x370 [ 2225.605330][T11601] out_of_memory+0x5dc/0x900 [ 2225.609957][T11601] try_charge+0x128f/0x18a0 [ 2225.614504][T11601] __memcg_kmem_charge_memcg+0x37/0x140 [ 2225.620051][T11601] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2225.625623][T11601] __memcg_kmem_charge+0x105/0x340 [ 2225.630751][T11601] __alloc_pages_nodemask+0x29a/0x5d0 [ 2225.636164][T11601] alloc_pages_current+0x2db/0x500 [ 2225.641304][T11601] __get_free_pages+0xc/0x30 [ 2225.645885][T11601] pgd_alloc+0x21/0x250 [ 2225.650049][T11601] mm_init+0x44f/0x6e0 [ 2225.654152][T11601] dup_mm+0x8a/0x340 [ 2225.658071][T11601] copy_process+0x2080/0x57b0 [ 2225.662958][T11601] ? debug_smp_processor_id+0x9/0x20 [ 2225.668265][T11601] _do_fork+0x13e/0x660 [ 2225.672423][T11601] ? check_preemption_disabled+0x44/0x260 [ 2225.678270][T11601] ? debug_smp_processor_id+0x9/0x20 [ 2225.683580][T11601] ? check_preemption_disabled+0x44/0x260 [ 2225.689369][T11601] ? debug_smp_processor_id+0x9/0x20 [ 2225.694674][T11601] ? check_preemption_disabled+0x44/0x260 [ 2225.700417][T11601] __x64_sys_clone+0x20b/0x250 [ 2225.705336][T11601] do_syscall_64+0xf7/0x1c0 [ 2225.709852][T11601] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2225.716008][T11601] RIP: 0033:0x45c479 [ 2225.720166][T11601] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2225.740282][T11601] RSP: 002b:00007fe0b78f1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2225.748819][T11601] RAX: ffffffffffffffda RBX: 00007fe0b78f26d4 RCX: 000000000045c479 [ 2225.756814][T11601] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 2225.764791][T11601] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2225.772938][T11601] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2225.780926][T11601] R13: 0000000000000074 R14: 00000000004c2d06 R15: 000000000076bf2c [ 2225.789053][T11601] memory: usage 307200kB, limit 307200kB, failcnt 15744 [ 2225.796074][T11601] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2225.803104][T11601] Memory cgroup stats for /syz4: [ 2225.803210][T11601] anon 118378496 [ 2225.803210][T11601] file 16384 [ 2225.803210][T11601] kernel_stack 28975104 [ 2225.803210][T11601] slab 52461568 [ 2225.803210][T11601] sock 0 [ 2225.803210][T11601] shmem 73728 [ 2225.803210][T11601] file_mapped 0 [ 2225.803210][T11601] file_dirty 0 [ 2225.803210][T11601] file_writeback 0 [ 2225.803210][T11601] anon_thp 0 [ 2225.803210][T11601] inactive_anon 786432 [ 2225.803210][T11601] active_anon 117583872 [ 2225.803210][T11601] inactive_file 98304 [ 2225.803210][T11601] active_file 0 [ 2225.803210][T11601] unevictable 0 [ 2225.803210][T11601] slab_reclaimable 7839744 [ 2225.803210][T11601] slab_unreclaimable 44621824 [ 2225.803210][T11601] pgfault 244563 [ 2225.803210][T11601] pgmajfault 0 [ 2225.803210][T11601] workingset_refault 3630 [ 2225.803210][T11601] workingset_activate 1749 [ 2225.803210][T11601] workingset_nodereclaim 0 [ 2225.803210][T11601] pgrefill 133890 [ 2225.803210][T11601] pgscan 151560 [ 2225.803210][T11601] pgsteal 20006 [ 2225.898322][T11601] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=1170,uid=0 [ 2225.913780][T11601] Memory cgroup out of memory: Killed process 1170 (syz-executor.4) total-vm:74704kB, anon-rss:160kB, file-rss:35824kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 2226.130742][ T1143] oom_reaper: reaped process 1170 (syz-executor.4), now anon-rss:0kB, file-rss:34864kB, shmem-rss:0kB [ 2226.159952][T11604] ref_ctr_offset mismatch. inode: 0x4821 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfffffff6 [ 2226.208336][T11596] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2226.254153][T11606] binder: BINDER_SET_CONTEXT_MGR already set [ 2226.264556][T11596] CPU: 1 PID: 11596 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2226.273401][T11596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2226.283733][T11596] Call Trace: [ 2226.287065][T11596] dump_stack+0x1fb/0x318 [ 2226.291663][T11596] dump_header+0xd8/0x960 [ 2226.296255][T11596] oom_kill_process+0xee/0x370 [ 2226.301043][T11596] out_of_memory+0x5dc/0x900 [ 2226.305663][T11596] try_charge+0x128f/0x18a0 [ 2226.310234][T11596] mem_cgroup_try_charge+0x216/0x550 [ 2226.315571][T11596] mem_cgroup_try_charge_delay+0x25/0xa0 [ 2226.321245][T11596] wp_page_copy+0x35f/0x1c50 [ 2226.325897][T11596] do_wp_page+0x5e4/0x16d0 [ 2226.328142][T11606] binder: 11595:11606 ioctl 40046207 0 returned -16 [ 2226.330314][T11596] ? __kasan_check_write+0x14/0x20 [ 2226.330328][T11596] ? do_raw_spin_lock+0x103/0x7b0 [ 2226.330340][T11596] ? handle_mm_fault+0x235a/0x2900 [ 2226.330369][T11596] handle_mm_fault+0x241f/0x2900 [ 2226.330420][T11596] do_user_addr_fault+0x588/0xaf0 [ 2226.330447][T11596] do_page_fault+0x13b/0x250 [ 2226.367137][T11596] page_fault+0x39/0x40 [ 2226.371466][T11596] RIP: 0033:0x43299f [ 2226.375380][T11596] Code: c8 ee 4e 00 ba 59 0a 00 00 be e8 df 4e 00 bf 90 e7 4e 00 e8 e3 b8 ff ff 0f 1f 00 48 83 fe bf 0f 87 63 08 00 00 48 89 f0 41 57 <41> 56 48 83 c0 17 41 55 41 54 55 53 48 89 c5 48 83 e5 f0 48 89 fb [ 2226.395434][T11596] RSP: 002b:00007ffeb3531000 EFLAGS: 00010213 [ 2226.401515][T11596] RAX: 0000000000000110 RBX: 0000000000720640 RCX: 000000000045c4ca [ 2226.409523][T11596] RDX: 0000000000000011 RSI: 0000000000000110 RDI: 0000000000720640 [ 2226.417689][T11596] RBP: 0000000000000110 R08: ffffffffffffffff R09: 0000000000000000 [ 2226.425795][T11596] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000000205b0 [ 2226.433784][T11596] R13: 0000000000d46a50 R14: 0000000000000001 R15: 000000000076bfcc [ 2226.468247][T11596] memory: usage 307200kB, limit 307200kB, failcnt 15899 05:18:27 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000004100000000000000", 0x32) [ 2226.571321][T11596] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 05:18:27 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000005800000000000000", 0x32) [ 2226.654138][T11596] Memory cgroup stats for /syz4: [ 2226.657634][T11596] anon 118378496 [ 2226.657634][T11596] file 16384 [ 2226.657634][T11596] kernel_stack 28975104 [ 2226.657634][T11596] slab 52461568 [ 2226.657634][T11596] sock 0 [ 2226.657634][T11596] shmem 73728 [ 2226.657634][T11596] file_mapped 0 [ 2226.657634][T11596] file_dirty 0 [ 2226.657634][T11596] file_writeback 0 [ 2226.657634][T11596] anon_thp 0 [ 2226.657634][T11596] inactive_anon 786432 [ 2226.657634][T11596] active_anon 117583872 [ 2226.657634][T11596] inactive_file 98304 [ 2226.657634][T11596] active_file 0 [ 2226.657634][T11596] unevictable 0 [ 2226.657634][T11596] slab_reclaimable 7839744 [ 2226.657634][T11596] slab_unreclaimable 44621824 [ 2226.657634][T11596] pgfault 244596 [ 2226.657634][T11596] pgmajfault 0 [ 2226.657634][T11596] workingset_refault 3630 [ 2226.657634][T11596] workingset_activate 1749 [ 2226.657634][T11596] workingset_nodereclaim 0 [ 2226.657634][T11596] pgrefill 134748 [ 2226.657634][T11596] pgscan 152385 [ 2226.657634][T11596] pgsteal 20006 05:18:27 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x18, 0x0, &(0x7f0000000140)=[@acquire={0x40046304}, @clear_death], 0x0, 0x8126000, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r3, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x9, 0x125980) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:18:27 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0xd}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 05:18:27 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000004200000000000000", 0x32) [ 2226.911865][T11596] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=745,uid=0 [ 2226.958720][T11596] Memory cgroup out of memory: Killed process 745 (syz-executor.4) total-vm:74704kB, anon-rss:160kB, file-rss:35824kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 2227.016456][ T9215] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 2227.044846][ T9215] CPU: 0 PID: 9215 Comm: syz-executor.1 Not tainted 5.6.0-rc3-syzkaller #0 [ 2227.053523][ T9215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2227.063758][ T9215] Call Trace: [ 2227.067077][ T9215] dump_stack+0x1fb/0x318 [ 2227.071443][ T9215] dump_header+0xd8/0x960 [ 2227.075830][ T9215] oom_kill_process+0xee/0x370 [ 2227.080613][ T9215] out_of_memory+0x5dc/0x900 [ 2227.085382][ T9215] try_charge+0x128f/0x18a0 [ 2227.090908][ T9215] __memcg_kmem_charge_memcg+0x37/0x140 [ 2227.096477][ T9215] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2227.102186][ T9215] __memcg_kmem_charge+0x105/0x340 [ 2227.107346][ T9215] __alloc_pages_nodemask+0x29a/0x5d0 [ 2227.112840][ T9215] alloc_pages_current+0x2db/0x500 [ 2227.117988][ T9215] pte_alloc_one+0x1f/0x180 [ 2227.122516][ T9215] __pte_alloc+0x20/0x2f0 [ 2227.126984][ T9215] copy_page_range+0x2434/0x2950 [ 2227.131998][ T9215] ? __vma_link_rb+0x822/0x840 [ 2227.136809][ T9215] dup_mmap+0x9f1/0xdf0 [ 2227.141140][ T9215] dup_mm+0x9e/0x340 [ 2227.145086][ T9215] copy_process+0x2080/0x57b0 [ 2227.149792][ T9215] ? debug_smp_processor_id+0x9/0x20 [ 2227.155249][ T9215] _do_fork+0x13e/0x660 [ 2227.159448][ T9215] ? check_preemption_disabled+0x44/0x260 [ 2227.165210][ T9215] ? debug_smp_processor_id+0x9/0x20 [ 2227.170637][ T9215] ? check_preemption_disabled+0x44/0x260 [ 2227.176390][ T9215] ? debug_smp_processor_id+0x9/0x20 [ 2227.181805][ T9215] ? check_preemption_disabled+0x44/0x260 [ 2227.187548][ T9215] __x64_sys_clone+0x20b/0x250 [ 2227.192346][ T9215] do_syscall_64+0xf7/0x1c0 [ 2227.197049][ T9215] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2227.203131][ T9215] RIP: 0033:0x45aa4a [ 2227.207123][ T9215] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2227.226875][ T9215] RSP: 002b:00007ffc28d10e20 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2227.235667][ T9215] RAX: ffffffffffffffda RBX: 00007ffc28d10e20 RCX: 000000000045aa4a [ 2227.243660][ T9215] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2227.251639][ T9215] RBP: 00007ffc28d10e60 R08: 0000000000000001 R09: 0000000002844940 [ 2227.259632][ T9215] R10: 0000000002844c10 R11: 0000000000000246 R12: 0000000000000001 [ 2227.267630][ T9215] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffc28d10eb0 [ 2227.281292][ T9215] memory: usage 307200kB, limit 307200kB, failcnt 11773 [ 2227.288402][ T9215] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2227.295885][ T9215] Memory cgroup stats for /syz1: [ 2227.295981][ T9215] anon 117219328 [ 2227.295981][ T9215] file 122880 [ 2227.295981][ T9215] kernel_stack 28311552 [ 2227.295981][ T9215] slab 54505472 [ 2227.295981][ T9215] sock 131072 [ 2227.295981][ T9215] shmem 0 [ 2227.295981][ T9215] file_mapped 135168 [ 2227.295981][ T9215] file_dirty 0 [ 2227.295981][ T9215] file_writeback 0 [ 2227.295981][ T9215] anon_thp 0 [ 2227.295981][ T9215] inactive_anon 516096 [ 2227.295981][ T9215] active_anon 116801536 [ 2227.295981][ T9215] inactive_file 4096 [ 2227.295981][ T9215] active_file 0 [ 2227.295981][ T9215] unevictable 0 [ 2227.295981][ T9215] slab_reclaimable 10137600 [ 2227.295981][ T9215] slab_unreclaimable 44367872 [ 2227.295981][ T9215] pgfault 236115 [ 2227.295981][ T9215] pgmajfault 0 [ 2227.295981][ T9215] workingset_refault 1980 [ 2227.295981][ T9215] workingset_activate 495 [ 2227.295981][ T9215] workingset_nodereclaim 0 [ 2227.295981][ T9215] pgrefill 96551 [ 2227.295981][ T9215] pgscan 97958 [ 2227.295981][ T9215] pgsteal 3360 [ 2227.391250][ T9215] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=11610,uid=0 [ 2227.407599][ T9215] Memory cgroup out of memory: Killed process 11610 (syz-executor.1) total-vm:74968kB, anon-rss:172kB, file-rss:35796kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2227.448115][T11633] ref_ctr_offset mismatch. inode: 0x47c0 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfffffff6 05:18:28 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @remote}}) write$tun(r0, &(0x7f00000021c0)={@void, @val={0x9}, @mpls={[], @ipv6=@icmpv6={0x0, 0x6, "9eef7b", 0xf98, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x3, 0x0, 0x0, 0x0, {0x0, 0x6, "6595c3", 0x0, 0x0, 0x0, @mcast2, @loopback, [@dstopts={0x11, 0x13, [0x0, 0x0, 0x0, 0x0, 0x5], [@padn={0x1, 0x1, [0x0]}, @enc_lim, @ra, @calipso={0x7, 0x30, {0x0, 0xa, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}}, @calipso={0x7, 0x40, {0x0, 0xe, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, @hao={0xc9, 0x10, @mcast2}, @jumbo, @pad1]}, @srh={0x2, 0xc, 0x4, 0x6, 0x0, 0x0, 0x0, [@loopback, @loopback, @remote, @mcast2, @local, @mcast2]}, @hopopts={0x0, 0x1b8, [], [@ra, @generic={0x0, 0xdbb, "0cad4f4a7eeb53720a5107b6d8001a2f2241086745756559ca43dcc86c24645dd1ca87e3caf5413013c6baee7f151d411bad8f23a85fadfe0f959c12d3393193f4499171ba7b0fdee3a48548863719a05490befc514e21c91ea0c4bcc0e488e1cec20d2c2a5a69ce3dd47d41718560907c58078035d2a51850b0d85282b4a9ab5626b195d85d2727ed7047b647859a72011ff3fa524341909f841651f63701526c6a7e741f3bded9c25d978a77f334d12931fdd5484306ec3d6b268311f46917b7e42efa149511bafa5415d17ac02ab8937249a68b2e3fddb941b0040ced142c2afedcbec1039d40f4923ea3d4475ac561a6a0e869569dd13e736bf127eacb110f8d010329fccadf8e48b27819c823ca0f507f87b3d63ef1869cba2fe3deb0ad1dbaa1a343ab0a856f3e248c6af4ddbfc11824031ce2beeae0991b79382da8b02e0d25715845fc86df5a6279d54d675789e58df953992123c28c532058750c5978a819ddaadbcbe1d7fc264cb688b91668e116227771f36e2a8eb8b7bc364dbda1b3225c6bf9d82ae1e69fe54b17ff692f8b47718b508b8a4e10735bcb55f90616e50d6ba8851388d0f1b39957374ddc9efb243ac2a2bc436e867f3e1499e62d9d158ac22d4d0350b45d1ff2db14ff9507defa68bd37bc5a2e4f7988329171dd59db16a044b748fb6e05e3ca8f863b2ddd8623495f0c3d183e1b610263f17d7629921562a42a3c45a515a30a2c3edc574dff264f881f61393447a1fd773a20e494ac3afc0df59da758af735fbd5e6ad689e95675e29c15617764084f5b6f4732435f63ccb423df6442ad322600e21be45296fd27ca9e08ee7f442a688a32817404d9300ce4a70c2b75ca422b2173a52e9a800f5e520f349525b4c493701ae68ae0efc5e117b9a20735e47c37ccd977686b30d6cabb18f8e7c07ef9721f7daaf4b2c1fd02ec9a2e6e2fd458fa93e4f54d96d5e25ebaca4f322994ae737ee0181b9fac284e952b71fa18ecc7f1c3752a6385a596c094d36654008db0a2a785bf55bcb973d3c5e45ea9ca7506c10ecc0472fd4dd568e38548e87f8557d90290d8a8985cfa43853de5ff75d5a6d8f697c2a6a727675ea5aa1779b1cc98b4ff9556933c7bfa3ae59ada5c8d49191cbea2f2b457dd53c62a4dd257e808b3804cd18a95d566a818797fdc09f4b607dc97b634a9d9e447cc2252f51dd8ad9f5a10ccf32b7154992623957d963731bc4331adfc90c48361e4e2239892c82ff9260ad221c2e83c2352095d95a3d44a402e874edaa8a304f2e1c3d6a383a0515eb5657589a67691a22f10b89fd74123f7cec086d434da40ba509b0dbdf1fa82f4b16f9f3e6df6b0b28c3a85ab272e50e064fc37f681fcb5cfa0c0899a9b88d0a483281032cb16a80202b96cfe473ba073fcb9a6eeeee0032afe23506facba3ed1d11608d21a580ab87eeef70d18d9331eae104f6d77a4bc96bce642815485f513bb71ddc560bc31e995aba9faccd7d1bf74c8fe2b5d7137e3b771a2f408ac06d24bad2f7f4c8f6d7d977d7248415ccbd3420688ff681cf9b00724b6981b2555b86bce142c5d3bef47ebf75e989b337cb8cb98ed24402a98a4224685ceb2ded92f347e5192903dff7f6ed980cbf1413b8eb68474a9abac3fb206ef1ebe0d08dd999c9ecf811d0706d0a705a23ae530d3775e978159dc3c73b86dcd18a61e1c6c8b810041fbd80e0a4c9ff8a73933bb3dae152514ced9ee050e059c6f1bd0dbf2e3517ee3c2d770c296e6596290cf800508715da0799efced72be1ab153bec534129279639ba1afde05179952bf9e80133865b60c5669ef3b6972483e2936ac87a69c8e296a0c24cc0b2ce8583c99414ce7d7309c404b0652f27e6911fdfb59877366fa8754e716e50aa99cd04cbf7eb2c8e118b1a17d9965d6611dc65ac8c6b3a4d5d3df3097c4163c354509b50df0cc2daf0291bbd384a34dec960fd84a67cb30b761ee8161bb25d389bd20e15bfcf7f5edd77005e96e90c5a9bbacd7b3f9f5bbdb880f0a7e1254572b86cb28b3c310ba3052d3785b024ed3f3fafabf1393cf2d882b8bacca30d69adc024baede50d9b0bc2ffcd2bf5c6fef2fc290390162b563b8e846d7b615115818623113f01a1c216b9f588b65db63a459bcfce53020debb6de6e746ef2f9f1c8276ba8995e1bd02d3194e9875e1692ea0255743ba2175c4a804f57a4c19a2c7a4f8f36557878deba2d485aa67c2f36ccbb582f3c569e5d00fe8636857f30854abea6758389bcc832d0de97635ea41e42efa0b7c06fd4f84deeaebccfa8852e3c5582ade34fbe462b5244156d4545bd32377c65e3b0303879f8cc8f177056e39f99591dbaf1b2640f9b68c4cf3989fdd442cb1298d62ce43a21c56bc9556eb27431c04ed337fcd37c26387772677c25c7be21ee74d087c7b88457f30b34a493acb519295f38f4b9bc6764fcbd763d4f9e061d0fd8cb7800e2e0ec18d0fbfdbddc9af8d817b3cf16ce82c91f184f5c8184736203e1bcdb4b8c03a2176926cac0ba9fcf7e21604973d53ee3fc38263e80cea9b1cd9a5016d3e03141426a6802e0926485e8afff7cf8be9bdd2ce685128a7631314c4414a6ade6a85975c1b2958d9c52e455174ca71562eaf6102654466c66f5d3e251e6cae5efd91a88a2513f0587d80b9aafd1936b43beb4054bc35f1c42c0381618bbba181f0de8f4e7aa15f87bc7bb4609f88eadbb83bcc13f8caf7eca20a938c35378f8d3a810a7463d8a2487a157871a7402ab05b54bed456fb2d4c440976ccb4e724a20ba1941f3b3db4f8a185982bd719362b7e190052b5579835d1da2adcfdbec002fdb5f7b187fd365eb601432bf984ad6ee59e13aafba08485997587417b70f8cdf4f7370f04d94df49e135ed3012b87e50b93b27c78e1409f05a4bc0b75e6322068de9b0af459fdc40e3649fb2a7fb1296e00e7d48315705ecbb7815fedb45b8773309489e47aaa4009952604df5d6cd57ec310fc387ecdb296c11376715286df3d15f651310461e83c2ae6d407db6f81784b291e6c8f42907dd4c473cb72dedeb930668d6e5efd95bd1f69d9e818a744557689f7106d0d2a3c3e6f79c98559f9c31ca32307011fa3d70963cc2801babc9a23f73f5fa4bcd04285927f6ef7c5099a4620b85ca8dff2a56fe8aac89949dac74cf869739610d87068e3d32fdba1d5b7460b7857249091cb62b6d9f824ffb9b88a02ea4926da7b8b672ad08ec8c7508a3c5ba901e7c8c8a19e63bbc148a8bb307c6f5d87c736c9d6bcfaabdc7da7102a8bc466c6c11c0bf1973aaf9bc181f996b8aa726dc952dd26df33d6b2aa8de037308df7935ef3390e5939fd9cdf2044b40422197fac93f1762ad342d293162c109f39a369e48977af8ea32a7a098fd9cd7cd979b41a104b8359038cd6741a73968c72d09e9b9869d8dc5fc36b9bfdc89b8cffcede960561a9d1e4aa2453f712caecd2a4206947d3588190e3433bdb87a9241e08686dc78f00162f8239d660b74d42ae1d534ffc3a51fc308f98a5ac00f4da9bdcee4e6d0bf627d17366691a3ab8569b730ad31dcc5324c8835b19b65a11845a03434e10329c5feeeb1088b13a3bc3fe65c3eb6e549003d8d211b87823a44910b2a42e340dd2176a17a2e6ebb45cc59baa9a3bbfd74e6ee8d2c512a825292bdd7abe5ff7ede61b74376e5bc37faf8d69346fa32708df690b2d5b5f18727e4bdb899718e38dae959bb56d95ac153beb1426f3cca03105d5fed56e597822bfc31bb284a9848f1b6b9a1910ad2af8b76887cdd2b1de1f81cd542e0c889e89737d61f5e50ef964205a3b4c77c72271f83015e34989d60ef6d0d6c307902975d5dbe90a23ee1cde956cf70135c91a199d9f75500dc95604b9e7eb365ea858d90377601bad95e07a0f156ffc02778365315b67093aebe32a2a5f00ba8b0eae6fb0414eabe117fd590bc39e9208b4137977b5a8610462f2e83cff2b16edcb444b5d33035d0a80bcb1da228247cad6c11369c5026c5a8320d97cbac232b0ecc0b201552e0f41ab143040324217ad67e8606b34a3349e4ef0c34f9cf56d5b6d157c09b178b358491eb270093a99f522afa3aedaf5dc705fe1842b12515dfe1650dd92ab489bed299677eeff81da531569a3ad832ae273a0b47627561a35da92a6c1b161dbf496248f04feb5a407d99968d6ba0174f453d94708be5a57d82b980bd7751b4a9590dc7b4d38c912a8571ebc39150f7e52efad66cb6d3996710bc5a3e89576182a6a1e15d95dbd74c1ab791bee657547ffb645feb8566ed8db97003f1ff2312946a0404c8dfc0f0a240d8320795c83e66f1429eb56db9ba6e1cee43cbc9e95bd10ceccf1f2ff6b8264ed4e83928e0c5056ad07ba0dad0bb21bec76d7b6ee05a2f0bac88f17004e2e299ccb2679099cc838e25f78685509b69d3164c1fae4c538e683af818d223e8806f50da7504008173b9fc69eafb649dc4b516e4554edbe8c9a0ba46db39c962af343e9caada22d55e3d7ad01e5e5d7d146edfc3a93ce8afde8416b8e9a929b8d88909e11554f1b934a98be2d6e6e0ae2ff66f10be722958a0c0c3766f69d590fc56ed8ae47c289413d62310e8022369e8102d0407bfd30c103fb743c81360752a71f36be5a511c43ebdb493d96a7b2eb80494a028f6cc76a2d0eb0aa1f1392bb50a2ba71384f071473d0774e425dd2d212b537f8f654458e0a5d300780c3d29ddcabe9fdd95c14e6cbd924d1aad9eaa2e00d45278609ef27fdec8d81c9221d07b59370db0911550fdddc9ef3ba760109ba384b3ad7ba5747aa50e0b9832bf39cbf5244de38af8c273d497597be8d4e5575d13a580584436621bb5b7878d23991a6221381af19ef2be71e2c7dea6e5fc9dbe0039ccb02d13d978eebdd411727ee7faed65ca6c872bf9c37322ede378709e9f6a61a1b07c7ceeb94b7719d78a8a3d8221695ba"}]}], "4011c6ed3ec831c0a859df4fd6a1cf59a90c42b433580b288a28728fb104cc462f4e92a1a4d50c2d9d75ce8b5ae9b1d6e9a4a79cae905957835e850585441d5cb5c76b06ad60a5a9003ebacf0d40fb6c636fd81af39f9d170ef5af99cd3e3e7ff54f71ca5d83d2b122ebbbc1333a2c811bc4095b572ebbcb83561044b2794ae54b33e99f48eac0eb"}}}}}}, 0xfca) 05:18:28 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000655800000000000000", 0x32) 05:18:28 executing program 4: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:18:28 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000004300000000000000", 0x32) 05:18:28 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0xe}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2227.753633][T11641] binder: BINDER_SET_CONTEXT_MGR already set 05:18:28 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000005900000000000000", 0x32) 05:18:28 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x18, 0x0, &(0x7f0000000140)=[@acquire={0x40046304}, @clear_death], 0x0, 0x8126000, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r3, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x9, 0x125980) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:18:28 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000054300000000000000", 0x32) [ 2227.848452][T11641] binder: 11641:11641 ioctl 40046207 0 returned -16 [ 2227.888751][T11657] ref_ctr_offset mismatch. inode: 0x47ea offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfffffff6 05:18:29 executing program 4: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:18:29 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0xf}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2228.311364][T11679] ref_ctr_offset mismatch. inode: 0x47d8 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfffffff6 [ 2228.440093][T11676] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2228.452397][T11676] CPU: 0 PID: 11676 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2228.461187][T11676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2228.471257][T11676] Call Trace: [ 2228.474568][T11676] dump_stack+0x1fb/0x318 [ 2228.478910][T11676] dump_header+0xd8/0x960 [ 2228.483260][T11676] oom_kill_process+0xee/0x370 [ 2228.488210][T11676] out_of_memory+0x5dc/0x900 [ 2228.492817][T11676] try_charge+0x128f/0x18a0 [ 2228.497376][T11676] __memcg_kmem_charge_memcg+0x37/0x140 [ 2228.502926][T11676] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2228.508489][T11676] __memcg_kmem_charge+0x105/0x340 [ 2228.513617][T11676] __alloc_pages_nodemask+0x29a/0x5d0 [ 2228.519011][T11676] alloc_pages_current+0x2db/0x500 [ 2228.524130][T11676] get_zeroed_page+0x17/0x40 [ 2228.528743][T11676] __pud_alloc+0x37/0x210 [ 2228.533082][T11676] copy_page_range+0x2600/0x2950 [ 2228.538057][T11676] ? init_admin_reserve+0xc0/0xc0 [ 2228.543276][T11676] dup_mmap+0x9f1/0xdf0 [ 2228.547453][T11676] dup_mm+0x9e/0x340 [ 2228.551368][T11676] copy_process+0x2080/0x57b0 [ 2228.556062][T11676] ? debug_smp_processor_id+0x9/0x20 [ 2228.561378][T11676] _do_fork+0x13e/0x660 [ 2228.565535][T11676] ? check_preemption_disabled+0x44/0x260 [ 2228.571254][T11676] ? debug_smp_processor_id+0x9/0x20 [ 2228.576548][T11676] ? check_preemption_disabled+0x44/0x260 [ 2228.582268][T11676] ? debug_smp_processor_id+0x9/0x20 [ 2228.587579][T11676] ? check_preemption_disabled+0x44/0x260 [ 2228.593344][T11676] __x64_sys_clone+0x20b/0x250 [ 2228.598134][T11676] do_syscall_64+0xf7/0x1c0 [ 2228.602660][T11676] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2228.608553][T11676] RIP: 0033:0x45c479 [ 2228.612448][T11676] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2228.632071][T11676] RSP: 002b:00007fe0b78f1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2228.640500][T11676] RAX: ffffffffffffffda RBX: 00007fe0b78f26d4 RCX: 000000000045c479 [ 2228.648473][T11676] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 2228.656462][T11676] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2228.664449][T11676] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2228.672452][T11676] R13: 0000000000000074 R14: 00000000004c2d06 R15: 000000000076bf2c [ 2228.680818][T11676] memory: usage 307192kB, limit 307200kB, failcnt 15957 [ 2228.687796][T11676] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2228.694770][T11676] Memory cgroup stats for /syz4: [ 2228.694856][T11676] anon 118239232 [ 2228.694856][T11676] file 16384 [ 2228.694856][T11676] kernel_stack 28975104 [ 2228.694856][T11676] slab 52461568 [ 2228.694856][T11676] sock 0 [ 2228.694856][T11676] shmem 73728 [ 2228.694856][T11676] file_mapped 0 [ 2228.694856][T11676] file_dirty 0 [ 2228.694856][T11676] file_writeback 0 [ 2228.694856][T11676] anon_thp 0 [ 2228.694856][T11676] inactive_anon 786432 [ 2228.694856][T11676] active_anon 117583872 [ 2228.694856][T11676] inactive_file 98304 [ 2228.694856][T11676] active_file 0 [ 2228.694856][T11676] unevictable 0 [ 2228.694856][T11676] slab_reclaimable 7839744 [ 2228.694856][T11676] slab_unreclaimable 44621824 [ 2228.694856][T11676] pgfault 244794 [ 2228.694856][T11676] pgmajfault 0 [ 2228.694856][T11676] workingset_refault 3630 [ 2228.694856][T11676] workingset_activate 1749 [ 2228.694856][T11676] workingset_nodereclaim 0 [ 2228.694856][T11676] pgrefill 135012 [ 2228.694856][T11676] pgscan 152649 [ 2228.694856][T11676] pgsteal 20006 05:18:29 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x18, 0x0, &(0x7f0000000140)=[@acquire={0x40046304}, @clear_death], 0x0, 0x8126000, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r3, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x9, 0x125980) set_thread_area(0x0) pivot_root(0x0, 0x0) [ 2228.790718][T11676] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=32525,uid=0 [ 2228.806393][T11676] Memory cgroup out of memory: Killed process 32525 (syz-executor.4) total-vm:74704kB, anon-rss:160kB, file-rss:35824kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 2228.826382][ T1143] oom_reaper: reaped process 32525 (syz-executor.4), now anon-rss:0kB, file-rss:34864kB, shmem-rss:0kB [ 2228.874232][T11687] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2228.884630][T11687] CPU: 0 PID: 11687 Comm: syz-executor.1 Not tainted 5.6.0-rc3-syzkaller #0 [ 2228.893319][T11687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2228.903513][T11687] Call Trace: [ 2228.906847][T11687] dump_stack+0x1fb/0x318 [ 2228.911380][T11687] dump_header+0xd8/0x960 [ 2228.915759][T11687] oom_kill_process+0xee/0x370 05:18:30 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000005a00000000000000", 0x32) [ 2228.920572][T11687] out_of_memory+0x5dc/0x900 [ 2228.925199][T11687] try_charge+0x128f/0x18a0 [ 2228.929806][T11687] mem_cgroup_try_charge+0x216/0x550 [ 2228.935122][T11687] mem_cgroup_try_charge_delay+0x25/0xa0 [ 2228.940889][T11687] wp_page_copy+0x35f/0x1c50 [ 2228.945569][T11687] do_wp_page+0x5e4/0x16d0 [ 2228.950101][T11687] ? __kasan_check_write+0x14/0x20 [ 2228.955412][T11687] ? do_raw_spin_lock+0x103/0x7b0 [ 2228.960464][T11687] ? handle_mm_fault+0x235a/0x2900 [ 2228.965762][T11687] handle_mm_fault+0x241f/0x2900 [ 2228.970906][T11687] do_user_addr_fault+0x588/0xaf0 [ 2228.975971][T11687] do_page_fault+0x13b/0x250 [ 2228.980589][T11687] page_fault+0x39/0x40 [ 2228.984762][T11687] RIP: 0033:0x412488 [ 2228.988667][T11687] Code: 48 8b 05 33 da 30 00 48 89 08 48 8b 15 31 da 30 00 48 89 42 08 48 8b 05 16 da 30 00 48 89 05 1f da 30 00 49 8d 81 c0 02 00 00 <48> 89 05 01 02 87 00 49 8b 89 c8 02 00 00 49 8b 91 c0 02 00 00 48 [ 2229.008388][T11687] RSP: 002b:00007ffc28d10e18 EFLAGS: 00010246 [ 2229.014464][T11687] RAX: 0000000002844c00 RBX: 00007ffc28d10e20 RCX: 000000000071fea0 [ 2229.022445][T11687] RDX: 00000000004122c0 RSI: 000000000071fe90 RDI: 0000000002844c20 [ 2229.030442][T11687] RBP: 00007ffc28d10e60 R08: 0000000000000001 R09: 0000000002844940 [ 2229.038428][T11687] R10: 0000000002844c10 R11: 0000000000000202 R12: 0000000000000001 [ 2229.046418][T11687] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffc28d10eb0 [ 2229.067984][T11687] memory: usage 307200kB, limit 307200kB, failcnt 11838 [ 2229.077866][T11687] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2229.085431][T11687] Memory cgroup stats for /syz1: [ 2229.085520][T11687] anon 117354496 [ 2229.085520][T11687] file 122880 [ 2229.085520][T11687] kernel_stack 28274688 [ 2229.085520][T11687] slab 54505472 [ 2229.085520][T11687] sock 131072 [ 2229.085520][T11687] shmem 0 [ 2229.085520][T11687] file_mapped 135168 [ 2229.085520][T11687] file_dirty 0 [ 2229.085520][T11687] file_writeback 0 [ 2229.085520][T11687] anon_thp 0 [ 2229.085520][T11687] inactive_anon 516096 [ 2229.085520][T11687] active_anon 116936704 [ 2229.085520][T11687] inactive_file 4096 [ 2229.085520][T11687] active_file 0 [ 2229.085520][T11687] unevictable 0 [ 2229.085520][T11687] slab_reclaimable 10137600 [ 2229.085520][T11687] slab_unreclaimable 44367872 [ 2229.085520][T11687] pgfault 236313 [ 2229.085520][T11687] pgmajfault 0 [ 2229.085520][T11687] workingset_refault 1980 [ 2229.085520][T11687] workingset_activate 495 [ 2229.085520][T11687] workingset_nodereclaim 0 [ 2229.085520][T11687] pgrefill 97050 [ 2229.085520][T11687] pgscan 98489 [ 2229.085520][T11687] pgsteal 3360 [ 2229.181326][T11687] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=11671,uid=0 [ 2229.237652][T11687] Memory cgroup out of memory: Killed process 11671 (syz-executor.1) total-vm:74836kB, anon-rss:164kB, file-rss:35808kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2229.305849][ T9215] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2229.382965][ T9215] CPU: 1 PID: 9215 Comm: syz-executor.1 Not tainted 5.6.0-rc3-syzkaller #0 [ 2229.391912][ T9215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2229.401988][ T9215] Call Trace: [ 2229.405300][ T9215] dump_stack+0x1fb/0x318 [ 2229.409657][ T9215] dump_header+0xd8/0x960 [ 2229.414019][ T9215] oom_kill_process+0xee/0x370 [ 2229.418822][ T9215] out_of_memory+0x5dc/0x900 [ 2229.423460][ T9215] try_charge+0x128f/0x18a0 [ 2229.428030][ T9215] mem_cgroup_try_charge+0x216/0x550 [ 2229.433456][ T9215] mem_cgroup_try_charge_delay+0x25/0xa0 [ 2229.439240][ T9215] wp_page_copy+0x35f/0x1c50 [ 2229.443880][ T9215] do_wp_page+0x5e4/0x16d0 [ 2229.448310][ T9215] ? __kasan_check_write+0x14/0x20 [ 2229.453427][ T9215] ? do_raw_spin_lock+0x103/0x7b0 [ 2229.458479][ T9215] ? handle_mm_fault+0x235a/0x2900 [ 2229.463624][ T9215] handle_mm_fault+0x241f/0x2900 [ 2229.468620][ T9215] do_user_addr_fault+0x588/0xaf0 [ 2229.473679][ T9215] do_page_fault+0x13b/0x250 [ 2229.478285][ T9215] page_fault+0x39/0x40 [ 2229.482464][ T9215] RIP: 0033:0x45abaa [ 2229.486360][ T9215] Code: 48 85 db 74 b6 41 bc ca 00 00 00 eb 0c 0f 1f 00 48 8b 5b 08 48 85 db 74 a2 48 8b 3b 48 8b 47 10 48 85 c0 74 05 ff d0 48 8b 3b ff 4f 28 0f 94 c0 84 c0 74 db 8b 47 2c 85 c0 74 d4 45 31 d2 ba [ 2229.506143][ T9215] RSP: 002b:00007ffc28d10e20 EFLAGS: 00010246 [ 2229.512232][ T9215] RAX: 0000000000000000 RBX: 00007ffc28d10e20 RCX: 000000000045aa4a [ 2229.520209][ T9215] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000c871a8 [ 2229.528326][ T9215] RBP: 00007ffc28d10e60 R08: 0000000000000001 R09: 0000000002844940 [ 2229.536436][ T9215] R10: 0000000002844c10 R11: 0000000000000246 R12: 00000000000000ca [ 2229.544553][ T9215] R13: 0000000000003970 R14: 0000000000000000 R15: 00007ffc28d10eb0 [ 2229.563593][ T9215] memory: usage 307152kB, limit 307200kB, failcnt 11838 [ 2229.589777][ T9215] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2229.619247][ T9215] Memory cgroup stats for /syz1: [ 2229.619375][ T9215] anon 117350400 [ 2229.619375][ T9215] file 122880 [ 2229.619375][ T9215] kernel_stack 28311552 [ 2229.619375][ T9215] slab 54505472 [ 2229.619375][ T9215] sock 131072 [ 2229.619375][ T9215] shmem 0 [ 2229.619375][ T9215] file_mapped 135168 [ 2229.619375][ T9215] file_dirty 0 [ 2229.619375][ T9215] file_writeback 0 [ 2229.619375][ T9215] anon_thp 0 [ 2229.619375][ T9215] inactive_anon 516096 [ 2229.619375][ T9215] active_anon 116936704 [ 2229.619375][ T9215] inactive_file 4096 [ 2229.619375][ T9215] active_file 0 [ 2229.619375][ T9215] unevictable 0 [ 2229.619375][ T9215] slab_reclaimable 10137600 [ 2229.619375][ T9215] slab_unreclaimable 44367872 [ 2229.619375][ T9215] pgfault 236346 [ 2229.619375][ T9215] pgmajfault 0 [ 2229.619375][ T9215] workingset_refault 1980 [ 2229.619375][ T9215] workingset_activate 495 [ 2229.619375][ T9215] workingset_nodereclaim 0 [ 2229.619375][ T9215] pgrefill 97116 [ 2229.619375][ T9215] pgscan 98522 [ 2229.619375][ T9215] pgsteal 3360 [ 2229.716539][ T9215] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=20904,uid=0 [ 2229.740914][ T9215] Memory cgroup out of memory: Killed process 20904 (syz-executor.1) total-vm:74836kB, anon-rss:164kB, file-rss:35804kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2229.767627][ T1143] oom_reaper: reaped process 20904 (syz-executor.1), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 05:18:31 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @remote}}) write$tun(r0, &(0x7f00000021c0)={@void, @val={0x9}, @mpls={[], @ipv6=@icmpv6={0x0, 0x6, "9eef7b", 0xf98, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x3, 0x0, 0x0, 0x0, {0x0, 0x6, "6595c3", 0x0, 0x0, 0x0, @mcast2, @loopback, [@dstopts={0x11, 0x13, [0x0, 0x0, 0x0, 0x0, 0x7], [@padn={0x1, 0x1, [0x0]}, @enc_lim, @ra, @calipso={0x7, 0x30, {0x0, 0xa, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}}, @calipso={0x7, 0x40, {0x0, 0xe, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, @hao={0xc9, 0x10, @mcast2}, @jumbo, @pad1]}, @srh={0x2, 0xc, 0x4, 0x6, 0x0, 0x0, 0x0, [@loopback, @loopback, @remote, @mcast2, @local, @mcast2]}, @hopopts={0x0, 0x1b8, [], [@ra, @generic={0x0, 0xdbb, "0cad4f4a7eeb53720a5107b6d8001a2f2241086745756559ca43dcc86c24645dd1ca87e3caf5413013c6baee7f151d411bad8f23a85fadfe0f959c12d3393193f4499171ba7b0fdee3a48548863719a05490befc514e21c91ea0c4bcc0e488e1cec20d2c2a5a69ce3dd47d41718560907c58078035d2a51850b0d85282b4a9ab5626b195d85d2727ed7047b647859a72011ff3fa524341909f841651f63701526c6a7e741f3bded9c25d978a77f334d12931fdd5484306ec3d6b268311f46917b7e42efa149511bafa5415d17ac02ab8937249a68b2e3fddb941b0040ced142c2afedcbec1039d40f4923ea3d4475ac561a6a0e869569dd13e736bf127eacb110f8d010329fccadf8e48b27819c823ca0f507f87b3d63ef1869cba2fe3deb0ad1dbaa1a343ab0a856f3e248c6af4ddbfc11824031ce2beeae0991b79382da8b02e0d25715845fc86df5a6279d54d675789e58df953992123c28c532058750c5978a819ddaadbcbe1d7fc264cb688b91668e116227771f36e2a8eb8b7bc364dbda1b3225c6bf9d82ae1e69fe54b17ff692f8b47718b508b8a4e10735bcb55f90616e50d6ba8851388d0f1b39957374ddc9efb243ac2a2bc436e867f3e1499e62d9d158ac22d4d0350b45d1ff2db14ff9507defa68bd37bc5a2e4f7988329171dd59db16a044b748fb6e05e3ca8f863b2ddd8623495f0c3d183e1b610263f17d7629921562a42a3c45a515a30a2c3edc574dff264f881f61393447a1fd773a20e494ac3afc0df59da758af735fbd5e6ad689e95675e29c15617764084f5b6f4732435f63ccb423df6442ad322600e21be45296fd27ca9e08ee7f442a688a32817404d9300ce4a70c2b75ca422b2173a52e9a800f5e520f349525b4c493701ae68ae0efc5e117b9a20735e47c37ccd977686b30d6cabb18f8e7c07ef9721f7daaf4b2c1fd02ec9a2e6e2fd458fa93e4f54d96d5e25ebaca4f322994ae737ee0181b9fac284e952b71fa18ecc7f1c3752a6385a596c094d36654008db0a2a785bf55bcb973d3c5e45ea9ca7506c10ecc0472fd4dd568e38548e87f8557d90290d8a8985cfa43853de5ff75d5a6d8f697c2a6a727675ea5aa1779b1cc98b4ff9556933c7bfa3ae59ada5c8d49191cbea2f2b457dd53c62a4dd257e808b3804cd18a95d566a818797fdc09f4b607dc97b634a9d9e447cc2252f51dd8ad9f5a10ccf32b7154992623957d963731bc4331adfc90c48361e4e2239892c82ff9260ad221c2e83c2352095d95a3d44a402e874edaa8a304f2e1c3d6a383a0515eb5657589a67691a22f10b89fd74123f7cec086d434da40ba509b0dbdf1fa82f4b16f9f3e6df6b0b28c3a85ab272e50e064fc37f681fcb5cfa0c0899a9b88d0a483281032cb16a80202b96cfe473ba073fcb9a6eeeee0032afe23506facba3ed1d11608d21a580ab87eeef70d18d9331eae104f6d77a4bc96bce642815485f513bb71ddc560bc31e995aba9faccd7d1bf74c8fe2b5d7137e3b771a2f408ac06d24bad2f7f4c8f6d7d977d7248415ccbd3420688ff681cf9b00724b6981b2555b86bce142c5d3bef47ebf75e989b337cb8cb98ed24402a98a4224685ceb2ded92f347e5192903dff7f6ed980cbf1413b8eb68474a9abac3fb206ef1ebe0d08dd999c9ecf811d0706d0a705a23ae530d3775e978159dc3c73b86dcd18a61e1c6c8b810041fbd80e0a4c9ff8a73933bb3dae152514ced9ee050e059c6f1bd0dbf2e3517ee3c2d770c296e6596290cf800508715da0799efced72be1ab153bec534129279639ba1afde05179952bf9e80133865b60c5669ef3b6972483e2936ac87a69c8e296a0c24cc0b2ce8583c99414ce7d7309c404b0652f27e6911fdfb59877366fa8754e716e50aa99cd04cbf7eb2c8e118b1a17d9965d6611dc65ac8c6b3a4d5d3df3097c4163c354509b50df0cc2daf0291bbd384a34dec960fd84a67cb30b761ee8161bb25d389bd20e15bfcf7f5edd77005e96e90c5a9bbacd7b3f9f5bbdb880f0a7e1254572b86cb28b3c310ba3052d3785b024ed3f3fafabf1393cf2d882b8bacca30d69adc024baede50d9b0bc2ffcd2bf5c6fef2fc290390162b563b8e846d7b615115818623113f01a1c216b9f588b65db63a459bcfce53020debb6de6e746ef2f9f1c8276ba8995e1bd02d3194e9875e1692ea0255743ba2175c4a804f57a4c19a2c7a4f8f36557878deba2d485aa67c2f36ccbb582f3c569e5d00fe8636857f30854abea6758389bcc832d0de97635ea41e42efa0b7c06fd4f84deeaebccfa8852e3c5582ade34fbe462b5244156d4545bd32377c65e3b0303879f8cc8f177056e39f99591dbaf1b2640f9b68c4cf3989fdd442cb1298d62ce43a21c56bc9556eb27431c04ed337fcd37c26387772677c25c7be21ee74d087c7b88457f30b34a493acb519295f38f4b9bc6764fcbd763d4f9e061d0fd8cb7800e2e0ec18d0fbfdbddc9af8d817b3cf16ce82c91f184f5c8184736203e1bcdb4b8c03a2176926cac0ba9fcf7e21604973d53ee3fc38263e80cea9b1cd9a5016d3e03141426a6802e0926485e8afff7cf8be9bdd2ce685128a7631314c4414a6ade6a85975c1b2958d9c52e455174ca71562eaf6102654466c66f5d3e251e6cae5efd91a88a2513f0587d80b9aafd1936b43beb4054bc35f1c42c0381618bbba181f0de8f4e7aa15f87bc7bb4609f88eadbb83bcc13f8caf7eca20a938c35378f8d3a810a7463d8a2487a157871a7402ab05b54bed456fb2d4c440976ccb4e724a20ba1941f3b3db4f8a185982bd719362b7e190052b5579835d1da2adcfdbec002fdb5f7b187fd365eb601432bf984ad6ee59e13aafba08485997587417b70f8cdf4f7370f04d94df49e135ed3012b87e50b93b27c78e1409f05a4bc0b75e6322068de9b0af459fdc40e3649fb2a7fb1296e00e7d48315705ecbb7815fedb45b8773309489e47aaa4009952604df5d6cd57ec310fc387ecdb296c11376715286df3d15f651310461e83c2ae6d407db6f81784b291e6c8f42907dd4c473cb72dedeb930668d6e5efd95bd1f69d9e818a744557689f7106d0d2a3c3e6f79c98559f9c31ca32307011fa3d70963cc2801babc9a23f73f5fa4bcd04285927f6ef7c5099a4620b85ca8dff2a56fe8aac89949dac74cf869739610d87068e3d32fdba1d5b7460b7857249091cb62b6d9f824ffb9b88a02ea4926da7b8b672ad08ec8c7508a3c5ba901e7c8c8a19e63bbc148a8bb307c6f5d87c736c9d6bcfaabdc7da7102a8bc466c6c11c0bf1973aaf9bc181f996b8aa726dc952dd26df33d6b2aa8de037308df7935ef3390e5939fd9cdf2044b40422197fac93f1762ad342d293162c109f39a369e48977af8ea32a7a098fd9cd7cd979b41a104b8359038cd6741a73968c72d09e9b9869d8dc5fc36b9bfdc89b8cffcede960561a9d1e4aa2453f712caecd2a4206947d3588190e3433bdb87a9241e08686dc78f00162f8239d660b74d42ae1d534ffc3a51fc308f98a5ac00f4da9bdcee4e6d0bf627d17366691a3ab8569b730ad31dcc5324c8835b19b65a11845a03434e10329c5feeeb1088b13a3bc3fe65c3eb6e549003d8d211b87823a44910b2a42e340dd2176a17a2e6ebb45cc59baa9a3bbfd74e6ee8d2c512a825292bdd7abe5ff7ede61b74376e5bc37faf8d69346fa32708df690b2d5b5f18727e4bdb899718e38dae959bb56d95ac153beb1426f3cca03105d5fed56e597822bfc31bb284a9848f1b6b9a1910ad2af8b76887cdd2b1de1f81cd542e0c889e89737d61f5e50ef964205a3b4c77c72271f83015e34989d60ef6d0d6c307902975d5dbe90a23ee1cde956cf70135c91a199d9f75500dc95604b9e7eb365ea858d90377601bad95e07a0f156ffc02778365315b67093aebe32a2a5f00ba8b0eae6fb0414eabe117fd590bc39e9208b4137977b5a8610462f2e83cff2b16edcb444b5d33035d0a80bcb1da228247cad6c11369c5026c5a8320d97cbac232b0ecc0b201552e0f41ab143040324217ad67e8606b34a3349e4ef0c34f9cf56d5b6d157c09b178b358491eb270093a99f522afa3aedaf5dc705fe1842b12515dfe1650dd92ab489bed299677eeff81da531569a3ad832ae273a0b47627561a35da92a6c1b161dbf496248f04feb5a407d99968d6ba0174f453d94708be5a57d82b980bd7751b4a9590dc7b4d38c912a8571ebc39150f7e52efad66cb6d3996710bc5a3e89576182a6a1e15d95dbd74c1ab791bee657547ffb645feb8566ed8db97003f1ff2312946a0404c8dfc0f0a240d8320795c83e66f1429eb56db9ba6e1cee43cbc9e95bd10ceccf1f2ff6b8264ed4e83928e0c5056ad07ba0dad0bb21bec76d7b6ee05a2f0bac88f17004e2e299ccb2679099cc838e25f78685509b69d3164c1fae4c538e683af818d223e8806f50da7504008173b9fc69eafb649dc4b516e4554edbe8c9a0ba46db39c962af343e9caada22d55e3d7ad01e5e5d7d146edfc3a93ce8afde8416b8e9a929b8d88909e11554f1b934a98be2d6e6e0ae2ff66f10be722958a0c0c3766f69d590fc56ed8ae47c289413d62310e8022369e8102d0407bfd30c103fb743c81360752a71f36be5a511c43ebdb493d96a7b2eb80494a028f6cc76a2d0eb0aa1f1392bb50a2ba71384f071473d0774e425dd2d212b537f8f654458e0a5d300780c3d29ddcabe9fdd95c14e6cbd924d1aad9eaa2e00d45278609ef27fdec8d81c9221d07b59370db0911550fdddc9ef3ba760109ba384b3ad7ba5747aa50e0b9832bf39cbf5244de38af8c273d497597be8d4e5575d13a580584436621bb5b7878d23991a6221381af19ef2be71e2c7dea6e5fc9dbe0039ccb02d13d978eebdd411727ee7faed65ca6c872bf9c37322ede378709e9f6a61a1b07c7ceeb94b7719d78a8a3d8221695ba"}]}], "4011c6ed3ec831c0a859df4fd6a1cf59a90c42b433580b288a28728fb104cc462f4e92a1a4d50c2d9d75ce8b5ae9b1d6e9a4a79cae905957835e850585441d5cb5c76b06ad60a5a9003ebacf0d40fb6c636fd81af39f9d170ef5af99cd3e3e7ff54f71ca5d83d2b122ebbbc1333a2c811bc4095b572ebbcb83561044b2794ae54b33e99f48eac0eb"}}}}}}, 0xfca) 05:18:31 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000004400000000000000", 0x32) 05:18:31 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000005b00000000000000", 0x32) 05:18:31 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 05:18:31 executing program 4: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:18:31 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x18, 0x0, &(0x7f0000000140)=[@acquire={0x40046304}, @clear_death], 0x0, 0x8126000, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r3, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x9, 0x125980) set_thread_area(0x0) pivot_root(0x0, 0x0) [ 2230.090105][T11716] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2230.102388][T11716] CPU: 1 PID: 11716 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2230.111079][T11716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2230.121157][T11716] Call Trace: [ 2230.124485][T11716] dump_stack+0x1fb/0x318 [ 2230.128839][T11716] dump_header+0xd8/0x960 [ 2230.133338][T11716] oom_kill_process+0xee/0x370 [ 2230.138136][T11716] out_of_memory+0x5dc/0x900 [ 2230.142803][T11716] try_charge+0x128f/0x18a0 [ 2230.147521][T11716] __memcg_kmem_charge_memcg+0x37/0x140 [ 2230.153242][T11716] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2230.158818][T11716] __memcg_kmem_charge+0x105/0x340 [ 2230.163965][T11716] __alloc_pages_nodemask+0x29a/0x5d0 [ 2230.169387][T11716] alloc_pages_current+0x2db/0x500 [ 2230.174524][T11716] pte_alloc_one+0x1f/0x180 [ 2230.179061][T11716] __pte_alloc+0x20/0x2f0 [ 2230.183419][T11716] copy_page_range+0x2434/0x2950 05:18:31 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000005c00000000000000", 0x32) 05:18:31 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000004500000000000000", 0x32) [ 2230.188423][T11716] ? init_admin_reserve+0xc0/0xc0 [ 2230.193509][T11716] dup_mmap+0x9f1/0xdf0 [ 2230.197706][T11716] dup_mm+0x9e/0x340 [ 2230.201626][T11716] copy_process+0x2080/0x57b0 [ 2230.206336][T11716] ? debug_smp_processor_id+0x9/0x20 [ 2230.211830][T11716] _do_fork+0x13e/0x660 [ 2230.216020][T11716] ? check_preemption_disabled+0x44/0x260 [ 2230.222161][T11716] ? debug_smp_processor_id+0x9/0x20 [ 2230.227456][T11716] ? check_preemption_disabled+0x44/0x260 [ 2230.233182][T11716] ? debug_smp_processor_id+0x9/0x20 [ 2230.238660][T11716] ? check_preemption_disabled+0x44/0x260 [ 2230.244687][T11716] __x64_sys_clone+0x20b/0x250 [ 2230.249515][T11716] do_syscall_64+0xf7/0x1c0 [ 2230.254071][T11716] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2230.260359][T11716] RIP: 0033:0x45c479 [ 2230.264269][T11716] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2230.283877][T11716] RSP: 002b:00007fe0b78f1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2230.292613][T11716] RAX: ffffffffffffffda RBX: 00007fe0b78f26d4 RCX: 000000000045c479 [ 2230.300679][T11716] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 2230.308656][T11716] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2230.316779][T11716] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2230.325112][T11716] R13: 0000000000000074 R14: 00000000004c2d06 R15: 000000000076bf2c [ 2230.336069][T11716] memory: usage 307200kB, limit 307200kB, failcnt 16001 [ 2230.343366][T11716] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2230.350475][T11716] Memory cgroup stats for /syz4: [ 2230.350725][T11716] anon 118374400 [ 2230.350725][T11716] file 16384 [ 2230.350725][T11716] kernel_stack 28975104 [ 2230.350725][T11716] slab 52461568 [ 2230.350725][T11716] sock 0 [ 2230.350725][T11716] shmem 73728 [ 2230.350725][T11716] file_mapped 0 [ 2230.350725][T11716] file_dirty 0 [ 2230.350725][T11716] file_writeback 0 [ 2230.350725][T11716] anon_thp 0 [ 2230.350725][T11716] inactive_anon 786432 [ 2230.350725][T11716] active_anon 117583872 [ 2230.350725][T11716] inactive_file 98304 [ 2230.350725][T11716] active_file 0 [ 2230.350725][T11716] unevictable 0 [ 2230.350725][T11716] slab_reclaimable 7839744 [ 2230.350725][T11716] slab_unreclaimable 44621824 [ 2230.350725][T11716] pgfault 244926 [ 2230.350725][T11716] pgmajfault 0 [ 2230.350725][T11716] workingset_refault 3630 [ 2230.350725][T11716] workingset_activate 1749 [ 2230.350725][T11716] workingset_nodereclaim 0 [ 2230.350725][T11716] pgrefill 135211 [ 2230.350725][T11716] pgscan 152847 [ 2230.350725][T11716] pgsteal 20006 [ 2230.445934][T11716] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=29818,uid=0 [ 2230.461697][T11716] Memory cgroup out of memory: Killed process 29818 (syz-executor.4) total-vm:74704kB, anon-rss:160kB, file-rss:35824kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 2230.540790][ T1143] oom_reaper: reaped process 29818 (syz-executor.4), now anon-rss:0kB, file-rss:34864kB, shmem-rss:0kB [ 2230.553371][T11723] ref_ctr_offset mismatch. inode: 0x47e5 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfffffff6 [ 2230.663160][T11713] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2230.693282][T11713] CPU: 0 PID: 11713 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2230.703200][T11713] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2230.713454][T11713] Call Trace: [ 2230.716768][T11713] dump_stack+0x1fb/0x318 [ 2230.721137][T11713] dump_header+0xd8/0x960 [ 2230.725506][T11713] oom_kill_process+0xee/0x370 [ 2230.730548][T11713] out_of_memory+0x5dc/0x900 [ 2230.735742][T11713] try_charge+0x128f/0x18a0 [ 2230.740342][T11713] mem_cgroup_try_charge+0x216/0x550 [ 2230.745748][T11713] mem_cgroup_try_charge_delay+0x25/0xa0 [ 2230.751578][T11713] wp_page_copy+0x35f/0x1c50 [ 2230.756251][T11713] do_wp_page+0x5e4/0x16d0 [ 2230.760684][T11713] ? __kasan_check_write+0x14/0x20 [ 2230.765957][T11713] ? do_raw_spin_lock+0x103/0x7b0 [ 2230.771234][T11713] ? handle_mm_fault+0x235a/0x2900 [ 2230.776386][T11713] handle_mm_fault+0x241f/0x2900 [ 2230.781740][T11713] do_user_addr_fault+0x588/0xaf0 [ 2230.786804][T11713] do_page_fault+0x13b/0x250 [ 2230.791432][T11713] page_fault+0x39/0x40 [ 2230.795614][T11713] RIP: 0033:0x43299f [ 2230.799534][T11713] Code: c8 ee 4e 00 ba 59 0a 00 00 be e8 df 4e 00 bf 90 e7 4e 00 e8 e3 b8 ff ff 0f 1f 00 48 83 fe bf 0f 87 63 08 00 00 48 89 f0 41 57 <41> 56 48 83 c0 17 41 55 41 54 55 53 48 89 c5 48 83 e5 f0 48 89 fb [ 2230.819729][T11713] RSP: 002b:00007ffeb3531000 EFLAGS: 00010213 [ 2230.826013][T11713] RAX: 0000000000000110 RBX: 0000000000720640 RCX: 000000000045c4ca [ 2230.834174][T11713] RDX: 0000000000000011 RSI: 0000000000000110 RDI: 0000000000720640 [ 2230.843281][T11713] RBP: 0000000000000110 R08: ffffffffffffffff R09: 0000000000000000 [ 2230.851495][T11713] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000000205b0 [ 2230.860049][T11713] R13: 0000000000d46a50 R14: 0000000000000001 R15: 000000000076bfcc [ 2230.877276][T11713] memory: usage 307044kB, limit 307200kB, failcnt 16059 [ 2230.885530][T11713] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2230.894324][T11713] Memory cgroup stats for /syz4: [ 2230.894393][T11713] anon 118239232 [ 2230.894393][T11713] file 16384 [ 2230.894393][T11713] kernel_stack 28938240 [ 2230.894393][T11713] slab 52461568 [ 2230.894393][T11713] sock 0 [ 2230.894393][T11713] shmem 73728 [ 2230.894393][T11713] file_mapped 0 [ 2230.894393][T11713] file_dirty 0 [ 2230.894393][T11713] file_writeback 0 [ 2230.894393][T11713] anon_thp 0 [ 2230.894393][T11713] inactive_anon 786432 [ 2230.894393][T11713] active_anon 117583872 [ 2230.894393][T11713] inactive_file 98304 [ 2230.894393][T11713] active_file 0 [ 2230.894393][T11713] unevictable 0 [ 2230.894393][T11713] slab_reclaimable 7839744 [ 2230.894393][T11713] slab_unreclaimable 44621824 [ 2230.894393][T11713] pgfault 244926 [ 2230.894393][T11713] pgmajfault 0 [ 2230.894393][T11713] workingset_refault 3630 [ 2230.894393][T11713] workingset_activate 1749 [ 2230.894393][T11713] workingset_nodereclaim 0 [ 2230.894393][T11713] pgrefill 135871 [ 2230.894393][T11713] pgscan 153508 [ 2230.894393][T11713] pgsteal 20006 [ 2230.998208][T11713] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=27060,uid=0 [ 2231.015379][T11713] Memory cgroup out of memory: Killed process 27060 (syz-executor.4) total-vm:74704kB, anon-rss:160kB, file-rss:35824kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 2231.035008][ T1143] oom_reaper: reaped process 27060 (syz-executor.4), now anon-rss:0kB, file-rss:34864kB, shmem-rss:0kB 05:18:32 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:18:32 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x18, 0x0, &(0x7f0000000140)=[@acquire={0x40046304}, @clear_death], 0x0, 0x8126000, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r3, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x9, 0x125980) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:18:32 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000004600000000000000", 0x32) 05:18:32 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000005d00000000000000", 0x32) [ 2231.295189][ T9215] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2231.328027][ T9215] CPU: 1 PID: 9215 Comm: syz-executor.1 Not tainted 5.6.0-rc3-syzkaller #0 [ 2231.336984][ T9215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2231.347423][ T9215] Call Trace: [ 2231.350751][ T9215] dump_stack+0x1fb/0x318 [ 2231.355127][ T9215] dump_header+0xd8/0x960 [ 2231.359661][ T9215] oom_kill_process+0xee/0x370 [ 2231.364525][ T9215] out_of_memory+0x5dc/0x900 [ 2231.369157][ T9215] try_charge+0x128f/0x18a0 [ 2231.373859][ T9215] mem_cgroup_try_charge+0x216/0x550 [ 2231.379256][ T9215] mem_cgroup_try_charge_delay+0x25/0xa0 [ 2231.385086][ T9215] wp_page_copy+0x35f/0x1c50 [ 2231.389753][ T9215] do_wp_page+0x5e4/0x16d0 [ 2231.394625][ T9215] ? __kasan_check_write+0x14/0x20 [ 2231.399764][ T9215] ? do_raw_spin_lock+0x103/0x7b0 [ 2231.404824][ T9215] ? handle_mm_fault+0x235a/0x2900 [ 2231.409981][ T9215] handle_mm_fault+0x241f/0x2900 [ 2231.415003][ T9215] do_user_addr_fault+0x588/0xaf0 [ 2231.420389][ T9215] do_page_fault+0x13b/0x250 [ 2231.425173][ T9215] page_fault+0x39/0x40 [ 2231.429894][ T9215] RIP: 0033:0x45ab6e [ 2231.433950][ T9215] Code: 5c 41 5d 41 5e 5d c3 48 c7 c2 d4 ff ff ff f7 d8 41 bd ff ff ff ff 64 89 02 64 8b 04 25 d0 02 00 00 41 39 c4 0f 85 2f 01 00 00 <64> 44 89 04 25 d4 02 00 00 45 85 f6 0f 85 7f 00 00 00 48 85 db 74 [ 2231.453850][ T9215] RSP: 002b:00007ffc28d10e20 EFLAGS: 00010246 [ 2231.459958][ T9215] RAX: 0000000000000001 RBX: 00007ffc28d10e20 RCX: 000000000045aa4a [ 2231.467984][ T9215] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2231.476240][ T9215] RBP: 00007ffc28d10e60 R08: 0000000000000001 R09: 0000000002844940 [ 2231.484233][ T9215] R10: 0000000002844c10 R11: 0000000000000246 R12: 0000000000000001 [ 2231.492233][ T9215] R13: 0000000000003979 R14: 0000000000000000 R15: 00007ffc28d10eb0 [ 2231.507448][ T9215] memory: usage 307200kB, limit 307200kB, failcnt 11911 [ 2231.525209][ T9215] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2231.533163][ T9215] Memory cgroup stats for /syz1: [ 2231.533253][ T9215] anon 117350400 [ 2231.533253][ T9215] file 122880 [ 2231.533253][ T9215] kernel_stack 28311552 [ 2231.533253][ T9215] slab 54505472 [ 2231.533253][ T9215] sock 131072 [ 2231.533253][ T9215] shmem 0 [ 2231.533253][ T9215] file_mapped 135168 [ 2231.533253][ T9215] file_dirty 0 [ 2231.533253][ T9215] file_writeback 0 [ 2231.533253][ T9215] anon_thp 0 [ 2231.533253][ T9215] inactive_anon 516096 [ 2231.533253][ T9215] active_anon 116936704 [ 2231.533253][ T9215] inactive_file 4096 [ 2231.533253][ T9215] active_file 0 [ 2231.533253][ T9215] unevictable 0 [ 2231.533253][ T9215] slab_reclaimable 10137600 [ 2231.533253][ T9215] slab_unreclaimable 44367872 [ 2231.533253][ T9215] pgfault 236478 [ 2231.533253][ T9215] pgmajfault 0 [ 2231.533253][ T9215] workingset_refault 1980 [ 2231.533253][ T9215] workingset_activate 495 [ 2231.533253][ T9215] workingset_nodereclaim 0 [ 2231.533253][ T9215] pgrefill 97518 [ 2231.533253][ T9215] pgscan 98891 [ 2231.533253][ T9215] pgsteal 3394 [ 2231.632019][ T9215] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=11724,uid=0 [ 2231.647864][ T9215] Memory cgroup out of memory: Killed process 11724 (syz-executor.1) total-vm:74968kB, anon-rss:172kB, file-rss:35804kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2231.678981][ T1143] oom_reaper: reaped process 11724 (syz-executor.1), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB [ 2231.682885][T11739] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2231.709199][T11739] CPU: 1 PID: 11739 Comm: syz-executor.1 Not tainted 5.6.0-rc3-syzkaller #0 [ 2231.718666][T11739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2231.728965][T11739] Call Trace: [ 2231.732695][T11739] dump_stack+0x1fb/0x318 [ 2231.737053][T11739] dump_header+0xd8/0x960 [ 2231.741412][T11739] oom_kill_process+0xee/0x370 [ 2231.746210][T11739] out_of_memory+0x5dc/0x900 [ 2231.751000][T11739] try_charge+0x128f/0x18a0 [ 2231.755581][T11739] mem_cgroup_try_charge+0x216/0x550 [ 2231.761264][T11739] mem_cgroup_try_charge_delay+0x25/0xa0 [ 2231.767365][T11739] wp_page_copy+0x35f/0x1c50 [ 2231.772266][T11739] do_wp_page+0x5e4/0x16d0 [ 2231.776820][T11739] ? __kasan_check_write+0x14/0x20 [ 2231.781957][T11739] ? do_raw_spin_lock+0x103/0x7b0 [ 2231.787007][T11739] ? handle_mm_fault+0x235a/0x2900 [ 2231.792564][T11739] handle_mm_fault+0x241f/0x2900 [ 2231.797715][T11739] do_user_addr_fault+0x588/0xaf0 [ 2231.802920][T11739] do_page_fault+0x13b/0x250 [ 2231.807536][T11739] page_fault+0x39/0x40 [ 2231.811872][T11739] RIP: 0010:__put_user_4+0x1c/0x30 [ 2231.817024][T11739] Code: 1f 00 c3 90 66 2e 0f 1f 84 00 00 00 00 00 65 48 8b 1c 25 c0 1d 02 00 48 8b 9b d0 14 00 00 48 83 eb 03 48 39 d9 73 4a 0f 1f 00 <89> 01 31 c0 0f 1f 00 c3 66 90 66 2e 0f 1f 84 00 00 00 00 00 65 48 [ 2231.837206][T11739] RSP: 0000:ffffc9001d727f08 EFLAGS: 00010293 [ 2231.843294][T11739] RAX: 0000000000003979 RBX: 00007fffffffeffd RCX: 0000000002844c10 [ 2231.851485][T11739] RDX: ffff888038222d50 RSI: ffff888038222d78 RDI: 0000000000000286 [ 2231.859484][T11739] RBP: ffffc9001d727f48 R08: dffffc0000000000 R09: fffffbfff12d372d [ 2231.867667][T11739] R10: fffffbfff12d372d R11: 0000000000000000 R12: ffff8880aeb37180 [ 2231.875869][T11739] R13: dffffc0000000000 R14: 0000000000003979 R15: ffff888038222a70 [ 2231.884174][T11739] ? schedule_tail+0xc9/0x1b0 [ 2231.888882][T11739] ret_from_fork+0x8/0x30 [ 2231.893569][T11739] RIP: 0033:0x45aa4a [ 2231.897493][T11739] Code: Bad RIP value. [ 2231.901795][T11739] RSP: 002b:00007ffc28d10e20 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2231.910351][T11739] RAX: 0000000000000000 RBX: 00007ffc28d10e20 RCX: 000000000045aa4a [ 2231.918483][T11739] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2231.926721][T11739] RBP: 00007ffc28d10e60 R08: 0000000000000001 R09: 0000000002844940 [ 2231.935011][T11739] R10: 0000000002844c10 R11: 0000000000000246 R12: 0000000000000001 [ 2231.943188][T11739] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffc28d10eb0 [ 2231.959835][T11739] memory: usage 307016kB, limit 307200kB, failcnt 11911 [ 2231.967135][T11739] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2231.977320][T11739] Memory cgroup stats for /syz1: [ 2231.977471][T11739] anon 117211136 [ 2231.977471][T11739] file 122880 [ 2231.977471][T11739] kernel_stack 28274688 [ 2231.977471][T11739] slab 54505472 [ 2231.977471][T11739] sock 131072 [ 2231.977471][T11739] shmem 0 [ 2231.977471][T11739] file_mapped 135168 [ 2231.977471][T11739] file_dirty 0 [ 2231.977471][T11739] file_writeback 0 [ 2231.977471][T11739] anon_thp 0 [ 2231.977471][T11739] inactive_anon 516096 [ 2231.977471][T11739] active_anon 116936704 [ 2231.977471][T11739] inactive_file 4096 [ 2231.977471][T11739] active_file 0 [ 2231.977471][T11739] unevictable 0 [ 2231.977471][T11739] slab_reclaimable 10137600 [ 2231.977471][T11739] slab_unreclaimable 44367872 [ 2231.977471][T11739] pgfault 236478 [ 2231.977471][T11739] pgmajfault 0 [ 2231.977471][T11739] workingset_refault 1980 [ 2231.977471][T11739] workingset_activate 495 [ 2231.977471][T11739] workingset_nodereclaim 0 [ 2231.977471][T11739] pgrefill 97518 [ 2231.977471][T11739] pgscan 98891 [ 2231.977471][T11739] pgsteal 3394 [ 2232.075650][T11739] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=11705,uid=0 [ 2232.092059][T11739] Memory cgroup out of memory: Killed process 11705 (syz-executor.1) total-vm:74836kB, anon-rss:164kB, file-rss:35804kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2232.111224][ T1143] oom_reaper: reaped process 11705 (syz-executor.1), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 05:18:33 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @remote}}) write$tun(r0, &(0x7f00000021c0)={@void, @val={0x9}, @mpls={[], @ipv6=@icmpv6={0x0, 0x6, "9eef7b", 0xf98, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x3, 0x0, 0x0, 0x0, {0x0, 0x6, "6595c3", 0x0, 0x0, 0x0, @mcast2, @loopback, [@dstopts={0x11, 0x13, [0x0, 0x0, 0x0, 0x0, 0x8], [@padn={0x1, 0x1, [0x0]}, @enc_lim, @ra, @calipso={0x7, 0x30, {0x0, 0xa, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}}, @calipso={0x7, 0x40, {0x0, 0xe, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, @hao={0xc9, 0x10, @mcast2}, @jumbo, @pad1]}, @srh={0x2, 0xc, 0x4, 0x6, 0x0, 0x0, 0x0, [@loopback, @loopback, @remote, @mcast2, @local, @mcast2]}, @hopopts={0x0, 0x1b8, [], [@ra, @generic={0x0, 0xdbb, "0cad4f4a7eeb53720a5107b6d8001a2f2241086745756559ca43dcc86c24645dd1ca87e3caf5413013c6baee7f151d411bad8f23a85fadfe0f959c12d3393193f4499171ba7b0fdee3a48548863719a05490befc514e21c91ea0c4bcc0e488e1cec20d2c2a5a69ce3dd47d41718560907c58078035d2a51850b0d85282b4a9ab5626b195d85d2727ed7047b647859a72011ff3fa524341909f841651f63701526c6a7e741f3bded9c25d978a77f334d12931fdd5484306ec3d6b268311f46917b7e42efa149511bafa5415d17ac02ab8937249a68b2e3fddb941b0040ced142c2afedcbec1039d40f4923ea3d4475ac561a6a0e869569dd13e736bf127eacb110f8d010329fccadf8e48b27819c823ca0f507f87b3d63ef1869cba2fe3deb0ad1dbaa1a343ab0a856f3e248c6af4ddbfc11824031ce2beeae0991b79382da8b02e0d25715845fc86df5a6279d54d675789e58df953992123c28c532058750c5978a819ddaadbcbe1d7fc264cb688b91668e116227771f36e2a8eb8b7bc364dbda1b3225c6bf9d82ae1e69fe54b17ff692f8b47718b508b8a4e10735bcb55f90616e50d6ba8851388d0f1b39957374ddc9efb243ac2a2bc436e867f3e1499e62d9d158ac22d4d0350b45d1ff2db14ff9507defa68bd37bc5a2e4f7988329171dd59db16a044b748fb6e05e3ca8f863b2ddd8623495f0c3d183e1b610263f17d7629921562a42a3c45a515a30a2c3edc574dff264f881f61393447a1fd773a20e494ac3afc0df59da758af735fbd5e6ad689e95675e29c15617764084f5b6f4732435f63ccb423df6442ad322600e21be45296fd27ca9e08ee7f442a688a32817404d9300ce4a70c2b75ca422b2173a52e9a800f5e520f349525b4c493701ae68ae0efc5e117b9a20735e47c37ccd977686b30d6cabb18f8e7c07ef9721f7daaf4b2c1fd02ec9a2e6e2fd458fa93e4f54d96d5e25ebaca4f322994ae737ee0181b9fac284e952b71fa18ecc7f1c3752a6385a596c094d36654008db0a2a785bf55bcb973d3c5e45ea9ca7506c10ecc0472fd4dd568e38548e87f8557d90290d8a8985cfa43853de5ff75d5a6d8f697c2a6a727675ea5aa1779b1cc98b4ff9556933c7bfa3ae59ada5c8d49191cbea2f2b457dd53c62a4dd257e808b3804cd18a95d566a818797fdc09f4b607dc97b634a9d9e447cc2252f51dd8ad9f5a10ccf32b7154992623957d963731bc4331adfc90c48361e4e2239892c82ff9260ad221c2e83c2352095d95a3d44a402e874edaa8a304f2e1c3d6a383a0515eb5657589a67691a22f10b89fd74123f7cec086d434da40ba509b0dbdf1fa82f4b16f9f3e6df6b0b28c3a85ab272e50e064fc37f681fcb5cfa0c0899a9b88d0a483281032cb16a80202b96cfe473ba073fcb9a6eeeee0032afe23506facba3ed1d11608d21a580ab87eeef70d18d9331eae104f6d77a4bc96bce642815485f513bb71ddc560bc31e995aba9faccd7d1bf74c8fe2b5d7137e3b771a2f408ac06d24bad2f7f4c8f6d7d977d7248415ccbd3420688ff681cf9b00724b6981b2555b86bce142c5d3bef47ebf75e989b337cb8cb98ed24402a98a4224685ceb2ded92f347e5192903dff7f6ed980cbf1413b8eb68474a9abac3fb206ef1ebe0d08dd999c9ecf811d0706d0a705a23ae530d3775e978159dc3c73b86dcd18a61e1c6c8b810041fbd80e0a4c9ff8a73933bb3dae152514ced9ee050e059c6f1bd0dbf2e3517ee3c2d770c296e6596290cf800508715da0799efced72be1ab153bec534129279639ba1afde05179952bf9e80133865b60c5669ef3b6972483e2936ac87a69c8e296a0c24cc0b2ce8583c99414ce7d7309c404b0652f27e6911fdfb59877366fa8754e716e50aa99cd04cbf7eb2c8e118b1a17d9965d6611dc65ac8c6b3a4d5d3df3097c4163c354509b50df0cc2daf0291bbd384a34dec960fd84a67cb30b761ee8161bb25d389bd20e15bfcf7f5edd77005e96e90c5a9bbacd7b3f9f5bbdb880f0a7e1254572b86cb28b3c310ba3052d3785b024ed3f3fafabf1393cf2d882b8bacca30d69adc024baede50d9b0bc2ffcd2bf5c6fef2fc290390162b563b8e846d7b615115818623113f01a1c216b9f588b65db63a459bcfce53020debb6de6e746ef2f9f1c8276ba8995e1bd02d3194e9875e1692ea0255743ba2175c4a804f57a4c19a2c7a4f8f36557878deba2d485aa67c2f36ccbb582f3c569e5d00fe8636857f30854abea6758389bcc832d0de97635ea41e42efa0b7c06fd4f84deeaebccfa8852e3c5582ade34fbe462b5244156d4545bd32377c65e3b0303879f8cc8f177056e39f99591dbaf1b2640f9b68c4cf3989fdd442cb1298d62ce43a21c56bc9556eb27431c04ed337fcd37c26387772677c25c7be21ee74d087c7b88457f30b34a493acb519295f38f4b9bc6764fcbd763d4f9e061d0fd8cb7800e2e0ec18d0fbfdbddc9af8d817b3cf16ce82c91f184f5c8184736203e1bcdb4b8c03a2176926cac0ba9fcf7e21604973d53ee3fc38263e80cea9b1cd9a5016d3e03141426a6802e0926485e8afff7cf8be9bdd2ce685128a7631314c4414a6ade6a85975c1b2958d9c52e455174ca71562eaf6102654466c66f5d3e251e6cae5efd91a88a2513f0587d80b9aafd1936b43beb4054bc35f1c42c0381618bbba181f0de8f4e7aa15f87bc7bb4609f88eadbb83bcc13f8caf7eca20a938c35378f8d3a810a7463d8a2487a157871a7402ab05b54bed456fb2d4c440976ccb4e724a20ba1941f3b3db4f8a185982bd719362b7e190052b5579835d1da2adcfdbec002fdb5f7b187fd365eb601432bf984ad6ee59e13aafba08485997587417b70f8cdf4f7370f04d94df49e135ed3012b87e50b93b27c78e1409f05a4bc0b75e6322068de9b0af459fdc40e3649fb2a7fb1296e00e7d48315705ecbb7815fedb45b8773309489e47aaa4009952604df5d6cd57ec310fc387ecdb296c11376715286df3d15f651310461e83c2ae6d407db6f81784b291e6c8f42907dd4c473cb72dedeb930668d6e5efd95bd1f69d9e818a744557689f7106d0d2a3c3e6f79c98559f9c31ca32307011fa3d70963cc2801babc9a23f73f5fa4bcd04285927f6ef7c5099a4620b85ca8dff2a56fe8aac89949dac74cf869739610d87068e3d32fdba1d5b7460b7857249091cb62b6d9f824ffb9b88a02ea4926da7b8b672ad08ec8c7508a3c5ba901e7c8c8a19e63bbc148a8bb307c6f5d87c736c9d6bcfaabdc7da7102a8bc466c6c11c0bf1973aaf9bc181f996b8aa726dc952dd26df33d6b2aa8de037308df7935ef3390e5939fd9cdf2044b40422197fac93f1762ad342d293162c109f39a369e48977af8ea32a7a098fd9cd7cd979b41a104b8359038cd6741a73968c72d09e9b9869d8dc5fc36b9bfdc89b8cffcede960561a9d1e4aa2453f712caecd2a4206947d3588190e3433bdb87a9241e08686dc78f00162f8239d660b74d42ae1d534ffc3a51fc308f98a5ac00f4da9bdcee4e6d0bf627d17366691a3ab8569b730ad31dcc5324c8835b19b65a11845a03434e10329c5feeeb1088b13a3bc3fe65c3eb6e549003d8d211b87823a44910b2a42e340dd2176a17a2e6ebb45cc59baa9a3bbfd74e6ee8d2c512a825292bdd7abe5ff7ede61b74376e5bc37faf8d69346fa32708df690b2d5b5f18727e4bdb899718e38dae959bb56d95ac153beb1426f3cca03105d5fed56e597822bfc31bb284a9848f1b6b9a1910ad2af8b76887cdd2b1de1f81cd542e0c889e89737d61f5e50ef964205a3b4c77c72271f83015e34989d60ef6d0d6c307902975d5dbe90a23ee1cde956cf70135c91a199d9f75500dc95604b9e7eb365ea858d90377601bad95e07a0f156ffc02778365315b67093aebe32a2a5f00ba8b0eae6fb0414eabe117fd590bc39e9208b4137977b5a8610462f2e83cff2b16edcb444b5d33035d0a80bcb1da228247cad6c11369c5026c5a8320d97cbac232b0ecc0b201552e0f41ab143040324217ad67e8606b34a3349e4ef0c34f9cf56d5b6d157c09b178b358491eb270093a99f522afa3aedaf5dc705fe1842b12515dfe1650dd92ab489bed299677eeff81da531569a3ad832ae273a0b47627561a35da92a6c1b161dbf496248f04feb5a407d99968d6ba0174f453d94708be5a57d82b980bd7751b4a9590dc7b4d38c912a8571ebc39150f7e52efad66cb6d3996710bc5a3e89576182a6a1e15d95dbd74c1ab791bee657547ffb645feb8566ed8db97003f1ff2312946a0404c8dfc0f0a240d8320795c83e66f1429eb56db9ba6e1cee43cbc9e95bd10ceccf1f2ff6b8264ed4e83928e0c5056ad07ba0dad0bb21bec76d7b6ee05a2f0bac88f17004e2e299ccb2679099cc838e25f78685509b69d3164c1fae4c538e683af818d223e8806f50da7504008173b9fc69eafb649dc4b516e4554edbe8c9a0ba46db39c962af343e9caada22d55e3d7ad01e5e5d7d146edfc3a93ce8afde8416b8e9a929b8d88909e11554f1b934a98be2d6e6e0ae2ff66f10be722958a0c0c3766f69d590fc56ed8ae47c289413d62310e8022369e8102d0407bfd30c103fb743c81360752a71f36be5a511c43ebdb493d96a7b2eb80494a028f6cc76a2d0eb0aa1f1392bb50a2ba71384f071473d0774e425dd2d212b537f8f654458e0a5d300780c3d29ddcabe9fdd95c14e6cbd924d1aad9eaa2e00d45278609ef27fdec8d81c9221d07b59370db0911550fdddc9ef3ba760109ba384b3ad7ba5747aa50e0b9832bf39cbf5244de38af8c273d497597be8d4e5575d13a580584436621bb5b7878d23991a6221381af19ef2be71e2c7dea6e5fc9dbe0039ccb02d13d978eebdd411727ee7faed65ca6c872bf9c37322ede378709e9f6a61a1b07c7ceeb94b7719d78a8a3d8221695ba"}]}], "4011c6ed3ec831c0a859df4fd6a1cf59a90c42b433580b288a28728fb104cc462f4e92a1a4d50c2d9d75ce8b5ae9b1d6e9a4a79cae905957835e850585441d5cb5c76b06ad60a5a9003ebacf0d40fb6c636fd81af39f9d170ef5af99cd3e3e7ff54f71ca5d83d2b122ebbbc1333a2c811bc4095b572ebbcb83561044b2794ae54b33e99f48eac0eb"}}}}}}, 0xfca) 05:18:33 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x11}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 05:18:33 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000005e00000000000000", 0x32) 05:18:33 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000004700000000000000", 0x32) 05:18:33 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:18:33 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x18, 0x0, &(0x7f0000000140)=[@acquire={0x40046304}, @clear_death], 0x0, 0x8126000, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r3, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x9, 0x125980) set_thread_area(0x0) pivot_root(0x0, 0x0) [ 2232.403297][T11761] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2232.415669][T11761] CPU: 1 PID: 11761 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2232.424581][T11761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2232.434666][T11761] Call Trace: [ 2232.437996][T11761] dump_stack+0x1fb/0x318 [ 2232.442491][T11761] dump_header+0xd8/0x960 [ 2232.446830][T11761] oom_kill_process+0xee/0x370 [ 2232.452096][T11761] out_of_memory+0x5dc/0x900 [ 2232.456879][T11761] try_charge+0x128f/0x18a0 [ 2232.461419][T11761] __memcg_kmem_charge_memcg+0x37/0x140 [ 2232.467227][T11761] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2232.472917][T11761] __memcg_kmem_charge+0x105/0x340 [ 2232.478099][T11761] __alloc_pages_nodemask+0x29a/0x5d0 [ 2232.483506][T11761] alloc_pages_current+0x2db/0x500 [ 2232.488796][T11761] __get_free_pages+0xc/0x30 [ 2232.493408][T11761] pgd_alloc+0x21/0x250 [ 2232.497751][T11761] mm_init+0x44f/0x6e0 [ 2232.501990][T11761] dup_mm+0x8a/0x340 [ 2232.506149][T11761] copy_process+0x2080/0x57b0 [ 2232.511084][T11761] ? debug_smp_processor_id+0x9/0x20 [ 2232.516407][T11761] _do_fork+0x13e/0x660 [ 2232.520698][T11761] ? check_preemption_disabled+0x44/0x260 [ 2232.526485][T11761] ? debug_smp_processor_id+0x9/0x20 [ 2232.531979][T11761] ? check_preemption_disabled+0x44/0x260 [ 2232.538318][T11761] ? debug_smp_processor_id+0x9/0x20 [ 2232.543751][T11761] ? check_preemption_disabled+0x44/0x260 [ 2232.549500][T11761] __x64_sys_clone+0x20b/0x250 [ 2232.554737][T11761] do_syscall_64+0xf7/0x1c0 [ 2232.559281][T11761] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2232.565372][T11761] RIP: 0033:0x45c479 [ 2232.569287][T11761] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2232.589075][T11761] RSP: 002b:00007fe0b78f1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2232.597787][T11761] RAX: ffffffffffffffda RBX: 00007fe0b78f26d4 RCX: 000000000045c479 [ 2232.605881][T11761] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 2232.613858][T11761] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2232.622297][T11761] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2232.630455][T11761] R13: 0000000000000074 R14: 00000000004c2d06 R15: 000000000076bf2c [ 2232.640436][T11761] memory: usage 307200kB, limit 307200kB, failcnt 16079 [ 2232.647594][T11761] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2232.654745][T11761] Memory cgroup stats for /syz4: [ 2232.654844][T11761] anon 118362112 [ 2232.654844][T11761] file 16384 [ 2232.654844][T11761] kernel_stack 28975104 [ 2232.654844][T11761] slab 52461568 [ 2232.654844][T11761] sock 0 [ 2232.654844][T11761] shmem 73728 [ 2232.654844][T11761] file_mapped 0 [ 2232.654844][T11761] file_dirty 0 [ 2232.654844][T11761] file_writeback 0 [ 2232.654844][T11761] anon_thp 0 [ 2232.654844][T11761] inactive_anon 786432 [ 2232.654844][T11761] active_anon 117719040 [ 2232.654844][T11761] inactive_file 98304 [ 2232.654844][T11761] active_file 0 [ 2232.654844][T11761] unevictable 0 [ 2232.654844][T11761] slab_reclaimable 7839744 [ 2232.654844][T11761] slab_unreclaimable 44621824 [ 2232.654844][T11761] pgfault 245124 [ 2232.654844][T11761] pgmajfault 0 [ 2232.654844][T11761] workingset_refault 3630 [ 2232.654844][T11761] workingset_activate 1749 [ 2232.654844][T11761] workingset_nodereclaim 0 [ 2232.654844][T11761] pgrefill 136036 [ 2232.654844][T11761] pgscan 153640 [ 2232.654844][T11761] pgsteal 20006 05:18:33 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000005f00000000000000", 0x32) [ 2232.754403][T11761] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=26750,uid=0 [ 2232.770828][T11761] Memory cgroup out of memory: Killed process 26750 (syz-executor.4) total-vm:74704kB, anon-rss:160kB, file-rss:35824kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 2232.790396][ T1143] oom_reaper: reaped process 26750 (syz-executor.4), now anon-rss:0kB, file-rss:34864kB, shmem-rss:0kB 05:18:33 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000884700000000000000", 0x32) [ 2232.834678][T11756] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2232.862244][T11756] CPU: 1 PID: 11756 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2232.871148][T11756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2232.881408][T11756] Call Trace: [ 2232.884730][T11756] dump_stack+0x1fb/0x318 [ 2232.889106][T11756] dump_header+0xd8/0x960 [ 2232.893487][T11756] oom_kill_process+0xee/0x370 [ 2232.898270][T11756] out_of_memory+0x5dc/0x900 [ 2232.903062][T11756] try_charge+0x128f/0x18a0 [ 2232.907642][T11756] mem_cgroup_try_charge+0x216/0x550 [ 2232.913023][T11756] mem_cgroup_try_charge_delay+0x25/0xa0 [ 2232.918836][T11756] do_anonymous_page+0x382/0x1640 [ 2232.924124][T11756] handle_mm_fault+0x1c17/0x2900 [ 2232.929332][T11756] do_user_addr_fault+0x588/0xaf0 [ 2232.934404][T11756] do_page_fault+0x13b/0x250 [ 2232.939172][T11756] page_fault+0x39/0x40 [ 2232.943450][T11756] RIP: 0033:0x413c6f [ 2232.947492][T11756] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 2232.967428][T11756] RSP: 002b:00007ffeb3531060 EFLAGS: 00010206 [ 2232.973528][T11756] RAX: 00007fe0b78b1000 RBX: 0000000000020000 RCX: 000000000045c4ca [ 2232.981628][T11756] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 2232.989751][T11756] RBP: 00007ffeb3531140 R08: ffffffffffffffff R09: 0000000000000000 [ 2232.997830][T11756] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffeb3531230 [ 2233.005817][T11756] R13: 00007fe0b78d1700 R14: 0000000000000001 R15: 000000000076bfcc 05:18:34 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x18, 0x0, &(0x7f0000000140)=[@acquire={0x40046304}, @clear_death], 0x0, 0x8126000, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r3, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x9, 0x125980) set_thread_area(0x0) pivot_root(0x0, 0x0) [ 2233.073694][T11756] memory: usage 306920kB, limit 307200kB, failcnt 16088 [ 2233.087948][T11756] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2233.109369][T11756] Memory cgroup stats for /syz4: [ 2233.111566][T11756] anon 118222848 [ 2233.111566][T11756] file 16384 [ 2233.111566][T11756] kernel_stack 28975104 [ 2233.111566][T11756] slab 52461568 [ 2233.111566][T11756] sock 0 [ 2233.111566][T11756] shmem 73728 [ 2233.111566][T11756] file_mapped 0 [ 2233.111566][T11756] file_dirty 0 [ 2233.111566][T11756] file_writeback 0 [ 2233.111566][T11756] anon_thp 0 [ 2233.111566][T11756] inactive_anon 786432 [ 2233.111566][T11756] active_anon 117583872 [ 2233.111566][T11756] inactive_file 98304 [ 2233.111566][T11756] active_file 0 [ 2233.111566][T11756] unevictable 0 [ 2233.111566][T11756] slab_reclaimable 7839744 [ 2233.111566][T11756] slab_unreclaimable 44621824 [ 2233.111566][T11756] pgfault 245124 [ 2233.111566][T11756] pgmajfault 0 [ 2233.111566][T11756] workingset_refault 3630 [ 2233.111566][T11756] workingset_activate 1749 [ 2233.111566][T11756] workingset_nodereclaim 0 [ 2233.111566][T11756] pgrefill 136069 [ 2233.111566][T11756] pgscan 153706 [ 2233.111566][T11756] pgsteal 20006 [ 2233.210246][T11756] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=25875,uid=0 [ 2233.255379][T11756] Memory cgroup out of memory: Killed process 25875 (syz-executor.4) total-vm:74704kB, anon-rss:160kB, file-rss:35824kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 05:18:34 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:18:34 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x18, 0x0, &(0x7f0000000140)=[@acquire={0x40046304}, @clear_death], 0x0, 0x8126000, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r3, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x9, 0x125980) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:18:34 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000006000000000000000", 0x32) [ 2233.766587][T11799] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2233.815769][T11799] CPU: 0 PID: 11799 Comm: syz-executor.1 Not tainted 5.6.0-rc3-syzkaller #0 [ 2233.824632][T11799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2233.834910][T11799] Call Trace: [ 2233.838234][T11799] dump_stack+0x1fb/0x318 [ 2233.842839][T11799] dump_header+0xd8/0x960 [ 2233.847203][T11799] oom_kill_process+0xee/0x370 [ 2233.852255][T11799] out_of_memory+0x5dc/0x900 [ 2233.856875][T11799] try_charge+0x128f/0x18a0 [ 2233.861709][T11799] mem_cgroup_try_charge+0x216/0x550 [ 2233.867220][T11799] mem_cgroup_try_charge_delay+0x25/0xa0 [ 2233.874077][T11799] wp_page_copy+0x35f/0x1c50 [ 2233.878899][T11799] do_wp_page+0x5e4/0x16d0 [ 2233.883524][T11799] ? __kasan_check_write+0x14/0x20 [ 2233.888742][T11799] ? do_raw_spin_lock+0x103/0x7b0 [ 2233.894081][T11799] ? handle_mm_fault+0x235a/0x2900 [ 2233.899313][T11799] handle_mm_fault+0x241f/0x2900 [ 2233.904536][T11799] do_user_addr_fault+0x588/0xaf0 [ 2233.909620][T11799] do_page_fault+0x13b/0x250 [ 2233.914684][T11799] page_fault+0x39/0x40 [ 2233.920079][T11799] RIP: 0033:0x40f46e [ 2233.924187][T11799] Code: 74 28 41 8b 07 85 c0 0f 85 f0 00 00 00 41 83 c6 01 48 81 c5 a0 00 00 00 41 83 fe 10 75 d7 bf b4 1e 4c 00 31 c0 e8 52 29 ff ff 45 f8 01 44 89 75 f4 48 89 ef c6 45 15 00 c7 45 fc 00 00 00 00 [ 2233.944600][T11799] RSP: 002b:00007ffc28d10cc0 EFLAGS: 00010246 [ 2233.951647][T11799] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 00007ffc28d10d78 [ 2233.959825][T11799] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000000 [ 2233.967962][T11799] RBP: 000000000076bf2c R08: 00007ffc28d10d80 R09: 0000000000770088 [ 2233.976223][T11799] R10: 000000000043c350 R11: 000000000000000f R12: 000000000076bf20 [ 2233.984408][T11799] R13: 0000000000000003 R14: 0000000000000000 R15: 000000000076bf2c [ 2234.059298][T11799] memory: usage 307168kB, limit 307200kB, failcnt 11923 [ 2234.073044][T11799] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2234.085480][T11799] Memory cgroup stats for /syz1: [ 2234.085603][T11799] anon 117338112 [ 2234.085603][T11799] file 122880 [ 2234.085603][T11799] kernel_stack 28311552 [ 2234.085603][T11799] slab 54505472 [ 2234.085603][T11799] sock 131072 [ 2234.085603][T11799] shmem 0 [ 2234.085603][T11799] file_mapped 135168 [ 2234.085603][T11799] file_dirty 0 [ 2234.085603][T11799] file_writeback 0 [ 2234.085603][T11799] anon_thp 0 [ 2234.085603][T11799] inactive_anon 516096 [ 2234.085603][T11799] active_anon 116936704 [ 2234.085603][T11799] inactive_file 4096 [ 2234.085603][T11799] active_file 0 [ 2234.085603][T11799] unevictable 0 [ 2234.085603][T11799] slab_reclaimable 10137600 [ 2234.085603][T11799] slab_unreclaimable 44367872 [ 2234.085603][T11799] pgfault 236709 [ 2234.085603][T11799] pgmajfault 0 [ 2234.085603][T11799] workingset_refault 1980 [ 2234.085603][T11799] workingset_activate 495 [ 2234.085603][T11799] workingset_nodereclaim 0 [ 2234.085603][T11799] pgrefill 97785 [ 2234.085603][T11799] pgscan 99192 [ 2234.085603][T11799] pgsteal 3394 [ 2234.203325][T11799] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=20659,uid=0 [ 2234.219886][T11799] Memory cgroup out of memory: Killed process 20659 (syz-executor.1) total-vm:74836kB, anon-rss:164kB, file-rss:35804kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2234.239465][ T1143] oom_reaper: reaped process 20659 (syz-executor.1), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 05:18:35 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @remote}}) write$tun(r0, &(0x7f00000021c0)={@void, @val={0x9}, @mpls={[], @ipv6=@icmpv6={0x0, 0x6, "9eef7b", 0xf98, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x3, 0x0, 0x0, 0x0, {0x0, 0x6, "6595c3", 0x0, 0x0, 0x0, @mcast2, @loopback, [@dstopts={0x11, 0x13, [0x0, 0x0, 0x0, 0x0, 0x28], [@padn={0x1, 0x1, [0x0]}, @enc_lim, @ra, @calipso={0x7, 0x30, {0x0, 0xa, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}}, @calipso={0x7, 0x40, {0x0, 0xe, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, @hao={0xc9, 0x10, @mcast2}, @jumbo, @pad1]}, @srh={0x2, 0xc, 0x4, 0x6, 0x0, 0x0, 0x0, [@loopback, @loopback, @remote, @mcast2, @local, @mcast2]}, @hopopts={0x0, 0x1b8, [], [@ra, @generic={0x0, 0xdbb, "0cad4f4a7eeb53720a5107b6d8001a2f2241086745756559ca43dcc86c24645dd1ca87e3caf5413013c6baee7f151d411bad8f23a85fadfe0f959c12d3393193f4499171ba7b0fdee3a48548863719a05490befc514e21c91ea0c4bcc0e488e1cec20d2c2a5a69ce3dd47d41718560907c58078035d2a51850b0d85282b4a9ab5626b195d85d2727ed7047b647859a72011ff3fa524341909f841651f63701526c6a7e741f3bded9c25d978a77f334d12931fdd5484306ec3d6b268311f46917b7e42efa149511bafa5415d17ac02ab8937249a68b2e3fddb941b0040ced142c2afedcbec1039d40f4923ea3d4475ac561a6a0e869569dd13e736bf127eacb110f8d010329fccadf8e48b27819c823ca0f507f87b3d63ef1869cba2fe3deb0ad1dbaa1a343ab0a856f3e248c6af4ddbfc11824031ce2beeae0991b79382da8b02e0d25715845fc86df5a6279d54d675789e58df953992123c28c532058750c5978a819ddaadbcbe1d7fc264cb688b91668e116227771f36e2a8eb8b7bc364dbda1b3225c6bf9d82ae1e69fe54b17ff692f8b47718b508b8a4e10735bcb55f90616e50d6ba8851388d0f1b39957374ddc9efb243ac2a2bc436e867f3e1499e62d9d158ac22d4d0350b45d1ff2db14ff9507defa68bd37bc5a2e4f7988329171dd59db16a044b748fb6e05e3ca8f863b2ddd8623495f0c3d183e1b610263f17d7629921562a42a3c45a515a30a2c3edc574dff264f881f61393447a1fd773a20e494ac3afc0df59da758af735fbd5e6ad689e95675e29c15617764084f5b6f4732435f63ccb423df6442ad322600e21be45296fd27ca9e08ee7f442a688a32817404d9300ce4a70c2b75ca422b2173a52e9a800f5e520f349525b4c493701ae68ae0efc5e117b9a20735e47c37ccd977686b30d6cabb18f8e7c07ef9721f7daaf4b2c1fd02ec9a2e6e2fd458fa93e4f54d96d5e25ebaca4f322994ae737ee0181b9fac284e952b71fa18ecc7f1c3752a6385a596c094d36654008db0a2a785bf55bcb973d3c5e45ea9ca7506c10ecc0472fd4dd568e38548e87f8557d90290d8a8985cfa43853de5ff75d5a6d8f697c2a6a727675ea5aa1779b1cc98b4ff9556933c7bfa3ae59ada5c8d49191cbea2f2b457dd53c62a4dd257e808b3804cd18a95d566a818797fdc09f4b607dc97b634a9d9e447cc2252f51dd8ad9f5a10ccf32b7154992623957d963731bc4331adfc90c48361e4e2239892c82ff9260ad221c2e83c2352095d95a3d44a402e874edaa8a304f2e1c3d6a383a0515eb5657589a67691a22f10b89fd74123f7cec086d434da40ba509b0dbdf1fa82f4b16f9f3e6df6b0b28c3a85ab272e50e064fc37f681fcb5cfa0c0899a9b88d0a483281032cb16a80202b96cfe473ba073fcb9a6eeeee0032afe23506facba3ed1d11608d21a580ab87eeef70d18d9331eae104f6d77a4bc96bce642815485f513bb71ddc560bc31e995aba9faccd7d1bf74c8fe2b5d7137e3b771a2f408ac06d24bad2f7f4c8f6d7d977d7248415ccbd3420688ff681cf9b00724b6981b2555b86bce142c5d3bef47ebf75e989b337cb8cb98ed24402a98a4224685ceb2ded92f347e5192903dff7f6ed980cbf1413b8eb68474a9abac3fb206ef1ebe0d08dd999c9ecf811d0706d0a705a23ae530d3775e978159dc3c73b86dcd18a61e1c6c8b810041fbd80e0a4c9ff8a73933bb3dae152514ced9ee050e059c6f1bd0dbf2e3517ee3c2d770c296e6596290cf800508715da0799efced72be1ab153bec534129279639ba1afde05179952bf9e80133865b60c5669ef3b6972483e2936ac87a69c8e296a0c24cc0b2ce8583c99414ce7d7309c404b0652f27e6911fdfb59877366fa8754e716e50aa99cd04cbf7eb2c8e118b1a17d9965d6611dc65ac8c6b3a4d5d3df3097c4163c354509b50df0cc2daf0291bbd384a34dec960fd84a67cb30b761ee8161bb25d389bd20e15bfcf7f5edd77005e96e90c5a9bbacd7b3f9f5bbdb880f0a7e1254572b86cb28b3c310ba3052d3785b024ed3f3fafabf1393cf2d882b8bacca30d69adc024baede50d9b0bc2ffcd2bf5c6fef2fc290390162b563b8e846d7b615115818623113f01a1c216b9f588b65db63a459bcfce53020debb6de6e746ef2f9f1c8276ba8995e1bd02d3194e9875e1692ea0255743ba2175c4a804f57a4c19a2c7a4f8f36557878deba2d485aa67c2f36ccbb582f3c569e5d00fe8636857f30854abea6758389bcc832d0de97635ea41e42efa0b7c06fd4f84deeaebccfa8852e3c5582ade34fbe462b5244156d4545bd32377c65e3b0303879f8cc8f177056e39f99591dbaf1b2640f9b68c4cf3989fdd442cb1298d62ce43a21c56bc9556eb27431c04ed337fcd37c26387772677c25c7be21ee74d087c7b88457f30b34a493acb519295f38f4b9bc6764fcbd763d4f9e061d0fd8cb7800e2e0ec18d0fbfdbddc9af8d817b3cf16ce82c91f184f5c8184736203e1bcdb4b8c03a2176926cac0ba9fcf7e21604973d53ee3fc38263e80cea9b1cd9a5016d3e03141426a6802e0926485e8afff7cf8be9bdd2ce685128a7631314c4414a6ade6a85975c1b2958d9c52e455174ca71562eaf6102654466c66f5d3e251e6cae5efd91a88a2513f0587d80b9aafd1936b43beb4054bc35f1c42c0381618bbba181f0de8f4e7aa15f87bc7bb4609f88eadbb83bcc13f8caf7eca20a938c35378f8d3a810a7463d8a2487a157871a7402ab05b54bed456fb2d4c440976ccb4e724a20ba1941f3b3db4f8a185982bd719362b7e190052b5579835d1da2adcfdbec002fdb5f7b187fd365eb601432bf984ad6ee59e13aafba08485997587417b70f8cdf4f7370f04d94df49e135ed3012b87e50b93b27c78e1409f05a4bc0b75e6322068de9b0af459fdc40e3649fb2a7fb1296e00e7d48315705ecbb7815fedb45b8773309489e47aaa4009952604df5d6cd57ec310fc387ecdb296c11376715286df3d15f651310461e83c2ae6d407db6f81784b291e6c8f42907dd4c473cb72dedeb930668d6e5efd95bd1f69d9e818a744557689f7106d0d2a3c3e6f79c98559f9c31ca32307011fa3d70963cc2801babc9a23f73f5fa4bcd04285927f6ef7c5099a4620b85ca8dff2a56fe8aac89949dac74cf869739610d87068e3d32fdba1d5b7460b7857249091cb62b6d9f824ffb9b88a02ea4926da7b8b672ad08ec8c7508a3c5ba901e7c8c8a19e63bbc148a8bb307c6f5d87c736c9d6bcfaabdc7da7102a8bc466c6c11c0bf1973aaf9bc181f996b8aa726dc952dd26df33d6b2aa8de037308df7935ef3390e5939fd9cdf2044b40422197fac93f1762ad342d293162c109f39a369e48977af8ea32a7a098fd9cd7cd979b41a104b8359038cd6741a73968c72d09e9b9869d8dc5fc36b9bfdc89b8cffcede960561a9d1e4aa2453f712caecd2a4206947d3588190e3433bdb87a9241e08686dc78f00162f8239d660b74d42ae1d534ffc3a51fc308f98a5ac00f4da9bdcee4e6d0bf627d17366691a3ab8569b730ad31dcc5324c8835b19b65a11845a03434e10329c5feeeb1088b13a3bc3fe65c3eb6e549003d8d211b87823a44910b2a42e340dd2176a17a2e6ebb45cc59baa9a3bbfd74e6ee8d2c512a825292bdd7abe5ff7ede61b74376e5bc37faf8d69346fa32708df690b2d5b5f18727e4bdb899718e38dae959bb56d95ac153beb1426f3cca03105d5fed56e597822bfc31bb284a9848f1b6b9a1910ad2af8b76887cdd2b1de1f81cd542e0c889e89737d61f5e50ef964205a3b4c77c72271f83015e34989d60ef6d0d6c307902975d5dbe90a23ee1cde956cf70135c91a199d9f75500dc95604b9e7eb365ea858d90377601bad95e07a0f156ffc02778365315b67093aebe32a2a5f00ba8b0eae6fb0414eabe117fd590bc39e9208b4137977b5a8610462f2e83cff2b16edcb444b5d33035d0a80bcb1da228247cad6c11369c5026c5a8320d97cbac232b0ecc0b201552e0f41ab143040324217ad67e8606b34a3349e4ef0c34f9cf56d5b6d157c09b178b358491eb270093a99f522afa3aedaf5dc705fe1842b12515dfe1650dd92ab489bed299677eeff81da531569a3ad832ae273a0b47627561a35da92a6c1b161dbf496248f04feb5a407d99968d6ba0174f453d94708be5a57d82b980bd7751b4a9590dc7b4d38c912a8571ebc39150f7e52efad66cb6d3996710bc5a3e89576182a6a1e15d95dbd74c1ab791bee657547ffb645feb8566ed8db97003f1ff2312946a0404c8dfc0f0a240d8320795c83e66f1429eb56db9ba6e1cee43cbc9e95bd10ceccf1f2ff6b8264ed4e83928e0c5056ad07ba0dad0bb21bec76d7b6ee05a2f0bac88f17004e2e299ccb2679099cc838e25f78685509b69d3164c1fae4c538e683af818d223e8806f50da7504008173b9fc69eafb649dc4b516e4554edbe8c9a0ba46db39c962af343e9caada22d55e3d7ad01e5e5d7d146edfc3a93ce8afde8416b8e9a929b8d88909e11554f1b934a98be2d6e6e0ae2ff66f10be722958a0c0c3766f69d590fc56ed8ae47c289413d62310e8022369e8102d0407bfd30c103fb743c81360752a71f36be5a511c43ebdb493d96a7b2eb80494a028f6cc76a2d0eb0aa1f1392bb50a2ba71384f071473d0774e425dd2d212b537f8f654458e0a5d300780c3d29ddcabe9fdd95c14e6cbd924d1aad9eaa2e00d45278609ef27fdec8d81c9221d07b59370db0911550fdddc9ef3ba760109ba384b3ad7ba5747aa50e0b9832bf39cbf5244de38af8c273d497597be8d4e5575d13a580584436621bb5b7878d23991a6221381af19ef2be71e2c7dea6e5fc9dbe0039ccb02d13d978eebdd411727ee7faed65ca6c872bf9c37322ede378709e9f6a61a1b07c7ceeb94b7719d78a8a3d8221695ba"}]}], "4011c6ed3ec831c0a859df4fd6a1cf59a90c42b433580b288a28728fb104cc462f4e92a1a4d50c2d9d75ce8b5ae9b1d6e9a4a79cae905957835e850585441d5cb5c76b06ad60a5a9003ebacf0d40fb6c636fd81af39f9d170ef5af99cd3e3e7ff54f71ca5d83d2b122ebbbc1333a2c811bc4095b572ebbcb83561044b2794ae54b33e99f48eac0eb"}}}}}}, 0xfca) 05:18:35 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000004800000000000000", 0x32) 05:18:35 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000006100000000000000", 0x32) 05:18:35 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:18:35 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x12}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 05:18:35 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x18, 0x0, &(0x7f0000000140)=[@acquire={0x40046304}, @clear_death], 0x0, 0x8126000, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r3, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x9, 0x125980) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:18:35 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000884800000000000000", 0x32) 05:18:35 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000006200000000000000", 0x32) [ 2234.565802][T11809] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2234.589773][T11821] ref_ctr_offset mismatch. inode: 0x4803 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfffffff6 [ 2234.668264][T11809] CPU: 0 PID: 11809 Comm: syz-executor.1 Not tainted 5.6.0-rc3-syzkaller #0 [ 2234.677295][T11809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2234.688339][T11809] Call Trace: [ 2234.691905][T11809] dump_stack+0x1fb/0x318 [ 2234.696292][T11809] dump_header+0xd8/0x960 [ 2234.700756][T11809] oom_kill_process+0xee/0x370 [ 2234.705790][T11809] out_of_memory+0x5dc/0x900 [ 2234.710691][T11809] try_charge+0x128f/0x18a0 [ 2234.715459][T11809] __memcg_kmem_charge_memcg+0x37/0x140 [ 2234.721033][T11809] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2234.727752][T11809] __memcg_kmem_charge+0x105/0x340 [ 2234.733091][T11809] dup_task_struct+0x244/0x7d0 [ 2234.737891][T11809] copy_process+0x552/0x57b0 [ 2234.742511][T11809] ? debug_smp_processor_id+0x9/0x20 [ 2234.748140][T11809] ? check_preemption_disabled+0x44/0x260 [ 2234.754511][T11809] ? debug_smp_processor_id+0x9/0x20 [ 2234.759847][T11809] _do_fork+0x13e/0x660 [ 2234.764038][T11809] ? check_preemption_disabled+0x44/0x260 [ 2234.769767][T11809] ? debug_smp_processor_id+0x9/0x20 [ 2234.775056][T11809] ? check_preemption_disabled+0x44/0x260 [ 2234.781265][T11809] ? debug_smp_processor_id+0x9/0x20 [ 2234.786716][T11809] ? check_preemption_disabled+0x44/0x260 [ 2234.792718][T11809] __x64_sys_clone+0x20b/0x250 [ 2234.797509][T11809] do_syscall_64+0xf7/0x1c0 [ 2234.802017][T11809] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2234.807984][T11809] RIP: 0033:0x45ee49 [ 2234.812273][T11809] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2234.832886][T11809] RSP: 002b:00007ffc28d10b88 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2234.841478][T11809] RAX: ffffffffffffffda RBX: 00007fea86baa700 RCX: 000000000045ee49 [ 2234.849479][T11809] RDX: 00007fea86baa9d0 RSI: 00007fea86ba9db0 RDI: 00000000003d0f00 [ 2234.857856][T11809] RBP: 00007ffc28d10da0 R08: 00007fea86baa700 R09: 00007fea86baa700 [ 2234.865971][T11809] R10: 00007fea86baa9d0 R11: 0000000000000202 R12: 0000000000000000 [ 2234.874084][T11809] R13: 00007ffc28d10c3f R14: 00007fea86baa9c0 R15: 000000000076bf2c [ 2234.909778][T11809] memory: usage 307200kB, limit 307200kB, failcnt 11956 [ 2234.917602][T11809] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2234.939036][T11809] Memory cgroup stats for /syz1: [ 2234.939205][T11809] anon 117473280 [ 2234.939205][T11809] file 122880 [ 2234.939205][T11809] kernel_stack 28311552 [ 2234.939205][T11809] slab 54505472 [ 2234.939205][T11809] sock 131072 [ 2234.939205][T11809] shmem 0 [ 2234.939205][T11809] file_mapped 135168 [ 2234.939205][T11809] file_dirty 0 [ 2234.939205][T11809] file_writeback 0 [ 2234.939205][T11809] anon_thp 0 [ 2234.939205][T11809] inactive_anon 516096 [ 2234.939205][T11809] active_anon 117071872 [ 2234.939205][T11809] inactive_file 4096 [ 2234.939205][T11809] active_file 0 [ 2234.939205][T11809] unevictable 0 [ 2234.939205][T11809] slab_reclaimable 10137600 [ 2234.939205][T11809] slab_unreclaimable 44367872 [ 2234.939205][T11809] pgfault 236808 [ 2234.939205][T11809] pgmajfault 0 [ 2234.939205][T11809] workingset_refault 1980 [ 2234.939205][T11809] workingset_activate 495 [ 2234.939205][T11809] workingset_nodereclaim 0 [ 2234.939205][T11809] pgrefill 97983 [ 2234.939205][T11809] pgscan 99392 [ 2234.939205][T11809] pgsteal 3394 [ 2235.069459][T11809] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=20572,uid=0 [ 2235.098701][T11809] Memory cgroup out of memory: Killed process 20572 (syz-executor.1) total-vm:74836kB, anon-rss:164kB, file-rss:35804kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2235.270728][T11822] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2235.281287][T11822] CPU: 1 PID: 11822 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2235.290413][T11822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2235.300661][T11822] Call Trace: [ 2235.304246][T11822] dump_stack+0x1fb/0x318 [ 2235.308731][T11822] dump_header+0xd8/0x960 [ 2235.313990][T11822] oom_kill_process+0xee/0x370 [ 2235.318792][T11822] out_of_memory+0x5dc/0x900 [ 2235.323428][T11822] try_charge+0x128f/0x18a0 [ 2235.328136][T11822] __memcg_kmem_charge_memcg+0x37/0x140 [ 2235.333829][T11822] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2235.339567][T11822] __memcg_kmem_charge+0x105/0x340 [ 2235.344714][T11822] dup_task_struct+0x244/0x7d0 [ 2235.349745][T11822] copy_process+0x552/0x57b0 [ 2235.354502][T11822] ? check_preemption_disabled+0x44/0x260 [ 2235.360478][T11822] ? debug_smp_processor_id+0x9/0x20 [ 2235.365988][T11822] _do_fork+0x13e/0x660 [ 2235.370657][T11822] ? check_preemption_disabled+0x44/0x260 [ 2235.376422][T11822] ? debug_smp_processor_id+0x9/0x20 [ 2235.383913][T11822] ? check_preemption_disabled+0x44/0x260 [ 2235.389659][T11822] ? debug_smp_processor_id+0x9/0x20 [ 2235.395213][T11822] ? check_preemption_disabled+0x44/0x260 [ 2235.400964][T11822] __x64_sys_clone+0x20b/0x250 [ 2235.405994][T11822] do_syscall_64+0xf7/0x1c0 [ 2235.410534][T11822] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2235.416549][T11822] RIP: 0033:0x45c479 [ 2235.420578][T11822] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2235.441180][T11822] RSP: 002b:00007fe0b78f1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2235.449819][T11822] RAX: ffffffffffffffda RBX: 00007fe0b78f26d4 RCX: 000000000045c479 [ 2235.457968][T11822] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 05:18:36 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000004900000000000000", 0x32) 05:18:36 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000006300000000000000", 0x32) [ 2235.466102][T11822] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2235.474253][T11822] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2235.482347][T11822] R13: 0000000000000074 R14: 00000000004c2d06 R15: 000000000076bf2c [ 2235.490756][T11822] memory: usage 307200kB, limit 307200kB, failcnt 16140 [ 2235.497890][T11822] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2235.504962][T11822] Memory cgroup stats for /syz4: [ 2235.505055][T11822] anon 118358016 [ 2235.505055][T11822] file 16384 [ 2235.505055][T11822] kernel_stack 28938240 [ 2235.505055][T11822] slab 52596736 [ 2235.505055][T11822] sock 0 [ 2235.505055][T11822] shmem 73728 [ 2235.505055][T11822] file_mapped 0 [ 2235.505055][T11822] file_dirty 0 [ 2235.505055][T11822] file_writeback 0 [ 2235.505055][T11822] anon_thp 0 [ 2235.505055][T11822] inactive_anon 786432 [ 2235.505055][T11822] active_anon 117583872 [ 2235.505055][T11822] inactive_file 98304 [ 2235.505055][T11822] active_file 0 [ 2235.505055][T11822] unevictable 0 [ 2235.505055][T11822] slab_reclaimable 7839744 [ 2235.505055][T11822] slab_unreclaimable 44756992 [ 2235.505055][T11822] pgfault 245322 [ 2235.505055][T11822] pgmajfault 0 [ 2235.505055][T11822] workingset_refault 3696 [ 2235.505055][T11822] workingset_activate 1749 [ 2235.505055][T11822] workingset_nodereclaim 0 [ 2235.505055][T11822] pgrefill 136401 [ 2235.505055][T11822] pgscan 154038 [ 2235.505055][T11822] pgsteal 20039 [ 2235.602456][T11822] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=23365,uid=0 [ 2235.619107][T11822] Memory cgroup out of memory: Killed process 23365 (syz-executor.4) total-vm:74704kB, anon-rss:160kB, file-rss:35824kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 2235.643686][ T1143] oom_reaper: reaped process 23365 (syz-executor.4), now anon-rss:0kB, file-rss:34864kB, shmem-rss:0kB [ 2235.681295][T11822] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2235.693847][T11822] CPU: 1 PID: 11822 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2235.702537][T11822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2235.712609][T11822] Call Trace: [ 2235.715927][T11822] dump_stack+0x1fb/0x318 [ 2235.720294][T11822] dump_header+0xd8/0x960 [ 2235.724659][T11822] oom_kill_process+0xee/0x370 05:18:36 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000004a00000000000000", 0x32) 05:18:36 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000006400000000000000", 0x32) [ 2235.729615][T11822] out_of_memory+0x5dc/0x900 [ 2235.734247][T11822] try_charge+0x128f/0x18a0 [ 2235.738986][T11822] __memcg_kmem_charge_memcg+0x37/0x140 [ 2235.744688][T11822] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2235.750269][T11822] __memcg_kmem_charge+0x105/0x340 [ 2235.755412][T11822] __alloc_pages_nodemask+0x29a/0x5d0 [ 2235.760933][T11822] alloc_pages_current+0x2db/0x500 [ 2235.766096][T11822] pte_alloc_one+0x1f/0x180 [ 2235.770726][T11822] __pte_alloc+0x20/0x2f0 [ 2235.775165][T11822] copy_page_range+0x2434/0x2950 [ 2235.780160][T11822] ? init_admin_reserve+0xc0/0xc0 [ 2235.785716][T11822] dup_mmap+0x9f1/0xdf0 [ 2235.790105][T11822] dup_mm+0x9e/0x340 [ 2235.794122][T11822] copy_process+0x2080/0x57b0 [ 2235.798893][T11822] ? debug_smp_processor_id+0x9/0x20 [ 2235.804385][T11822] _do_fork+0x13e/0x660 [ 2235.808572][T11822] ? check_preemption_disabled+0x44/0x260 [ 2235.814440][T11822] ? debug_smp_processor_id+0x9/0x20 [ 2235.819756][T11822] ? check_preemption_disabled+0x44/0x260 [ 2235.825636][T11822] ? debug_smp_processor_id+0x9/0x20 [ 2235.830945][T11822] ? check_preemption_disabled+0x44/0x260 [ 2235.836925][T11822] __x64_sys_clone+0x20b/0x250 [ 2235.841727][T11822] do_syscall_64+0xf7/0x1c0 [ 2235.846307][T11822] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2235.853639][T11822] RIP: 0033:0x45c479 [ 2235.857555][T11822] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2235.878798][T11822] RSP: 002b:00007fe0b78f1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2235.887386][T11822] RAX: ffffffffffffffda RBX: 00007fe0b78f26d4 RCX: 000000000045c479 [ 2235.895458][T11822] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 2235.903439][T11822] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2235.911985][T11822] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2235.920165][T11822] R13: 0000000000000074 R14: 00000000004c2d06 R15: 000000000076bf2c [ 2235.928870][T11822] memory: usage 307044kB, limit 307200kB, failcnt 16181 [ 2235.935950][T11822] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2235.943000][T11822] Memory cgroup stats for /syz4: [ 2235.943113][T11822] anon 118358016 [ 2235.943113][T11822] file 16384 [ 2235.943113][T11822] kernel_stack 28975104 [ 2235.943113][T11822] slab 52596736 [ 2235.943113][T11822] sock 0 [ 2235.943113][T11822] shmem 73728 [ 2235.943113][T11822] file_mapped 0 [ 2235.943113][T11822] file_dirty 0 [ 2235.943113][T11822] file_writeback 0 [ 2235.943113][T11822] anon_thp 0 [ 2235.943113][T11822] inactive_anon 786432 [ 2235.943113][T11822] active_anon 117583872 [ 2235.943113][T11822] inactive_file 98304 [ 2235.943113][T11822] active_file 0 [ 2235.943113][T11822] unevictable 0 [ 2235.943113][T11822] slab_reclaimable 7839744 [ 2235.943113][T11822] slab_unreclaimable 44756992 [ 2235.943113][T11822] pgfault 245322 [ 2235.943113][T11822] pgmajfault 0 [ 2235.943113][T11822] workingset_refault 3696 [ 2235.943113][T11822] workingset_activate 1749 [ 2235.943113][T11822] workingset_nodereclaim 0 [ 2235.943113][T11822] pgrefill 136633 [ 2235.943113][T11822] pgscan 154236 [ 2235.943113][T11822] pgsteal 20039 [ 2236.040317][T11822] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=19500,uid=0 [ 2236.056852][T11822] Memory cgroup out of memory: Killed process 19500 (syz-executor.4) total-vm:74836kB, anon-rss:168kB, file-rss:35816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 2236.078594][ T1143] oom_reaper: reaped process 19500 (syz-executor.4), now anon-rss:0kB, file-rss:34856kB, shmem-rss:0kB 05:18:37 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @remote}}) write$tun(r0, &(0x7f00000021c0)={@void, @val={0x9}, @mpls={[], @ipv6=@icmpv6={0x0, 0x6, "9eef7b", 0xf98, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x3, 0x0, 0x0, 0x0, {0x0, 0x6, "6595c3", 0x0, 0x0, 0x0, @mcast2, @loopback, [@dstopts={0x11, 0x13, [0x0, 0x0, 0x0, 0x0, 0x2b], [@padn={0x1, 0x1, [0x0]}, @enc_lim, @ra, @calipso={0x7, 0x30, {0x0, 0xa, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}}, @calipso={0x7, 0x40, {0x0, 0xe, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, @hao={0xc9, 0x10, @mcast2}, @jumbo, @pad1]}, @srh={0x2, 0xc, 0x4, 0x6, 0x0, 0x0, 0x0, [@loopback, @loopback, @remote, @mcast2, @local, @mcast2]}, @hopopts={0x0, 0x1b8, [], [@ra, @generic={0x0, 0xdbb, "0cad4f4a7eeb53720a5107b6d8001a2f2241086745756559ca43dcc86c24645dd1ca87e3caf5413013c6baee7f151d411bad8f23a85fadfe0f959c12d3393193f4499171ba7b0fdee3a48548863719a05490befc514e21c91ea0c4bcc0e488e1cec20d2c2a5a69ce3dd47d41718560907c58078035d2a51850b0d85282b4a9ab5626b195d85d2727ed7047b647859a72011ff3fa524341909f841651f63701526c6a7e741f3bded9c25d978a77f334d12931fdd5484306ec3d6b268311f46917b7e42efa149511bafa5415d17ac02ab8937249a68b2e3fddb941b0040ced142c2afedcbec1039d40f4923ea3d4475ac561a6a0e869569dd13e736bf127eacb110f8d010329fccadf8e48b27819c823ca0f507f87b3d63ef1869cba2fe3deb0ad1dbaa1a343ab0a856f3e248c6af4ddbfc11824031ce2beeae0991b79382da8b02e0d25715845fc86df5a6279d54d675789e58df953992123c28c532058750c5978a819ddaadbcbe1d7fc264cb688b91668e116227771f36e2a8eb8b7bc364dbda1b3225c6bf9d82ae1e69fe54b17ff692f8b47718b508b8a4e10735bcb55f90616e50d6ba8851388d0f1b39957374ddc9efb243ac2a2bc436e867f3e1499e62d9d158ac22d4d0350b45d1ff2db14ff9507defa68bd37bc5a2e4f7988329171dd59db16a044b748fb6e05e3ca8f863b2ddd8623495f0c3d183e1b610263f17d7629921562a42a3c45a515a30a2c3edc574dff264f881f61393447a1fd773a20e494ac3afc0df59da758af735fbd5e6ad689e95675e29c15617764084f5b6f4732435f63ccb423df6442ad322600e21be45296fd27ca9e08ee7f442a688a32817404d9300ce4a70c2b75ca422b2173a52e9a800f5e520f349525b4c493701ae68ae0efc5e117b9a20735e47c37ccd977686b30d6cabb18f8e7c07ef9721f7daaf4b2c1fd02ec9a2e6e2fd458fa93e4f54d96d5e25ebaca4f322994ae737ee0181b9fac284e952b71fa18ecc7f1c3752a6385a596c094d36654008db0a2a785bf55bcb973d3c5e45ea9ca7506c10ecc0472fd4dd568e38548e87f8557d90290d8a8985cfa43853de5ff75d5a6d8f697c2a6a727675ea5aa1779b1cc98b4ff9556933c7bfa3ae59ada5c8d49191cbea2f2b457dd53c62a4dd257e808b3804cd18a95d566a818797fdc09f4b607dc97b634a9d9e447cc2252f51dd8ad9f5a10ccf32b7154992623957d963731bc4331adfc90c48361e4e2239892c82ff9260ad221c2e83c2352095d95a3d44a402e874edaa8a304f2e1c3d6a383a0515eb5657589a67691a22f10b89fd74123f7cec086d434da40ba509b0dbdf1fa82f4b16f9f3e6df6b0b28c3a85ab272e50e064fc37f681fcb5cfa0c0899a9b88d0a483281032cb16a80202b96cfe473ba073fcb9a6eeeee0032afe23506facba3ed1d11608d21a580ab87eeef70d18d9331eae104f6d77a4bc96bce642815485f513bb71ddc560bc31e995aba9faccd7d1bf74c8fe2b5d7137e3b771a2f408ac06d24bad2f7f4c8f6d7d977d7248415ccbd3420688ff681cf9b00724b6981b2555b86bce142c5d3bef47ebf75e989b337cb8cb98ed24402a98a4224685ceb2ded92f347e5192903dff7f6ed980cbf1413b8eb68474a9abac3fb206ef1ebe0d08dd999c9ecf811d0706d0a705a23ae530d3775e978159dc3c73b86dcd18a61e1c6c8b810041fbd80e0a4c9ff8a73933bb3dae152514ced9ee050e059c6f1bd0dbf2e3517ee3c2d770c296e6596290cf800508715da0799efced72be1ab153bec534129279639ba1afde05179952bf9e80133865b60c5669ef3b6972483e2936ac87a69c8e296a0c24cc0b2ce8583c99414ce7d7309c404b0652f27e6911fdfb59877366fa8754e716e50aa99cd04cbf7eb2c8e118b1a17d9965d6611dc65ac8c6b3a4d5d3df3097c4163c354509b50df0cc2daf0291bbd384a34dec960fd84a67cb30b761ee8161bb25d389bd20e15bfcf7f5edd77005e96e90c5a9bbacd7b3f9f5bbdb880f0a7e1254572b86cb28b3c310ba3052d3785b024ed3f3fafabf1393cf2d882b8bacca30d69adc024baede50d9b0bc2ffcd2bf5c6fef2fc290390162b563b8e846d7b615115818623113f01a1c216b9f588b65db63a459bcfce53020debb6de6e746ef2f9f1c8276ba8995e1bd02d3194e9875e1692ea0255743ba2175c4a804f57a4c19a2c7a4f8f36557878deba2d485aa67c2f36ccbb582f3c569e5d00fe8636857f30854abea6758389bcc832d0de97635ea41e42efa0b7c06fd4f84deeaebccfa8852e3c5582ade34fbe462b5244156d4545bd32377c65e3b0303879f8cc8f177056e39f99591dbaf1b2640f9b68c4cf3989fdd442cb1298d62ce43a21c56bc9556eb27431c04ed337fcd37c26387772677c25c7be21ee74d087c7b88457f30b34a493acb519295f38f4b9bc6764fcbd763d4f9e061d0fd8cb7800e2e0ec18d0fbfdbddc9af8d817b3cf16ce82c91f184f5c8184736203e1bcdb4b8c03a2176926cac0ba9fcf7e21604973d53ee3fc38263e80cea9b1cd9a5016d3e03141426a6802e0926485e8afff7cf8be9bdd2ce685128a7631314c4414a6ade6a85975c1b2958d9c52e455174ca71562eaf6102654466c66f5d3e251e6cae5efd91a88a2513f0587d80b9aafd1936b43beb4054bc35f1c42c0381618bbba181f0de8f4e7aa15f87bc7bb4609f88eadbb83bcc13f8caf7eca20a938c35378f8d3a810a7463d8a2487a157871a7402ab05b54bed456fb2d4c440976ccb4e724a20ba1941f3b3db4f8a185982bd719362b7e190052b5579835d1da2adcfdbec002fdb5f7b187fd365eb601432bf984ad6ee59e13aafba08485997587417b70f8cdf4f7370f04d94df49e135ed3012b87e50b93b27c78e1409f05a4bc0b75e6322068de9b0af459fdc40e3649fb2a7fb1296e00e7d48315705ecbb7815fedb45b8773309489e47aaa4009952604df5d6cd57ec310fc387ecdb296c11376715286df3d15f651310461e83c2ae6d407db6f81784b291e6c8f42907dd4c473cb72dedeb930668d6e5efd95bd1f69d9e818a744557689f7106d0d2a3c3e6f79c98559f9c31ca32307011fa3d70963cc2801babc9a23f73f5fa4bcd04285927f6ef7c5099a4620b85ca8dff2a56fe8aac89949dac74cf869739610d87068e3d32fdba1d5b7460b7857249091cb62b6d9f824ffb9b88a02ea4926da7b8b672ad08ec8c7508a3c5ba901e7c8c8a19e63bbc148a8bb307c6f5d87c736c9d6bcfaabdc7da7102a8bc466c6c11c0bf1973aaf9bc181f996b8aa726dc952dd26df33d6b2aa8de037308df7935ef3390e5939fd9cdf2044b40422197fac93f1762ad342d293162c109f39a369e48977af8ea32a7a098fd9cd7cd979b41a104b8359038cd6741a73968c72d09e9b9869d8dc5fc36b9bfdc89b8cffcede960561a9d1e4aa2453f712caecd2a4206947d3588190e3433bdb87a9241e08686dc78f00162f8239d660b74d42ae1d534ffc3a51fc308f98a5ac00f4da9bdcee4e6d0bf627d17366691a3ab8569b730ad31dcc5324c8835b19b65a11845a03434e10329c5feeeb1088b13a3bc3fe65c3eb6e549003d8d211b87823a44910b2a42e340dd2176a17a2e6ebb45cc59baa9a3bbfd74e6ee8d2c512a825292bdd7abe5ff7ede61b74376e5bc37faf8d69346fa32708df690b2d5b5f18727e4bdb899718e38dae959bb56d95ac153beb1426f3cca03105d5fed56e597822bfc31bb284a9848f1b6b9a1910ad2af8b76887cdd2b1de1f81cd542e0c889e89737d61f5e50ef964205a3b4c77c72271f83015e34989d60ef6d0d6c307902975d5dbe90a23ee1cde956cf70135c91a199d9f75500dc95604b9e7eb365ea858d90377601bad95e07a0f156ffc02778365315b67093aebe32a2a5f00ba8b0eae6fb0414eabe117fd590bc39e9208b4137977b5a8610462f2e83cff2b16edcb444b5d33035d0a80bcb1da228247cad6c11369c5026c5a8320d97cbac232b0ecc0b201552e0f41ab143040324217ad67e8606b34a3349e4ef0c34f9cf56d5b6d157c09b178b358491eb270093a99f522afa3aedaf5dc705fe1842b12515dfe1650dd92ab489bed299677eeff81da531569a3ad832ae273a0b47627561a35da92a6c1b161dbf496248f04feb5a407d99968d6ba0174f453d94708be5a57d82b980bd7751b4a9590dc7b4d38c912a8571ebc39150f7e52efad66cb6d3996710bc5a3e89576182a6a1e15d95dbd74c1ab791bee657547ffb645feb8566ed8db97003f1ff2312946a0404c8dfc0f0a240d8320795c83e66f1429eb56db9ba6e1cee43cbc9e95bd10ceccf1f2ff6b8264ed4e83928e0c5056ad07ba0dad0bb21bec76d7b6ee05a2f0bac88f17004e2e299ccb2679099cc838e25f78685509b69d3164c1fae4c538e683af818d223e8806f50da7504008173b9fc69eafb649dc4b516e4554edbe8c9a0ba46db39c962af343e9caada22d55e3d7ad01e5e5d7d146edfc3a93ce8afde8416b8e9a929b8d88909e11554f1b934a98be2d6e6e0ae2ff66f10be722958a0c0c3766f69d590fc56ed8ae47c289413d62310e8022369e8102d0407bfd30c103fb743c81360752a71f36be5a511c43ebdb493d96a7b2eb80494a028f6cc76a2d0eb0aa1f1392bb50a2ba71384f071473d0774e425dd2d212b537f8f654458e0a5d300780c3d29ddcabe9fdd95c14e6cbd924d1aad9eaa2e00d45278609ef27fdec8d81c9221d07b59370db0911550fdddc9ef3ba760109ba384b3ad7ba5747aa50e0b9832bf39cbf5244de38af8c273d497597be8d4e5575d13a580584436621bb5b7878d23991a6221381af19ef2be71e2c7dea6e5fc9dbe0039ccb02d13d978eebdd411727ee7faed65ca6c872bf9c37322ede378709e9f6a61a1b07c7ceeb94b7719d78a8a3d8221695ba"}]}], "4011c6ed3ec831c0a859df4fd6a1cf59a90c42b433580b288a28728fb104cc462f4e92a1a4d50c2d9d75ce8b5ae9b1d6e9a4a79cae905957835e850585441d5cb5c76b06ad60a5a9003ebacf0d40fb6c636fd81af39f9d170ef5af99cd3e3e7ff54f71ca5d83d2b122ebbbc1333a2c811bc4095b572ebbcb83561044b2794ae54b33e99f48eac0eb"}}}}}}, 0xfca) 05:18:37 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000006500000000000000", 0x32) 05:18:37 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x14}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 05:18:37 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000004b00000000000000", 0x32) 05:18:37 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x18, 0x0, &(0x7f0000000140)=[@acquire={0x40046304}, @clear_death], 0x0, 0x8126000, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r3, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x9, 0x125980) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:18:37 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) [ 2236.680603][T11872] ref_ctr_offset mismatch. inode: 0x47aa offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfffffff6 05:18:37 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000586500000000000000", 0x32) 05:18:37 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000004c00000000000000", 0x32) 05:18:37 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) [ 2237.128131][T11893] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2237.141877][T11893] CPU: 1 PID: 11893 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2237.150685][T11893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2237.160778][T11893] Call Trace: [ 2237.164157][T11893] dump_stack+0x1fb/0x318 [ 2237.168574][T11893] dump_header+0xd8/0x960 [ 2237.173064][T11893] oom_kill_process+0xee/0x370 [ 2237.177920][T11893] out_of_memory+0x5dc/0x900 [ 2237.182643][T11893] try_charge+0x128f/0x18a0 [ 2237.187224][T11893] __memcg_kmem_charge_memcg+0x37/0x140 [ 2237.192896][T11893] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2237.198466][T11893] __memcg_kmem_charge+0x105/0x340 [ 2237.203711][T11893] dup_task_struct+0x244/0x7d0 [ 2237.208475][T11893] copy_process+0x552/0x57b0 [ 2237.213066][T11893] ? check_preemption_disabled+0x44/0x260 [ 2237.218774][T11893] ? debug_smp_processor_id+0x9/0x20 [ 2237.224091][T11893] _do_fork+0x13e/0x660 [ 2237.228234][T11893] ? check_preemption_disabled+0x44/0x260 [ 2237.233941][T11893] ? debug_smp_processor_id+0x9/0x20 [ 2237.239228][T11893] ? check_preemption_disabled+0x44/0x260 [ 2237.244935][T11893] ? debug_smp_processor_id+0x9/0x20 [ 2237.250205][T11893] ? check_preemption_disabled+0x44/0x260 [ 2237.255927][T11893] __x64_sys_clone+0x20b/0x250 [ 2237.260702][T11893] do_syscall_64+0xf7/0x1c0 [ 2237.265298][T11893] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2237.271276][T11893] RIP: 0033:0x45c479 [ 2237.275160][T11893] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2237.294756][T11893] RSP: 002b:00007fe0b78f1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2237.303167][T11893] RAX: ffffffffffffffda RBX: 00007fe0b78f26d4 RCX: 000000000045c479 [ 2237.311124][T11893] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 2237.319091][T11893] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2237.327070][T11893] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2237.335223][T11893] R13: 0000000000000074 R14: 00000000004c2d06 R15: 000000000076bf2c [ 2237.343567][T11893] memory: usage 307200kB, limit 307200kB, failcnt 16203 [ 2237.350904][T11893] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2237.357757][T11893] Memory cgroup stats for /syz4: [ 2237.357869][T11893] anon 118210560 [ 2237.357869][T11893] file 16384 [ 2237.357869][T11893] kernel_stack 28975104 [ 2237.357869][T11893] slab 52596736 [ 2237.357869][T11893] sock 0 [ 2237.357869][T11893] shmem 73728 [ 2237.357869][T11893] file_mapped 0 [ 2237.357869][T11893] file_dirty 135168 [ 2237.357869][T11893] file_writeback 0 [ 2237.357869][T11893] anon_thp 0 [ 2237.357869][T11893] inactive_anon 786432 [ 2237.357869][T11893] active_anon 117719040 [ 2237.357869][T11893] inactive_file 98304 [ 2237.357869][T11893] active_file 0 [ 2237.357869][T11893] unevictable 0 [ 2237.357869][T11893] slab_reclaimable 7839744 [ 2237.357869][T11893] slab_unreclaimable 44756992 [ 2237.357869][T11893] pgfault 245553 [ 2237.357869][T11893] pgmajfault 0 [ 2237.357869][T11893] workingset_refault 3696 [ 2237.357869][T11893] workingset_activate 1749 [ 2237.357869][T11893] workingset_nodereclaim 0 [ 2237.357869][T11893] pgrefill 136865 [ 2237.357869][T11893] pgscan 154501 [ 2237.357869][T11893] pgsteal 20039 [ 2237.456524][T11893] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8429,uid=0 [ 2237.472292][T11893] Memory cgroup out of memory: Killed process 8429 (syz-executor.4) total-vm:74704kB, anon-rss:160kB, file-rss:35824kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 2237.500747][T11893] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2237.511040][T11893] CPU: 1 PID: 11893 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2237.519714][T11893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2237.529770][T11893] Call Trace: [ 2237.533160][T11893] dump_stack+0x1fb/0x318 [ 2237.537514][T11893] dump_header+0xd8/0x960 [ 2237.541873][T11893] oom_kill_process+0xee/0x370 [ 2237.546674][T11893] out_of_memory+0x5dc/0x900 [ 2237.552781][T11893] try_charge+0x128f/0x18a0 [ 2237.557353][T11893] __memcg_kmem_charge_memcg+0x37/0x140 [ 2237.563272][T11893] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2237.568853][T11893] __memcg_kmem_charge+0x105/0x340 [ 2237.573995][T11893] dup_task_struct+0x244/0x7d0 [ 2237.578780][T11893] copy_process+0x552/0x57b0 [ 2237.583424][T11893] ? check_preemption_disabled+0x44/0x260 [ 2237.589248][T11893] ? debug_smp_processor_id+0x9/0x20 [ 2237.594585][T11893] _do_fork+0x13e/0x660 [ 2237.598769][T11893] ? check_preemption_disabled+0x44/0x260 [ 2237.604588][T11893] ? debug_smp_processor_id+0x9/0x20 [ 2237.609995][T11893] ? check_preemption_disabled+0x44/0x260 [ 2237.615726][T11893] ? debug_smp_processor_id+0x9/0x20 [ 2237.621049][T11893] ? check_preemption_disabled+0x44/0x260 05:18:38 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x18, 0x0, &(0x7f0000000140)=[@acquire={0x40046304}, @clear_death], 0x0, 0x8126000, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r3, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x9, 0x125980) set_thread_area(0x0) pivot_root(0x0, 0x0) [ 2237.626795][T11893] __x64_sys_clone+0x20b/0x250 [ 2237.631608][T11893] do_syscall_64+0xf7/0x1c0 [ 2237.636135][T11893] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2237.642028][T11893] RIP: 0033:0x45c479 [ 2237.645928][T11893] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2237.670056][T11893] RSP: 002b:00007fe0b78f1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2237.678573][T11893] RAX: ffffffffffffffda RBX: 00007fe0b78f26d4 RCX: 000000000045c479 [ 2237.686569][T11893] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 2237.694697][T11893] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2237.702683][T11893] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2237.711905][T11893] R13: 0000000000000074 R14: 00000000004c2d06 R15: 000000000076bf2c [ 2237.720375][T11893] memory: usage 307068kB, limit 307200kB, failcnt 16217 [ 2237.727334][T11893] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2237.734357][T11893] Memory cgroup stats for /syz4: [ 2237.734429][T11893] anon 118210560 [ 2237.734429][T11893] file 16384 [ 2237.734429][T11893] kernel_stack 28975104 [ 2237.734429][T11893] slab 52596736 [ 2237.734429][T11893] sock 0 [ 2237.734429][T11893] shmem 73728 [ 2237.734429][T11893] file_mapped 0 [ 2237.734429][T11893] file_dirty 135168 [ 2237.734429][T11893] file_writeback 0 [ 2237.734429][T11893] anon_thp 0 [ 2237.734429][T11893] inactive_anon 786432 [ 2237.734429][T11893] active_anon 117583872 [ 2237.734429][T11893] inactive_file 98304 [ 2237.734429][T11893] active_file 0 [ 2237.734429][T11893] unevictable 0 [ 2237.734429][T11893] slab_reclaimable 7839744 [ 2237.734429][T11893] slab_unreclaimable 44756992 [ 2237.734429][T11893] pgfault 245553 [ 2237.734429][T11893] pgmajfault 0 [ 2237.734429][T11893] workingset_refault 3696 [ 2237.734429][T11893] workingset_activate 1749 [ 2237.734429][T11893] workingset_nodereclaim 0 [ 2237.734429][T11893] pgrefill 137030 [ 2237.734429][T11893] pgscan 154633 [ 2237.734429][T11893] pgsteal 20039 [ 2237.833052][T11893] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8727,uid=0 [ 2237.848574][T11893] Memory cgroup out of memory: Killed process 8727 (syz-executor.4) total-vm:74704kB, anon-rss:160kB, file-rss:35820kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 2237.867754][ T1143] oom_reaper: reaped process 8727 (syz-executor.4), now anon-rss:0kB, file-rss:34860kB, shmem-rss:0kB [ 2237.894166][T11892] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2237.914623][T11892] CPU: 1 PID: 11892 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2237.924308][T11892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2237.934383][T11892] Call Trace: [ 2237.937686][T11892] dump_stack+0x1fb/0x318 [ 2237.942034][T11892] dump_header+0xd8/0x960 [ 2237.946381][T11892] oom_kill_process+0xee/0x370 [ 2237.947903][T11900] binder: BINDER_SET_CONTEXT_MGR already set [ 2237.951150][T11892] out_of_memory+0x5dc/0x900 [ 2237.951172][T11892] try_charge+0x128f/0x18a0 [ 2237.951229][T11892] mem_cgroup_try_charge+0x216/0x550 [ 2237.951254][T11892] mem_cgroup_try_charge_delay+0x25/0xa0 [ 2237.951270][T11892] do_anonymous_page+0x382/0x1640 [ 2237.951307][T11892] handle_mm_fault+0x1c17/0x2900 [ 2237.951353][T11892] do_user_addr_fault+0x588/0xaf0 [ 2237.979432][T11900] binder: 11900:11900 ioctl 40046207 0 returned -16 [ 2237.982454][T11892] do_page_fault+0x13b/0x250 [ 2237.982474][T11892] page_fault+0x39/0x40 [ 2237.982485][T11892] RIP: 0033:0x413c6f [ 2237.982499][T11892] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 2237.982504][T11892] RSP: 002b:00007ffeb3531060 EFLAGS: 00010206 05:18:39 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r3, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x9, 0x125980) set_thread_area(0x0) pivot_root(0x0, 0x0) [ 2237.982517][T11892] RAX: 00007fe0b78b1000 RBX: 0000000000020000 RCX: 000000000045c4ca [ 2238.046612][T11892] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 2238.054947][T11892] RBP: 00007ffeb3531140 R08: ffffffffffffffff R09: 0000000000000000 [ 2238.063034][T11892] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffeb3531230 [ 2238.071231][T11892] R13: 00007fe0b78d1700 R14: 0000000000000001 R15: 000000000076bfcc [ 2238.090059][T11892] memory: usage 306644kB, limit 307200kB, failcnt 16217 05:18:39 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000004d00000000000000", 0x32) [ 2238.117674][T11892] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2238.155952][T11892] Memory cgroup stats for /syz4: [ 2238.156046][T11892] anon 118071296 [ 2238.156046][T11892] file 16384 [ 2238.156046][T11892] kernel_stack 28938240 [ 2238.156046][T11892] slab 52596736 [ 2238.156046][T11892] sock 0 [ 2238.156046][T11892] shmem 73728 [ 2238.156046][T11892] file_mapped 0 [ 2238.156046][T11892] file_dirty 135168 [ 2238.156046][T11892] file_writeback 0 [ 2238.156046][T11892] anon_thp 0 [ 2238.156046][T11892] inactive_anon 786432 [ 2238.156046][T11892] active_anon 117448704 [ 2238.156046][T11892] inactive_file 98304 [ 2238.156046][T11892] active_file 0 [ 2238.156046][T11892] unevictable 0 [ 2238.156046][T11892] slab_reclaimable 7839744 [ 2238.156046][T11892] slab_unreclaimable 44756992 [ 2238.156046][T11892] pgfault 245553 [ 2238.156046][T11892] pgmajfault 0 [ 2238.156046][T11892] workingset_refault 3696 [ 2238.156046][T11892] workingset_activate 1749 [ 2238.156046][T11892] workingset_nodereclaim 0 [ 2238.156046][T11892] pgrefill 137030 [ 2238.156046][T11892] pgscan 154633 [ 2238.156046][T11892] pgsteal 20039 [ 2238.258123][T11892] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=5839,uid=0 [ 2238.277326][T11892] Memory cgroup out of memory: Killed process 5839 (syz-executor.4) total-vm:74968kB, anon-rss:176kB, file-rss:35804kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 2238.329786][T11901] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2238.357946][T11901] CPU: 0 PID: 11901 Comm: syz-executor.1 Not tainted 5.6.0-rc3-syzkaller #0 [ 2238.367023][T11901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2238.377239][T11901] Call Trace: [ 2238.380566][T11901] dump_stack+0x1fb/0x318 [ 2238.385017][T11901] dump_header+0xd8/0x960 [ 2238.389362][T11901] oom_kill_process+0xee/0x370 [ 2238.394296][T11901] out_of_memory+0x5dc/0x900 [ 2238.399069][T11901] try_charge+0x128f/0x18a0 [ 2238.403680][T11901] mem_cgroup_try_charge+0x216/0x550 [ 2238.409001][T11901] mem_cgroup_try_charge_delay+0x25/0xa0 [ 2238.414687][T11901] wp_page_copy+0x35f/0x1c50 [ 2238.419372][T11901] do_wp_page+0x5e4/0x16d0 [ 2238.423806][T11901] ? __kasan_check_write+0x14/0x20 [ 2238.428943][T11901] ? do_raw_spin_lock+0x103/0x7b0 [ 2238.433982][T11901] ? handle_mm_fault+0x235a/0x2900 [ 2238.439135][T11901] handle_mm_fault+0x241f/0x2900 [ 2238.444145][T11901] do_user_addr_fault+0x588/0xaf0 [ 2238.449315][T11901] do_page_fault+0x13b/0x250 [ 2238.453930][T11901] page_fault+0x39/0x40 [ 2238.458101][T11901] RIP: 0033:0x4114c8 [ 2238.462018][T11901] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 78 1d 4c 00 31 c0 e8 e3 09 ff ff 31 ff e8 2c 06 ff ff 0f 1f 40 00 <89> 3c b5 00 00 74 00 eb b6 31 ed 0f 1f 44 00 00 80 3d 7e 11 87 00 [ 2238.481933][T11901] RSP: 002b:00007ffc28d10bf0 EFLAGS: 00010246 [ 2238.489378][T11901] RAX: 00000000a9c5ecc3 RBX: 00000000123c8b16 RCX: 0000001b34a20000 [ 2238.497464][T11901] RDX: 0000000000000000 RSI: 0000000000000cc3 RDI: ffffffffa9c5ecc3 [ 2238.505448][T11901] RBP: 0000000000000009 R08: 00000000a9c5ecc3 R09: 00000000a9c5ecc7 [ 2238.513513][T11901] R10: 00007ffc28d10d90 R11: 0000000000000246 R12: 000000000076bfa8 [ 2238.526012][T11901] R13: 0000000080000000 R14: 00007fea88bab008 R15: 0000000000000009 [ 2238.561274][T11901] memory: usage 307200kB, limit 307200kB, failcnt 12009 [ 2238.569071][T11901] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2238.583008][T11901] Memory cgroup stats for /syz1: [ 2238.583099][T11901] anon 117338112 [ 2238.583099][T11901] file 122880 [ 2238.583099][T11901] kernel_stack 28311552 [ 2238.583099][T11901] slab 54505472 [ 2238.583099][T11901] sock 131072 [ 2238.583099][T11901] shmem 0 [ 2238.583099][T11901] file_mapped 135168 [ 2238.583099][T11901] file_dirty 0 [ 2238.583099][T11901] file_writeback 0 [ 2238.583099][T11901] anon_thp 0 [ 2238.583099][T11901] inactive_anon 516096 [ 2238.583099][T11901] active_anon 116936704 [ 2238.583099][T11901] inactive_file 4096 [ 2238.583099][T11901] active_file 0 [ 2238.583099][T11901] unevictable 0 [ 2238.583099][T11901] slab_reclaimable 10137600 [ 2238.583099][T11901] slab_unreclaimable 44367872 [ 2238.583099][T11901] pgfault 237039 [ 2238.583099][T11901] pgmajfault 0 [ 2238.583099][T11901] workingset_refault 1980 [ 2238.583099][T11901] workingset_activate 495 [ 2238.583099][T11901] workingset_nodereclaim 0 [ 2238.583099][T11901] pgrefill 98448 [ 2238.583099][T11901] pgscan 99827 [ 2238.583099][T11901] pgsteal 3427 [ 2238.693747][T11901] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=20439,uid=0 [ 2238.709706][T11901] Memory cgroup out of memory: Killed process 20439 (syz-executor.1) total-vm:74968kB, anon-rss:172kB, file-rss:35796kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2238.729516][ T1143] oom_reaper: reaped process 20439 (syz-executor.1), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB 05:18:40 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @remote}}) write$tun(r0, &(0x7f00000021c0)={@void, @val={0x9}, @mpls={[], @ipv6=@icmpv6={0x0, 0x6, "9eef7b", 0xf98, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x3, 0x0, 0x0, 0x0, {0x0, 0x6, "6595c3", 0x0, 0x0, 0x0, @mcast2, @loopback, [@dstopts={0x11, 0x13, [0x0, 0x0, 0x0, 0x0, 0x2c], [@padn={0x1, 0x1, [0x0]}, @enc_lim, @ra, @calipso={0x7, 0x30, {0x0, 0xa, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}}, @calipso={0x7, 0x40, {0x0, 0xe, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, @hao={0xc9, 0x10, @mcast2}, @jumbo, @pad1]}, @srh={0x2, 0xc, 0x4, 0x6, 0x0, 0x0, 0x0, [@loopback, @loopback, @remote, @mcast2, @local, @mcast2]}, @hopopts={0x0, 0x1b8, [], [@ra, @generic={0x0, 0xdbb, "0cad4f4a7eeb53720a5107b6d8001a2f2241086745756559ca43dcc86c24645dd1ca87e3caf5413013c6baee7f151d411bad8f23a85fadfe0f959c12d3393193f4499171ba7b0fdee3a48548863719a05490befc514e21c91ea0c4bcc0e488e1cec20d2c2a5a69ce3dd47d41718560907c58078035d2a51850b0d85282b4a9ab5626b195d85d2727ed7047b647859a72011ff3fa524341909f841651f63701526c6a7e741f3bded9c25d978a77f334d12931fdd5484306ec3d6b268311f46917b7e42efa149511bafa5415d17ac02ab8937249a68b2e3fddb941b0040ced142c2afedcbec1039d40f4923ea3d4475ac561a6a0e869569dd13e736bf127eacb110f8d010329fccadf8e48b27819c823ca0f507f87b3d63ef1869cba2fe3deb0ad1dbaa1a343ab0a856f3e248c6af4ddbfc11824031ce2beeae0991b79382da8b02e0d25715845fc86df5a6279d54d675789e58df953992123c28c532058750c5978a819ddaadbcbe1d7fc264cb688b91668e116227771f36e2a8eb8b7bc364dbda1b3225c6bf9d82ae1e69fe54b17ff692f8b47718b508b8a4e10735bcb55f90616e50d6ba8851388d0f1b39957374ddc9efb243ac2a2bc436e867f3e1499e62d9d158ac22d4d0350b45d1ff2db14ff9507defa68bd37bc5a2e4f7988329171dd59db16a044b748fb6e05e3ca8f863b2ddd8623495f0c3d183e1b610263f17d7629921562a42a3c45a515a30a2c3edc574dff264f881f61393447a1fd773a20e494ac3afc0df59da758af735fbd5e6ad689e95675e29c15617764084f5b6f4732435f63ccb423df6442ad322600e21be45296fd27ca9e08ee7f442a688a32817404d9300ce4a70c2b75ca422b2173a52e9a800f5e520f349525b4c493701ae68ae0efc5e117b9a20735e47c37ccd977686b30d6cabb18f8e7c07ef9721f7daaf4b2c1fd02ec9a2e6e2fd458fa93e4f54d96d5e25ebaca4f322994ae737ee0181b9fac284e952b71fa18ecc7f1c3752a6385a596c094d36654008db0a2a785bf55bcb973d3c5e45ea9ca7506c10ecc0472fd4dd568e38548e87f8557d90290d8a8985cfa43853de5ff75d5a6d8f697c2a6a727675ea5aa1779b1cc98b4ff9556933c7bfa3ae59ada5c8d49191cbea2f2b457dd53c62a4dd257e808b3804cd18a95d566a818797fdc09f4b607dc97b634a9d9e447cc2252f51dd8ad9f5a10ccf32b7154992623957d963731bc4331adfc90c48361e4e2239892c82ff9260ad221c2e83c2352095d95a3d44a402e874edaa8a304f2e1c3d6a383a0515eb5657589a67691a22f10b89fd74123f7cec086d434da40ba509b0dbdf1fa82f4b16f9f3e6df6b0b28c3a85ab272e50e064fc37f681fcb5cfa0c0899a9b88d0a483281032cb16a80202b96cfe473ba073fcb9a6eeeee0032afe23506facba3ed1d11608d21a580ab87eeef70d18d9331eae104f6d77a4bc96bce642815485f513bb71ddc560bc31e995aba9faccd7d1bf74c8fe2b5d7137e3b771a2f408ac06d24bad2f7f4c8f6d7d977d7248415ccbd3420688ff681cf9b00724b6981b2555b86bce142c5d3bef47ebf75e989b337cb8cb98ed24402a98a4224685ceb2ded92f347e5192903dff7f6ed980cbf1413b8eb68474a9abac3fb206ef1ebe0d08dd999c9ecf811d0706d0a705a23ae530d3775e978159dc3c73b86dcd18a61e1c6c8b810041fbd80e0a4c9ff8a73933bb3dae152514ced9ee050e059c6f1bd0dbf2e3517ee3c2d770c296e6596290cf800508715da0799efced72be1ab153bec534129279639ba1afde05179952bf9e80133865b60c5669ef3b6972483e2936ac87a69c8e296a0c24cc0b2ce8583c99414ce7d7309c404b0652f27e6911fdfb59877366fa8754e716e50aa99cd04cbf7eb2c8e118b1a17d9965d6611dc65ac8c6b3a4d5d3df3097c4163c354509b50df0cc2daf0291bbd384a34dec960fd84a67cb30b761ee8161bb25d389bd20e15bfcf7f5edd77005e96e90c5a9bbacd7b3f9f5bbdb880f0a7e1254572b86cb28b3c310ba3052d3785b024ed3f3fafabf1393cf2d882b8bacca30d69adc024baede50d9b0bc2ffcd2bf5c6fef2fc290390162b563b8e846d7b615115818623113f01a1c216b9f588b65db63a459bcfce53020debb6de6e746ef2f9f1c8276ba8995e1bd02d3194e9875e1692ea0255743ba2175c4a804f57a4c19a2c7a4f8f36557878deba2d485aa67c2f36ccbb582f3c569e5d00fe8636857f30854abea6758389bcc832d0de97635ea41e42efa0b7c06fd4f84deeaebccfa8852e3c5582ade34fbe462b5244156d4545bd32377c65e3b0303879f8cc8f177056e39f99591dbaf1b2640f9b68c4cf3989fdd442cb1298d62ce43a21c56bc9556eb27431c04ed337fcd37c26387772677c25c7be21ee74d087c7b88457f30b34a493acb519295f38f4b9bc6764fcbd763d4f9e061d0fd8cb7800e2e0ec18d0fbfdbddc9af8d817b3cf16ce82c91f184f5c8184736203e1bcdb4b8c03a2176926cac0ba9fcf7e21604973d53ee3fc38263e80cea9b1cd9a5016d3e03141426a6802e0926485e8afff7cf8be9bdd2ce685128a7631314c4414a6ade6a85975c1b2958d9c52e455174ca71562eaf6102654466c66f5d3e251e6cae5efd91a88a2513f0587d80b9aafd1936b43beb4054bc35f1c42c0381618bbba181f0de8f4e7aa15f87bc7bb4609f88eadbb83bcc13f8caf7eca20a938c35378f8d3a810a7463d8a2487a157871a7402ab05b54bed456fb2d4c440976ccb4e724a20ba1941f3b3db4f8a185982bd719362b7e190052b5579835d1da2adcfdbec002fdb5f7b187fd365eb601432bf984ad6ee59e13aafba08485997587417b70f8cdf4f7370f04d94df49e135ed3012b87e50b93b27c78e1409f05a4bc0b75e6322068de9b0af459fdc40e3649fb2a7fb1296e00e7d48315705ecbb7815fedb45b8773309489e47aaa4009952604df5d6cd57ec310fc387ecdb296c11376715286df3d15f651310461e83c2ae6d407db6f81784b291e6c8f42907dd4c473cb72dedeb930668d6e5efd95bd1f69d9e818a744557689f7106d0d2a3c3e6f79c98559f9c31ca32307011fa3d70963cc2801babc9a23f73f5fa4bcd04285927f6ef7c5099a4620b85ca8dff2a56fe8aac89949dac74cf869739610d87068e3d32fdba1d5b7460b7857249091cb62b6d9f824ffb9b88a02ea4926da7b8b672ad08ec8c7508a3c5ba901e7c8c8a19e63bbc148a8bb307c6f5d87c736c9d6bcfaabdc7da7102a8bc466c6c11c0bf1973aaf9bc181f996b8aa726dc952dd26df33d6b2aa8de037308df7935ef3390e5939fd9cdf2044b40422197fac93f1762ad342d293162c109f39a369e48977af8ea32a7a098fd9cd7cd979b41a104b8359038cd6741a73968c72d09e9b9869d8dc5fc36b9bfdc89b8cffcede960561a9d1e4aa2453f712caecd2a4206947d3588190e3433bdb87a9241e08686dc78f00162f8239d660b74d42ae1d534ffc3a51fc308f98a5ac00f4da9bdcee4e6d0bf627d17366691a3ab8569b730ad31dcc5324c8835b19b65a11845a03434e10329c5feeeb1088b13a3bc3fe65c3eb6e549003d8d211b87823a44910b2a42e340dd2176a17a2e6ebb45cc59baa9a3bbfd74e6ee8d2c512a825292bdd7abe5ff7ede61b74376e5bc37faf8d69346fa32708df690b2d5b5f18727e4bdb899718e38dae959bb56d95ac153beb1426f3cca03105d5fed56e597822bfc31bb284a9848f1b6b9a1910ad2af8b76887cdd2b1de1f81cd542e0c889e89737d61f5e50ef964205a3b4c77c72271f83015e34989d60ef6d0d6c307902975d5dbe90a23ee1cde956cf70135c91a199d9f75500dc95604b9e7eb365ea858d90377601bad95e07a0f156ffc02778365315b67093aebe32a2a5f00ba8b0eae6fb0414eabe117fd590bc39e9208b4137977b5a8610462f2e83cff2b16edcb444b5d33035d0a80bcb1da228247cad6c11369c5026c5a8320d97cbac232b0ecc0b201552e0f41ab143040324217ad67e8606b34a3349e4ef0c34f9cf56d5b6d157c09b178b358491eb270093a99f522afa3aedaf5dc705fe1842b12515dfe1650dd92ab489bed299677eeff81da531569a3ad832ae273a0b47627561a35da92a6c1b161dbf496248f04feb5a407d99968d6ba0174f453d94708be5a57d82b980bd7751b4a9590dc7b4d38c912a8571ebc39150f7e52efad66cb6d3996710bc5a3e89576182a6a1e15d95dbd74c1ab791bee657547ffb645feb8566ed8db97003f1ff2312946a0404c8dfc0f0a240d8320795c83e66f1429eb56db9ba6e1cee43cbc9e95bd10ceccf1f2ff6b8264ed4e83928e0c5056ad07ba0dad0bb21bec76d7b6ee05a2f0bac88f17004e2e299ccb2679099cc838e25f78685509b69d3164c1fae4c538e683af818d223e8806f50da7504008173b9fc69eafb649dc4b516e4554edbe8c9a0ba46db39c962af343e9caada22d55e3d7ad01e5e5d7d146edfc3a93ce8afde8416b8e9a929b8d88909e11554f1b934a98be2d6e6e0ae2ff66f10be722958a0c0c3766f69d590fc56ed8ae47c289413d62310e8022369e8102d0407bfd30c103fb743c81360752a71f36be5a511c43ebdb493d96a7b2eb80494a028f6cc76a2d0eb0aa1f1392bb50a2ba71384f071473d0774e425dd2d212b537f8f654458e0a5d300780c3d29ddcabe9fdd95c14e6cbd924d1aad9eaa2e00d45278609ef27fdec8d81c9221d07b59370db0911550fdddc9ef3ba760109ba384b3ad7ba5747aa50e0b9832bf39cbf5244de38af8c273d497597be8d4e5575d13a580584436621bb5b7878d23991a6221381af19ef2be71e2c7dea6e5fc9dbe0039ccb02d13d978eebdd411727ee7faed65ca6c872bf9c37322ede378709e9f6a61a1b07c7ceeb94b7719d78a8a3d8221695ba"}]}], "4011c6ed3ec831c0a859df4fd6a1cf59a90c42b433580b288a28728fb104cc462f4e92a1a4d50c2d9d75ce8b5ae9b1d6e9a4a79cae905957835e850585441d5cb5c76b06ad60a5a9003ebacf0d40fb6c636fd81af39f9d170ef5af99cd3e3e7ff54f71ca5d83d2b122ebbbc1333a2c811bc4095b572ebbcb83561044b2794ae54b33e99f48eac0eb"}}}}}}, 0xfca) 05:18:40 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000006600000000000000", 0x32) 05:18:40 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0x0, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:18:40 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x25}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 05:18:40 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000004e00000000000000", 0x32) 05:18:40 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r3, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x9, 0x125980) set_thread_area(0x0) pivot_root(0x0, 0x0) [ 2239.150000][T11935] ref_ctr_offset mismatch. inode: 0x47d7 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfffffff6 [ 2239.158640][T11925] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2239.173324][T11925] CPU: 0 PID: 11925 Comm: syz-executor.1 Not tainted 5.6.0-rc3-syzkaller #0 [ 2239.182013][T11925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2239.192079][T11925] Call Trace: [ 2239.195360][T11925] dump_stack+0x1fb/0x318 [ 2239.199680][T11925] dump_header+0xd8/0x960 [ 2239.204020][T11925] oom_kill_process+0xee/0x370 [ 2239.208875][T11925] out_of_memory+0x5dc/0x900 [ 2239.213458][T11925] try_charge+0x128f/0x18a0 [ 2239.217977][T11925] __memcg_kmem_charge_memcg+0x37/0x140 [ 2239.223510][T11925] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2239.229139][T11925] __memcg_kmem_charge+0x105/0x340 [ 2239.234260][T11925] dup_task_struct+0x244/0x7d0 [ 2239.239024][T11925] copy_process+0x552/0x57b0 [ 2239.243614][T11925] ? check_preemption_disabled+0x44/0x260 [ 2239.249330][T11925] ? debug_smp_processor_id+0x9/0x20 [ 2239.254622][T11925] _do_fork+0x13e/0x660 [ 2239.258765][T11925] ? check_preemption_disabled+0x44/0x260 [ 2239.264469][T11925] ? debug_smp_processor_id+0x9/0x20 [ 2239.269756][T11925] ? check_preemption_disabled+0x44/0x260 [ 2239.275461][T11925] ? debug_smp_processor_id+0x9/0x20 [ 2239.280736][T11925] ? check_preemption_disabled+0x44/0x260 [ 2239.286467][T11925] __x64_sys_clone+0x20b/0x250 [ 2239.291242][T11925] do_syscall_64+0xf7/0x1c0 [ 2239.295755][T11925] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2239.302172][T11925] RIP: 0033:0x45c479 [ 2239.306062][T11925] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2239.328021][T11925] RSP: 002b:00007fea86ba9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2239.337109][T11925] RAX: ffffffffffffffda RBX: 00007fea86baa6d4 RCX: 000000000045c479 [ 2239.345107][T11925] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000103 [ 2239.353157][T11925] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2239.361722][T11925] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2239.369690][T11925] R13: 0000000000000074 R14: 00000000004c2d06 R15: 000000000076bf2c [ 2239.379683][T11925] memory: usage 307200kB, limit 307200kB, failcnt 12030 [ 2239.387372][T11925] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2239.395244][T11925] Memory cgroup stats for /syz1: [ 2239.395855][T11925] anon 117473280 [ 2239.395855][T11925] file 122880 [ 2239.395855][T11925] kernel_stack 28348416 [ 2239.395855][T11925] slab 54505472 [ 2239.395855][T11925] sock 131072 [ 2239.395855][T11925] shmem 0 [ 2239.395855][T11925] file_mapped 135168 [ 2239.395855][T11925] file_dirty 0 [ 2239.395855][T11925] file_writeback 0 [ 2239.395855][T11925] anon_thp 0 [ 2239.395855][T11925] inactive_anon 516096 [ 2239.395855][T11925] active_anon 117071872 [ 2239.395855][T11925] inactive_file 4096 [ 2239.395855][T11925] active_file 0 05:18:40 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000006700000000000000", 0x32) 05:18:40 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000004f00000000000000", 0x32) [ 2239.395855][T11925] unevictable 0 [ 2239.395855][T11925] slab_reclaimable 10137600 [ 2239.395855][T11925] slab_unreclaimable 44367872 [ 2239.395855][T11925] pgfault 237138 [ 2239.395855][T11925] pgmajfault 0 [ 2239.395855][T11925] workingset_refault 1980 [ 2239.395855][T11925] workingset_activate 495 [ 2239.395855][T11925] workingset_nodereclaim 0 [ 2239.395855][T11925] pgrefill 98613 [ 2239.395855][T11925] pgscan 100027 [ 2239.395855][T11925] pgsteal 3427 [ 2239.491222][T11925] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=19749,uid=0 [ 2239.507889][T11925] Memory cgroup out of memory: Killed process 19749 (syz-executor.1) total-vm:74836kB, anon-rss:164kB, file-rss:35804kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2239.540286][ T1143] oom_reaper: reaped process 19749 (syz-executor.1), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 05:18:40 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000006800000000000000", 0x32) 05:18:40 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r3, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x9, 0x125980) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:18:40 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000005000000000000000", 0x32) 05:18:40 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000006900000000000000", 0x32) [ 2239.851578][T11955] binder: BINDER_SET_CONTEXT_MGR already set [ 2239.858366][T11955] binder: 11955:11955 ioctl 40046207 0 returned -16 [ 2239.872845][T11955] binder: 11955:11955 ioctl c0306201 0 returned -14 05:18:41 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @remote}}) write$tun(r0, &(0x7f00000021c0)={@void, @val={0x9}, @mpls={[], @ipv6=@icmpv6={0x0, 0x6, "9eef7b", 0xf98, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x3, 0x0, 0x0, 0x0, {0x0, 0x6, "6595c3", 0x0, 0x0, 0x0, @mcast2, @loopback, [@dstopts={0x11, 0x13, [0x0, 0x0, 0x0, 0x0, 0x33], [@padn={0x1, 0x1, [0x0]}, @enc_lim, @ra, @calipso={0x7, 0x30, {0x0, 0xa, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}}, @calipso={0x7, 0x40, {0x0, 0xe, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, @hao={0xc9, 0x10, @mcast2}, @jumbo, @pad1]}, @srh={0x2, 0xc, 0x4, 0x6, 0x0, 0x0, 0x0, [@loopback, @loopback, @remote, @mcast2, @local, @mcast2]}, @hopopts={0x0, 0x1b8, [], [@ra, @generic={0x0, 0xdbb, "0cad4f4a7eeb53720a5107b6d8001a2f2241086745756559ca43dcc86c24645dd1ca87e3caf5413013c6baee7f151d411bad8f23a85fadfe0f959c12d3393193f4499171ba7b0fdee3a48548863719a05490befc514e21c91ea0c4bcc0e488e1cec20d2c2a5a69ce3dd47d41718560907c58078035d2a51850b0d85282b4a9ab5626b195d85d2727ed7047b647859a72011ff3fa524341909f841651f63701526c6a7e741f3bded9c25d978a77f334d12931fdd5484306ec3d6b268311f46917b7e42efa149511bafa5415d17ac02ab8937249a68b2e3fddb941b0040ced142c2afedcbec1039d40f4923ea3d4475ac561a6a0e869569dd13e736bf127eacb110f8d010329fccadf8e48b27819c823ca0f507f87b3d63ef1869cba2fe3deb0ad1dbaa1a343ab0a856f3e248c6af4ddbfc11824031ce2beeae0991b79382da8b02e0d25715845fc86df5a6279d54d675789e58df953992123c28c532058750c5978a819ddaadbcbe1d7fc264cb688b91668e116227771f36e2a8eb8b7bc364dbda1b3225c6bf9d82ae1e69fe54b17ff692f8b47718b508b8a4e10735bcb55f90616e50d6ba8851388d0f1b39957374ddc9efb243ac2a2bc436e867f3e1499e62d9d158ac22d4d0350b45d1ff2db14ff9507defa68bd37bc5a2e4f7988329171dd59db16a044b748fb6e05e3ca8f863b2ddd8623495f0c3d183e1b610263f17d7629921562a42a3c45a515a30a2c3edc574dff264f881f61393447a1fd773a20e494ac3afc0df59da758af735fbd5e6ad689e95675e29c15617764084f5b6f4732435f63ccb423df6442ad322600e21be45296fd27ca9e08ee7f442a688a32817404d9300ce4a70c2b75ca422b2173a52e9a800f5e520f349525b4c493701ae68ae0efc5e117b9a20735e47c37ccd977686b30d6cabb18f8e7c07ef9721f7daaf4b2c1fd02ec9a2e6e2fd458fa93e4f54d96d5e25ebaca4f322994ae737ee0181b9fac284e952b71fa18ecc7f1c3752a6385a596c094d36654008db0a2a785bf55bcb973d3c5e45ea9ca7506c10ecc0472fd4dd568e38548e87f8557d90290d8a8985cfa43853de5ff75d5a6d8f697c2a6a727675ea5aa1779b1cc98b4ff9556933c7bfa3ae59ada5c8d49191cbea2f2b457dd53c62a4dd257e808b3804cd18a95d566a818797fdc09f4b607dc97b634a9d9e447cc2252f51dd8ad9f5a10ccf32b7154992623957d963731bc4331adfc90c48361e4e2239892c82ff9260ad221c2e83c2352095d95a3d44a402e874edaa8a304f2e1c3d6a383a0515eb5657589a67691a22f10b89fd74123f7cec086d434da40ba509b0dbdf1fa82f4b16f9f3e6df6b0b28c3a85ab272e50e064fc37f681fcb5cfa0c0899a9b88d0a483281032cb16a80202b96cfe473ba073fcb9a6eeeee0032afe23506facba3ed1d11608d21a580ab87eeef70d18d9331eae104f6d77a4bc96bce642815485f513bb71ddc560bc31e995aba9faccd7d1bf74c8fe2b5d7137e3b771a2f408ac06d24bad2f7f4c8f6d7d977d7248415ccbd3420688ff681cf9b00724b6981b2555b86bce142c5d3bef47ebf75e989b337cb8cb98ed24402a98a4224685ceb2ded92f347e5192903dff7f6ed980cbf1413b8eb68474a9abac3fb206ef1ebe0d08dd999c9ecf811d0706d0a705a23ae530d3775e978159dc3c73b86dcd18a61e1c6c8b810041fbd80e0a4c9ff8a73933bb3dae152514ced9ee050e059c6f1bd0dbf2e3517ee3c2d770c296e6596290cf800508715da0799efced72be1ab153bec534129279639ba1afde05179952bf9e80133865b60c5669ef3b6972483e2936ac87a69c8e296a0c24cc0b2ce8583c99414ce7d7309c404b0652f27e6911fdfb59877366fa8754e716e50aa99cd04cbf7eb2c8e118b1a17d9965d6611dc65ac8c6b3a4d5d3df3097c4163c354509b50df0cc2daf0291bbd384a34dec960fd84a67cb30b761ee8161bb25d389bd20e15bfcf7f5edd77005e96e90c5a9bbacd7b3f9f5bbdb880f0a7e1254572b86cb28b3c310ba3052d3785b024ed3f3fafabf1393cf2d882b8bacca30d69adc024baede50d9b0bc2ffcd2bf5c6fef2fc290390162b563b8e846d7b615115818623113f01a1c216b9f588b65db63a459bcfce53020debb6de6e746ef2f9f1c8276ba8995e1bd02d3194e9875e1692ea0255743ba2175c4a804f57a4c19a2c7a4f8f36557878deba2d485aa67c2f36ccbb582f3c569e5d00fe8636857f30854abea6758389bcc832d0de97635ea41e42efa0b7c06fd4f84deeaebccfa8852e3c5582ade34fbe462b5244156d4545bd32377c65e3b0303879f8cc8f177056e39f99591dbaf1b2640f9b68c4cf3989fdd442cb1298d62ce43a21c56bc9556eb27431c04ed337fcd37c26387772677c25c7be21ee74d087c7b88457f30b34a493acb519295f38f4b9bc6764fcbd763d4f9e061d0fd8cb7800e2e0ec18d0fbfdbddc9af8d817b3cf16ce82c91f184f5c8184736203e1bcdb4b8c03a2176926cac0ba9fcf7e21604973d53ee3fc38263e80cea9b1cd9a5016d3e03141426a6802e0926485e8afff7cf8be9bdd2ce685128a7631314c4414a6ade6a85975c1b2958d9c52e455174ca71562eaf6102654466c66f5d3e251e6cae5efd91a88a2513f0587d80b9aafd1936b43beb4054bc35f1c42c0381618bbba181f0de8f4e7aa15f87bc7bb4609f88eadbb83bcc13f8caf7eca20a938c35378f8d3a810a7463d8a2487a157871a7402ab05b54bed456fb2d4c440976ccb4e724a20ba1941f3b3db4f8a185982bd719362b7e190052b5579835d1da2adcfdbec002fdb5f7b187fd365eb601432bf984ad6ee59e13aafba08485997587417b70f8cdf4f7370f04d94df49e135ed3012b87e50b93b27c78e1409f05a4bc0b75e6322068de9b0af459fdc40e3649fb2a7fb1296e00e7d48315705ecbb7815fedb45b8773309489e47aaa4009952604df5d6cd57ec310fc387ecdb296c11376715286df3d15f651310461e83c2ae6d407db6f81784b291e6c8f42907dd4c473cb72dedeb930668d6e5efd95bd1f69d9e818a744557689f7106d0d2a3c3e6f79c98559f9c31ca32307011fa3d70963cc2801babc9a23f73f5fa4bcd04285927f6ef7c5099a4620b85ca8dff2a56fe8aac89949dac74cf869739610d87068e3d32fdba1d5b7460b7857249091cb62b6d9f824ffb9b88a02ea4926da7b8b672ad08ec8c7508a3c5ba901e7c8c8a19e63bbc148a8bb307c6f5d87c736c9d6bcfaabdc7da7102a8bc466c6c11c0bf1973aaf9bc181f996b8aa726dc952dd26df33d6b2aa8de037308df7935ef3390e5939fd9cdf2044b40422197fac93f1762ad342d293162c109f39a369e48977af8ea32a7a098fd9cd7cd979b41a104b8359038cd6741a73968c72d09e9b9869d8dc5fc36b9bfdc89b8cffcede960561a9d1e4aa2453f712caecd2a4206947d3588190e3433bdb87a9241e08686dc78f00162f8239d660b74d42ae1d534ffc3a51fc308f98a5ac00f4da9bdcee4e6d0bf627d17366691a3ab8569b730ad31dcc5324c8835b19b65a11845a03434e10329c5feeeb1088b13a3bc3fe65c3eb6e549003d8d211b87823a44910b2a42e340dd2176a17a2e6ebb45cc59baa9a3bbfd74e6ee8d2c512a825292bdd7abe5ff7ede61b74376e5bc37faf8d69346fa32708df690b2d5b5f18727e4bdb899718e38dae959bb56d95ac153beb1426f3cca03105d5fed56e597822bfc31bb284a9848f1b6b9a1910ad2af8b76887cdd2b1de1f81cd542e0c889e89737d61f5e50ef964205a3b4c77c72271f83015e34989d60ef6d0d6c307902975d5dbe90a23ee1cde956cf70135c91a199d9f75500dc95604b9e7eb365ea858d90377601bad95e07a0f156ffc02778365315b67093aebe32a2a5f00ba8b0eae6fb0414eabe117fd590bc39e9208b4137977b5a8610462f2e83cff2b16edcb444b5d33035d0a80bcb1da228247cad6c11369c5026c5a8320d97cbac232b0ecc0b201552e0f41ab143040324217ad67e8606b34a3349e4ef0c34f9cf56d5b6d157c09b178b358491eb270093a99f522afa3aedaf5dc705fe1842b12515dfe1650dd92ab489bed299677eeff81da531569a3ad832ae273a0b47627561a35da92a6c1b161dbf496248f04feb5a407d99968d6ba0174f453d94708be5a57d82b980bd7751b4a9590dc7b4d38c912a8571ebc39150f7e52efad66cb6d3996710bc5a3e89576182a6a1e15d95dbd74c1ab791bee657547ffb645feb8566ed8db97003f1ff2312946a0404c8dfc0f0a240d8320795c83e66f1429eb56db9ba6e1cee43cbc9e95bd10ceccf1f2ff6b8264ed4e83928e0c5056ad07ba0dad0bb21bec76d7b6ee05a2f0bac88f17004e2e299ccb2679099cc838e25f78685509b69d3164c1fae4c538e683af818d223e8806f50da7504008173b9fc69eafb649dc4b516e4554edbe8c9a0ba46db39c962af343e9caada22d55e3d7ad01e5e5d7d146edfc3a93ce8afde8416b8e9a929b8d88909e11554f1b934a98be2d6e6e0ae2ff66f10be722958a0c0c3766f69d590fc56ed8ae47c289413d62310e8022369e8102d0407bfd30c103fb743c81360752a71f36be5a511c43ebdb493d96a7b2eb80494a028f6cc76a2d0eb0aa1f1392bb50a2ba71384f071473d0774e425dd2d212b537f8f654458e0a5d300780c3d29ddcabe9fdd95c14e6cbd924d1aad9eaa2e00d45278609ef27fdec8d81c9221d07b59370db0911550fdddc9ef3ba760109ba384b3ad7ba5747aa50e0b9832bf39cbf5244de38af8c273d497597be8d4e5575d13a580584436621bb5b7878d23991a6221381af19ef2be71e2c7dea6e5fc9dbe0039ccb02d13d978eebdd411727ee7faed65ca6c872bf9c37322ede378709e9f6a61a1b07c7ceeb94b7719d78a8a3d8221695ba"}]}], "4011c6ed3ec831c0a859df4fd6a1cf59a90c42b433580b288a28728fb104cc462f4e92a1a4d50c2d9d75ce8b5ae9b1d6e9a4a79cae905957835e850585441d5cb5c76b06ad60a5a9003ebacf0d40fb6c636fd81af39f9d170ef5af99cd3e3e7ff54f71ca5d83d2b122ebbbc1333a2c811bc4095b572ebbcb83561044b2794ae54b33e99f48eac0eb"}}}}}}, 0xfca) 05:18:41 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x8126000, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r3, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x9, 0x125980) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:18:41 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x48}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 05:18:41 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0x0, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:18:41 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000005100000000000000", 0x32) 05:18:41 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000008100000000000000", 0x32) 05:18:41 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000005200000000000000", 0x32) [ 2240.669884][T11974] ref_ctr_offset mismatch. inode: 0x4844 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfffffff6 05:18:41 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000478800000000000000", 0x32) 05:18:41 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x8126000, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r3, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x9, 0x125980) set_thread_area(0x0) pivot_root(0x0, 0x0) [ 2241.136355][T11997] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2241.167223][T11997] CPU: 0 PID: 11997 Comm: syz-executor.1 Not tainted 5.6.0-rc3-syzkaller #0 05:18:42 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0x0, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) [ 2241.175959][T11997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2241.186886][T11997] Call Trace: [ 2241.190318][T11997] dump_stack+0x1fb/0x318 [ 2241.194678][T11997] dump_header+0xd8/0x960 [ 2241.199031][T11997] oom_kill_process+0xee/0x370 [ 2241.203823][T11997] out_of_memory+0x5dc/0x900 [ 2241.208441][T11997] try_charge+0x128f/0x18a0 [ 2241.213017][T11997] mem_cgroup_try_charge+0x216/0x550 [ 2241.218338][T11997] mem_cgroup_try_charge_delay+0x25/0xa0 [ 2241.224001][T11997] wp_page_copy+0x35f/0x1c50 [ 2241.228647][T11997] do_wp_page+0x5e4/0x16d0 [ 2241.233082][T11997] ? __kasan_check_write+0x14/0x20 [ 2241.238203][T11997] ? do_raw_spin_lock+0x103/0x7b0 [ 2241.243256][T11997] ? handle_mm_fault+0x235a/0x2900 [ 2241.248410][T11997] handle_mm_fault+0x241f/0x2900 [ 2241.253410][T11997] do_user_addr_fault+0x588/0xaf0 [ 2241.258479][T11997] do_page_fault+0x13b/0x250 [ 2241.263086][T11997] page_fault+0x39/0x40 [ 2241.267236][T11997] RIP: 0033:0x4114c8 [ 2241.271116][T11997] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 78 1d 4c 00 31 c0 e8 e3 09 ff ff 31 ff e8 2c 06 ff ff 0f 1f 40 00 <89> 3c b5 00 00 74 00 eb b6 31 ed 0f 1f 44 00 00 80 3d 7e 11 87 00 [ 2241.290849][T11997] RSP: 002b:00007ffc28d10bf0 EFLAGS: 00010246 [ 2241.296934][T11997] RAX: 00000000f5ab59e9 RBX: 000000002ebe489e RCX: 0000001b34a20000 [ 2241.305033][T11997] RDX: 0000000000000000 RSI: 00000000000019e9 RDI: fffffffff5ab59e9 [ 2241.313018][T11997] RBP: 0000000000000011 R08: 00000000f5ab59e9 R09: 00000000f5ab59ed [ 2241.321025][T11997] R10: 00007ffc28d10d90 R11: 0000000000000246 R12: 000000000076bfa8 [ 2241.328998][T11997] R13: 0000000080000000 R14: 00007fea88bab008 R15: 0000000000000014 [ 2241.454115][T11997] memory: usage 307200kB, limit 307200kB, failcnt 12083 [ 2241.461471][T11997] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2241.488569][T11997] Memory cgroup stats for /syz1: [ 2241.488691][T11997] anon 117325824 [ 2241.488691][T11997] file 122880 [ 2241.488691][T11997] kernel_stack 28311552 05:18:42 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000488800000000000000", 0x32) [ 2241.488691][T11997] slab 54505472 [ 2241.488691][T11997] sock 131072 [ 2241.488691][T11997] shmem 0 [ 2241.488691][T11997] file_mapped 135168 [ 2241.488691][T11997] file_dirty 0 [ 2241.488691][T11997] file_writeback 0 [ 2241.488691][T11997] anon_thp 0 [ 2241.488691][T11997] inactive_anon 516096 [ 2241.488691][T11997] active_anon 116936704 [ 2241.488691][T11997] inactive_file 4096 [ 2241.488691][T11997] active_file 0 [ 2241.488691][T11997] unevictable 0 [ 2241.488691][T11997] slab_reclaimable 10137600 [ 2241.488691][T11997] slab_unreclaimable 44367872 [ 2241.488691][T11997] pgfault 237369 [ 2241.488691][T11997] pgmajfault 0 [ 2241.488691][T11997] workingset_refault 1980 [ 2241.488691][T11997] workingset_activate 495 [ 2241.488691][T11997] workingset_nodereclaim 0 [ 2241.488691][T11997] pgrefill 98778 [ 2241.488691][T11997] pgscan 100192 [ 2241.488691][T11997] pgsteal 3427 05:18:42 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000005300000000000000", 0x32) [ 2241.603050][T11997] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=11986,uid=0 [ 2241.663310][T11997] Memory cgroup out of memory: Killed process 11986 (syz-executor.1) total-vm:74836kB, anon-rss:164kB, file-rss:35804kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2241.765400][T11999] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2241.787891][T11999] CPU: 1 PID: 11999 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2241.796790][T11999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2241.806869][T11999] Call Trace: [ 2241.810178][T11999] dump_stack+0x1fb/0x318 [ 2241.814688][T11999] dump_header+0xd8/0x960 [ 2241.819054][T11999] oom_kill_process+0xee/0x370 [ 2241.823855][T11999] out_of_memory+0x5dc/0x900 [ 2241.828460][T11999] try_charge+0x128f/0x18a0 [ 2241.833152][T11999] __memcg_kmem_charge_memcg+0x37/0x140 [ 2241.838714][T11999] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2241.844401][T11999] __memcg_kmem_charge+0x105/0x340 [ 2241.849542][T11999] dup_task_struct+0x244/0x7d0 [ 2241.854346][T11999] copy_process+0x552/0x57b0 [ 2241.858983][T11999] ? debug_smp_processor_id+0x9/0x20 [ 2241.864338][T11999] ? check_preemption_disabled+0x44/0x260 [ 2241.870075][T11999] ? debug_smp_processor_id+0x9/0x20 [ 2241.875400][T11999] _do_fork+0x13e/0x660 [ 2241.879562][T11999] ? check_preemption_disabled+0x44/0x260 [ 2241.885282][T11999] ? debug_smp_processor_id+0x9/0x20 [ 2241.890681][T11999] ? check_preemption_disabled+0x44/0x260 [ 2241.896416][T11999] ? debug_smp_processor_id+0x9/0x20 [ 2241.901705][T11999] ? check_preemption_disabled+0x44/0x260 [ 2241.907456][T11999] __x64_sys_clone+0x20b/0x250 [ 2241.912269][T11999] do_syscall_64+0xf7/0x1c0 [ 2241.916892][T11999] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2241.922801][T11999] RIP: 0033:0x45ee49 [ 2241.926957][T11999] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2241.946575][T11999] RSP: 002b:00007ffeb3531018 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2241.955106][T11999] RAX: ffffffffffffffda RBX: 00007fe0b78d1700 RCX: 000000000045ee49 [ 2241.963202][T11999] RDX: 00007fe0b78d19d0 RSI: 00007fe0b78d0db0 RDI: 00000000003d0f00 [ 2241.971286][T11999] RBP: 00007ffeb3531230 R08: 00007fe0b78d1700 R09: 00007fe0b78d1700 [ 2241.979280][T11999] R10: 00007fe0b78d19d0 R11: 0000000000000202 R12: 0000000000000000 [ 2241.987255][T11999] R13: 00007ffeb35310cf R14: 00007fe0b78d19c0 R15: 000000000076bfcc [ 2242.058986][T11999] memory: usage 307160kB, limit 307200kB, failcnt 16255 [ 2242.074136][T11999] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2242.082648][T11999] Memory cgroup stats for /syz4: [ 2242.082768][T11999] anon 118341632 [ 2242.082768][T11999] file 16384 [ 2242.082768][T11999] kernel_stack 28975104 [ 2242.082768][T11999] slab 52596736 [ 2242.082768][T11999] sock 0 [ 2242.082768][T11999] shmem 73728 [ 2242.082768][T11999] file_mapped 0 [ 2242.082768][T11999] file_dirty 0 [ 2242.082768][T11999] file_writeback 0 [ 2242.082768][T11999] anon_thp 0 [ 2242.082768][T11999] inactive_anon 786432 [ 2242.082768][T11999] active_anon 117583872 [ 2242.082768][T11999] inactive_file 98304 [ 2242.082768][T11999] active_file 0 [ 2242.082768][T11999] unevictable 0 [ 2242.082768][T11999] slab_reclaimable 7839744 [ 2242.082768][T11999] slab_unreclaimable 44756992 [ 2242.082768][T11999] pgfault 245850 [ 2242.082768][T11999] pgmajfault 0 [ 2242.082768][T11999] workingset_refault 3696 [ 2242.082768][T11999] workingset_activate 1749 [ 2242.082768][T11999] workingset_nodereclaim 0 [ 2242.082768][T11999] pgrefill 137461 [ 2242.082768][T11999] pgscan 155100 [ 2242.082768][T11999] pgsteal 20039 [ 2242.134466][T12025] binder: BINDER_SET_CONTEXT_MGR already set [ 2242.179690][T11999] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=1505,uid=0 [ 2242.200241][T11999] Memory cgroup out of memory: Killed process 1505 (syz-executor.4) total-vm:74704kB, anon-rss:160kB, file-rss:35820kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 2242.223072][T12025] binder: 11997:12025 ioctl 40046207 0 returned -16 [ 2242.284996][T11998] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2242.295983][T11998] CPU: 0 PID: 11998 Comm: syz-executor.1 Not tainted 5.6.0-rc3-syzkaller #0 [ 2242.305631][T11998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2242.315887][T11998] Call Trace: [ 2242.319209][T11998] dump_stack+0x1fb/0x318 [ 2242.323705][T11998] dump_header+0xd8/0x960 [ 2242.328056][T11998] oom_kill_process+0xee/0x370 [ 2242.332852][T11998] out_of_memory+0x5dc/0x900 [ 2242.337591][T11998] try_charge+0x128f/0x18a0 [ 2242.342281][T11998] __memcg_kmem_charge_memcg+0x37/0x140 [ 2242.347966][T11998] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2242.353632][T11998] __memcg_kmem_charge+0x105/0x340 [ 2242.358761][T11998] dup_task_struct+0x244/0x7d0 [ 2242.363660][T11998] copy_process+0x552/0x57b0 [ 2242.368306][T11998] ? retint_kernel+0x2b/0x2b [ 2242.372892][T11998] ? trace_hardirqs_on_caller+0x74/0x80 [ 2242.378430][T11998] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2242.383891][T11998] ? check_preemption_disabled+0xa6/0x260 [ 2242.389608][T11998] ? retint_kernel+0x2b/0x2b [ 2242.394335][T11998] _do_fork+0x13e/0x660 [ 2242.398492][T11998] ? check_preemption_disabled+0x44/0x260 [ 2242.404213][T11998] ? debug_smp_processor_id+0x9/0x20 [ 2242.409500][T11998] ? check_preemption_disabled+0x44/0x260 [ 2242.415232][T11998] ? debug_smp_processor_id+0x9/0x20 [ 2242.420650][T11998] ? check_preemption_disabled+0x44/0x260 [ 2242.426396][T11998] __x64_sys_clone+0x20b/0x250 [ 2242.431313][T11998] do_syscall_64+0xf7/0x1c0 [ 2242.435847][T11998] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2242.441746][T11998] RIP: 0033:0x45c479 [ 2242.445677][T11998] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2242.465421][T11998] RSP: 002b:00007fea86ba9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2242.473948][T11998] RAX: ffffffffffffffda RBX: 00007fea86baa6d4 RCX: 000000000045c479 [ 2242.482060][T11998] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000103 [ 2242.490901][T11998] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2242.499241][T11998] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2242.507317][T11998] R13: 0000000000000074 R14: 00000000004c2d06 R15: 000000000076bf2c [ 2242.515681][T11998] memory: usage 307012kB, limit 307200kB, failcnt 12094 [ 2242.523133][T11998] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2242.530109][T11998] Memory cgroup stats for /syz1: [ 2242.530239][T11998] anon 117325824 [ 2242.530239][T11998] file 122880 [ 2242.530239][T11998] kernel_stack 28385280 [ 2242.530239][T11998] slab 54505472 [ 2242.530239][T11998] sock 131072 [ 2242.530239][T11998] shmem 0 [ 2242.530239][T11998] file_mapped 135168 [ 2242.530239][T11998] file_dirty 0 [ 2242.530239][T11998] file_writeback 0 [ 2242.530239][T11998] anon_thp 0 [ 2242.530239][T11998] inactive_anon 516096 [ 2242.530239][T11998] active_anon 116936704 [ 2242.530239][T11998] inactive_file 4096 [ 2242.530239][T11998] active_file 0 [ 2242.530239][T11998] unevictable 0 [ 2242.530239][T11998] slab_reclaimable 10137600 [ 2242.530239][T11998] slab_unreclaimable 44367872 [ 2242.530239][T11998] pgfault 237402 [ 2242.530239][T11998] pgmajfault 0 [ 2242.530239][T11998] workingset_refault 1980 [ 2242.530239][T11998] workingset_activate 495 [ 2242.530239][T11998] workingset_nodereclaim 0 [ 2242.530239][T11998] pgrefill 98778 [ 2242.530239][T11998] pgscan 100192 [ 2242.530239][T11998] pgsteal 3427 [ 2242.627018][T11998] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=19581,uid=0 [ 2242.642981][T11998] Memory cgroup out of memory: Killed process 19581 (syz-executor.1) total-vm:74836kB, anon-rss:164kB, file-rss:35804kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2242.665918][ T1143] oom_reaper: reaped process 19581 (syz-executor.1), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 05:18:43 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f0000000ec000000000000000", 0x32) 05:18:43 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x4c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 05:18:43 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000005400000000000000", 0x32) 05:18:43 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @remote}}) write$tun(r0, &(0x7f00000021c0)={@void, @val={0x9}, @mpls={[], @ipv6=@icmpv6={0x0, 0x6, "9eef7b", 0xf98, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x3, 0x0, 0x0, 0x0, {0x0, 0x6, "6595c3", 0x0, 0x0, 0x0, @mcast2, @loopback, [@dstopts={0x11, 0x13, [0x0, 0x0, 0x0, 0x0, 0x3b], [@padn={0x1, 0x1, [0x0]}, @enc_lim, @ra, @calipso={0x7, 0x30, {0x0, 0xa, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}}, @calipso={0x7, 0x40, {0x0, 0xe, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, @hao={0xc9, 0x10, @mcast2}, @jumbo, @pad1]}, @srh={0x2, 0xc, 0x4, 0x6, 0x0, 0x0, 0x0, [@loopback, @loopback, @remote, @mcast2, @local, @mcast2]}, @hopopts={0x0, 0x1b8, [], [@ra, @generic={0x0, 0xdbb, "0cad4f4a7eeb53720a5107b6d8001a2f2241086745756559ca43dcc86c24645dd1ca87e3caf5413013c6baee7f151d411bad8f23a85fadfe0f959c12d3393193f4499171ba7b0fdee3a48548863719a05490befc514e21c91ea0c4bcc0e488e1cec20d2c2a5a69ce3dd47d41718560907c58078035d2a51850b0d85282b4a9ab5626b195d85d2727ed7047b647859a72011ff3fa524341909f841651f63701526c6a7e741f3bded9c25d978a77f334d12931fdd5484306ec3d6b268311f46917b7e42efa149511bafa5415d17ac02ab8937249a68b2e3fddb941b0040ced142c2afedcbec1039d40f4923ea3d4475ac561a6a0e869569dd13e736bf127eacb110f8d010329fccadf8e48b27819c823ca0f507f87b3d63ef1869cba2fe3deb0ad1dbaa1a343ab0a856f3e248c6af4ddbfc11824031ce2beeae0991b79382da8b02e0d25715845fc86df5a6279d54d675789e58df953992123c28c532058750c5978a819ddaadbcbe1d7fc264cb688b91668e116227771f36e2a8eb8b7bc364dbda1b3225c6bf9d82ae1e69fe54b17ff692f8b47718b508b8a4e10735bcb55f90616e50d6ba8851388d0f1b39957374ddc9efb243ac2a2bc436e867f3e1499e62d9d158ac22d4d0350b45d1ff2db14ff9507defa68bd37bc5a2e4f7988329171dd59db16a044b748fb6e05e3ca8f863b2ddd8623495f0c3d183e1b610263f17d7629921562a42a3c45a515a30a2c3edc574dff264f881f61393447a1fd773a20e494ac3afc0df59da758af735fbd5e6ad689e95675e29c15617764084f5b6f4732435f63ccb423df6442ad322600e21be45296fd27ca9e08ee7f442a688a32817404d9300ce4a70c2b75ca422b2173a52e9a800f5e520f349525b4c493701ae68ae0efc5e117b9a20735e47c37ccd977686b30d6cabb18f8e7c07ef9721f7daaf4b2c1fd02ec9a2e6e2fd458fa93e4f54d96d5e25ebaca4f322994ae737ee0181b9fac284e952b71fa18ecc7f1c3752a6385a596c094d36654008db0a2a785bf55bcb973d3c5e45ea9ca7506c10ecc0472fd4dd568e38548e87f8557d90290d8a8985cfa43853de5ff75d5a6d8f697c2a6a727675ea5aa1779b1cc98b4ff9556933c7bfa3ae59ada5c8d49191cbea2f2b457dd53c62a4dd257e808b3804cd18a95d566a818797fdc09f4b607dc97b634a9d9e447cc2252f51dd8ad9f5a10ccf32b7154992623957d963731bc4331adfc90c48361e4e2239892c82ff9260ad221c2e83c2352095d95a3d44a402e874edaa8a304f2e1c3d6a383a0515eb5657589a67691a22f10b89fd74123f7cec086d434da40ba509b0dbdf1fa82f4b16f9f3e6df6b0b28c3a85ab272e50e064fc37f681fcb5cfa0c0899a9b88d0a483281032cb16a80202b96cfe473ba073fcb9a6eeeee0032afe23506facba3ed1d11608d21a580ab87eeef70d18d9331eae104f6d77a4bc96bce642815485f513bb71ddc560bc31e995aba9faccd7d1bf74c8fe2b5d7137e3b771a2f408ac06d24bad2f7f4c8f6d7d977d7248415ccbd3420688ff681cf9b00724b6981b2555b86bce142c5d3bef47ebf75e989b337cb8cb98ed24402a98a4224685ceb2ded92f347e5192903dff7f6ed980cbf1413b8eb68474a9abac3fb206ef1ebe0d08dd999c9ecf811d0706d0a705a23ae530d3775e978159dc3c73b86dcd18a61e1c6c8b810041fbd80e0a4c9ff8a73933bb3dae152514ced9ee050e059c6f1bd0dbf2e3517ee3c2d770c296e6596290cf800508715da0799efced72be1ab153bec534129279639ba1afde05179952bf9e80133865b60c5669ef3b6972483e2936ac87a69c8e296a0c24cc0b2ce8583c99414ce7d7309c404b0652f27e6911fdfb59877366fa8754e716e50aa99cd04cbf7eb2c8e118b1a17d9965d6611dc65ac8c6b3a4d5d3df3097c4163c354509b50df0cc2daf0291bbd384a34dec960fd84a67cb30b761ee8161bb25d389bd20e15bfcf7f5edd77005e96e90c5a9bbacd7b3f9f5bbdb880f0a7e1254572b86cb28b3c310ba3052d3785b024ed3f3fafabf1393cf2d882b8bacca30d69adc024baede50d9b0bc2ffcd2bf5c6fef2fc290390162b563b8e846d7b615115818623113f01a1c216b9f588b65db63a459bcfce53020debb6de6e746ef2f9f1c8276ba8995e1bd02d3194e9875e1692ea0255743ba2175c4a804f57a4c19a2c7a4f8f36557878deba2d485aa67c2f36ccbb582f3c569e5d00fe8636857f30854abea6758389bcc832d0de97635ea41e42efa0b7c06fd4f84deeaebccfa8852e3c5582ade34fbe462b5244156d4545bd32377c65e3b0303879f8cc8f177056e39f99591dbaf1b2640f9b68c4cf3989fdd442cb1298d62ce43a21c56bc9556eb27431c04ed337fcd37c26387772677c25c7be21ee74d087c7b88457f30b34a493acb519295f38f4b9bc6764fcbd763d4f9e061d0fd8cb7800e2e0ec18d0fbfdbddc9af8d817b3cf16ce82c91f184f5c8184736203e1bcdb4b8c03a2176926cac0ba9fcf7e21604973d53ee3fc38263e80cea9b1cd9a5016d3e03141426a6802e0926485e8afff7cf8be9bdd2ce685128a7631314c4414a6ade6a85975c1b2958d9c52e455174ca71562eaf6102654466c66f5d3e251e6cae5efd91a88a2513f0587d80b9aafd1936b43beb4054bc35f1c42c0381618bbba181f0de8f4e7aa15f87bc7bb4609f88eadbb83bcc13f8caf7eca20a938c35378f8d3a810a7463d8a2487a157871a7402ab05b54bed456fb2d4c440976ccb4e724a20ba1941f3b3db4f8a185982bd719362b7e190052b5579835d1da2adcfdbec002fdb5f7b187fd365eb601432bf984ad6ee59e13aafba08485997587417b70f8cdf4f7370f04d94df49e135ed3012b87e50b93b27c78e1409f05a4bc0b75e6322068de9b0af459fdc40e3649fb2a7fb1296e00e7d48315705ecbb7815fedb45b8773309489e47aaa4009952604df5d6cd57ec310fc387ecdb296c11376715286df3d15f651310461e83c2ae6d407db6f81784b291e6c8f42907dd4c473cb72dedeb930668d6e5efd95bd1f69d9e818a744557689f7106d0d2a3c3e6f79c98559f9c31ca32307011fa3d70963cc2801babc9a23f73f5fa4bcd04285927f6ef7c5099a4620b85ca8dff2a56fe8aac89949dac74cf869739610d87068e3d32fdba1d5b7460b7857249091cb62b6d9f824ffb9b88a02ea4926da7b8b672ad08ec8c7508a3c5ba901e7c8c8a19e63bbc148a8bb307c6f5d87c736c9d6bcfaabdc7da7102a8bc466c6c11c0bf1973aaf9bc181f996b8aa726dc952dd26df33d6b2aa8de037308df7935ef3390e5939fd9cdf2044b40422197fac93f1762ad342d293162c109f39a369e48977af8ea32a7a098fd9cd7cd979b41a104b8359038cd6741a73968c72d09e9b9869d8dc5fc36b9bfdc89b8cffcede960561a9d1e4aa2453f712caecd2a4206947d3588190e3433bdb87a9241e08686dc78f00162f8239d660b74d42ae1d534ffc3a51fc308f98a5ac00f4da9bdcee4e6d0bf627d17366691a3ab8569b730ad31dcc5324c8835b19b65a11845a03434e10329c5feeeb1088b13a3bc3fe65c3eb6e549003d8d211b87823a44910b2a42e340dd2176a17a2e6ebb45cc59baa9a3bbfd74e6ee8d2c512a825292bdd7abe5ff7ede61b74376e5bc37faf8d69346fa32708df690b2d5b5f18727e4bdb899718e38dae959bb56d95ac153beb1426f3cca03105d5fed56e597822bfc31bb284a9848f1b6b9a1910ad2af8b76887cdd2b1de1f81cd542e0c889e89737d61f5e50ef964205a3b4c77c72271f83015e34989d60ef6d0d6c307902975d5dbe90a23ee1cde956cf70135c91a199d9f75500dc95604b9e7eb365ea858d90377601bad95e07a0f156ffc02778365315b67093aebe32a2a5f00ba8b0eae6fb0414eabe117fd590bc39e9208b4137977b5a8610462f2e83cff2b16edcb444b5d33035d0a80bcb1da228247cad6c11369c5026c5a8320d97cbac232b0ecc0b201552e0f41ab143040324217ad67e8606b34a3349e4ef0c34f9cf56d5b6d157c09b178b358491eb270093a99f522afa3aedaf5dc705fe1842b12515dfe1650dd92ab489bed299677eeff81da531569a3ad832ae273a0b47627561a35da92a6c1b161dbf496248f04feb5a407d99968d6ba0174f453d94708be5a57d82b980bd7751b4a9590dc7b4d38c912a8571ebc39150f7e52efad66cb6d3996710bc5a3e89576182a6a1e15d95dbd74c1ab791bee657547ffb645feb8566ed8db97003f1ff2312946a0404c8dfc0f0a240d8320795c83e66f1429eb56db9ba6e1cee43cbc9e95bd10ceccf1f2ff6b8264ed4e83928e0c5056ad07ba0dad0bb21bec76d7b6ee05a2f0bac88f17004e2e299ccb2679099cc838e25f78685509b69d3164c1fae4c538e683af818d223e8806f50da7504008173b9fc69eafb649dc4b516e4554edbe8c9a0ba46db39c962af343e9caada22d55e3d7ad01e5e5d7d146edfc3a93ce8afde8416b8e9a929b8d88909e11554f1b934a98be2d6e6e0ae2ff66f10be722958a0c0c3766f69d590fc56ed8ae47c289413d62310e8022369e8102d0407bfd30c103fb743c81360752a71f36be5a511c43ebdb493d96a7b2eb80494a028f6cc76a2d0eb0aa1f1392bb50a2ba71384f071473d0774e425dd2d212b537f8f654458e0a5d300780c3d29ddcabe9fdd95c14e6cbd924d1aad9eaa2e00d45278609ef27fdec8d81c9221d07b59370db0911550fdddc9ef3ba760109ba384b3ad7ba5747aa50e0b9832bf39cbf5244de38af8c273d497597be8d4e5575d13a580584436621bb5b7878d23991a6221381af19ef2be71e2c7dea6e5fc9dbe0039ccb02d13d978eebdd411727ee7faed65ca6c872bf9c37322ede378709e9f6a61a1b07c7ceeb94b7719d78a8a3d8221695ba"}]}], "4011c6ed3ec831c0a859df4fd6a1cf59a90c42b433580b288a28728fb104cc462f4e92a1a4d50c2d9d75ce8b5ae9b1d6e9a4a79cae905957835e850585441d5cb5c76b06ad60a5a9003ebacf0d40fb6c636fd81af39f9d170ef5af99cd3e3e7ff54f71ca5d83d2b122ebbbc1333a2c811bc4095b572ebbcb83561044b2794ae54b33e99f48eac0eb"}}}}}}, 0xfca) 05:18:43 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x8126000, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r3, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x9, 0x125980) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:18:43 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000004003000000000000", 0x32) 05:18:44 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:18:44 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000005500000000000000", 0x32) [ 2242.870327][T12036] ref_ctr_offset mismatch. inode: 0x4856 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfffffff6 05:18:44 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000140)=[@acquire={0x40046304}], 0x0, 0x8126000, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r3, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x9, 0x125980) set_thread_area(0x0) pivot_root(0x0, 0x0) [ 2243.088115][T12045] binder: BINDER_SET_CONTEXT_MGR already set [ 2243.094558][T12045] binder: 12040:12045 ioctl 40046207 0 returned -16 [ 2243.366144][T12062] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2243.454009][T12062] CPU: 0 PID: 12062 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2243.462842][T12062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2243.465756][T12068] binder: BINDER_SET_CONTEXT_MGR already set [ 2243.473368][T12062] Call Trace: [ 2243.473394][T12062] dump_stack+0x1fb/0x318 [ 2243.473412][T12062] dump_header+0xd8/0x960 [ 2243.473431][T12062] oom_kill_process+0xee/0x370 [ 2243.473448][T12062] out_of_memory+0x5dc/0x900 [ 2243.473470][T12062] try_charge+0x128f/0x18a0 [ 2243.473540][T12062] __memcg_kmem_charge_memcg+0x37/0x140 [ 2243.473549][T12062] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2243.473564][T12062] __memcg_kmem_charge+0x105/0x340 [ 2243.473582][T12062] dup_task_struct+0x244/0x7d0 [ 2243.473604][T12062] copy_process+0x552/0x57b0 [ 2243.473629][T12062] ? check_preemption_disabled+0x44/0x260 [ 2243.520464][T12068] binder: 12068:12068 ioctl 40046207 0 returned -16 [ 2243.521950][T12062] ? debug_smp_processor_id+0x9/0x20 [ 2243.521993][T12062] _do_fork+0x13e/0x660 [ 2243.522004][T12062] ? check_preemption_disabled+0x44/0x260 [ 2243.522012][T12062] ? debug_smp_processor_id+0x9/0x20 [ 2243.522030][T12062] ? check_preemption_disabled+0x44/0x260 [ 2243.522038][T12062] ? debug_smp_processor_id+0x9/0x20 [ 2243.522048][T12062] ? check_preemption_disabled+0x44/0x260 [ 2243.522068][T12062] __x64_sys_clone+0x20b/0x250 [ 2243.522100][T12062] do_syscall_64+0xf7/0x1c0 [ 2243.522120][T12062] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2243.596506][T12062] RIP: 0033:0x45c479 [ 2243.600447][T12062] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2243.620107][T12062] RSP: 002b:00007fe0b78d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2243.628615][T12062] RAX: ffffffffffffffda RBX: 00007fe0b78d16d4 RCX: 000000000045c479 [ 2243.637033][T12062] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 2243.645137][T12062] RBP: 000000000076bfc0 R08: ffffffffffffffff R09: 0000000000000000 [ 2243.653130][T12062] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2243.661111][T12062] R13: 0000000000000074 R14: 00000000004c2d06 R15: 000000000076bfcc [ 2243.688858][T12062] memory: usage 307200kB, limit 307200kB, failcnt 16280 [ 2243.699535][T12062] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2243.716485][T12062] Memory cgroup stats for /syz4: [ 2243.716583][T12062] anon 118341632 [ 2243.716583][T12062] file 16384 [ 2243.716583][T12062] kernel_stack 28975104 [ 2243.716583][T12062] slab 52596736 [ 2243.716583][T12062] sock 0 [ 2243.716583][T12062] shmem 73728 [ 2243.716583][T12062] file_mapped 0 [ 2243.716583][T12062] file_dirty 0 [ 2243.716583][T12062] file_writeback 0 [ 2243.716583][T12062] anon_thp 0 [ 2243.716583][T12062] inactive_anon 786432 [ 2243.716583][T12062] active_anon 117583872 [ 2243.716583][T12062] inactive_file 98304 [ 2243.716583][T12062] active_file 0 [ 2243.716583][T12062] unevictable 0 [ 2243.716583][T12062] slab_reclaimable 7839744 [ 2243.716583][T12062] slab_unreclaimable 44756992 [ 2243.716583][T12062] pgfault 245949 [ 2243.716583][T12062] pgmajfault 0 [ 2243.716583][T12062] workingset_refault 3696 [ 2243.716583][T12062] workingset_activate 1749 [ 2243.716583][T12062] workingset_nodereclaim 0 [ 2243.716583][T12062] pgrefill 137527 [ 2243.716583][T12062] pgscan 155133 [ 2243.716583][T12062] pgsteal 20039 [ 2243.821777][T12062] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=32735,uid=0 [ 2243.838644][T12062] Memory cgroup out of memory: Killed process 32735 (syz-executor.4) total-vm:74704kB, anon-rss:160kB, file-rss:35820kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 05:18:44 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000140)=[@acquire={0x40046304}], 0x0, 0x8126000, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r3, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x9, 0x125980) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:18:45 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000005600000000000000", 0x32) 05:18:45 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x60}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 05:18:45 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:18:45 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000a00040000000000000", 0x32) 05:18:45 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000005700000000000000", 0x32) [ 2244.106774][T12083] binder: BINDER_SET_CONTEXT_MGR already set [ 2244.114921][T12083] binder: 12083:12083 ioctl 40046207 0 returned -16 [ 2244.141585][T12087] ref_ctr_offset mismatch. inode: 0x47c3 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfffffff6 05:18:45 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @remote}}) write$tun(r0, &(0x7f00000021c0)={@void, @val={0x9}, @mpls={[], @ipv6=@icmpv6={0x0, 0x6, "9eef7b", 0xf98, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x3, 0x0, 0x0, 0x0, {0x0, 0x6, "6595c3", 0x0, 0x0, 0x0, @mcast2, @loopback, [@dstopts={0x11, 0x13, [0x0, 0x0, 0x0, 0x0, 0x3c], [@padn={0x1, 0x1, [0x0]}, @enc_lim, @ra, @calipso={0x7, 0x30, {0x0, 0xa, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}}, @calipso={0x7, 0x40, {0x0, 0xe, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, @hao={0xc9, 0x10, @mcast2}, @jumbo, @pad1]}, @srh={0x2, 0xc, 0x4, 0x6, 0x0, 0x0, 0x0, [@loopback, @loopback, @remote, @mcast2, @local, @mcast2]}, @hopopts={0x0, 0x1b8, [], [@ra, @generic={0x0, 0xdbb, "0cad4f4a7eeb53720a5107b6d8001a2f2241086745756559ca43dcc86c24645dd1ca87e3caf5413013c6baee7f151d411bad8f23a85fadfe0f959c12d3393193f4499171ba7b0fdee3a48548863719a05490befc514e21c91ea0c4bcc0e488e1cec20d2c2a5a69ce3dd47d41718560907c58078035d2a51850b0d85282b4a9ab5626b195d85d2727ed7047b647859a72011ff3fa524341909f841651f63701526c6a7e741f3bded9c25d978a77f334d12931fdd5484306ec3d6b268311f46917b7e42efa149511bafa5415d17ac02ab8937249a68b2e3fddb941b0040ced142c2afedcbec1039d40f4923ea3d4475ac561a6a0e869569dd13e736bf127eacb110f8d010329fccadf8e48b27819c823ca0f507f87b3d63ef1869cba2fe3deb0ad1dbaa1a343ab0a856f3e248c6af4ddbfc11824031ce2beeae0991b79382da8b02e0d25715845fc86df5a6279d54d675789e58df953992123c28c532058750c5978a819ddaadbcbe1d7fc264cb688b91668e116227771f36e2a8eb8b7bc364dbda1b3225c6bf9d82ae1e69fe54b17ff692f8b47718b508b8a4e10735bcb55f90616e50d6ba8851388d0f1b39957374ddc9efb243ac2a2bc436e867f3e1499e62d9d158ac22d4d0350b45d1ff2db14ff9507defa68bd37bc5a2e4f7988329171dd59db16a044b748fb6e05e3ca8f863b2ddd8623495f0c3d183e1b610263f17d7629921562a42a3c45a515a30a2c3edc574dff264f881f61393447a1fd773a20e494ac3afc0df59da758af735fbd5e6ad689e95675e29c15617764084f5b6f4732435f63ccb423df6442ad322600e21be45296fd27ca9e08ee7f442a688a32817404d9300ce4a70c2b75ca422b2173a52e9a800f5e520f349525b4c493701ae68ae0efc5e117b9a20735e47c37ccd977686b30d6cabb18f8e7c07ef9721f7daaf4b2c1fd02ec9a2e6e2fd458fa93e4f54d96d5e25ebaca4f322994ae737ee0181b9fac284e952b71fa18ecc7f1c3752a6385a596c094d36654008db0a2a785bf55bcb973d3c5e45ea9ca7506c10ecc0472fd4dd568e38548e87f8557d90290d8a8985cfa43853de5ff75d5a6d8f697c2a6a727675ea5aa1779b1cc98b4ff9556933c7bfa3ae59ada5c8d49191cbea2f2b457dd53c62a4dd257e808b3804cd18a95d566a818797fdc09f4b607dc97b634a9d9e447cc2252f51dd8ad9f5a10ccf32b7154992623957d963731bc4331adfc90c48361e4e2239892c82ff9260ad221c2e83c2352095d95a3d44a402e874edaa8a304f2e1c3d6a383a0515eb5657589a67691a22f10b89fd74123f7cec086d434da40ba509b0dbdf1fa82f4b16f9f3e6df6b0b28c3a85ab272e50e064fc37f681fcb5cfa0c0899a9b88d0a483281032cb16a80202b96cfe473ba073fcb9a6eeeee0032afe23506facba3ed1d11608d21a580ab87eeef70d18d9331eae104f6d77a4bc96bce642815485f513bb71ddc560bc31e995aba9faccd7d1bf74c8fe2b5d7137e3b771a2f408ac06d24bad2f7f4c8f6d7d977d7248415ccbd3420688ff681cf9b00724b6981b2555b86bce142c5d3bef47ebf75e989b337cb8cb98ed24402a98a4224685ceb2ded92f347e5192903dff7f6ed980cbf1413b8eb68474a9abac3fb206ef1ebe0d08dd999c9ecf811d0706d0a705a23ae530d3775e978159dc3c73b86dcd18a61e1c6c8b810041fbd80e0a4c9ff8a73933bb3dae152514ced9ee050e059c6f1bd0dbf2e3517ee3c2d770c296e6596290cf800508715da0799efced72be1ab153bec534129279639ba1afde05179952bf9e80133865b60c5669ef3b6972483e2936ac87a69c8e296a0c24cc0b2ce8583c99414ce7d7309c404b0652f27e6911fdfb59877366fa8754e716e50aa99cd04cbf7eb2c8e118b1a17d9965d6611dc65ac8c6b3a4d5d3df3097c4163c354509b50df0cc2daf0291bbd384a34dec960fd84a67cb30b761ee8161bb25d389bd20e15bfcf7f5edd77005e96e90c5a9bbacd7b3f9f5bbdb880f0a7e1254572b86cb28b3c310ba3052d3785b024ed3f3fafabf1393cf2d882b8bacca30d69adc024baede50d9b0bc2ffcd2bf5c6fef2fc290390162b563b8e846d7b615115818623113f01a1c216b9f588b65db63a459bcfce53020debb6de6e746ef2f9f1c8276ba8995e1bd02d3194e9875e1692ea0255743ba2175c4a804f57a4c19a2c7a4f8f36557878deba2d485aa67c2f36ccbb582f3c569e5d00fe8636857f30854abea6758389bcc832d0de97635ea41e42efa0b7c06fd4f84deeaebccfa8852e3c5582ade34fbe462b5244156d4545bd32377c65e3b0303879f8cc8f177056e39f99591dbaf1b2640f9b68c4cf3989fdd442cb1298d62ce43a21c56bc9556eb27431c04ed337fcd37c26387772677c25c7be21ee74d087c7b88457f30b34a493acb519295f38f4b9bc6764fcbd763d4f9e061d0fd8cb7800e2e0ec18d0fbfdbddc9af8d817b3cf16ce82c91f184f5c8184736203e1bcdb4b8c03a2176926cac0ba9fcf7e21604973d53ee3fc38263e80cea9b1cd9a5016d3e03141426a6802e0926485e8afff7cf8be9bdd2ce685128a7631314c4414a6ade6a85975c1b2958d9c52e455174ca71562eaf6102654466c66f5d3e251e6cae5efd91a88a2513f0587d80b9aafd1936b43beb4054bc35f1c42c0381618bbba181f0de8f4e7aa15f87bc7bb4609f88eadbb83bcc13f8caf7eca20a938c35378f8d3a810a7463d8a2487a157871a7402ab05b54bed456fb2d4c440976ccb4e724a20ba1941f3b3db4f8a185982bd719362b7e190052b5579835d1da2adcfdbec002fdb5f7b187fd365eb601432bf984ad6ee59e13aafba08485997587417b70f8cdf4f7370f04d94df49e135ed3012b87e50b93b27c78e1409f05a4bc0b75e6322068de9b0af459fdc40e3649fb2a7fb1296e00e7d48315705ecbb7815fedb45b8773309489e47aaa4009952604df5d6cd57ec310fc387ecdb296c11376715286df3d15f651310461e83c2ae6d407db6f81784b291e6c8f42907dd4c473cb72dedeb930668d6e5efd95bd1f69d9e818a744557689f7106d0d2a3c3e6f79c98559f9c31ca32307011fa3d70963cc2801babc9a23f73f5fa4bcd04285927f6ef7c5099a4620b85ca8dff2a56fe8aac89949dac74cf869739610d87068e3d32fdba1d5b7460b7857249091cb62b6d9f824ffb9b88a02ea4926da7b8b672ad08ec8c7508a3c5ba901e7c8c8a19e63bbc148a8bb307c6f5d87c736c9d6bcfaabdc7da7102a8bc466c6c11c0bf1973aaf9bc181f996b8aa726dc952dd26df33d6b2aa8de037308df7935ef3390e5939fd9cdf2044b40422197fac93f1762ad342d293162c109f39a369e48977af8ea32a7a098fd9cd7cd979b41a104b8359038cd6741a73968c72d09e9b9869d8dc5fc36b9bfdc89b8cffcede960561a9d1e4aa2453f712caecd2a4206947d3588190e3433bdb87a9241e08686dc78f00162f8239d660b74d42ae1d534ffc3a51fc308f98a5ac00f4da9bdcee4e6d0bf627d17366691a3ab8569b730ad31dcc5324c8835b19b65a11845a03434e10329c5feeeb1088b13a3bc3fe65c3eb6e549003d8d211b87823a44910b2a42e340dd2176a17a2e6ebb45cc59baa9a3bbfd74e6ee8d2c512a825292bdd7abe5ff7ede61b74376e5bc37faf8d69346fa32708df690b2d5b5f18727e4bdb899718e38dae959bb56d95ac153beb1426f3cca03105d5fed56e597822bfc31bb284a9848f1b6b9a1910ad2af8b76887cdd2b1de1f81cd542e0c889e89737d61f5e50ef964205a3b4c77c72271f83015e34989d60ef6d0d6c307902975d5dbe90a23ee1cde956cf70135c91a199d9f75500dc95604b9e7eb365ea858d90377601bad95e07a0f156ffc02778365315b67093aebe32a2a5f00ba8b0eae6fb0414eabe117fd590bc39e9208b4137977b5a8610462f2e83cff2b16edcb444b5d33035d0a80bcb1da228247cad6c11369c5026c5a8320d97cbac232b0ecc0b201552e0f41ab143040324217ad67e8606b34a3349e4ef0c34f9cf56d5b6d157c09b178b358491eb270093a99f522afa3aedaf5dc705fe1842b12515dfe1650dd92ab489bed299677eeff81da531569a3ad832ae273a0b47627561a35da92a6c1b161dbf496248f04feb5a407d99968d6ba0174f453d94708be5a57d82b980bd7751b4a9590dc7b4d38c912a8571ebc39150f7e52efad66cb6d3996710bc5a3e89576182a6a1e15d95dbd74c1ab791bee657547ffb645feb8566ed8db97003f1ff2312946a0404c8dfc0f0a240d8320795c83e66f1429eb56db9ba6e1cee43cbc9e95bd10ceccf1f2ff6b8264ed4e83928e0c5056ad07ba0dad0bb21bec76d7b6ee05a2f0bac88f17004e2e299ccb2679099cc838e25f78685509b69d3164c1fae4c538e683af818d223e8806f50da7504008173b9fc69eafb649dc4b516e4554edbe8c9a0ba46db39c962af343e9caada22d55e3d7ad01e5e5d7d146edfc3a93ce8afde8416b8e9a929b8d88909e11554f1b934a98be2d6e6e0ae2ff66f10be722958a0c0c3766f69d590fc56ed8ae47c289413d62310e8022369e8102d0407bfd30c103fb743c81360752a71f36be5a511c43ebdb493d96a7b2eb80494a028f6cc76a2d0eb0aa1f1392bb50a2ba71384f071473d0774e425dd2d212b537f8f654458e0a5d300780c3d29ddcabe9fdd95c14e6cbd924d1aad9eaa2e00d45278609ef27fdec8d81c9221d07b59370db0911550fdddc9ef3ba760109ba384b3ad7ba5747aa50e0b9832bf39cbf5244de38af8c273d497597be8d4e5575d13a580584436621bb5b7878d23991a6221381af19ef2be71e2c7dea6e5fc9dbe0039ccb02d13d978eebdd411727ee7faed65ca6c872bf9c37322ede378709e9f6a61a1b07c7ceeb94b7719d78a8a3d8221695ba"}]}], "4011c6ed3ec831c0a859df4fd6a1cf59a90c42b433580b288a28728fb104cc462f4e92a1a4d50c2d9d75ce8b5ae9b1d6e9a4a79cae905957835e850585441d5cb5c76b06ad60a5a9003ebacf0d40fb6c636fd81af39f9d170ef5af99cd3e3e7ff54f71ca5d83d2b122ebbbc1333a2c811bc4095b572ebbcb83561044b2794ae54b33e99f48eac0eb"}}}}}}, 0xfca) 05:18:45 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000140)=[@acquire={0x40046304}], 0x0, 0x8126000, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r3, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x9, 0x125980) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:18:45 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000005800000000000000", 0x32) 05:18:45 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000340000000000000", 0x32) 05:18:45 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:18:45 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x68}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2244.960189][T12109] ref_ctr_offset mismatch. inode: 0x47d8 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfffffff6 05:18:46 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000010000000000", 0x32) 05:18:46 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000655800000000000000", 0x32) [ 2245.266824][T12104] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2245.303201][T12104] CPU: 1 PID: 12104 Comm: syz-executor.1 Not tainted 5.6.0-rc3-syzkaller #0 [ 2245.312051][T12104] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2245.322241][T12104] Call Trace: [ 2245.325545][T12104] dump_stack+0x1fb/0x318 [ 2245.329891][T12104] dump_header+0xd8/0x960 [ 2245.334307][T12104] oom_kill_process+0xee/0x370 [ 2245.339099][T12104] out_of_memory+0x5dc/0x900 [ 2245.343828][T12104] try_charge+0x128f/0x18a0 [ 2245.348421][T12104] mem_cgroup_try_charge+0x216/0x550 [ 2245.353768][T12104] mem_cgroup_try_charge_delay+0x25/0xa0 [ 2245.359418][T12104] do_anonymous_page+0x382/0x1640 [ 2245.364501][T12104] handle_mm_fault+0x1c17/0x2900 [ 2245.369492][T12104] do_user_addr_fault+0x588/0xaf0 [ 2245.374696][T12104] do_page_fault+0x13b/0x250 [ 2245.379294][T12104] page_fault+0x39/0x40 [ 2245.383476][T12104] RIP: 0033:0x413c6f [ 2245.387378][T12104] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 2245.407483][T12104] RSP: 002b:00007ffc28d10bd0 EFLAGS: 00010206 [ 2245.413751][T12104] RAX: 00007fea86b69000 RBX: 0000000000020000 RCX: 000000000045c4ca [ 2245.421889][T12104] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 2245.429868][T12104] RBP: 00007ffc28d10cb0 R08: ffffffffffffffff R09: 0000000000000000 [ 2245.438102][T12104] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc28d10da0 [ 2245.446118][T12104] R13: 00007fea86b89700 R14: 0000000000000001 R15: 000000000076bfcc [ 2245.459327][T12104] memory: usage 307200kB, limit 307200kB, failcnt 12148 [ 2245.468314][T12104] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2245.485666][T12104] Memory cgroup stats for /syz1: [ 2245.485782][T12104] anon 117293056 [ 2245.485782][T12104] file 122880 [ 2245.485782][T12104] kernel_stack 28385280 [ 2245.485782][T12104] slab 54505472 [ 2245.485782][T12104] sock 131072 [ 2245.485782][T12104] shmem 0 [ 2245.485782][T12104] file_mapped 135168 [ 2245.485782][T12104] file_dirty 0 [ 2245.485782][T12104] file_writeback 0 [ 2245.485782][T12104] anon_thp 0 [ 2245.485782][T12104] inactive_anon 516096 [ 2245.485782][T12104] active_anon 116936704 [ 2245.485782][T12104] inactive_file 4096 [ 2245.485782][T12104] active_file 0 [ 2245.485782][T12104] unevictable 0 [ 2245.485782][T12104] slab_reclaimable 10137600 [ 2245.485782][T12104] slab_unreclaimable 44367872 [ 2245.485782][T12104] pgfault 237699 [ 2245.485782][T12104] pgmajfault 0 [ 2245.485782][T12104] workingset_refault 1980 [ 2245.485782][T12104] workingset_activate 528 05:18:46 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000005900000000000000", 0x32) 05:18:46 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000020000000000", 0x32) [ 2245.485782][T12104] workingset_nodereclaim 0 [ 2245.485782][T12104] pgrefill 99108 [ 2245.485782][T12104] pgscan 100523 [ 2245.485782][T12104] pgsteal 3427 [ 2245.585919][T12104] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=12068,uid=0 [ 2245.602414][T12104] Memory cgroup out of memory: Killed process 12068 (syz-executor.1) total-vm:74836kB, anon-rss:164kB, file-rss:35804kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2245.673375][T12117] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2245.684215][T12117] CPU: 0 PID: 12117 Comm: syz-executor.1 Not tainted 5.6.0-rc3-syzkaller #0 [ 2245.687485][T12133] binder: BINDER_SET_CONTEXT_MGR already set [ 2245.692929][T12117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2245.692936][T12117] Call Trace: [ 2245.692963][T12117] dump_stack+0x1fb/0x318 [ 2245.692984][T12117] dump_header+0xd8/0x960 [ 2245.693003][T12117] oom_kill_process+0xee/0x370 [ 2245.693018][T12117] out_of_memory+0x5dc/0x900 [ 2245.693042][T12117] try_charge+0x128f/0x18a0 [ 2245.693089][T12117] __memcg_kmem_charge_memcg+0x37/0x140 [ 2245.693099][T12117] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2245.693115][T12117] __memcg_kmem_charge+0x105/0x340 [ 2245.693133][T12117] dup_task_struct+0x244/0x7d0 [ 2245.693155][T12117] copy_process+0x552/0x57b0 [ 2245.693179][T12117] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2245.693201][T12117] ? debug_smp_processor_id+0x9/0x20 [ 2245.701930][T12133] binder: 12104:12133 ioctl 40046207 0 returned -16 [ 2245.709322][T12117] ? check_preemption_disabled+0x44/0x260 [ 2245.709354][T12117] _do_fork+0x13e/0x660 [ 2245.709371][T12117] ? retint_kernel+0x2b/0x2b [ 2245.709385][T12117] ? trace_hardirqs_on_caller+0x74/0x80 [ 2245.709399][T12117] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2245.709417][T12117] __x64_sys_clone+0x20b/0x250 [ 2245.709447][T12117] do_syscall_64+0xf7/0x1c0 [ 2245.709462][T12117] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2245.709472][T12117] RIP: 0033:0x45c479 [ 2245.709490][T12117] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2245.845082][T12117] RSP: 002b:00007fea86ba9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2245.853515][T12117] RAX: ffffffffffffffda RBX: 00007fea86baa6d4 RCX: 000000000045c479 [ 2245.861650][T12117] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000103 [ 2245.869649][T12117] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2245.877786][T12117] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2245.885783][T12117] R13: 0000000000000074 R14: 00000000004c2d06 R15: 000000000076bf2c [ 2245.899909][T12117] memory: usage 306988kB, limit 307200kB, failcnt 12148 [ 2245.907090][T12117] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2245.914293][T12117] Memory cgroup stats for /syz1: [ 2245.915173][T12117] anon 117293056 [ 2245.915173][T12117] file 122880 [ 2245.915173][T12117] kernel_stack 28385280 [ 2245.915173][T12117] slab 54505472 [ 2245.915173][T12117] sock 131072 [ 2245.915173][T12117] shmem 0 [ 2245.915173][T12117] file_mapped 135168 [ 2245.915173][T12117] file_dirty 0 [ 2245.915173][T12117] file_writeback 0 [ 2245.915173][T12117] anon_thp 0 [ 2245.915173][T12117] inactive_anon 516096 [ 2245.915173][T12117] active_anon 116801536 [ 2245.915173][T12117] inactive_file 4096 [ 2245.915173][T12117] active_file 0 [ 2245.915173][T12117] unevictable 0 [ 2245.915173][T12117] slab_reclaimable 10137600 [ 2245.915173][T12117] slab_unreclaimable 44367872 [ 2245.915173][T12117] pgfault 237699 [ 2245.915173][T12117] pgmajfault 0 [ 2245.915173][T12117] workingset_refault 1980 [ 2245.915173][T12117] workingset_activate 528 [ 2245.915173][T12117] workingset_nodereclaim 0 [ 2245.915173][T12117] pgrefill 99108 [ 2245.915173][T12117] pgscan 100523 [ 2245.915173][T12117] pgsteal 3427 05:18:47 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000005a00000000000000", 0x32) 05:18:47 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000030000000000", 0x32) [ 2246.010945][T12117] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=19401,uid=0 [ 2246.027363][T12117] Memory cgroup out of memory: Killed process 19401 (syz-executor.1) total-vm:74836kB, anon-rss:164kB, file-rss:35804kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2246.063438][ T1143] oom_reaper: reaped process 19401 (syz-executor.1), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB [ 2246.082001][T12103] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2246.103719][T12103] CPU: 0 PID: 12103 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2246.112510][T12103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2246.122576][T12103] Call Trace: [ 2246.125880][T12103] dump_stack+0x1fb/0x318 [ 2246.130432][T12103] dump_header+0xd8/0x960 [ 2246.134791][T12103] oom_kill_process+0xee/0x370 [ 2246.139565][T12103] out_of_memory+0x5dc/0x900 [ 2246.144926][T12103] try_charge+0x128f/0x18a0 [ 2246.149481][T12103] __memcg_kmem_charge_memcg+0x37/0x140 [ 2246.155168][T12103] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2246.160902][T12103] __memcg_kmem_charge+0x105/0x340 [ 2246.166051][T12103] dup_task_struct+0x244/0x7d0 [ 2246.170857][T12103] copy_process+0x552/0x57b0 [ 2246.175471][T12103] ? debug_smp_processor_id+0x9/0x20 [ 2246.180791][T12103] ? check_preemption_disabled+0x44/0x260 [ 2246.186520][T12103] ? debug_smp_processor_id+0x9/0x20 [ 2246.191986][T12103] _do_fork+0x13e/0x660 [ 2246.196203][T12103] ? check_preemption_disabled+0x44/0x260 [ 2246.201945][T12103] ? debug_smp_processor_id+0x9/0x20 [ 2246.207259][T12103] ? check_preemption_disabled+0x44/0x260 [ 2246.213129][T12103] ? debug_smp_processor_id+0x9/0x20 [ 2246.218572][T12103] ? check_preemption_disabled+0x44/0x260 [ 2246.224352][T12103] __x64_sys_clone+0x20b/0x250 [ 2246.229171][T12103] do_syscall_64+0xf7/0x1c0 [ 2246.233816][T12103] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2246.239734][T12103] RIP: 0033:0x45ee49 [ 2246.243644][T12103] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2246.263620][T12103] RSP: 002b:00007ffeb3531018 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2246.272338][T12103] RAX: ffffffffffffffda RBX: 00007fe0b78b0700 RCX: 000000000045ee49 [ 2246.280762][T12103] RDX: 00007fe0b78b09d0 RSI: 00007fe0b78afdb0 RDI: 00000000003d0f00 [ 2246.288748][T12103] RBP: 00007ffeb3531230 R08: 00007fe0b78b0700 R09: 00007fe0b78b0700 [ 2246.297015][T12103] R10: 00007fe0b78b09d0 R11: 0000000000000202 R12: 0000000000000000 [ 2246.305003][T12103] R13: 00007ffeb35310cf R14: 00007fe0b78b09c0 R15: 000000000076c06c [ 2246.463927][T12103] memory: usage 307188kB, limit 307200kB, failcnt 16307 [ 2246.471146][T12103] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2246.478156][T12103] Memory cgroup stats for /syz4: [ 2246.478284][T12103] anon 118415360 [ 2246.478284][T12103] file 16384 [ 2246.478284][T12103] kernel_stack 28975104 [ 2246.478284][T12103] slab 52731904 [ 2246.478284][T12103] sock 0 [ 2246.478284][T12103] shmem 73728 [ 2246.478284][T12103] file_mapped 0 [ 2246.478284][T12103] file_dirty 0 [ 2246.478284][T12103] file_writeback 0 [ 2246.478284][T12103] anon_thp 0 [ 2246.478284][T12103] inactive_anon 786432 [ 2246.478284][T12103] active_anon 117583872 [ 2246.478284][T12103] inactive_file 98304 [ 2246.478284][T12103] active_file 0 [ 2246.478284][T12103] unevictable 0 [ 2246.478284][T12103] slab_reclaimable 7839744 [ 2246.478284][T12103] slab_unreclaimable 44892160 [ 2246.478284][T12103] pgfault 246147 [ 2246.478284][T12103] pgmajfault 0 [ 2246.478284][T12103] workingset_refault 3696 [ 2246.478284][T12103] workingset_activate 1749 [ 2246.478284][T12103] workingset_nodereclaim 0 [ 2246.478284][T12103] pgrefill 137627 [ 2246.478284][T12103] pgscan 155267 [ 2246.478284][T12103] pgsteal 20039 [ 2246.575860][T12103] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=32369,uid=0 [ 2246.591539][T12103] Memory cgroup out of memory: Killed process 32369 (syz-executor.4) total-vm:74704kB, anon-rss:160kB, file-rss:35820kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 05:18:48 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @remote}}) write$tun(r0, &(0x7f00000021c0)={@void, @val={0x9}, @mpls={[], @ipv6=@icmpv6={0x0, 0x6, "9eef7b", 0xf98, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x3, 0x0, 0x0, 0x0, {0x0, 0x6, "6595c3", 0x0, 0x0, 0x0, @mcast2, @loopback, [@dstopts={0x11, 0x13, [0x0, 0x0, 0x0, 0x0, 0x3d], [@padn={0x1, 0x1, [0x0]}, @enc_lim, @ra, @calipso={0x7, 0x30, {0x0, 0xa, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}}, @calipso={0x7, 0x40, {0x0, 0xe, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, @hao={0xc9, 0x10, @mcast2}, @jumbo, @pad1]}, @srh={0x2, 0xc, 0x4, 0x6, 0x0, 0x0, 0x0, [@loopback, @loopback, @remote, @mcast2, @local, @mcast2]}, @hopopts={0x0, 0x1b8, [], [@ra, @generic={0x0, 0xdbb, "0cad4f4a7eeb53720a5107b6d8001a2f2241086745756559ca43dcc86c24645dd1ca87e3caf5413013c6baee7f151d411bad8f23a85fadfe0f959c12d3393193f4499171ba7b0fdee3a48548863719a05490befc514e21c91ea0c4bcc0e488e1cec20d2c2a5a69ce3dd47d41718560907c58078035d2a51850b0d85282b4a9ab5626b195d85d2727ed7047b647859a72011ff3fa524341909f841651f63701526c6a7e741f3bded9c25d978a77f334d12931fdd5484306ec3d6b268311f46917b7e42efa149511bafa5415d17ac02ab8937249a68b2e3fddb941b0040ced142c2afedcbec1039d40f4923ea3d4475ac561a6a0e869569dd13e736bf127eacb110f8d010329fccadf8e48b27819c823ca0f507f87b3d63ef1869cba2fe3deb0ad1dbaa1a343ab0a856f3e248c6af4ddbfc11824031ce2beeae0991b79382da8b02e0d25715845fc86df5a6279d54d675789e58df953992123c28c532058750c5978a819ddaadbcbe1d7fc264cb688b91668e116227771f36e2a8eb8b7bc364dbda1b3225c6bf9d82ae1e69fe54b17ff692f8b47718b508b8a4e10735bcb55f90616e50d6ba8851388d0f1b39957374ddc9efb243ac2a2bc436e867f3e1499e62d9d158ac22d4d0350b45d1ff2db14ff9507defa68bd37bc5a2e4f7988329171dd59db16a044b748fb6e05e3ca8f863b2ddd8623495f0c3d183e1b610263f17d7629921562a42a3c45a515a30a2c3edc574dff264f881f61393447a1fd773a20e494ac3afc0df59da758af735fbd5e6ad689e95675e29c15617764084f5b6f4732435f63ccb423df6442ad322600e21be45296fd27ca9e08ee7f442a688a32817404d9300ce4a70c2b75ca422b2173a52e9a800f5e520f349525b4c493701ae68ae0efc5e117b9a20735e47c37ccd977686b30d6cabb18f8e7c07ef9721f7daaf4b2c1fd02ec9a2e6e2fd458fa93e4f54d96d5e25ebaca4f322994ae737ee0181b9fac284e952b71fa18ecc7f1c3752a6385a596c094d36654008db0a2a785bf55bcb973d3c5e45ea9ca7506c10ecc0472fd4dd568e38548e87f8557d90290d8a8985cfa43853de5ff75d5a6d8f697c2a6a727675ea5aa1779b1cc98b4ff9556933c7bfa3ae59ada5c8d49191cbea2f2b457dd53c62a4dd257e808b3804cd18a95d566a818797fdc09f4b607dc97b634a9d9e447cc2252f51dd8ad9f5a10ccf32b7154992623957d963731bc4331adfc90c48361e4e2239892c82ff9260ad221c2e83c2352095d95a3d44a402e874edaa8a304f2e1c3d6a383a0515eb5657589a67691a22f10b89fd74123f7cec086d434da40ba509b0dbdf1fa82f4b16f9f3e6df6b0b28c3a85ab272e50e064fc37f681fcb5cfa0c0899a9b88d0a483281032cb16a80202b96cfe473ba073fcb9a6eeeee0032afe23506facba3ed1d11608d21a580ab87eeef70d18d9331eae104f6d77a4bc96bce642815485f513bb71ddc560bc31e995aba9faccd7d1bf74c8fe2b5d7137e3b771a2f408ac06d24bad2f7f4c8f6d7d977d7248415ccbd3420688ff681cf9b00724b6981b2555b86bce142c5d3bef47ebf75e989b337cb8cb98ed24402a98a4224685ceb2ded92f347e5192903dff7f6ed980cbf1413b8eb68474a9abac3fb206ef1ebe0d08dd999c9ecf811d0706d0a705a23ae530d3775e978159dc3c73b86dcd18a61e1c6c8b810041fbd80e0a4c9ff8a73933bb3dae152514ced9ee050e059c6f1bd0dbf2e3517ee3c2d770c296e6596290cf800508715da0799efced72be1ab153bec534129279639ba1afde05179952bf9e80133865b60c5669ef3b6972483e2936ac87a69c8e296a0c24cc0b2ce8583c99414ce7d7309c404b0652f27e6911fdfb59877366fa8754e716e50aa99cd04cbf7eb2c8e118b1a17d9965d6611dc65ac8c6b3a4d5d3df3097c4163c354509b50df0cc2daf0291bbd384a34dec960fd84a67cb30b761ee8161bb25d389bd20e15bfcf7f5edd77005e96e90c5a9bbacd7b3f9f5bbdb880f0a7e1254572b86cb28b3c310ba3052d3785b024ed3f3fafabf1393cf2d882b8bacca30d69adc024baede50d9b0bc2ffcd2bf5c6fef2fc290390162b563b8e846d7b615115818623113f01a1c216b9f588b65db63a459bcfce53020debb6de6e746ef2f9f1c8276ba8995e1bd02d3194e9875e1692ea0255743ba2175c4a804f57a4c19a2c7a4f8f36557878deba2d485aa67c2f36ccbb582f3c569e5d00fe8636857f30854abea6758389bcc832d0de97635ea41e42efa0b7c06fd4f84deeaebccfa8852e3c5582ade34fbe462b5244156d4545bd32377c65e3b0303879f8cc8f177056e39f99591dbaf1b2640f9b68c4cf3989fdd442cb1298d62ce43a21c56bc9556eb27431c04ed337fcd37c26387772677c25c7be21ee74d087c7b88457f30b34a493acb519295f38f4b9bc6764fcbd763d4f9e061d0fd8cb7800e2e0ec18d0fbfdbddc9af8d817b3cf16ce82c91f184f5c8184736203e1bcdb4b8c03a2176926cac0ba9fcf7e21604973d53ee3fc38263e80cea9b1cd9a5016d3e03141426a6802e0926485e8afff7cf8be9bdd2ce685128a7631314c4414a6ade6a85975c1b2958d9c52e455174ca71562eaf6102654466c66f5d3e251e6cae5efd91a88a2513f0587d80b9aafd1936b43beb4054bc35f1c42c0381618bbba181f0de8f4e7aa15f87bc7bb4609f88eadbb83bcc13f8caf7eca20a938c35378f8d3a810a7463d8a2487a157871a7402ab05b54bed456fb2d4c440976ccb4e724a20ba1941f3b3db4f8a185982bd719362b7e190052b5579835d1da2adcfdbec002fdb5f7b187fd365eb601432bf984ad6ee59e13aafba08485997587417b70f8cdf4f7370f04d94df49e135ed3012b87e50b93b27c78e1409f05a4bc0b75e6322068de9b0af459fdc40e3649fb2a7fb1296e00e7d48315705ecbb7815fedb45b8773309489e47aaa4009952604df5d6cd57ec310fc387ecdb296c11376715286df3d15f651310461e83c2ae6d407db6f81784b291e6c8f42907dd4c473cb72dedeb930668d6e5efd95bd1f69d9e818a744557689f7106d0d2a3c3e6f79c98559f9c31ca32307011fa3d70963cc2801babc9a23f73f5fa4bcd04285927f6ef7c5099a4620b85ca8dff2a56fe8aac89949dac74cf869739610d87068e3d32fdba1d5b7460b7857249091cb62b6d9f824ffb9b88a02ea4926da7b8b672ad08ec8c7508a3c5ba901e7c8c8a19e63bbc148a8bb307c6f5d87c736c9d6bcfaabdc7da7102a8bc466c6c11c0bf1973aaf9bc181f996b8aa726dc952dd26df33d6b2aa8de037308df7935ef3390e5939fd9cdf2044b40422197fac93f1762ad342d293162c109f39a369e48977af8ea32a7a098fd9cd7cd979b41a104b8359038cd6741a73968c72d09e9b9869d8dc5fc36b9bfdc89b8cffcede960561a9d1e4aa2453f712caecd2a4206947d3588190e3433bdb87a9241e08686dc78f00162f8239d660b74d42ae1d534ffc3a51fc308f98a5ac00f4da9bdcee4e6d0bf627d17366691a3ab8569b730ad31dcc5324c8835b19b65a11845a03434e10329c5feeeb1088b13a3bc3fe65c3eb6e549003d8d211b87823a44910b2a42e340dd2176a17a2e6ebb45cc59baa9a3bbfd74e6ee8d2c512a825292bdd7abe5ff7ede61b74376e5bc37faf8d69346fa32708df690b2d5b5f18727e4bdb899718e38dae959bb56d95ac153beb1426f3cca03105d5fed56e597822bfc31bb284a9848f1b6b9a1910ad2af8b76887cdd2b1de1f81cd542e0c889e89737d61f5e50ef964205a3b4c77c72271f83015e34989d60ef6d0d6c307902975d5dbe90a23ee1cde956cf70135c91a199d9f75500dc95604b9e7eb365ea858d90377601bad95e07a0f156ffc02778365315b67093aebe32a2a5f00ba8b0eae6fb0414eabe117fd590bc39e9208b4137977b5a8610462f2e83cff2b16edcb444b5d33035d0a80bcb1da228247cad6c11369c5026c5a8320d97cbac232b0ecc0b201552e0f41ab143040324217ad67e8606b34a3349e4ef0c34f9cf56d5b6d157c09b178b358491eb270093a99f522afa3aedaf5dc705fe1842b12515dfe1650dd92ab489bed299677eeff81da531569a3ad832ae273a0b47627561a35da92a6c1b161dbf496248f04feb5a407d99968d6ba0174f453d94708be5a57d82b980bd7751b4a9590dc7b4d38c912a8571ebc39150f7e52efad66cb6d3996710bc5a3e89576182a6a1e15d95dbd74c1ab791bee657547ffb645feb8566ed8db97003f1ff2312946a0404c8dfc0f0a240d8320795c83e66f1429eb56db9ba6e1cee43cbc9e95bd10ceccf1f2ff6b8264ed4e83928e0c5056ad07ba0dad0bb21bec76d7b6ee05a2f0bac88f17004e2e299ccb2679099cc838e25f78685509b69d3164c1fae4c538e683af818d223e8806f50da7504008173b9fc69eafb649dc4b516e4554edbe8c9a0ba46db39c962af343e9caada22d55e3d7ad01e5e5d7d146edfc3a93ce8afde8416b8e9a929b8d88909e11554f1b934a98be2d6e6e0ae2ff66f10be722958a0c0c3766f69d590fc56ed8ae47c289413d62310e8022369e8102d0407bfd30c103fb743c81360752a71f36be5a511c43ebdb493d96a7b2eb80494a028f6cc76a2d0eb0aa1f1392bb50a2ba71384f071473d0774e425dd2d212b537f8f654458e0a5d300780c3d29ddcabe9fdd95c14e6cbd924d1aad9eaa2e00d45278609ef27fdec8d81c9221d07b59370db0911550fdddc9ef3ba760109ba384b3ad7ba5747aa50e0b9832bf39cbf5244de38af8c273d497597be8d4e5575d13a580584436621bb5b7878d23991a6221381af19ef2be71e2c7dea6e5fc9dbe0039ccb02d13d978eebdd411727ee7faed65ca6c872bf9c37322ede378709e9f6a61a1b07c7ceeb94b7719d78a8a3d8221695ba"}]}], "4011c6ed3ec831c0a859df4fd6a1cf59a90c42b433580b288a28728fb104cc462f4e92a1a4d50c2d9d75ce8b5ae9b1d6e9a4a79cae905957835e850585441d5cb5c76b06ad60a5a9003ebacf0d40fb6c636fd81af39f9d170ef5af99cd3e3e7ff54f71ca5d83d2b122ebbbc1333a2c811bc4095b572ebbcb83561044b2794ae54b33e99f48eac0eb"}}}}}}, 0xfca) 05:18:48 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x6c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 05:18:48 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000005b00000000000000", 0x32) 05:18:48 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000040000000000", 0x32) 05:18:48 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x10, 0x0, &(0x7f0000000140)=[@clear_death], 0x0, 0x8126000, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r3, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x9, 0x125980) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:18:48 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x0, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:18:48 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000005c00000000000000", 0x32) [ 2247.371397][T12172] ref_ctr_offset mismatch. inode: 0x4805 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfffffff6 05:18:48 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000050000000000", 0x32) [ 2247.503695][T12175] binder: BINDER_SET_CONTEXT_MGR already set [ 2247.519854][T12175] binder: 12175:12175 ioctl 40046207 0 returned -16 05:18:48 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x10, 0x0, &(0x7f0000000140)=[@clear_death], 0x0, 0x8126000, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r3, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x9, 0x125980) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:18:48 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x74}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2247.622784][T12180] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2247.635019][T12180] CPU: 0 PID: 12180 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2247.643719][T12180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2247.653791][T12180] Call Trace: [ 2247.657252][T12180] dump_stack+0x1fb/0x318 [ 2247.661620][T12180] dump_header+0xd8/0x960 [ 2247.665987][T12180] oom_kill_process+0xee/0x370 [ 2247.670798][T12180] out_of_memory+0x5dc/0x900 [ 2247.675447][T12180] try_charge+0x128f/0x18a0 [ 2247.680025][T12180] __memcg_kmem_charge_memcg+0x37/0x140 [ 2247.685699][T12180] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2247.691291][T12180] __memcg_kmem_charge+0x105/0x340 [ 2247.696432][T12180] dup_task_struct+0x244/0x7d0 [ 2247.701233][T12180] copy_process+0x552/0x57b0 [ 2247.710039][T12180] ? check_preemption_disabled+0x44/0x260 [ 2247.715791][T12180] ? debug_smp_processor_id+0x9/0x20 [ 2247.721320][T12180] _do_fork+0x13e/0x660 [ 2247.725496][T12180] ? check_preemption_disabled+0x44/0x260 [ 2247.731829][T12180] ? debug_smp_processor_id+0x9/0x20 [ 2247.737147][T12180] ? check_preemption_disabled+0x44/0x260 [ 2247.742907][T12180] ? debug_smp_processor_id+0x9/0x20 [ 2247.748257][T12180] ? check_preemption_disabled+0x44/0x260 [ 2247.754252][T12180] __x64_sys_clone+0x20b/0x250 [ 2247.759064][T12180] do_syscall_64+0xf7/0x1c0 [ 2247.763617][T12180] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2247.769855][T12180] RIP: 0033:0x45c479 [ 2247.773906][T12180] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2247.805947][T12180] RSP: 002b:00007fe0b78d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2247.814395][T12180] RAX: ffffffffffffffda RBX: 00007fe0b78d16d4 RCX: 000000000045c479 [ 2247.823696][T12180] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 2247.832180][T12180] RBP: 000000000076bfc0 R08: ffffffffffffffff R09: 0000000000000000 [ 2247.840164][T12180] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2247.848349][T12180] R13: 0000000000000074 R14: 00000000004c2d06 R15: 000000000076bfcc [ 2247.970440][T12187] ref_ctr_offset mismatch. inode: 0x4805 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfffffff6 [ 2247.993189][T12180] memory: usage 307200kB, limit 307200kB, failcnt 16358 [ 2248.000948][T12180] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2248.019796][T12180] Memory cgroup stats for /syz4: [ 2248.019916][T12180] anon 118550528 [ 2248.019916][T12180] file 16384 [ 2248.019916][T12180] kernel_stack 28975104 [ 2248.019916][T12180] slab 52731904 [ 2248.019916][T12180] sock 0 [ 2248.019916][T12180] shmem 73728 [ 2248.019916][T12180] file_mapped 0 [ 2248.019916][T12180] file_dirty 0 [ 2248.019916][T12180] file_writeback 0 [ 2248.019916][T12180] anon_thp 0 [ 2248.019916][T12180] inactive_anon 786432 [ 2248.019916][T12180] active_anon 117719040 [ 2248.019916][T12180] inactive_file 98304 [ 2248.019916][T12180] active_file 0 [ 2248.019916][T12180] unevictable 0 [ 2248.019916][T12180] slab_reclaimable 7839744 [ 2248.019916][T12180] slab_unreclaimable 44892160 [ 2248.019916][T12180] pgfault 246279 [ 2248.019916][T12180] pgmajfault 0 [ 2248.019916][T12180] workingset_refault 3696 [ 2248.019916][T12180] workingset_activate 1749 [ 2248.019916][T12180] workingset_nodereclaim 0 [ 2248.019916][T12180] pgrefill 137694 [ 2248.019916][T12180] pgscan 155333 [ 2248.019916][T12180] pgsteal 20039 05:18:49 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x10, 0x0, &(0x7f0000000140)=[@clear_death], 0x0, 0x8126000, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r3, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x9, 0x125980) set_thread_area(0x0) pivot_root(0x0, 0x0) [ 2248.130279][T12180] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=26908,uid=0 [ 2248.147677][T12180] Memory cgroup out of memory: Killed process 26908 (syz-executor.4) total-vm:74836kB, anon-rss:168kB, file-rss:35812kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 05:18:49 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000005d00000000000000", 0x32) [ 2248.315368][T12163] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2248.348755][T12163] CPU: 0 PID: 12163 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2248.357498][T12163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2248.367600][T12163] Call Trace: [ 2248.371022][T12163] dump_stack+0x1fb/0x318 [ 2248.375389][T12163] dump_header+0xd8/0x960 [ 2248.379868][T12163] oom_kill_process+0xee/0x370 [ 2248.384791][T12163] out_of_memory+0x5dc/0x900 [ 2248.389415][T12163] try_charge+0x128f/0x18a0 [ 2248.393987][T12163] mem_cgroup_try_charge+0x216/0x550 [ 2248.399424][T12163] mem_cgroup_try_charge_delay+0x25/0xa0 [ 2248.405083][T12163] do_anonymous_page+0x382/0x1640 [ 2248.407962][T12193] binder: BINDER_SET_CONTEXT_MGR already set [ 2248.410287][T12163] handle_mm_fault+0x1c17/0x2900 [ 2248.410340][T12163] do_user_addr_fault+0x588/0xaf0 [ 2248.410367][T12163] do_page_fault+0x13b/0x250 [ 2248.410383][T12163] page_fault+0x39/0x40 [ 2248.410394][T12163] RIP: 0033:0x413c6f [ 2248.410407][T12163] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 2248.410412][T12163] RSP: 002b:00007ffeb3531060 EFLAGS: 00010206 [ 2248.417013][T12193] binder: 12193:12193 ioctl 40046207 0 returned -16 [ 2248.421368][T12163] RAX: 00007fe0b7890000 RBX: 0000000000020000 RCX: 000000000045c4ca [ 2248.421375][T12163] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 2248.421381][T12163] RBP: 00007ffeb3531140 R08: ffffffffffffffff R09: 0000000000000000 [ 2248.421385][T12163] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffeb3531230 [ 2248.421390][T12163] R13: 00007fe0b78b0700 R14: 0000000000000002 R15: 000000000076c06c [ 2248.439815][T12163] memory: usage 306912kB, limit 307200kB, failcnt 16366 [ 2248.525723][T12163] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2248.533851][T12163] Memory cgroup stats for /syz4: [ 2248.533927][T12163] anon 118550528 [ 2248.533927][T12163] file 16384 [ 2248.533927][T12163] kernel_stack 28975104 [ 2248.533927][T12163] slab 52731904 [ 2248.533927][T12163] sock 0 [ 2248.533927][T12163] shmem 73728 [ 2248.533927][T12163] file_mapped 0 [ 2248.533927][T12163] file_dirty 0 [ 2248.533927][T12163] file_writeback 0 [ 2248.533927][T12163] anon_thp 0 [ 2248.533927][T12163] inactive_anon 786432 [ 2248.533927][T12163] active_anon 117719040 [ 2248.533927][T12163] inactive_file 98304 [ 2248.533927][T12163] active_file 0 [ 2248.533927][T12163] unevictable 0 [ 2248.533927][T12163] slab_reclaimable 7839744 [ 2248.533927][T12163] slab_unreclaimable 44892160 [ 2248.533927][T12163] pgfault 246279 [ 2248.533927][T12163] pgmajfault 0 [ 2248.533927][T12163] workingset_refault 3696 [ 2248.533927][T12163] workingset_activate 1749 [ 2248.533927][T12163] workingset_nodereclaim 0 [ 2248.533927][T12163] pgrefill 137694 [ 2248.533927][T12163] pgscan 155333 [ 2248.533927][T12163] pgsteal 20039 [ 2248.631803][T12163] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=26820,uid=0 [ 2248.678176][T12163] Memory cgroup out of memory: Killed process 26820 (syz-executor.4) total-vm:74836kB, anon-rss:168kB, file-rss:35812kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 2248.697988][ T1143] oom_reaper: reaped process 26820 (syz-executor.4), now anon-rss:0kB, file-rss:34852kB, shmem-rss:0kB 05:18:50 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @remote}}) write$tun(r0, &(0x7f00000021c0)={@void, @val={0x9}, @mpls={[], @ipv6=@icmpv6={0x0, 0x6, "9eef7b", 0xf98, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x3, 0x0, 0x0, 0x0, {0x0, 0x6, "6595c3", 0x0, 0x0, 0x0, @mcast2, @loopback, [@dstopts={0x11, 0x13, [0x0, 0x0, 0x0, 0x0, 0xff], [@padn={0x1, 0x1, [0x0]}, @enc_lim, @ra, @calipso={0x7, 0x30, {0x0, 0xa, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}}, @calipso={0x7, 0x40, {0x0, 0xe, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, @hao={0xc9, 0x10, @mcast2}, @jumbo, @pad1]}, @srh={0x2, 0xc, 0x4, 0x6, 0x0, 0x0, 0x0, [@loopback, @loopback, @remote, @mcast2, @local, @mcast2]}, @hopopts={0x0, 0x1b8, [], [@ra, @generic={0x0, 0xdbb, "0cad4f4a7eeb53720a5107b6d8001a2f2241086745756559ca43dcc86c24645dd1ca87e3caf5413013c6baee7f151d411bad8f23a85fadfe0f959c12d3393193f4499171ba7b0fdee3a48548863719a05490befc514e21c91ea0c4bcc0e488e1cec20d2c2a5a69ce3dd47d41718560907c58078035d2a51850b0d85282b4a9ab5626b195d85d2727ed7047b647859a72011ff3fa524341909f841651f63701526c6a7e741f3bded9c25d978a77f334d12931fdd5484306ec3d6b268311f46917b7e42efa149511bafa5415d17ac02ab8937249a68b2e3fddb941b0040ced142c2afedcbec1039d40f4923ea3d4475ac561a6a0e869569dd13e736bf127eacb110f8d010329fccadf8e48b27819c823ca0f507f87b3d63ef1869cba2fe3deb0ad1dbaa1a343ab0a856f3e248c6af4ddbfc11824031ce2beeae0991b79382da8b02e0d25715845fc86df5a6279d54d675789e58df953992123c28c532058750c5978a819ddaadbcbe1d7fc264cb688b91668e116227771f36e2a8eb8b7bc364dbda1b3225c6bf9d82ae1e69fe54b17ff692f8b47718b508b8a4e10735bcb55f90616e50d6ba8851388d0f1b39957374ddc9efb243ac2a2bc436e867f3e1499e62d9d158ac22d4d0350b45d1ff2db14ff9507defa68bd37bc5a2e4f7988329171dd59db16a044b748fb6e05e3ca8f863b2ddd8623495f0c3d183e1b610263f17d7629921562a42a3c45a515a30a2c3edc574dff264f881f61393447a1fd773a20e494ac3afc0df59da758af735fbd5e6ad689e95675e29c15617764084f5b6f4732435f63ccb423df6442ad322600e21be45296fd27ca9e08ee7f442a688a32817404d9300ce4a70c2b75ca422b2173a52e9a800f5e520f349525b4c493701ae68ae0efc5e117b9a20735e47c37ccd977686b30d6cabb18f8e7c07ef9721f7daaf4b2c1fd02ec9a2e6e2fd458fa93e4f54d96d5e25ebaca4f322994ae737ee0181b9fac284e952b71fa18ecc7f1c3752a6385a596c094d36654008db0a2a785bf55bcb973d3c5e45ea9ca7506c10ecc0472fd4dd568e38548e87f8557d90290d8a8985cfa43853de5ff75d5a6d8f697c2a6a727675ea5aa1779b1cc98b4ff9556933c7bfa3ae59ada5c8d49191cbea2f2b457dd53c62a4dd257e808b3804cd18a95d566a818797fdc09f4b607dc97b634a9d9e447cc2252f51dd8ad9f5a10ccf32b7154992623957d963731bc4331adfc90c48361e4e2239892c82ff9260ad221c2e83c2352095d95a3d44a402e874edaa8a304f2e1c3d6a383a0515eb5657589a67691a22f10b89fd74123f7cec086d434da40ba509b0dbdf1fa82f4b16f9f3e6df6b0b28c3a85ab272e50e064fc37f681fcb5cfa0c0899a9b88d0a483281032cb16a80202b96cfe473ba073fcb9a6eeeee0032afe23506facba3ed1d11608d21a580ab87eeef70d18d9331eae104f6d77a4bc96bce642815485f513bb71ddc560bc31e995aba9faccd7d1bf74c8fe2b5d7137e3b771a2f408ac06d24bad2f7f4c8f6d7d977d7248415ccbd3420688ff681cf9b00724b6981b2555b86bce142c5d3bef47ebf75e989b337cb8cb98ed24402a98a4224685ceb2ded92f347e5192903dff7f6ed980cbf1413b8eb68474a9abac3fb206ef1ebe0d08dd999c9ecf811d0706d0a705a23ae530d3775e978159dc3c73b86dcd18a61e1c6c8b810041fbd80e0a4c9ff8a73933bb3dae152514ced9ee050e059c6f1bd0dbf2e3517ee3c2d770c296e6596290cf800508715da0799efced72be1ab153bec534129279639ba1afde05179952bf9e80133865b60c5669ef3b6972483e2936ac87a69c8e296a0c24cc0b2ce8583c99414ce7d7309c404b0652f27e6911fdfb59877366fa8754e716e50aa99cd04cbf7eb2c8e118b1a17d9965d6611dc65ac8c6b3a4d5d3df3097c4163c354509b50df0cc2daf0291bbd384a34dec960fd84a67cb30b761ee8161bb25d389bd20e15bfcf7f5edd77005e96e90c5a9bbacd7b3f9f5bbdb880f0a7e1254572b86cb28b3c310ba3052d3785b024ed3f3fafabf1393cf2d882b8bacca30d69adc024baede50d9b0bc2ffcd2bf5c6fef2fc290390162b563b8e846d7b615115818623113f01a1c216b9f588b65db63a459bcfce53020debb6de6e746ef2f9f1c8276ba8995e1bd02d3194e9875e1692ea0255743ba2175c4a804f57a4c19a2c7a4f8f36557878deba2d485aa67c2f36ccbb582f3c569e5d00fe8636857f30854abea6758389bcc832d0de97635ea41e42efa0b7c06fd4f84deeaebccfa8852e3c5582ade34fbe462b5244156d4545bd32377c65e3b0303879f8cc8f177056e39f99591dbaf1b2640f9b68c4cf3989fdd442cb1298d62ce43a21c56bc9556eb27431c04ed337fcd37c26387772677c25c7be21ee74d087c7b88457f30b34a493acb519295f38f4b9bc6764fcbd763d4f9e061d0fd8cb7800e2e0ec18d0fbfdbddc9af8d817b3cf16ce82c91f184f5c8184736203e1bcdb4b8c03a2176926cac0ba9fcf7e21604973d53ee3fc38263e80cea9b1cd9a5016d3e03141426a6802e0926485e8afff7cf8be9bdd2ce685128a7631314c4414a6ade6a85975c1b2958d9c52e455174ca71562eaf6102654466c66f5d3e251e6cae5efd91a88a2513f0587d80b9aafd1936b43beb4054bc35f1c42c0381618bbba181f0de8f4e7aa15f87bc7bb4609f88eadbb83bcc13f8caf7eca20a938c35378f8d3a810a7463d8a2487a157871a7402ab05b54bed456fb2d4c440976ccb4e724a20ba1941f3b3db4f8a185982bd719362b7e190052b5579835d1da2adcfdbec002fdb5f7b187fd365eb601432bf984ad6ee59e13aafba08485997587417b70f8cdf4f7370f04d94df49e135ed3012b87e50b93b27c78e1409f05a4bc0b75e6322068de9b0af459fdc40e3649fb2a7fb1296e00e7d48315705ecbb7815fedb45b8773309489e47aaa4009952604df5d6cd57ec310fc387ecdb296c11376715286df3d15f651310461e83c2ae6d407db6f81784b291e6c8f42907dd4c473cb72dedeb930668d6e5efd95bd1f69d9e818a744557689f7106d0d2a3c3e6f79c98559f9c31ca32307011fa3d70963cc2801babc9a23f73f5fa4bcd04285927f6ef7c5099a4620b85ca8dff2a56fe8aac89949dac74cf869739610d87068e3d32fdba1d5b7460b7857249091cb62b6d9f824ffb9b88a02ea4926da7b8b672ad08ec8c7508a3c5ba901e7c8c8a19e63bbc148a8bb307c6f5d87c736c9d6bcfaabdc7da7102a8bc466c6c11c0bf1973aaf9bc181f996b8aa726dc952dd26df33d6b2aa8de037308df7935ef3390e5939fd9cdf2044b40422197fac93f1762ad342d293162c109f39a369e48977af8ea32a7a098fd9cd7cd979b41a104b8359038cd6741a73968c72d09e9b9869d8dc5fc36b9bfdc89b8cffcede960561a9d1e4aa2453f712caecd2a4206947d3588190e3433bdb87a9241e08686dc78f00162f8239d660b74d42ae1d534ffc3a51fc308f98a5ac00f4da9bdcee4e6d0bf627d17366691a3ab8569b730ad31dcc5324c8835b19b65a11845a03434e10329c5feeeb1088b13a3bc3fe65c3eb6e549003d8d211b87823a44910b2a42e340dd2176a17a2e6ebb45cc59baa9a3bbfd74e6ee8d2c512a825292bdd7abe5ff7ede61b74376e5bc37faf8d69346fa32708df690b2d5b5f18727e4bdb899718e38dae959bb56d95ac153beb1426f3cca03105d5fed56e597822bfc31bb284a9848f1b6b9a1910ad2af8b76887cdd2b1de1f81cd542e0c889e89737d61f5e50ef964205a3b4c77c72271f83015e34989d60ef6d0d6c307902975d5dbe90a23ee1cde956cf70135c91a199d9f75500dc95604b9e7eb365ea858d90377601bad95e07a0f156ffc02778365315b67093aebe32a2a5f00ba8b0eae6fb0414eabe117fd590bc39e9208b4137977b5a8610462f2e83cff2b16edcb444b5d33035d0a80bcb1da228247cad6c11369c5026c5a8320d97cbac232b0ecc0b201552e0f41ab143040324217ad67e8606b34a3349e4ef0c34f9cf56d5b6d157c09b178b358491eb270093a99f522afa3aedaf5dc705fe1842b12515dfe1650dd92ab489bed299677eeff81da531569a3ad832ae273a0b47627561a35da92a6c1b161dbf496248f04feb5a407d99968d6ba0174f453d94708be5a57d82b980bd7751b4a9590dc7b4d38c912a8571ebc39150f7e52efad66cb6d3996710bc5a3e89576182a6a1e15d95dbd74c1ab791bee657547ffb645feb8566ed8db97003f1ff2312946a0404c8dfc0f0a240d8320795c83e66f1429eb56db9ba6e1cee43cbc9e95bd10ceccf1f2ff6b8264ed4e83928e0c5056ad07ba0dad0bb21bec76d7b6ee05a2f0bac88f17004e2e299ccb2679099cc838e25f78685509b69d3164c1fae4c538e683af818d223e8806f50da7504008173b9fc69eafb649dc4b516e4554edbe8c9a0ba46db39c962af343e9caada22d55e3d7ad01e5e5d7d146edfc3a93ce8afde8416b8e9a929b8d88909e11554f1b934a98be2d6e6e0ae2ff66f10be722958a0c0c3766f69d590fc56ed8ae47c289413d62310e8022369e8102d0407bfd30c103fb743c81360752a71f36be5a511c43ebdb493d96a7b2eb80494a028f6cc76a2d0eb0aa1f1392bb50a2ba71384f071473d0774e425dd2d212b537f8f654458e0a5d300780c3d29ddcabe9fdd95c14e6cbd924d1aad9eaa2e00d45278609ef27fdec8d81c9221d07b59370db0911550fdddc9ef3ba760109ba384b3ad7ba5747aa50e0b9832bf39cbf5244de38af8c273d497597be8d4e5575d13a580584436621bb5b7878d23991a6221381af19ef2be71e2c7dea6e5fc9dbe0039ccb02d13d978eebdd411727ee7faed65ca6c872bf9c37322ede378709e9f6a61a1b07c7ceeb94b7719d78a8a3d8221695ba"}]}], "4011c6ed3ec831c0a859df4fd6a1cf59a90c42b433580b288a28728fb104cc462f4e92a1a4d50c2d9d75ce8b5ae9b1d6e9a4a79cae905957835e850585441d5cb5c76b06ad60a5a9003ebacf0d40fb6c636fd81af39f9d170ef5af99cd3e3e7ff54f71ca5d83d2b122ebbbc1333a2c811bc4095b572ebbcb83561044b2794ae54b33e99f48eac0eb"}}}}}}, 0xfca) 05:18:50 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000060000000000", 0x32) 05:18:50 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x18, 0x0, &(0x7f0000000140)=[@acquire={0x40046304}, @clear_death], 0x0, 0x8126000, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = open(0x0, 0x0, 0x112) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r3, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x9, 0x125980) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:18:50 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x7a}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 05:18:50 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x0, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:18:50 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000005e00000000000000", 0x32) [ 2249.471373][T12215] ref_ctr_offset mismatch. inode: 0x4807 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfffffff6 05:18:50 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000005f00000000000000", 0x32) 05:18:50 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000070000000000", 0x32) [ 2249.683287][T12213] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2249.693740][T12213] CPU: 1 PID: 12213 Comm: syz-executor.1 Not tainted 5.6.0-rc3-syzkaller #0 [ 2249.702429][T12213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2249.712653][T12213] Call Trace: [ 2249.715993][T12213] dump_stack+0x1fb/0x318 [ 2249.720370][T12213] dump_header+0xd8/0x960 [ 2249.724733][T12213] oom_kill_process+0xee/0x370 [ 2249.729617][T12213] out_of_memory+0x5dc/0x900 [ 2249.734251][T12213] try_charge+0x128f/0x18a0 [ 2249.738830][T12213] __memcg_kmem_charge_memcg+0x37/0x140 [ 2249.744399][T12213] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2249.749989][T12213] __memcg_kmem_charge+0x105/0x340 [ 2249.755368][T12213] dup_task_struct+0x244/0x7d0 [ 2249.760174][T12213] copy_process+0x552/0x57b0 [ 2249.765248][T12213] ? check_preemption_disabled+0x44/0x260 [ 2249.771152][T12213] ? debug_smp_processor_id+0x9/0x20 [ 2249.776484][T12213] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2249.781972][T12213] ? trace_hardirqs_off+0x74/0x80 [ 2249.787028][T12213] ? rcu_irq_exit_irqson+0xc3/0x110 [ 2249.792247][T12213] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2249.797750][T12213] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2249.803264][T12213] _do_fork+0x13e/0x660 [ 2249.807580][T12213] ? __x64_sys_clone+0x202/0x250 [ 2249.812706][T12213] __x64_sys_clone+0x20b/0x250 [ 2249.817530][T12213] do_syscall_64+0xf7/0x1c0 [ 2249.822106][T12213] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2249.828018][T12213] RIP: 0033:0x45c479 [ 2249.832228][T12213] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2249.851847][T12213] RSP: 002b:00007fea86ba9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2249.860266][T12213] RAX: ffffffffffffffda RBX: 00007fea86baa6d4 RCX: 000000000045c479 [ 2249.868248][T12213] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000103 [ 2249.876229][T12213] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2249.884326][T12213] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2249.892452][T12213] R13: 0000000000000074 R14: 00000000004c2d06 R15: 000000000076bf2c [ 2249.901773][T12213] memory: usage 307200kB, limit 307200kB, failcnt 12196 [ 2249.909543][T12213] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2249.916600][T12213] Memory cgroup stats for /syz1: [ 2249.917297][T12213] anon 117231616 [ 2249.917297][T12213] file 122880 [ 2249.917297][T12213] kernel_stack 28348416 [ 2249.917297][T12213] slab 54505472 [ 2249.917297][T12213] sock 131072 [ 2249.917297][T12213] shmem 0 [ 2249.917297][T12213] file_mapped 135168 [ 2249.917297][T12213] file_dirty 0 [ 2249.917297][T12213] file_writeback 0 [ 2249.917297][T12213] anon_thp 0 [ 2249.917297][T12213] inactive_anon 516096 [ 2249.917297][T12213] active_anon 116801536 [ 2249.917297][T12213] inactive_file 4096 [ 2249.917297][T12213] active_file 0 [ 2249.917297][T12213] unevictable 0 [ 2249.917297][T12213] slab_reclaimable 10137600 [ 2249.917297][T12213] slab_unreclaimable 44367872 [ 2249.917297][T12213] pgfault 238062 [ 2249.917297][T12213] pgmajfault 0 [ 2249.917297][T12213] workingset_refault 2013 [ 2249.917297][T12213] workingset_activate 528 [ 2249.917297][T12213] workingset_nodereclaim 0 [ 2249.917297][T12213] pgrefill 99376 [ 2249.917297][T12213] pgscan 100789 [ 2249.917297][T12213] pgsteal 3427 [ 2250.015103][T12213] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=12193,uid=0 [ 2250.031909][T12213] Memory cgroup out of memory: Killed process 12193 (syz-executor.1) total-vm:74836kB, anon-rss:164kB, file-rss:35804kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2250.089476][ T1143] oom_reaper: reaped process 12193 (syz-executor.1), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB [ 2250.141274][T12213] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2250.151891][T12213] CPU: 1 PID: 12213 Comm: syz-executor.1 Not tainted 5.6.0-rc3-syzkaller #0 [ 2250.160742][T12213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2250.171090][T12213] Call Trace: [ 2250.181969][T12213] dump_stack+0x1fb/0x318 [ 2250.186441][T12213] dump_header+0xd8/0x960 [ 2250.191797][T12213] oom_kill_process+0xee/0x370 [ 2250.196797][T12213] out_of_memory+0x5dc/0x900 [ 2250.201971][T12213] try_charge+0x128f/0x18a0 [ 2250.206548][T12213] __memcg_kmem_charge_memcg+0x37/0x140 [ 2250.212134][T12213] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2250.218194][T12213] __memcg_kmem_charge+0x105/0x340 [ 2250.223493][T12213] dup_task_struct+0x244/0x7d0 [ 2250.228298][T12213] copy_process+0x552/0x57b0 [ 2250.232907][T12213] ? check_preemption_disabled+0x44/0x260 [ 2250.238650][T12213] ? debug_smp_processor_id+0x9/0x20 [ 2250.243967][T12213] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2250.249469][T12213] ? trace_hardirqs_off+0x74/0x80 [ 2250.255298][T12213] ? rcu_irq_exit_irqson+0xc3/0x110 [ 2250.260778][T12213] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2250.266273][T12213] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2250.272486][T12213] _do_fork+0x13e/0x660 [ 2250.276763][T12213] ? __x64_sys_clone+0x202/0x250 [ 2250.282352][T12213] __x64_sys_clone+0x20b/0x250 [ 2250.287163][T12213] do_syscall_64+0xf7/0x1c0 [ 2250.291849][T12213] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2250.297775][T12213] RIP: 0033:0x45c479 [ 2250.301677][T12213] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2250.321522][T12213] RSP: 002b:00007fea86ba9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2250.324296][T12233] binder: BINDER_SET_CONTEXT_MGR already set [ 2250.331308][T12213] RAX: ffffffffffffffda RBX: 00007fea86baa6d4 RCX: 000000000045c479 [ 2250.331315][T12213] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000103 [ 2250.331320][T12213] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2250.331325][T12213] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2250.331331][T12213] R13: 0000000000000074 R14: 00000000004c2d06 R15: 000000000076bf2c [ 2250.333201][T12213] memory: usage 307200kB, limit 307200kB, failcnt 12202 [ 2250.390795][T12213] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2250.398166][T12213] Memory cgroup stats for /syz1: [ 2250.398967][T12213] anon 117231616 [ 2250.398967][T12213] file 122880 [ 2250.398967][T12213] kernel_stack 28422144 [ 2250.398967][T12213] slab 54505472 [ 2250.398967][T12213] sock 131072 [ 2250.398967][T12213] shmem 0 [ 2250.398967][T12213] file_mapped 135168 [ 2250.398967][T12213] file_dirty 0 [ 2250.398967][T12213] file_writeback 0 [ 2250.398967][T12213] anon_thp 0 [ 2250.398967][T12213] inactive_anon 516096 [ 2250.398967][T12213] active_anon 116801536 [ 2250.398967][T12213] inactive_file 4096 [ 2250.398967][T12213] active_file 0 [ 2250.398967][T12213] unevictable 0 [ 2250.398967][T12213] slab_reclaimable 10137600 [ 2250.398967][T12213] slab_unreclaimable 44367872 [ 2250.398967][T12213] pgfault 238062 [ 2250.398967][T12213] pgmajfault 0 [ 2250.398967][T12213] workingset_refault 2013 [ 2250.398967][T12213] workingset_activate 528 [ 2250.398967][T12213] workingset_nodereclaim 0 [ 2250.398967][T12213] pgrefill 99376 [ 2250.398967][T12213] pgscan 100789 [ 2250.398967][T12213] pgsteal 3427 [ 2250.498346][T12213] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=19345,uid=0 [ 2250.515640][T12213] Memory cgroup out of memory: Killed process 19345 (syz-executor.1) total-vm:74968kB, anon-rss:172kB, file-rss:35796kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 05:18:51 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x15e}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2250.541286][ T1143] oom_reaper: reaped process 19345 (syz-executor.1), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB [ 2250.556946][T12233] binder: 12206:12233 ioctl 40046207 0 returned -16 [ 2250.606192][T12207] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2250.652019][T12207] CPU: 1 PID: 12207 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2250.660756][T12207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2250.671791][T12207] Call Trace: [ 2250.675255][T12207] dump_stack+0x1fb/0x318 [ 2250.679608][T12207] dump_header+0xd8/0x960 [ 2250.684091][T12207] oom_kill_process+0xee/0x370 [ 2250.688888][T12207] out_of_memory+0x5dc/0x900 [ 2250.694429][T12207] try_charge+0x128f/0x18a0 [ 2250.698995][T12207] mem_cgroup_try_charge+0x216/0x550 [ 2250.705150][T12207] mem_cgroup_try_charge_delay+0x25/0xa0 [ 2250.710831][T12207] wp_page_copy+0x35f/0x1c50 [ 2250.715518][T12207] do_wp_page+0x5e4/0x16d0 [ 2250.720040][T12207] ? __kasan_check_write+0x14/0x20 [ 2250.725527][T12207] ? do_raw_spin_lock+0x103/0x7b0 [ 2250.730973][T12207] ? handle_mm_fault+0x235a/0x2900 [ 2250.736164][T12207] handle_mm_fault+0x241f/0x2900 [ 2250.741417][T12207] do_user_addr_fault+0x588/0xaf0 [ 2250.746476][T12207] do_page_fault+0x13b/0x250 [ 2250.751076][T12207] page_fault+0x39/0x40 [ 2250.755240][T12207] RIP: 0033:0x4114c8 [ 2250.759167][T12207] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 78 1d 4c 00 31 c0 e8 e3 09 ff ff 31 ff e8 2c 06 ff ff 0f 1f 40 00 <89> 3c b5 00 00 74 00 eb b6 31 ed 0f 1f 44 00 00 80 3d 7e 11 87 00 [ 2250.779691][T12207] RSP: 002b:00007ffeb3531080 EFLAGS: 00010246 [ 2250.786021][T12207] RAX: 00000000d78cd4f7 RBX: 00000000ebe84125 RCX: 0000001b2d920000 [ 2250.794271][T12207] RDX: 0000000000000000 RSI: 00000000000014f7 RDI: ffffffffd78cd4f7 [ 2250.802539][T12207] RBP: 0000000000000005 R08: 00000000d78cd4f7 R09: 00000000d78cd4fb [ 2250.812533][T12207] R10: 00007ffeb3531220 R11: 0000000000000246 R12: 000000000076c0e8 [ 2250.820615][T12207] R13: 0000000080000000 R14: 00007fe0b94f3008 R15: 0000000000000009 [ 2250.834340][T12207] memory: usage 307088kB, limit 307200kB, failcnt 16398 [ 2250.842805][T12207] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2250.851843][T12207] Memory cgroup stats for /syz4: [ 2250.851979][T12207] anon 118394880 [ 2250.851979][T12207] file 16384 [ 2250.851979][T12207] kernel_stack 28975104 [ 2250.851979][T12207] slab 52731904 [ 2250.851979][T12207] sock 0 [ 2250.851979][T12207] shmem 73728 [ 2250.851979][T12207] file_mapped 0 [ 2250.851979][T12207] file_dirty 0 [ 2250.851979][T12207] file_writeback 0 [ 2250.851979][T12207] anon_thp 0 [ 2250.851979][T12207] inactive_anon 786432 [ 2250.851979][T12207] active_anon 117719040 [ 2250.851979][T12207] inactive_file 98304 [ 2250.851979][T12207] active_file 0 [ 2250.851979][T12207] unevictable 0 [ 2250.851979][T12207] slab_reclaimable 7839744 [ 2250.851979][T12207] slab_unreclaimable 44892160 [ 2250.851979][T12207] pgfault 246411 [ 2250.851979][T12207] pgmajfault 0 [ 2250.851979][T12207] workingset_refault 3696 [ 2250.851979][T12207] workingset_activate 1749 [ 2250.851979][T12207] workingset_nodereclaim 0 [ 2250.851979][T12207] pgrefill 138027 [ 2250.851979][T12207] pgscan 155663 [ 2250.851979][T12207] pgsteal 20039 [ 2250.954117][T12207] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=26702,uid=0 [ 2250.970008][T12207] Memory cgroup out of memory: Killed process 26702 (syz-executor.4) total-vm:74704kB, anon-rss:160kB, file-rss:35820kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 2250.988402][T12242] ref_ctr_offset mismatch. inode: 0x47cc offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfffffff6 05:18:52 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000080000000000", 0x32) 05:18:52 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000006000000000000000", 0x32) [ 2251.023589][T12206] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2251.088350][T12206] CPU: 1 PID: 12206 Comm: syz-executor.1 Not tainted 5.6.0-rc3-syzkaller #0 [ 2251.097439][T12206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2251.107499][T12206] Call Trace: [ 2251.110838][T12206] dump_stack+0x1fb/0x318 [ 2251.115300][T12206] dump_header+0xd8/0x960 [ 2251.119670][T12206] oom_kill_process+0xee/0x370 [ 2251.124619][T12206] out_of_memory+0x5dc/0x900 [ 2251.129248][T12206] try_charge+0x128f/0x18a0 [ 2251.133869][T12206] mem_cgroup_try_charge+0x216/0x550 [ 2251.139200][T12206] mem_cgroup_try_charge_delay+0x25/0xa0 [ 2251.146292][T12206] do_anonymous_page+0x382/0x1640 [ 2251.151487][T12206] handle_mm_fault+0x1c17/0x2900 [ 2251.157763][T12206] do_user_addr_fault+0x588/0xaf0 [ 2251.162842][T12206] do_page_fault+0x13b/0x250 [ 2251.167453][T12206] page_fault+0x39/0x40 [ 2251.171736][T12206] RIP: 0033:0x45ee2d [ 2251.175671][T12206] Code: 5b 5d f3 c3 66 0f 1f 84 00 00 00 00 00 48 c7 c0 ea ff ff ff 48 85 ff 0f 84 e0 8c fb ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 <48> 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 [ 2251.196922][T12206] RSP: 002b:00007ffc28d10b88 EFLAGS: 00010202 [ 2251.203003][T12206] RAX: ffffffffffffffea RBX: 00007fea86b26700 RCX: 00007fea86b26700 [ 2251.210981][T12206] RDX: 00000000003d0f00 RSI: 00007fea86b25db0 RDI: 0000000000413060 [ 2251.218958][T12206] RBP: 00007ffc28d10da0 R08: 00007fea86b269d0 R09: 00007fea86b26700 [ 2251.227029][T12206] R10: 00007fea86b25dc0 R11: 0000000000000246 R12: 0000000000000000 [ 2251.235635][T12206] R13: 00007ffc28d10c3f R14: 00007fea86b269c0 R15: 000000000076c1ac 05:18:52 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000090000000000", 0x32) [ 2251.409176][T12206] memory: usage 306684kB, limit 307200kB, failcnt 12211 [ 2251.416304][T12206] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2251.424733][T12206] Memory cgroup stats for /syz1: [ 2251.424819][T12206] anon 117227520 [ 2251.424819][T12206] file 122880 [ 2251.424819][T12206] kernel_stack 28385280 [ 2251.424819][T12206] slab 54505472 [ 2251.424819][T12206] sock 131072 [ 2251.424819][T12206] shmem 0 [ 2251.424819][T12206] file_mapped 135168 [ 2251.424819][T12206] file_dirty 0 [ 2251.424819][T12206] file_writeback 0 [ 2251.424819][T12206] anon_thp 0 [ 2251.424819][T12206] inactive_anon 516096 [ 2251.424819][T12206] active_anon 116801536 [ 2251.424819][T12206] inactive_file 4096 [ 2251.424819][T12206] active_file 0 [ 2251.424819][T12206] unevictable 0 [ 2251.424819][T12206] slab_reclaimable 10137600 [ 2251.424819][T12206] slab_unreclaimable 44367872 [ 2251.424819][T12206] pgfault 238062 [ 2251.424819][T12206] pgmajfault 0 [ 2251.424819][T12206] workingset_refault 2013 [ 2251.424819][T12206] workingset_activate 528 [ 2251.424819][T12206] workingset_nodereclaim 0 [ 2251.424819][T12206] pgrefill 99376 [ 2251.424819][T12206] pgscan 100789 [ 2251.424819][T12206] pgsteal 3427 [ 2251.553259][T12206] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=19141,uid=0 [ 2251.597829][T12206] Memory cgroup out of memory: Killed process 19141 (syz-executor.1) total-vm:74968kB, anon-rss:172kB, file-rss:35796kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 05:18:53 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @remote}}) write$tun(r0, &(0x7f00000021c0)={@void, @val={0x9}, @mpls={[], @ipv6=@icmpv6={0x0, 0x6, "9eef7b", 0xf98, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x3, 0x0, 0x0, 0x0, {0x0, 0x6, "6595c3", 0x0, 0x0, 0x0, @mcast2, @loopback, [@dstopts={0x11, 0x13, [], [@padn={0x1, 0x1, [0x0]}, @enc_lim, @ra, @calipso={0x7, 0x30, {0x0, 0xa, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}}, @calipso={0x7, 0x40, {0x0, 0xe, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, @hao={0xc9, 0x10, @mcast2}, @jumbo, @pad1]}, @srh={0x2, 0xc, 0x4, 0x6, 0x0, 0x0, 0x0, [@loopback, @loopback, @remote, @mcast2, @local, @mcast2]}, @hopopts={0x0, 0x1b8, [], [@ra, @generic={0x0, 0xdbb, "0cad4f4a7eeb53720a5107b6d8001a2f2241086745756559ca43dcc86c24645dd1ca87e3caf5413013c6baee7f151d411bad8f23a85fadfe0f959c12d3393193f4499171ba7b0fdee3a48548863719a05490befc514e21c91ea0c4bcc0e488e1cec20d2c2a5a69ce3dd47d41718560907c58078035d2a51850b0d85282b4a9ab5626b195d85d2727ed7047b647859a72011ff3fa524341909f841651f63701526c6a7e741f3bded9c25d978a77f334d12931fdd5484306ec3d6b268311f46917b7e42efa149511bafa5415d17ac02ab8937249a68b2e3fddb941b0040ced142c2afedcbec1039d40f4923ea3d4475ac561a6a0e869569dd13e736bf127eacb110f8d010329fccadf8e48b27819c823ca0f507f87b3d63ef1869cba2fe3deb0ad1dbaa1a343ab0a856f3e248c6af4ddbfc11824031ce2beeae0991b79382da8b02e0d25715845fc86df5a6279d54d675789e58df953992123c28c532058750c5978a819ddaadbcbe1d7fc264cb688b91668e116227771f36e2a8eb8b7bc364dbda1b3225c6bf9d82ae1e69fe54b17ff692f8b47718b508b8a4e10735bcb55f90616e50d6ba8851388d0f1b39957374ddc9efb243ac2a2bc436e867f3e1499e62d9d158ac22d4d0350b45d1ff2db14ff9507defa68bd37bc5a2e4f7988329171dd59db16a044b748fb6e05e3ca8f863b2ddd8623495f0c3d183e1b610263f17d7629921562a42a3c45a515a30a2c3edc574dff264f881f61393447a1fd773a20e494ac3afc0df59da758af735fbd5e6ad689e95675e29c15617764084f5b6f4732435f63ccb423df6442ad322600e21be45296fd27ca9e08ee7f442a688a32817404d9300ce4a70c2b75ca422b2173a52e9a800f5e520f349525b4c493701ae68ae0efc5e117b9a20735e47c37ccd977686b30d6cabb18f8e7c07ef9721f7daaf4b2c1fd02ec9a2e6e2fd458fa93e4f54d96d5e25ebaca4f322994ae737ee0181b9fac284e952b71fa18ecc7f1c3752a6385a596c094d36654008db0a2a785bf55bcb973d3c5e45ea9ca7506c10ecc0472fd4dd568e38548e87f8557d90290d8a8985cfa43853de5ff75d5a6d8f697c2a6a727675ea5aa1779b1cc98b4ff9556933c7bfa3ae59ada5c8d49191cbea2f2b457dd53c62a4dd257e808b3804cd18a95d566a818797fdc09f4b607dc97b634a9d9e447cc2252f51dd8ad9f5a10ccf32b7154992623957d963731bc4331adfc90c48361e4e2239892c82ff9260ad221c2e83c2352095d95a3d44a402e874edaa8a304f2e1c3d6a383a0515eb5657589a67691a22f10b89fd74123f7cec086d434da40ba509b0dbdf1fa82f4b16f9f3e6df6b0b28c3a85ab272e50e064fc37f681fcb5cfa0c0899a9b88d0a483281032cb16a80202b96cfe473ba073fcb9a6eeeee0032afe23506facba3ed1d11608d21a580ab87eeef70d18d9331eae104f6d77a4bc96bce642815485f513bb71ddc560bc31e995aba9faccd7d1bf74c8fe2b5d7137e3b771a2f408ac06d24bad2f7f4c8f6d7d977d7248415ccbd3420688ff681cf9b00724b6981b2555b86bce142c5d3bef47ebf75e989b337cb8cb98ed24402a98a4224685ceb2ded92f347e5192903dff7f6ed980cbf1413b8eb68474a9abac3fb206ef1ebe0d08dd999c9ecf811d0706d0a705a23ae530d3775e978159dc3c73b86dcd18a61e1c6c8b810041fbd80e0a4c9ff8a73933bb3dae152514ced9ee050e059c6f1bd0dbf2e3517ee3c2d770c296e6596290cf800508715da0799efced72be1ab153bec534129279639ba1afde05179952bf9e80133865b60c5669ef3b6972483e2936ac87a69c8e296a0c24cc0b2ce8583c99414ce7d7309c404b0652f27e6911fdfb59877366fa8754e716e50aa99cd04cbf7eb2c8e118b1a17d9965d6611dc65ac8c6b3a4d5d3df3097c4163c354509b50df0cc2daf0291bbd384a34dec960fd84a67cb30b761ee8161bb25d389bd20e15bfcf7f5edd77005e96e90c5a9bbacd7b3f9f5bbdb880f0a7e1254572b86cb28b3c310ba3052d3785b024ed3f3fafabf1393cf2d882b8bacca30d69adc024baede50d9b0bc2ffcd2bf5c6fef2fc290390162b563b8e846d7b615115818623113f01a1c216b9f588b65db63a459bcfce53020debb6de6e746ef2f9f1c8276ba8995e1bd02d3194e9875e1692ea0255743ba2175c4a804f57a4c19a2c7a4f8f36557878deba2d485aa67c2f36ccbb582f3c569e5d00fe8636857f30854abea6758389bcc832d0de97635ea41e42efa0b7c06fd4f84deeaebccfa8852e3c5582ade34fbe462b5244156d4545bd32377c65e3b0303879f8cc8f177056e39f99591dbaf1b2640f9b68c4cf3989fdd442cb1298d62ce43a21c56bc9556eb27431c04ed337fcd37c26387772677c25c7be21ee74d087c7b88457f30b34a493acb519295f38f4b9bc6764fcbd763d4f9e061d0fd8cb7800e2e0ec18d0fbfdbddc9af8d817b3cf16ce82c91f184f5c8184736203e1bcdb4b8c03a2176926cac0ba9fcf7e21604973d53ee3fc38263e80cea9b1cd9a5016d3e03141426a6802e0926485e8afff7cf8be9bdd2ce685128a7631314c4414a6ade6a85975c1b2958d9c52e455174ca71562eaf6102654466c66f5d3e251e6cae5efd91a88a2513f0587d80b9aafd1936b43beb4054bc35f1c42c0381618bbba181f0de8f4e7aa15f87bc7bb4609f88eadbb83bcc13f8caf7eca20a938c35378f8d3a810a7463d8a2487a157871a7402ab05b54bed456fb2d4c440976ccb4e724a20ba1941f3b3db4f8a185982bd719362b7e190052b5579835d1da2adcfdbec002fdb5f7b187fd365eb601432bf984ad6ee59e13aafba08485997587417b70f8cdf4f7370f04d94df49e135ed3012b87e50b93b27c78e1409f05a4bc0b75e6322068de9b0af459fdc40e3649fb2a7fb1296e00e7d48315705ecbb7815fedb45b8773309489e47aaa4009952604df5d6cd57ec310fc387ecdb296c11376715286df3d15f651310461e83c2ae6d407db6f81784b291e6c8f42907dd4c473cb72dedeb930668d6e5efd95bd1f69d9e818a744557689f7106d0d2a3c3e6f79c98559f9c31ca32307011fa3d70963cc2801babc9a23f73f5fa4bcd04285927f6ef7c5099a4620b85ca8dff2a56fe8aac89949dac74cf869739610d87068e3d32fdba1d5b7460b7857249091cb62b6d9f824ffb9b88a02ea4926da7b8b672ad08ec8c7508a3c5ba901e7c8c8a19e63bbc148a8bb307c6f5d87c736c9d6bcfaabdc7da7102a8bc466c6c11c0bf1973aaf9bc181f996b8aa726dc952dd26df33d6b2aa8de037308df7935ef3390e5939fd9cdf2044b40422197fac93f1762ad342d293162c109f39a369e48977af8ea32a7a098fd9cd7cd979b41a104b8359038cd6741a73968c72d09e9b9869d8dc5fc36b9bfdc89b8cffcede960561a9d1e4aa2453f712caecd2a4206947d3588190e3433bdb87a9241e08686dc78f00162f8239d660b74d42ae1d534ffc3a51fc308f98a5ac00f4da9bdcee4e6d0bf627d17366691a3ab8569b730ad31dcc5324c8835b19b65a11845a03434e10329c5feeeb1088b13a3bc3fe65c3eb6e549003d8d211b87823a44910b2a42e340dd2176a17a2e6ebb45cc59baa9a3bbfd74e6ee8d2c512a825292bdd7abe5ff7ede61b74376e5bc37faf8d69346fa32708df690b2d5b5f18727e4bdb899718e38dae959bb56d95ac153beb1426f3cca03105d5fed56e597822bfc31bb284a9848f1b6b9a1910ad2af8b76887cdd2b1de1f81cd542e0c889e89737d61f5e50ef964205a3b4c77c72271f83015e34989d60ef6d0d6c307902975d5dbe90a23ee1cde956cf70135c91a199d9f75500dc95604b9e7eb365ea858d90377601bad95e07a0f156ffc02778365315b67093aebe32a2a5f00ba8b0eae6fb0414eabe117fd590bc39e9208b4137977b5a8610462f2e83cff2b16edcb444b5d33035d0a80bcb1da228247cad6c11369c5026c5a8320d97cbac232b0ecc0b201552e0f41ab143040324217ad67e8606b34a3349e4ef0c34f9cf56d5b6d157c09b178b358491eb270093a99f522afa3aedaf5dc705fe1842b12515dfe1650dd92ab489bed299677eeff81da531569a3ad832ae273a0b47627561a35da92a6c1b161dbf496248f04feb5a407d99968d6ba0174f453d94708be5a57d82b980bd7751b4a9590dc7b4d38c912a8571ebc39150f7e52efad66cb6d3996710bc5a3e89576182a6a1e15d95dbd74c1ab791bee657547ffb645feb8566ed8db97003f1ff2312946a0404c8dfc0f0a240d8320795c83e66f1429eb56db9ba6e1cee43cbc9e95bd10ceccf1f2ff6b8264ed4e83928e0c5056ad07ba0dad0bb21bec76d7b6ee05a2f0bac88f17004e2e299ccb2679099cc838e25f78685509b69d3164c1fae4c538e683af818d223e8806f50da7504008173b9fc69eafb649dc4b516e4554edbe8c9a0ba46db39c962af343e9caada22d55e3d7ad01e5e5d7d146edfc3a93ce8afde8416b8e9a929b8d88909e11554f1b934a98be2d6e6e0ae2ff66f10be722958a0c0c3766f69d590fc56ed8ae47c289413d62310e8022369e8102d0407bfd30c103fb743c81360752a71f36be5a511c43ebdb493d96a7b2eb80494a028f6cc76a2d0eb0aa1f1392bb50a2ba71384f071473d0774e425dd2d212b537f8f654458e0a5d300780c3d29ddcabe9fdd95c14e6cbd924d1aad9eaa2e00d45278609ef27fdec8d81c9221d07b59370db0911550fdddc9ef3ba760109ba384b3ad7ba5747aa50e0b9832bf39cbf5244de38af8c273d497597be8d4e5575d13a580584436621bb5b7878d23991a6221381af19ef2be71e2c7dea6e5fc9dbe0039ccb02d13d978eebdd411727ee7faed65ca6c872bf9c37322ede378709e9f6a61a1b07c7ceeb94b7719d78a8a3d8221695ba"}]}], "4011c6ed3ec831c0a859df4fd6a1cf59a90c42b433580b288a28728fb104cc462f4e92a1a4d50c2d9d75ce8b5ae9b1d6e9a4a79cae905957835e850585441d5cb5c76b06ad60a5a9003ebacf0d40fb6c636fd81af39f9d170ef5af99cd3e3e7ff54f71ca5d83d2b122ebbbc1333a2c811bc4095b572ebbcb83561044b2794ae54b33e99f48eac0eb"}}}}}}, 0xfca) 05:18:53 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000006100000000000000", 0x32) 05:18:53 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x0, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:18:53 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x2a0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 05:18:53 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f0000000000000a0000000000", 0x32) 05:18:53 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x18, 0x0, &(0x7f0000000140)=[@acquire={0x40046304}, @clear_death], 0x0, 0x8126000, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = open(0x0, 0x0, 0x112) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r3, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x9, 0x125980) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:18:53 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000006200000000000000", 0x32) [ 2252.110173][T12264] ref_ctr_offset mismatch. inode: 0x47d8 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfffffff6 05:18:53 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f0000000000000b0000000000", 0x32) 05:18:53 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x18, 0x0, &(0x7f0000000140)=[@acquire={0x40046304}, @clear_death], 0x0, 0x8126000, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = open(0x0, 0x0, 0x112) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r3, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x9, 0x125980) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:18:53 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x18, 0x0, &(0x7f0000000140)=[@acquire={0x40046304}, @clear_death], 0x0, 0x8126000, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r3, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x9, 0x125980) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:18:53 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:18:54 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f0000000000000c0000000000", 0x32) [ 2253.266068][T12292] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2253.279040][T12292] CPU: 0 PID: 12292 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2253.288467][T12292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2253.299734][T12292] Call Trace: [ 2253.303359][T12292] dump_stack+0x1fb/0x318 [ 2253.308792][T12292] dump_header+0xd8/0x960 [ 2253.314382][T12292] oom_kill_process+0xee/0x370 [ 2253.319264][T12292] out_of_memory+0x5dc/0x900 [ 2253.323875][T12292] try_charge+0x128f/0x18a0 [ 2253.328682][T12292] __memcg_kmem_charge_memcg+0x37/0x140 [ 2253.334275][T12292] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2253.340090][T12292] __memcg_kmem_charge+0x105/0x340 [ 2253.345548][T12292] __alloc_pages_nodemask+0x29a/0x5d0 [ 2253.350960][T12292] alloc_pages_current+0x2db/0x500 [ 2253.356228][T12292] pte_alloc_one+0x1f/0x180 [ 2253.360767][T12292] __pte_alloc+0x20/0x2f0 [ 2253.365490][T12292] copy_page_range+0x2434/0x2950 [ 2253.370512][T12292] ? __vma_link_rb+0x822/0x840 [ 2253.375314][T12292] dup_mmap+0x9f1/0xdf0 [ 2253.380358][T12292] dup_mm+0x9e/0x340 [ 2253.384355][T12292] copy_process+0x2080/0x57b0 [ 2253.389121][T12292] ? debug_smp_processor_id+0x9/0x20 [ 2253.395069][T12292] _do_fork+0x13e/0x660 [ 2253.399330][T12292] ? check_preemption_disabled+0x44/0x260 [ 2253.405062][T12292] ? debug_smp_processor_id+0x9/0x20 [ 2253.410525][T12292] ? check_preemption_disabled+0x44/0x260 [ 2253.416876][T12292] ? debug_smp_processor_id+0x9/0x20 [ 2253.422504][T12292] ? check_preemption_disabled+0x44/0x260 [ 2253.428443][T12292] __x64_sys_clone+0x20b/0x250 [ 2253.434060][T12292] do_syscall_64+0xf7/0x1c0 [ 2253.438657][T12292] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2253.444559][T12292] RIP: 0033:0x45c479 [ 2253.448705][T12292] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2253.469469][T12292] RSP: 002b:00007fe0b78f1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2253.477933][T12292] RAX: ffffffffffffffda RBX: 00007fe0b78f26d4 RCX: 000000000045c479 [ 2253.486160][T12292] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 2253.503141][T12292] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2253.511417][T12292] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2253.519521][T12292] R13: 0000000000000074 R14: 00000000004c2d06 R15: 000000000076bf2c [ 2253.538075][T12292] memory: usage 307200kB, limit 307200kB, failcnt 16429 [ 2253.549677][T12292] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2253.557207][T12292] Memory cgroup stats for /syz4: [ 2253.558027][T12292] anon 118394880 [ 2253.558027][T12292] file 16384 [ 2253.558027][T12292] kernel_stack 28975104 [ 2253.558027][T12292] slab 52731904 [ 2253.558027][T12292] sock 0 [ 2253.558027][T12292] shmem 73728 [ 2253.558027][T12292] file_mapped 0 [ 2253.558027][T12292] file_dirty 0 [ 2253.558027][T12292] file_writeback 0 [ 2253.558027][T12292] anon_thp 0 [ 2253.558027][T12292] inactive_anon 786432 [ 2253.558027][T12292] active_anon 117719040 [ 2253.558027][T12292] inactive_file 98304 [ 2253.558027][T12292] active_file 0 [ 2253.558027][T12292] unevictable 0 [ 2253.558027][T12292] slab_reclaimable 7839744 [ 2253.558027][T12292] slab_unreclaimable 44892160 [ 2253.558027][T12292] pgfault 246642 [ 2253.558027][T12292] pgmajfault 0 [ 2253.558027][T12292] workingset_refault 3696 [ 2253.558027][T12292] workingset_activate 1749 [ 2253.558027][T12292] workingset_nodereclaim 0 [ 2253.558027][T12292] pgrefill 138127 [ 2253.558027][T12292] pgscan 155762 [ 2253.558027][T12292] pgsteal 20039 [ 2253.661884][T12292] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=26657,uid=0 [ 2253.684095][T12292] Memory cgroup out of memory: Killed process 26657 (syz-executor.4) total-vm:74836kB, anon-rss:168kB, file-rss:35812kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 2253.708874][ T1143] oom_reaper: reaped process 26657 (syz-executor.4), now anon-rss:0kB, file-rss:34852kB, shmem-rss:0kB 05:18:54 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @remote}}) write$tun(r0, &(0x7f00000021c0)={@void, @val={0x9}, @mpls={[], @ipv6=@icmpv6={0x0, 0x6, "9eef7b", 0xf98, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x3, 0x0, 0x0, 0x0, {0x0, 0x6, "6595c3", 0x0, 0x0, 0x0, @mcast2, @loopback, [@dstopts={0x11, 0x13, [0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [@padn={0x1, 0x1, [0x0]}, @enc_lim, @ra, @calipso={0x7, 0x30, {0x0, 0xa, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}}, @calipso={0x7, 0x40, {0x0, 0xe, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, @hao={0xc9, 0x10, @mcast2}, @jumbo, @pad1]}, @srh={0x2, 0xc, 0x4, 0x6, 0x0, 0x0, 0x0, [@loopback, @loopback, @remote, @mcast2, @local, @mcast2]}, @hopopts={0x0, 0x1b8, [], [@ra, @generic={0x0, 0xdbb, "0cad4f4a7eeb53720a5107b6d8001a2f2241086745756559ca43dcc86c24645dd1ca87e3caf5413013c6baee7f151d411bad8f23a85fadfe0f959c12d3393193f4499171ba7b0fdee3a48548863719a05490befc514e21c91ea0c4bcc0e488e1cec20d2c2a5a69ce3dd47d41718560907c58078035d2a51850b0d85282b4a9ab5626b195d85d2727ed7047b647859a72011ff3fa524341909f841651f63701526c6a7e741f3bded9c25d978a77f334d12931fdd5484306ec3d6b268311f46917b7e42efa149511bafa5415d17ac02ab8937249a68b2e3fddb941b0040ced142c2afedcbec1039d40f4923ea3d4475ac561a6a0e869569dd13e736bf127eacb110f8d010329fccadf8e48b27819c823ca0f507f87b3d63ef1869cba2fe3deb0ad1dbaa1a343ab0a856f3e248c6af4ddbfc11824031ce2beeae0991b79382da8b02e0d25715845fc86df5a6279d54d675789e58df953992123c28c532058750c5978a819ddaadbcbe1d7fc264cb688b91668e116227771f36e2a8eb8b7bc364dbda1b3225c6bf9d82ae1e69fe54b17ff692f8b47718b508b8a4e10735bcb55f90616e50d6ba8851388d0f1b39957374ddc9efb243ac2a2bc436e867f3e1499e62d9d158ac22d4d0350b45d1ff2db14ff9507defa68bd37bc5a2e4f7988329171dd59db16a044b748fb6e05e3ca8f863b2ddd8623495f0c3d183e1b610263f17d7629921562a42a3c45a515a30a2c3edc574dff264f881f61393447a1fd773a20e494ac3afc0df59da758af735fbd5e6ad689e95675e29c15617764084f5b6f4732435f63ccb423df6442ad322600e21be45296fd27ca9e08ee7f442a688a32817404d9300ce4a70c2b75ca422b2173a52e9a800f5e520f349525b4c493701ae68ae0efc5e117b9a20735e47c37ccd977686b30d6cabb18f8e7c07ef9721f7daaf4b2c1fd02ec9a2e6e2fd458fa93e4f54d96d5e25ebaca4f322994ae737ee0181b9fac284e952b71fa18ecc7f1c3752a6385a596c094d36654008db0a2a785bf55bcb973d3c5e45ea9ca7506c10ecc0472fd4dd568e38548e87f8557d90290d8a8985cfa43853de5ff75d5a6d8f697c2a6a727675ea5aa1779b1cc98b4ff9556933c7bfa3ae59ada5c8d49191cbea2f2b457dd53c62a4dd257e808b3804cd18a95d566a818797fdc09f4b607dc97b634a9d9e447cc2252f51dd8ad9f5a10ccf32b7154992623957d963731bc4331adfc90c48361e4e2239892c82ff9260ad221c2e83c2352095d95a3d44a402e874edaa8a304f2e1c3d6a383a0515eb5657589a67691a22f10b89fd74123f7cec086d434da40ba509b0dbdf1fa82f4b16f9f3e6df6b0b28c3a85ab272e50e064fc37f681fcb5cfa0c0899a9b88d0a483281032cb16a80202b96cfe473ba073fcb9a6eeeee0032afe23506facba3ed1d11608d21a580ab87eeef70d18d9331eae104f6d77a4bc96bce642815485f513bb71ddc560bc31e995aba9faccd7d1bf74c8fe2b5d7137e3b771a2f408ac06d24bad2f7f4c8f6d7d977d7248415ccbd3420688ff681cf9b00724b6981b2555b86bce142c5d3bef47ebf75e989b337cb8cb98ed24402a98a4224685ceb2ded92f347e5192903dff7f6ed980cbf1413b8eb68474a9abac3fb206ef1ebe0d08dd999c9ecf811d0706d0a705a23ae530d3775e978159dc3c73b86dcd18a61e1c6c8b810041fbd80e0a4c9ff8a73933bb3dae152514ced9ee050e059c6f1bd0dbf2e3517ee3c2d770c296e6596290cf800508715da0799efced72be1ab153bec534129279639ba1afde05179952bf9e80133865b60c5669ef3b6972483e2936ac87a69c8e296a0c24cc0b2ce8583c99414ce7d7309c404b0652f27e6911fdfb59877366fa8754e716e50aa99cd04cbf7eb2c8e118b1a17d9965d6611dc65ac8c6b3a4d5d3df3097c4163c354509b50df0cc2daf0291bbd384a34dec960fd84a67cb30b761ee8161bb25d389bd20e15bfcf7f5edd77005e96e90c5a9bbacd7b3f9f5bbdb880f0a7e1254572b86cb28b3c310ba3052d3785b024ed3f3fafabf1393cf2d882b8bacca30d69adc024baede50d9b0bc2ffcd2bf5c6fef2fc290390162b563b8e846d7b615115818623113f01a1c216b9f588b65db63a459bcfce53020debb6de6e746ef2f9f1c8276ba8995e1bd02d3194e9875e1692ea0255743ba2175c4a804f57a4c19a2c7a4f8f36557878deba2d485aa67c2f36ccbb582f3c569e5d00fe8636857f30854abea6758389bcc832d0de97635ea41e42efa0b7c06fd4f84deeaebccfa8852e3c5582ade34fbe462b5244156d4545bd32377c65e3b0303879f8cc8f177056e39f99591dbaf1b2640f9b68c4cf3989fdd442cb1298d62ce43a21c56bc9556eb27431c04ed337fcd37c26387772677c25c7be21ee74d087c7b88457f30b34a493acb519295f38f4b9bc6764fcbd763d4f9e061d0fd8cb7800e2e0ec18d0fbfdbddc9af8d817b3cf16ce82c91f184f5c8184736203e1bcdb4b8c03a2176926cac0ba9fcf7e21604973d53ee3fc38263e80cea9b1cd9a5016d3e03141426a6802e0926485e8afff7cf8be9bdd2ce685128a7631314c4414a6ade6a85975c1b2958d9c52e455174ca71562eaf6102654466c66f5d3e251e6cae5efd91a88a2513f0587d80b9aafd1936b43beb4054bc35f1c42c0381618bbba181f0de8f4e7aa15f87bc7bb4609f88eadbb83bcc13f8caf7eca20a938c35378f8d3a810a7463d8a2487a157871a7402ab05b54bed456fb2d4c440976ccb4e724a20ba1941f3b3db4f8a185982bd719362b7e190052b5579835d1da2adcfdbec002fdb5f7b187fd365eb601432bf984ad6ee59e13aafba08485997587417b70f8cdf4f7370f04d94df49e135ed3012b87e50b93b27c78e1409f05a4bc0b75e6322068de9b0af459fdc40e3649fb2a7fb1296e00e7d48315705ecbb7815fedb45b8773309489e47aaa4009952604df5d6cd57ec310fc387ecdb296c11376715286df3d15f651310461e83c2ae6d407db6f81784b291e6c8f42907dd4c473cb72dedeb930668d6e5efd95bd1f69d9e818a744557689f7106d0d2a3c3e6f79c98559f9c31ca32307011fa3d70963cc2801babc9a23f73f5fa4bcd04285927f6ef7c5099a4620b85ca8dff2a56fe8aac89949dac74cf869739610d87068e3d32fdba1d5b7460b7857249091cb62b6d9f824ffb9b88a02ea4926da7b8b672ad08ec8c7508a3c5ba901e7c8c8a19e63bbc148a8bb307c6f5d87c736c9d6bcfaabdc7da7102a8bc466c6c11c0bf1973aaf9bc181f996b8aa726dc952dd26df33d6b2aa8de037308df7935ef3390e5939fd9cdf2044b40422197fac93f1762ad342d293162c109f39a369e48977af8ea32a7a098fd9cd7cd979b41a104b8359038cd6741a73968c72d09e9b9869d8dc5fc36b9bfdc89b8cffcede960561a9d1e4aa2453f712caecd2a4206947d3588190e3433bdb87a9241e08686dc78f00162f8239d660b74d42ae1d534ffc3a51fc308f98a5ac00f4da9bdcee4e6d0bf627d17366691a3ab8569b730ad31dcc5324c8835b19b65a11845a03434e10329c5feeeb1088b13a3bc3fe65c3eb6e549003d8d211b87823a44910b2a42e340dd2176a17a2e6ebb45cc59baa9a3bbfd74e6ee8d2c512a825292bdd7abe5ff7ede61b74376e5bc37faf8d69346fa32708df690b2d5b5f18727e4bdb899718e38dae959bb56d95ac153beb1426f3cca03105d5fed56e597822bfc31bb284a9848f1b6b9a1910ad2af8b76887cdd2b1de1f81cd542e0c889e89737d61f5e50ef964205a3b4c77c72271f83015e34989d60ef6d0d6c307902975d5dbe90a23ee1cde956cf70135c91a199d9f75500dc95604b9e7eb365ea858d90377601bad95e07a0f156ffc02778365315b67093aebe32a2a5f00ba8b0eae6fb0414eabe117fd590bc39e9208b4137977b5a8610462f2e83cff2b16edcb444b5d33035d0a80bcb1da228247cad6c11369c5026c5a8320d97cbac232b0ecc0b201552e0f41ab143040324217ad67e8606b34a3349e4ef0c34f9cf56d5b6d157c09b178b358491eb270093a99f522afa3aedaf5dc705fe1842b12515dfe1650dd92ab489bed299677eeff81da531569a3ad832ae273a0b47627561a35da92a6c1b161dbf496248f04feb5a407d99968d6ba0174f453d94708be5a57d82b980bd7751b4a9590dc7b4d38c912a8571ebc39150f7e52efad66cb6d3996710bc5a3e89576182a6a1e15d95dbd74c1ab791bee657547ffb645feb8566ed8db97003f1ff2312946a0404c8dfc0f0a240d8320795c83e66f1429eb56db9ba6e1cee43cbc9e95bd10ceccf1f2ff6b8264ed4e83928e0c5056ad07ba0dad0bb21bec76d7b6ee05a2f0bac88f17004e2e299ccb2679099cc838e25f78685509b69d3164c1fae4c538e683af818d223e8806f50da7504008173b9fc69eafb649dc4b516e4554edbe8c9a0ba46db39c962af343e9caada22d55e3d7ad01e5e5d7d146edfc3a93ce8afde8416b8e9a929b8d88909e11554f1b934a98be2d6e6e0ae2ff66f10be722958a0c0c3766f69d590fc56ed8ae47c289413d62310e8022369e8102d0407bfd30c103fb743c81360752a71f36be5a511c43ebdb493d96a7b2eb80494a028f6cc76a2d0eb0aa1f1392bb50a2ba71384f071473d0774e425dd2d212b537f8f654458e0a5d300780c3d29ddcabe9fdd95c14e6cbd924d1aad9eaa2e00d45278609ef27fdec8d81c9221d07b59370db0911550fdddc9ef3ba760109ba384b3ad7ba5747aa50e0b9832bf39cbf5244de38af8c273d497597be8d4e5575d13a580584436621bb5b7878d23991a6221381af19ef2be71e2c7dea6e5fc9dbe0039ccb02d13d978eebdd411727ee7faed65ca6c872bf9c37322ede378709e9f6a61a1b07c7ceeb94b7719d78a8a3d8221695ba"}]}], "4011c6ed3ec831c0a859df4fd6a1cf59a90c42b433580b288a28728fb104cc462f4e92a1a4d50c2d9d75ce8b5ae9b1d6e9a4a79cae905957835e850585441d5cb5c76b06ad60a5a9003ebacf0d40fb6c636fd81af39f9d170ef5af99cd3e3e7ff54f71ca5d83d2b122ebbbc1333a2c811bc4095b572ebbcb83561044b2794ae54b33e99f48eac0eb"}}}}}}, 0xfca) 05:18:54 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x18, 0x0, &(0x7f0000000140)=[@acquire={0x40046304}, @clear_death], 0x0, 0x8126000, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r3, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x9, 0x125980) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:18:54 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000006300000000000000", 0x32) 05:18:54 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f0000000000000d0000000000", 0x32) 05:18:54 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 05:18:54 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:18:55 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000006400000000000000", 0x32) [ 2253.979931][T12314] ref_ctr_offset mismatch. inode: 0x47e7 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfffffff6 05:18:55 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f0000000000000e0000000000", 0x32) [ 2254.113269][T12322] binder: BINDER_SET_CONTEXT_MGR already set [ 2254.121306][T12322] binder: 12322:12322 ioctl 40046207 0 returned -16 05:18:55 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x18, 0x0, &(0x7f0000000140)=[@acquire={0x40046304}, @clear_death], 0x0, 0x8126000, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r3, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x9, 0x125980) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:18:55 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x18, 0x0, &(0x7f0000000140)=[@acquire={0x40046304}, @clear_death], 0x0, 0x8126000, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x10, r3, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x9, 0x125980) set_thread_area(0x0) pivot_root(0x0, 0x0) [ 2254.661640][T12329] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2254.684843][T12329] CPU: 0 PID: 12329 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2254.696955][T12329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2254.707014][T12329] Call Trace: [ 2254.710335][T12329] dump_stack+0x1fb/0x318 [ 2254.714855][T12329] dump_header+0xd8/0x960 [ 2254.719209][T12329] oom_kill_process+0xee/0x370 [ 2254.723993][T12329] out_of_memory+0x5dc/0x900 [ 2254.728604][T12329] try_charge+0x128f/0x18a0 [ 2254.733196][T12329] __memcg_kmem_charge_memcg+0x37/0x140 [ 2254.738754][T12329] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2254.744349][T12329] __memcg_kmem_charge+0x105/0x340 [ 2254.749476][T12329] __alloc_pages_nodemask+0x29a/0x5d0 [ 2254.755021][T12329] alloc_pages_current+0x2db/0x500 [ 2254.760411][T12329] pte_alloc_one+0x1f/0x180 [ 2254.765066][T12329] __pte_alloc+0x20/0x2f0 [ 2254.769440][T12329] copy_page_range+0x2434/0x2950 [ 2254.774558][T12329] ? __vma_link_rb+0x822/0x840 [ 2254.779412][T12329] dup_mmap+0x9f1/0xdf0 [ 2254.783661][T12329] dup_mm+0x9e/0x340 [ 2254.787546][T12329] copy_process+0x2080/0x57b0 [ 2254.792255][T12329] _do_fork+0x13e/0x660 [ 2254.796409][T12329] ? check_preemption_disabled+0x44/0x260 [ 2254.802982][T12329] ? debug_smp_processor_id+0x9/0x20 [ 2254.808429][T12329] ? check_preemption_disabled+0x44/0x260 [ 2254.814312][T12329] ? debug_smp_processor_id+0x9/0x20 [ 2254.819598][T12329] ? check_preemption_disabled+0x44/0x260 [ 2254.832729][T12329] __x64_sys_clone+0x20b/0x250 [ 2254.837680][T12329] do_syscall_64+0xf7/0x1c0 [ 2254.842251][T12329] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2254.848181][T12329] RIP: 0033:0x45c479 [ 2254.852078][T12329] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2254.871768][T12329] RSP: 002b:00007fe0b78f1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2254.880338][T12329] RAX: ffffffffffffffda RBX: 00007fe0b78f26d4 RCX: 000000000045c479 [ 2254.888767][T12329] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 2254.896785][T12329] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2254.905113][T12329] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2254.913161][T12329] R13: 0000000000000074 R14: 00000000004c2d06 R15: 000000000076bf2c [ 2254.927913][T12329] memory: usage 307164kB, limit 307200kB, failcnt 16451 [ 2254.936187][T12329] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2254.947006][T12329] Memory cgroup stats for /syz4: [ 2254.948458][T12329] anon 118394880 [ 2254.948458][T12329] file 16384 05:18:56 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000006500000000000000", 0x32) [ 2254.948458][T12329] kernel_stack 29011968 [ 2254.948458][T12329] slab 52731904 [ 2254.948458][T12329] sock 0 [ 2254.948458][T12329] shmem 73728 [ 2254.948458][T12329] file_mapped 0 [ 2254.948458][T12329] file_dirty 0 [ 2254.948458][T12329] file_writeback 0 [ 2254.948458][T12329] anon_thp 0 [ 2254.948458][T12329] inactive_anon 786432 [ 2254.948458][T12329] active_anon 117719040 [ 2254.948458][T12329] inactive_file 98304 [ 2254.948458][T12329] active_file 0 [ 2254.948458][T12329] unevictable 0 [ 2254.948458][T12329] slab_reclaimable 7839744 05:18:56 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f0000000000000f0000000000", 0x32) [ 2254.948458][T12329] slab_unreclaimable 44892160 [ 2254.948458][T12329] pgfault 246741 [ 2254.948458][T12329] pgmajfault 0 [ 2254.948458][T12329] workingset_refault 3696 [ 2254.948458][T12329] workingset_activate 1749 [ 2254.948458][T12329] workingset_nodereclaim 0 [ 2254.948458][T12329] pgrefill 138227 [ 2254.948458][T12329] pgscan 155862 [ 2254.948458][T12329] pgsteal 20039 [ 2255.055076][T12329] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=26280,uid=0 [ 2255.072678][T12329] Memory cgroup out of memory: Killed process 26280 (syz-executor.4) total-vm:74704kB, anon-rss:160kB, file-rss:35820kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 2255.096108][ T1143] oom_reaper: reaped process 26280 (syz-executor.4), now anon-rss:0kB, file-rss:34860kB, shmem-rss:0kB 05:18:56 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @remote}}) write$tun(r0, &(0x7f00000021c0)={@void, @val={0x9}, @mpls={[], @ipv6=@icmpv6={0x0, 0x6, "9eef7b", 0xf98, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x3, 0x0, 0x0, 0x0, {0x0, 0x6, "6595c3", 0x0, 0x0, 0x0, @mcast2, @loopback, [@dstopts={0x11, 0x13, [0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [@padn={0x1, 0x1, [0x0]}, @enc_lim, @ra, @calipso={0x7, 0x30, {0x0, 0xa, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}}, @calipso={0x7, 0x40, {0x0, 0xe, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, @hao={0xc9, 0x10, @mcast2}, @jumbo, @pad1]}, @srh={0x2, 0xc, 0x4, 0x6, 0x0, 0x0, 0x0, [@loopback, @loopback, @remote, @mcast2, @local, @mcast2]}, @hopopts={0x0, 0x1b8, [], [@ra, @generic={0x0, 0xdbb, "0cad4f4a7eeb53720a5107b6d8001a2f2241086745756559ca43dcc86c24645dd1ca87e3caf5413013c6baee7f151d411bad8f23a85fadfe0f959c12d3393193f4499171ba7b0fdee3a48548863719a05490befc514e21c91ea0c4bcc0e488e1cec20d2c2a5a69ce3dd47d41718560907c58078035d2a51850b0d85282b4a9ab5626b195d85d2727ed7047b647859a72011ff3fa524341909f841651f63701526c6a7e741f3bded9c25d978a77f334d12931fdd5484306ec3d6b268311f46917b7e42efa149511bafa5415d17ac02ab8937249a68b2e3fddb941b0040ced142c2afedcbec1039d40f4923ea3d4475ac561a6a0e869569dd13e736bf127eacb110f8d010329fccadf8e48b27819c823ca0f507f87b3d63ef1869cba2fe3deb0ad1dbaa1a343ab0a856f3e248c6af4ddbfc11824031ce2beeae0991b79382da8b02e0d25715845fc86df5a6279d54d675789e58df953992123c28c532058750c5978a819ddaadbcbe1d7fc264cb688b91668e116227771f36e2a8eb8b7bc364dbda1b3225c6bf9d82ae1e69fe54b17ff692f8b47718b508b8a4e10735bcb55f90616e50d6ba8851388d0f1b39957374ddc9efb243ac2a2bc436e867f3e1499e62d9d158ac22d4d0350b45d1ff2db14ff9507defa68bd37bc5a2e4f7988329171dd59db16a044b748fb6e05e3ca8f863b2ddd8623495f0c3d183e1b610263f17d7629921562a42a3c45a515a30a2c3edc574dff264f881f61393447a1fd773a20e494ac3afc0df59da758af735fbd5e6ad689e95675e29c15617764084f5b6f4732435f63ccb423df6442ad322600e21be45296fd27ca9e08ee7f442a688a32817404d9300ce4a70c2b75ca422b2173a52e9a800f5e520f349525b4c493701ae68ae0efc5e117b9a20735e47c37ccd977686b30d6cabb18f8e7c07ef9721f7daaf4b2c1fd02ec9a2e6e2fd458fa93e4f54d96d5e25ebaca4f322994ae737ee0181b9fac284e952b71fa18ecc7f1c3752a6385a596c094d36654008db0a2a785bf55bcb973d3c5e45ea9ca7506c10ecc0472fd4dd568e38548e87f8557d90290d8a8985cfa43853de5ff75d5a6d8f697c2a6a727675ea5aa1779b1cc98b4ff9556933c7bfa3ae59ada5c8d49191cbea2f2b457dd53c62a4dd257e808b3804cd18a95d566a818797fdc09f4b607dc97b634a9d9e447cc2252f51dd8ad9f5a10ccf32b7154992623957d963731bc4331adfc90c48361e4e2239892c82ff9260ad221c2e83c2352095d95a3d44a402e874edaa8a304f2e1c3d6a383a0515eb5657589a67691a22f10b89fd74123f7cec086d434da40ba509b0dbdf1fa82f4b16f9f3e6df6b0b28c3a85ab272e50e064fc37f681fcb5cfa0c0899a9b88d0a483281032cb16a80202b96cfe473ba073fcb9a6eeeee0032afe23506facba3ed1d11608d21a580ab87eeef70d18d9331eae104f6d77a4bc96bce642815485f513bb71ddc560bc31e995aba9faccd7d1bf74c8fe2b5d7137e3b771a2f408ac06d24bad2f7f4c8f6d7d977d7248415ccbd3420688ff681cf9b00724b6981b2555b86bce142c5d3bef47ebf75e989b337cb8cb98ed24402a98a4224685ceb2ded92f347e5192903dff7f6ed980cbf1413b8eb68474a9abac3fb206ef1ebe0d08dd999c9ecf811d0706d0a705a23ae530d3775e978159dc3c73b86dcd18a61e1c6c8b810041fbd80e0a4c9ff8a73933bb3dae152514ced9ee050e059c6f1bd0dbf2e3517ee3c2d770c296e6596290cf800508715da0799efced72be1ab153bec534129279639ba1afde05179952bf9e80133865b60c5669ef3b6972483e2936ac87a69c8e296a0c24cc0b2ce8583c99414ce7d7309c404b0652f27e6911fdfb59877366fa8754e716e50aa99cd04cbf7eb2c8e118b1a17d9965d6611dc65ac8c6b3a4d5d3df3097c4163c354509b50df0cc2daf0291bbd384a34dec960fd84a67cb30b761ee8161bb25d389bd20e15bfcf7f5edd77005e96e90c5a9bbacd7b3f9f5bbdb880f0a7e1254572b86cb28b3c310ba3052d3785b024ed3f3fafabf1393cf2d882b8bacca30d69adc024baede50d9b0bc2ffcd2bf5c6fef2fc290390162b563b8e846d7b615115818623113f01a1c216b9f588b65db63a459bcfce53020debb6de6e746ef2f9f1c8276ba8995e1bd02d3194e9875e1692ea0255743ba2175c4a804f57a4c19a2c7a4f8f36557878deba2d485aa67c2f36ccbb582f3c569e5d00fe8636857f30854abea6758389bcc832d0de97635ea41e42efa0b7c06fd4f84deeaebccfa8852e3c5582ade34fbe462b5244156d4545bd32377c65e3b0303879f8cc8f177056e39f99591dbaf1b2640f9b68c4cf3989fdd442cb1298d62ce43a21c56bc9556eb27431c04ed337fcd37c26387772677c25c7be21ee74d087c7b88457f30b34a493acb519295f38f4b9bc6764fcbd763d4f9e061d0fd8cb7800e2e0ec18d0fbfdbddc9af8d817b3cf16ce82c91f184f5c8184736203e1bcdb4b8c03a2176926cac0ba9fcf7e21604973d53ee3fc38263e80cea9b1cd9a5016d3e03141426a6802e0926485e8afff7cf8be9bdd2ce685128a7631314c4414a6ade6a85975c1b2958d9c52e455174ca71562eaf6102654466c66f5d3e251e6cae5efd91a88a2513f0587d80b9aafd1936b43beb4054bc35f1c42c0381618bbba181f0de8f4e7aa15f87bc7bb4609f88eadbb83bcc13f8caf7eca20a938c35378f8d3a810a7463d8a2487a157871a7402ab05b54bed456fb2d4c440976ccb4e724a20ba1941f3b3db4f8a185982bd719362b7e190052b5579835d1da2adcfdbec002fdb5f7b187fd365eb601432bf984ad6ee59e13aafba08485997587417b70f8cdf4f7370f04d94df49e135ed3012b87e50b93b27c78e1409f05a4bc0b75e6322068de9b0af459fdc40e3649fb2a7fb1296e00e7d48315705ecbb7815fedb45b8773309489e47aaa4009952604df5d6cd57ec310fc387ecdb296c11376715286df3d15f651310461e83c2ae6d407db6f81784b291e6c8f42907dd4c473cb72dedeb930668d6e5efd95bd1f69d9e818a744557689f7106d0d2a3c3e6f79c98559f9c31ca32307011fa3d70963cc2801babc9a23f73f5fa4bcd04285927f6ef7c5099a4620b85ca8dff2a56fe8aac89949dac74cf869739610d87068e3d32fdba1d5b7460b7857249091cb62b6d9f824ffb9b88a02ea4926da7b8b672ad08ec8c7508a3c5ba901e7c8c8a19e63bbc148a8bb307c6f5d87c736c9d6bcfaabdc7da7102a8bc466c6c11c0bf1973aaf9bc181f996b8aa726dc952dd26df33d6b2aa8de037308df7935ef3390e5939fd9cdf2044b40422197fac93f1762ad342d293162c109f39a369e48977af8ea32a7a098fd9cd7cd979b41a104b8359038cd6741a73968c72d09e9b9869d8dc5fc36b9bfdc89b8cffcede960561a9d1e4aa2453f712caecd2a4206947d3588190e3433bdb87a9241e08686dc78f00162f8239d660b74d42ae1d534ffc3a51fc308f98a5ac00f4da9bdcee4e6d0bf627d17366691a3ab8569b730ad31dcc5324c8835b19b65a11845a03434e10329c5feeeb1088b13a3bc3fe65c3eb6e549003d8d211b87823a44910b2a42e340dd2176a17a2e6ebb45cc59baa9a3bbfd74e6ee8d2c512a825292bdd7abe5ff7ede61b74376e5bc37faf8d69346fa32708df690b2d5b5f18727e4bdb899718e38dae959bb56d95ac153beb1426f3cca03105d5fed56e597822bfc31bb284a9848f1b6b9a1910ad2af8b76887cdd2b1de1f81cd542e0c889e89737d61f5e50ef964205a3b4c77c72271f83015e34989d60ef6d0d6c307902975d5dbe90a23ee1cde956cf70135c91a199d9f75500dc95604b9e7eb365ea858d90377601bad95e07a0f156ffc02778365315b67093aebe32a2a5f00ba8b0eae6fb0414eabe117fd590bc39e9208b4137977b5a8610462f2e83cff2b16edcb444b5d33035d0a80bcb1da228247cad6c11369c5026c5a8320d97cbac232b0ecc0b201552e0f41ab143040324217ad67e8606b34a3349e4ef0c34f9cf56d5b6d157c09b178b358491eb270093a99f522afa3aedaf5dc705fe1842b12515dfe1650dd92ab489bed299677eeff81da531569a3ad832ae273a0b47627561a35da92a6c1b161dbf496248f04feb5a407d99968d6ba0174f453d94708be5a57d82b980bd7751b4a9590dc7b4d38c912a8571ebc39150f7e52efad66cb6d3996710bc5a3e89576182a6a1e15d95dbd74c1ab791bee657547ffb645feb8566ed8db97003f1ff2312946a0404c8dfc0f0a240d8320795c83e66f1429eb56db9ba6e1cee43cbc9e95bd10ceccf1f2ff6b8264ed4e83928e0c5056ad07ba0dad0bb21bec76d7b6ee05a2f0bac88f17004e2e299ccb2679099cc838e25f78685509b69d3164c1fae4c538e683af818d223e8806f50da7504008173b9fc69eafb649dc4b516e4554edbe8c9a0ba46db39c962af343e9caada22d55e3d7ad01e5e5d7d146edfc3a93ce8afde8416b8e9a929b8d88909e11554f1b934a98be2d6e6e0ae2ff66f10be722958a0c0c3766f69d590fc56ed8ae47c289413d62310e8022369e8102d0407bfd30c103fb743c81360752a71f36be5a511c43ebdb493d96a7b2eb80494a028f6cc76a2d0eb0aa1f1392bb50a2ba71384f071473d0774e425dd2d212b537f8f654458e0a5d300780c3d29ddcabe9fdd95c14e6cbd924d1aad9eaa2e00d45278609ef27fdec8d81c9221d07b59370db0911550fdddc9ef3ba760109ba384b3ad7ba5747aa50e0b9832bf39cbf5244de38af8c273d497597be8d4e5575d13a580584436621bb5b7878d23991a6221381af19ef2be71e2c7dea6e5fc9dbe0039ccb02d13d978eebdd411727ee7faed65ca6c872bf9c37322ede378709e9f6a61a1b07c7ceeb94b7719d78a8a3d8221695ba"}]}], "4011c6ed3ec831c0a859df4fd6a1cf59a90c42b433580b288a28728fb104cc462f4e92a1a4d50c2d9d75ce8b5ae9b1d6e9a4a79cae905957835e850585441d5cb5c76b06ad60a5a9003ebacf0d40fb6c636fd81af39f9d170ef5af99cd3e3e7ff54f71ca5d83d2b122ebbbc1333a2c811bc4095b572ebbcb83561044b2794ae54b33e99f48eac0eb"}}}}}}, 0xfca) 05:18:56 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x500}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 05:18:56 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000100000000000", 0x32) 05:18:56 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000586500000000000000", 0x32) 05:18:56 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x18, 0x0, &(0x7f0000000140)=[@acquire={0x40046304}, @clear_death], 0x0, 0x8126000, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x10, r3, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x9, 0x125980) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:18:56 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:18:57 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000006600000000000000", 0x32) [ 2255.949988][T12363] ref_ctr_offset mismatch. inode: 0x47e7 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfffffff6 05:18:57 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000110000000000", 0x32) 05:18:57 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x18, 0x0, &(0x7f0000000140)=[@acquire={0x40046304}, @clear_death], 0x0, 0x8126000, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x10, r3, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x9, 0x125980) set_thread_area(0x0) pivot_root(0x0, 0x0) [ 2256.231130][ T9215] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 2256.270328][ T9215] CPU: 1 PID: 9215 Comm: syz-executor.1 Not tainted 5.6.0-rc3-syzkaller #0 [ 2256.279067][ T9215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2256.289134][ T9215] Call Trace: [ 2256.292437][ T9215] dump_stack+0x1fb/0x318 [ 2256.296780][ T9215] dump_header+0xd8/0x960 [ 2256.302094][ T9215] oom_kill_process+0xee/0x370 [ 2256.306901][ T9215] out_of_memory+0x5dc/0x900 [ 2256.311750][ T9215] try_charge+0x128f/0x18a0 [ 2256.316338][ T9215] __memcg_kmem_charge_memcg+0x37/0x140 [ 2256.322458][ T9215] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2256.328041][ T9215] __memcg_kmem_charge+0x105/0x340 [ 2256.333202][ T9215] __alloc_pages_nodemask+0x29a/0x5d0 [ 2256.338676][ T9215] alloc_pages_current+0x2db/0x500 [ 2256.344687][ T9215] pte_alloc_one+0x1f/0x180 [ 2256.349416][ T9215] __pte_alloc+0x20/0x2f0 [ 2256.354078][ T9215] copy_page_range+0x2434/0x2950 [ 2256.359082][ T9215] ? __vma_link_rb+0x822/0x840 [ 2256.364496][ T9215] dup_mmap+0x9f1/0xdf0 [ 2256.368700][ T9215] dup_mm+0x9e/0x340 [ 2256.372898][ T9215] copy_process+0x2080/0x57b0 [ 2256.377865][ T9215] ? debug_smp_processor_id+0x9/0x20 [ 2256.383216][ T9215] _do_fork+0x13e/0x660 [ 2256.387484][ T9215] ? check_preemption_disabled+0x44/0x260 [ 2256.393374][ T9215] ? debug_smp_processor_id+0x9/0x20 [ 2256.398680][ T9215] ? check_preemption_disabled+0x44/0x260 [ 2256.405284][ T9215] ? debug_smp_processor_id+0x9/0x20 [ 2256.410582][ T9215] ? check_preemption_disabled+0x44/0x260 [ 2256.416325][ T9215] __x64_sys_clone+0x20b/0x250 [ 2256.421125][ T9215] do_syscall_64+0xf7/0x1c0 [ 2256.425654][ T9215] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2256.431774][ T9215] RIP: 0033:0x45aa4a [ 2256.435687][ T9215] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2256.455303][ T9215] RSP: 002b:00007ffc28d10e20 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2256.463822][ T9215] RAX: ffffffffffffffda RBX: 00007ffc28d10e20 RCX: 000000000045aa4a [ 2256.471814][ T9215] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2256.479795][ T9215] RBP: 00007ffc28d10e60 R08: 0000000000000001 R09: 0000000002844940 [ 2256.487768][ T9215] R10: 0000000002844c10 R11: 0000000000000246 R12: 0000000000000001 [ 2256.495729][ T9215] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffc28d10eb0 [ 2256.507246][ T9215] memory: usage 307200kB, limit 307200kB, failcnt 12292 [ 2256.514822][ T9215] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2256.522378][ T9215] Memory cgroup stats for /syz1: [ 2256.522486][ T9215] anon 117407744 [ 2256.522486][ T9215] file 122880 [ 2256.522486][ T9215] kernel_stack 28348416 [ 2256.522486][ T9215] slab 54505472 [ 2256.522486][ T9215] sock 131072 [ 2256.522486][ T9215] shmem 0 [ 2256.522486][ T9215] file_mapped 135168 [ 2256.522486][ T9215] file_dirty 0 [ 2256.522486][ T9215] file_writeback 0 [ 2256.522486][ T9215] anon_thp 0 [ 2256.522486][ T9215] inactive_anon 516096 [ 2256.522486][ T9215] active_anon 117071872 [ 2256.522486][ T9215] inactive_file 4096 [ 2256.522486][ T9215] active_file 0 [ 2256.522486][ T9215] unevictable 0 05:18:57 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000006700000000000000", 0x32) [ 2256.522486][ T9215] slab_reclaimable 10137600 [ 2256.522486][ T9215] slab_unreclaimable 44367872 [ 2256.522486][ T9215] pgfault 238656 [ 2256.522486][ T9215] pgmajfault 0 [ 2256.522486][ T9215] workingset_refault 2046 [ 2256.522486][ T9215] workingset_activate 528 [ 2256.522486][ T9215] workingset_nodereclaim 0 [ 2256.522486][ T9215] pgrefill 99706 [ 2256.522486][ T9215] pgscan 101119 [ 2256.522486][ T9215] pgsteal 3427 05:18:57 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000006800000000000000", 0x32) [ 2256.632435][ T9215] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=12288,uid=0 05:18:57 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000120000000000", 0x32) [ 2256.681325][ T9215] Memory cgroup out of memory: Killed process 12288 (syz-executor.1) total-vm:74836kB, anon-rss:164kB, file-rss:35804kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2256.721618][ T1143] oom_reaper: reaped process 12288 (syz-executor.1), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB [ 2256.833387][T12372] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2256.857633][T12372] CPU: 0 PID: 12372 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2256.866467][T12372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2256.877246][T12372] Call Trace: [ 2256.883271][T12372] dump_stack+0x1fb/0x318 [ 2256.887639][T12372] dump_header+0xd8/0x960 [ 2256.892161][T12372] oom_kill_process+0xee/0x370 [ 2256.896984][T12372] out_of_memory+0x5dc/0x900 [ 2256.901710][T12372] try_charge+0x128f/0x18a0 [ 2256.906288][T12372] __memcg_kmem_charge_memcg+0x37/0x140 [ 2256.911995][T12372] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2256.917555][T12372] __memcg_kmem_charge+0x105/0x340 [ 2256.922686][T12372] __alloc_pages_nodemask+0x29a/0x5d0 [ 2256.928094][T12372] alloc_pages_current+0x2db/0x500 05:18:58 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @remote}}) write$tun(r0, &(0x7f00000021c0)={@void, @val={0x9}, @mpls={[], @ipv6=@icmpv6={0x0, 0x6, "9eef7b", 0xf98, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x3, 0x0, 0x0, 0x0, {0x0, 0x6, "6595c3", 0x0, 0x0, 0x0, @mcast2, @loopback, [@dstopts={0x11, 0x13, [0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [@padn={0x1, 0x1, [0x0]}, @enc_lim, @ra, @calipso={0x7, 0x30, {0x0, 0xa, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}}, @calipso={0x7, 0x40, {0x0, 0xe, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, @hao={0xc9, 0x10, @mcast2}, @jumbo, @pad1]}, @srh={0x2, 0xc, 0x4, 0x6, 0x0, 0x0, 0x0, [@loopback, @loopback, @remote, @mcast2, @local, @mcast2]}, @hopopts={0x0, 0x1b8, [], [@ra, @generic={0x0, 0xdbb, "0cad4f4a7eeb53720a5107b6d8001a2f2241086745756559ca43dcc86c24645dd1ca87e3caf5413013c6baee7f151d411bad8f23a85fadfe0f959c12d3393193f4499171ba7b0fdee3a48548863719a05490befc514e21c91ea0c4bcc0e488e1cec20d2c2a5a69ce3dd47d41718560907c58078035d2a51850b0d85282b4a9ab5626b195d85d2727ed7047b647859a72011ff3fa524341909f841651f63701526c6a7e741f3bded9c25d978a77f334d12931fdd5484306ec3d6b268311f46917b7e42efa149511bafa5415d17ac02ab8937249a68b2e3fddb941b0040ced142c2afedcbec1039d40f4923ea3d4475ac561a6a0e869569dd13e736bf127eacb110f8d010329fccadf8e48b27819c823ca0f507f87b3d63ef1869cba2fe3deb0ad1dbaa1a343ab0a856f3e248c6af4ddbfc11824031ce2beeae0991b79382da8b02e0d25715845fc86df5a6279d54d675789e58df953992123c28c532058750c5978a819ddaadbcbe1d7fc264cb688b91668e116227771f36e2a8eb8b7bc364dbda1b3225c6bf9d82ae1e69fe54b17ff692f8b47718b508b8a4e10735bcb55f90616e50d6ba8851388d0f1b39957374ddc9efb243ac2a2bc436e867f3e1499e62d9d158ac22d4d0350b45d1ff2db14ff9507defa68bd37bc5a2e4f7988329171dd59db16a044b748fb6e05e3ca8f863b2ddd8623495f0c3d183e1b610263f17d7629921562a42a3c45a515a30a2c3edc574dff264f881f61393447a1fd773a20e494ac3afc0df59da758af735fbd5e6ad689e95675e29c15617764084f5b6f4732435f63ccb423df6442ad322600e21be45296fd27ca9e08ee7f442a688a32817404d9300ce4a70c2b75ca422b2173a52e9a800f5e520f349525b4c493701ae68ae0efc5e117b9a20735e47c37ccd977686b30d6cabb18f8e7c07ef9721f7daaf4b2c1fd02ec9a2e6e2fd458fa93e4f54d96d5e25ebaca4f322994ae737ee0181b9fac284e952b71fa18ecc7f1c3752a6385a596c094d36654008db0a2a785bf55bcb973d3c5e45ea9ca7506c10ecc0472fd4dd568e38548e87f8557d90290d8a8985cfa43853de5ff75d5a6d8f697c2a6a727675ea5aa1779b1cc98b4ff9556933c7bfa3ae59ada5c8d49191cbea2f2b457dd53c62a4dd257e808b3804cd18a95d566a818797fdc09f4b607dc97b634a9d9e447cc2252f51dd8ad9f5a10ccf32b7154992623957d963731bc4331adfc90c48361e4e2239892c82ff9260ad221c2e83c2352095d95a3d44a402e874edaa8a304f2e1c3d6a383a0515eb5657589a67691a22f10b89fd74123f7cec086d434da40ba509b0dbdf1fa82f4b16f9f3e6df6b0b28c3a85ab272e50e064fc37f681fcb5cfa0c0899a9b88d0a483281032cb16a80202b96cfe473ba073fcb9a6eeeee0032afe23506facba3ed1d11608d21a580ab87eeef70d18d9331eae104f6d77a4bc96bce642815485f513bb71ddc560bc31e995aba9faccd7d1bf74c8fe2b5d7137e3b771a2f408ac06d24bad2f7f4c8f6d7d977d7248415ccbd3420688ff681cf9b00724b6981b2555b86bce142c5d3bef47ebf75e989b337cb8cb98ed24402a98a4224685ceb2ded92f347e5192903dff7f6ed980cbf1413b8eb68474a9abac3fb206ef1ebe0d08dd999c9ecf811d0706d0a705a23ae530d3775e978159dc3c73b86dcd18a61e1c6c8b810041fbd80e0a4c9ff8a73933bb3dae152514ced9ee050e059c6f1bd0dbf2e3517ee3c2d770c296e6596290cf800508715da0799efced72be1ab153bec534129279639ba1afde05179952bf9e80133865b60c5669ef3b6972483e2936ac87a69c8e296a0c24cc0b2ce8583c99414ce7d7309c404b0652f27e6911fdfb59877366fa8754e716e50aa99cd04cbf7eb2c8e118b1a17d9965d6611dc65ac8c6b3a4d5d3df3097c4163c354509b50df0cc2daf0291bbd384a34dec960fd84a67cb30b761ee8161bb25d389bd20e15bfcf7f5edd77005e96e90c5a9bbacd7b3f9f5bbdb880f0a7e1254572b86cb28b3c310ba3052d3785b024ed3f3fafabf1393cf2d882b8bacca30d69adc024baede50d9b0bc2ffcd2bf5c6fef2fc290390162b563b8e846d7b615115818623113f01a1c216b9f588b65db63a459bcfce53020debb6de6e746ef2f9f1c8276ba8995e1bd02d3194e9875e1692ea0255743ba2175c4a804f57a4c19a2c7a4f8f36557878deba2d485aa67c2f36ccbb582f3c569e5d00fe8636857f30854abea6758389bcc832d0de97635ea41e42efa0b7c06fd4f84deeaebccfa8852e3c5582ade34fbe462b5244156d4545bd32377c65e3b0303879f8cc8f177056e39f99591dbaf1b2640f9b68c4cf3989fdd442cb1298d62ce43a21c56bc9556eb27431c04ed337fcd37c26387772677c25c7be21ee74d087c7b88457f30b34a493acb519295f38f4b9bc6764fcbd763d4f9e061d0fd8cb7800e2e0ec18d0fbfdbddc9af8d817b3cf16ce82c91f184f5c8184736203e1bcdb4b8c03a2176926cac0ba9fcf7e21604973d53ee3fc38263e80cea9b1cd9a5016d3e03141426a6802e0926485e8afff7cf8be9bdd2ce685128a7631314c4414a6ade6a85975c1b2958d9c52e455174ca71562eaf6102654466c66f5d3e251e6cae5efd91a88a2513f0587d80b9aafd1936b43beb4054bc35f1c42c0381618bbba181f0de8f4e7aa15f87bc7bb4609f88eadbb83bcc13f8caf7eca20a938c35378f8d3a810a7463d8a2487a157871a7402ab05b54bed456fb2d4c440976ccb4e724a20ba1941f3b3db4f8a185982bd719362b7e190052b5579835d1da2adcfdbec002fdb5f7b187fd365eb601432bf984ad6ee59e13aafba08485997587417b70f8cdf4f7370f04d94df49e135ed3012b87e50b93b27c78e1409f05a4bc0b75e6322068de9b0af459fdc40e3649fb2a7fb1296e00e7d48315705ecbb7815fedb45b8773309489e47aaa4009952604df5d6cd57ec310fc387ecdb296c11376715286df3d15f651310461e83c2ae6d407db6f81784b291e6c8f42907dd4c473cb72dedeb930668d6e5efd95bd1f69d9e818a744557689f7106d0d2a3c3e6f79c98559f9c31ca32307011fa3d70963cc2801babc9a23f73f5fa4bcd04285927f6ef7c5099a4620b85ca8dff2a56fe8aac89949dac74cf869739610d87068e3d32fdba1d5b7460b7857249091cb62b6d9f824ffb9b88a02ea4926da7b8b672ad08ec8c7508a3c5ba901e7c8c8a19e63bbc148a8bb307c6f5d87c736c9d6bcfaabdc7da7102a8bc466c6c11c0bf1973aaf9bc181f996b8aa726dc952dd26df33d6b2aa8de037308df7935ef3390e5939fd9cdf2044b40422197fac93f1762ad342d293162c109f39a369e48977af8ea32a7a098fd9cd7cd979b41a104b8359038cd6741a73968c72d09e9b9869d8dc5fc36b9bfdc89b8cffcede960561a9d1e4aa2453f712caecd2a4206947d3588190e3433bdb87a9241e08686dc78f00162f8239d660b74d42ae1d534ffc3a51fc308f98a5ac00f4da9bdcee4e6d0bf627d17366691a3ab8569b730ad31dcc5324c8835b19b65a11845a03434e10329c5feeeb1088b13a3bc3fe65c3eb6e549003d8d211b87823a44910b2a42e340dd2176a17a2e6ebb45cc59baa9a3bbfd74e6ee8d2c512a825292bdd7abe5ff7ede61b74376e5bc37faf8d69346fa32708df690b2d5b5f18727e4bdb899718e38dae959bb56d95ac153beb1426f3cca03105d5fed56e597822bfc31bb284a9848f1b6b9a1910ad2af8b76887cdd2b1de1f81cd542e0c889e89737d61f5e50ef964205a3b4c77c72271f83015e34989d60ef6d0d6c307902975d5dbe90a23ee1cde956cf70135c91a199d9f75500dc95604b9e7eb365ea858d90377601bad95e07a0f156ffc02778365315b67093aebe32a2a5f00ba8b0eae6fb0414eabe117fd590bc39e9208b4137977b5a8610462f2e83cff2b16edcb444b5d33035d0a80bcb1da228247cad6c11369c5026c5a8320d97cbac232b0ecc0b201552e0f41ab143040324217ad67e8606b34a3349e4ef0c34f9cf56d5b6d157c09b178b358491eb270093a99f522afa3aedaf5dc705fe1842b12515dfe1650dd92ab489bed299677eeff81da531569a3ad832ae273a0b47627561a35da92a6c1b161dbf496248f04feb5a407d99968d6ba0174f453d94708be5a57d82b980bd7751b4a9590dc7b4d38c912a8571ebc39150f7e52efad66cb6d3996710bc5a3e89576182a6a1e15d95dbd74c1ab791bee657547ffb645feb8566ed8db97003f1ff2312946a0404c8dfc0f0a240d8320795c83e66f1429eb56db9ba6e1cee43cbc9e95bd10ceccf1f2ff6b8264ed4e83928e0c5056ad07ba0dad0bb21bec76d7b6ee05a2f0bac88f17004e2e299ccb2679099cc838e25f78685509b69d3164c1fae4c538e683af818d223e8806f50da7504008173b9fc69eafb649dc4b516e4554edbe8c9a0ba46db39c962af343e9caada22d55e3d7ad01e5e5d7d146edfc3a93ce8afde8416b8e9a929b8d88909e11554f1b934a98be2d6e6e0ae2ff66f10be722958a0c0c3766f69d590fc56ed8ae47c289413d62310e8022369e8102d0407bfd30c103fb743c81360752a71f36be5a511c43ebdb493d96a7b2eb80494a028f6cc76a2d0eb0aa1f1392bb50a2ba71384f071473d0774e425dd2d212b537f8f654458e0a5d300780c3d29ddcabe9fdd95c14e6cbd924d1aad9eaa2e00d45278609ef27fdec8d81c9221d07b59370db0911550fdddc9ef3ba760109ba384b3ad7ba5747aa50e0b9832bf39cbf5244de38af8c273d497597be8d4e5575d13a580584436621bb5b7878d23991a6221381af19ef2be71e2c7dea6e5fc9dbe0039ccb02d13d978eebdd411727ee7faed65ca6c872bf9c37322ede378709e9f6a61a1b07c7ceeb94b7719d78a8a3d8221695ba"}]}], "4011c6ed3ec831c0a859df4fd6a1cf59a90c42b433580b288a28728fb104cc462f4e92a1a4d50c2d9d75ce8b5ae9b1d6e9a4a79cae905957835e850585441d5cb5c76b06ad60a5a9003ebacf0d40fb6c636fd81af39f9d170ef5af99cd3e3e7ff54f71ca5d83d2b122ebbbc1333a2c811bc4095b572ebbcb83561044b2794ae54b33e99f48eac0eb"}}}}}}, 0xfca) [ 2256.933235][T12372] pte_alloc_one+0x1f/0x180 [ 2256.937758][T12372] __pte_alloc+0x20/0x2f0 [ 2256.942111][T12372] copy_page_range+0x2434/0x2950 [ 2256.947169][T12372] ? vma_gap_callbacks_rotate+0x1ee/0x230 [ 2256.953143][T12372] ? __sanitizer_cov_trace_const_cmp8+0x1/0x90 [ 2256.959678][T12372] dup_mmap+0x9f1/0xdf0 [ 2256.964083][T12372] dup_mm+0x9e/0x340 [ 2256.967982][T12372] copy_process+0x2080/0x57b0 [ 2256.974260][T12372] ? retint_kernel+0x2b/0x2b [ 2256.978897][T12372] _do_fork+0x13e/0x660 [ 2256.983541][T12372] ? retint_kernel+0x2b/0x2b [ 2256.988222][T12372] ? trace_hardirqs_on_caller+0x74/0x80 [ 2256.994131][T12372] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2256.999620][T12372] __x64_sys_clone+0x20b/0x250 [ 2257.008007][T12372] do_syscall_64+0xf7/0x1c0 [ 2257.014888][T12372] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2257.020803][T12372] RIP: 0033:0x45c479 [ 2257.024707][T12372] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2257.044404][T12372] RSP: 002b:00007fe0b78f1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2257.052816][T12372] RAX: ffffffffffffffda RBX: 00007fe0b78f26d4 RCX: 000000000045c479 [ 2257.060820][T12372] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 2257.068819][T12372] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2257.076789][T12372] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2257.084760][T12372] R13: 0000000000000074 R14: 00000000004c2d06 R15: 000000000076bf2c [ 2257.098792][T12372] memory: usage 307192kB, limit 307200kB, failcnt 16484 [ 2257.106304][T12372] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2257.113788][T12372] Memory cgroup stats for /syz4: [ 2257.114714][T12372] anon 118530048 [ 2257.114714][T12372] file 16384 [ 2257.114714][T12372] kernel_stack 29011968 [ 2257.114714][T12372] slab 52731904 [ 2257.114714][T12372] sock 0 [ 2257.114714][T12372] shmem 73728 [ 2257.114714][T12372] file_mapped 0 [ 2257.114714][T12372] file_dirty 0 [ 2257.114714][T12372] file_writeback 0 [ 2257.114714][T12372] anon_thp 0 [ 2257.114714][T12372] inactive_anon 786432 [ 2257.114714][T12372] active_anon 117719040 [ 2257.114714][T12372] inactive_file 98304 [ 2257.114714][T12372] active_file 0 [ 2257.114714][T12372] unevictable 0 [ 2257.114714][T12372] slab_reclaimable 7839744 [ 2257.114714][T12372] slab_unreclaimable 44892160 [ 2257.114714][T12372] pgfault 246873 [ 2257.114714][T12372] pgmajfault 0 [ 2257.114714][T12372] workingset_refault 3696 [ 2257.114714][T12372] workingset_activate 1749 [ 2257.114714][T12372] workingset_nodereclaim 0 [ 2257.114714][T12372] pgrefill 138327 [ 2257.114714][T12372] pgscan 155961 [ 2257.114714][T12372] pgsteal 20039 [ 2257.213489][T12372] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=25958,uid=0 [ 2257.231753][T12372] Memory cgroup out of memory: Killed process 25958 (syz-executor.4) total-vm:74704kB, anon-rss:160kB, file-rss:35820kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 2257.344384][T12387] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2257.379315][T12387] CPU: 0 PID: 12387 Comm: syz-executor.1 Not tainted 5.6.0-rc3-syzkaller #0 [ 2257.388039][T12387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2257.398282][T12387] Call Trace: [ 2257.401584][T12387] dump_stack+0x1fb/0x318 [ 2257.405936][T12387] dump_header+0xd8/0x960 [ 2257.410286][T12387] oom_kill_process+0xee/0x370 [ 2257.415061][T12387] out_of_memory+0x5dc/0x900 [ 2257.419674][T12387] try_charge+0x128f/0x18a0 [ 2257.424239][T12387] mem_cgroup_try_charge+0x216/0x550 [ 2257.429559][T12387] mem_cgroup_try_charge_delay+0x25/0xa0 [ 2257.435347][T12387] do_anonymous_page+0x382/0x1640 [ 2257.440550][T12387] handle_mm_fault+0x1c17/0x2900 [ 2257.445554][T12387] do_user_addr_fault+0x588/0xaf0 [ 2257.450639][T12387] do_page_fault+0x13b/0x250 [ 2257.455253][T12387] page_fault+0x39/0x40 [ 2257.459431][T12387] RIP: 0033:0x45ee2d [ 2257.463333][T12387] Code: 5b 5d f3 c3 66 0f 1f 84 00 00 00 00 00 48 c7 c0 ea ff ff ff 48 85 ff 0f 84 e0 8c fb ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 <48> 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 [ 2257.482949][T12387] RSP: 002b:00007ffc28d10b88 EFLAGS: 00010202 05:18:58 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x600}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2257.489032][T12387] RAX: ffffffffffffffea RBX: 00007fea86baa700 RCX: 00007fea86baa700 [ 2257.497015][T12387] RDX: 00000000003d0f00 RSI: 00007fea86ba9db0 RDI: 0000000000413060 [ 2257.504997][T12387] RBP: 00007ffc28d10da0 R08: 00007fea86baa9d0 R09: 00007fea86baa700 [ 2257.512988][T12387] R10: 00007fea86ba9dc0 R11: 0000000000000246 R12: 0000000000000000 [ 2257.520973][T12387] R13: 00007ffc28d10c3f R14: 00007fea86baa9c0 R15: 000000000076bf2c [ 2257.581136][T12387] memory: usage 307028kB, limit 307200kB, failcnt 12332 [ 2257.588173][T12387] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2257.602030][T12387] Memory cgroup stats for /syz1: [ 2257.602150][T12387] anon 117268480 [ 2257.602150][T12387] file 122880 [ 2257.602150][T12387] kernel_stack 28348416 [ 2257.602150][T12387] slab 54505472 [ 2257.602150][T12387] sock 131072 [ 2257.602150][T12387] shmem 0 [ 2257.602150][T12387] file_mapped 135168 05:18:58 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000006900000000000000", 0x32) 05:18:58 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000130000000000", 0x32) [ 2257.602150][T12387] file_dirty 0 [ 2257.602150][T12387] file_writeback 0 [ 2257.602150][T12387] anon_thp 0 [ 2257.602150][T12387] inactive_anon 516096 [ 2257.602150][T12387] active_anon 116936704 [ 2257.602150][T12387] inactive_file 4096 [ 2257.602150][T12387] active_file 0 [ 2257.602150][T12387] unevictable 0 [ 2257.602150][T12387] slab_reclaimable 10137600 [ 2257.602150][T12387] slab_unreclaimable 44367872 [ 2257.602150][T12387] pgfault 238656 [ 2257.602150][T12387] pgmajfault 0 [ 2257.602150][T12387] workingset_refault 2046 [ 2257.602150][T12387] workingset_activate 528 [ 2257.602150][T12387] workingset_nodereclaim 0 [ 2257.602150][T12387] pgrefill 99805 [ 2257.602150][T12387] pgscan 101185 [ 2257.602150][T12387] pgsteal 3427 [ 2257.720703][T12387] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=12285,uid=0 [ 2257.750791][T12412] ref_ctr_offset mismatch. inode: 0x47e5 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfffffff6 [ 2257.772294][T12387] Memory cgroup out of memory: Killed process 12285 (syz-executor.1) total-vm:74836kB, anon-rss:164kB, file-rss:35804kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2257.900803][T12419] binder: BINDER_SET_CONTEXT_MGR already set [ 2257.924194][T12419] binder: 12419:12419 ioctl 40046207 0 returned -16 05:18:59 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:18:59 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x18, 0x0, &(0x7f0000000140)=[@acquire={0x40046304}, @clear_death], 0x0, 0x8126000, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x9, 0x125980) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:18:59 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) [ 2258.288545][T12426] binder: BINDER_SET_CONTEXT_MGR already set [ 2258.313610][T12426] binder: 12426:12426 ioctl 40046207 0 returned -16 05:18:59 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x18, 0x0, &(0x7f0000000140)=[@acquire={0x40046304}, @clear_death], 0x0, 0x8126000, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x9, 0x125980) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:18:59 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000140000000000", 0x32) 05:18:59 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000006a00000000000000", 0x32) [ 2258.598375][T12437] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2258.645016][T12437] CPU: 1 PID: 12437 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2258.653754][T12437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2258.663950][T12437] Call Trace: [ 2258.667241][T12437] dump_stack+0x1fb/0x318 [ 2258.671578][T12437] dump_header+0xd8/0x960 [ 2258.675908][T12437] oom_kill_process+0xee/0x370 [ 2258.680707][T12437] out_of_memory+0x5dc/0x900 [ 2258.685317][T12437] try_charge+0x128f/0x18a0 [ 2258.689846][T12437] __memcg_kmem_charge_memcg+0x37/0x140 [ 2258.695522][T12437] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2258.701094][T12437] __memcg_kmem_charge+0x105/0x340 [ 2258.706224][T12437] __alloc_pages_nodemask+0x29a/0x5d0 [ 2258.711656][T12437] alloc_pages_current+0x2db/0x500 [ 2258.716766][T12437] pte_alloc_one+0x1f/0x180 [ 2258.721292][T12437] __pte_alloc+0x20/0x2f0 [ 2258.725668][T12437] copy_page_range+0x2434/0x2950 [ 2258.730675][T12437] ? __vma_link_rb+0x822/0x840 [ 2258.735457][T12437] dup_mmap+0x9f1/0xdf0 [ 2258.739620][T12437] dup_mm+0x9e/0x340 [ 2258.743512][T12437] copy_process+0x2080/0x57b0 [ 2258.748232][T12437] ? debug_smp_processor_id+0x9/0x20 [ 2258.753546][T12437] _do_fork+0x13e/0x660 [ 2258.757721][T12437] ? check_preemption_disabled+0x44/0x260 [ 2258.763464][T12437] ? debug_smp_processor_id+0x9/0x20 [ 2258.768768][T12437] ? check_preemption_disabled+0x44/0x260 [ 2258.774491][T12437] ? debug_smp_processor_id+0x9/0x20 [ 2258.779790][T12437] ? check_preemption_disabled+0x44/0x260 [ 2258.785675][T12437] __x64_sys_clone+0x20b/0x250 [ 2258.790475][T12437] do_syscall_64+0xf7/0x1c0 [ 2258.795062][T12437] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2258.800948][T12437] RIP: 0033:0x45c479 [ 2258.804829][T12437] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2258.824493][T12437] RSP: 002b:00007fe0b78d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2258.832918][T12437] RAX: ffffffffffffffda RBX: 00007fe0b78d16d4 RCX: 000000000045c479 05:18:59 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000006b00000000000000", 0x32) [ 2258.840891][T12437] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 2258.848854][T12437] RBP: 000000000076bfc0 R08: ffffffffffffffff R09: 0000000000000000 [ 2258.856826][T12437] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2258.864793][T12437] R13: 0000000000000074 R14: 00000000004c2d06 R15: 000000000076bfcc [ 2258.891205][T12437] memory: usage 307200kB, limit 307200kB, failcnt 16505 [ 2258.898210][T12437] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2258.918899][T12437] Memory cgroup stats for /syz4: [ 2258.918991][T12437] anon 118521856 [ 2258.918991][T12437] file 16384 [ 2258.918991][T12437] kernel_stack 29048832 [ 2258.918991][T12437] slab 52731904 [ 2258.918991][T12437] sock 0 [ 2258.918991][T12437] shmem 73728 [ 2258.918991][T12437] file_mapped 0 [ 2258.918991][T12437] file_dirty 0 [ 2258.918991][T12437] file_writeback 0 [ 2258.918991][T12437] anon_thp 0 [ 2258.918991][T12437] inactive_anon 786432 [ 2258.918991][T12437] active_anon 117719040 [ 2258.918991][T12437] inactive_file 98304 [ 2258.918991][T12437] active_file 0 [ 2258.918991][T12437] unevictable 0 [ 2258.918991][T12437] slab_reclaimable 7839744 [ 2258.918991][T12437] slab_unreclaimable 44892160 [ 2258.918991][T12437] pgfault 247071 [ 2258.918991][T12437] pgmajfault 0 [ 2258.918991][T12437] workingset_refault 3696 [ 2258.918991][T12437] workingset_activate 1749 [ 2258.918991][T12437] workingset_nodereclaim 0 [ 2258.918991][T12437] pgrefill 138327 [ 2258.918991][T12437] pgscan 155961 [ 2258.918991][T12437] pgsteal 20039 [ 2259.018182][T12437] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=23249,uid=0 [ 2259.033801][T12437] Memory cgroup out of memory: Killed process 23249 (syz-executor.4) total-vm:74836kB, anon-rss:168kB, file-rss:35812kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 2259.052744][ T1143] oom_reaper: reaped process 23249 (syz-executor.4), now anon-rss:0kB, file-rss:34852kB, shmem-rss:0kB 05:19:00 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x700}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2259.245254][T12449] binder: BINDER_SET_CONTEXT_MGR already set [ 2259.278674][T12449] binder: 12449:12449 ioctl 40046207 0 returned -16 [ 2259.430131][T12452] ref_ctr_offset mismatch. inode: 0x47de offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfffffff6 05:19:00 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @remote}}) write$tun(r0, &(0x7f00000021c0)={@void, @val={0x9}, @mpls={[], @ipv6=@icmpv6={0x0, 0x6, "9eef7b", 0xf98, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x3, 0x0, 0x0, 0x0, {0x0, 0x6, "6595c3", 0x0, 0x0, 0x0, @mcast2, @loopback, [@dstopts={0x11, 0x13, [0x0, 0x0, 0x0, 0x0, 0x0, 0x5], [@padn={0x1, 0x1, [0x0]}, @enc_lim, @ra, @calipso={0x7, 0x30, {0x0, 0xa, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}}, @calipso={0x7, 0x40, {0x0, 0xe, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, @hao={0xc9, 0x10, @mcast2}, @jumbo, @pad1]}, @srh={0x2, 0xc, 0x4, 0x6, 0x0, 0x0, 0x0, [@loopback, @loopback, @remote, @mcast2, @local, @mcast2]}, @hopopts={0x0, 0x1b8, [], [@ra, @generic={0x0, 0xdbb, "0cad4f4a7eeb53720a5107b6d8001a2f2241086745756559ca43dcc86c24645dd1ca87e3caf5413013c6baee7f151d411bad8f23a85fadfe0f959c12d3393193f4499171ba7b0fdee3a48548863719a05490befc514e21c91ea0c4bcc0e488e1cec20d2c2a5a69ce3dd47d41718560907c58078035d2a51850b0d85282b4a9ab5626b195d85d2727ed7047b647859a72011ff3fa524341909f841651f63701526c6a7e741f3bded9c25d978a77f334d12931fdd5484306ec3d6b268311f46917b7e42efa149511bafa5415d17ac02ab8937249a68b2e3fddb941b0040ced142c2afedcbec1039d40f4923ea3d4475ac561a6a0e869569dd13e736bf127eacb110f8d010329fccadf8e48b27819c823ca0f507f87b3d63ef1869cba2fe3deb0ad1dbaa1a343ab0a856f3e248c6af4ddbfc11824031ce2beeae0991b79382da8b02e0d25715845fc86df5a6279d54d675789e58df953992123c28c532058750c5978a819ddaadbcbe1d7fc264cb688b91668e116227771f36e2a8eb8b7bc364dbda1b3225c6bf9d82ae1e69fe54b17ff692f8b47718b508b8a4e10735bcb55f90616e50d6ba8851388d0f1b39957374ddc9efb243ac2a2bc436e867f3e1499e62d9d158ac22d4d0350b45d1ff2db14ff9507defa68bd37bc5a2e4f7988329171dd59db16a044b748fb6e05e3ca8f863b2ddd8623495f0c3d183e1b610263f17d7629921562a42a3c45a515a30a2c3edc574dff264f881f61393447a1fd773a20e494ac3afc0df59da758af735fbd5e6ad689e95675e29c15617764084f5b6f4732435f63ccb423df6442ad322600e21be45296fd27ca9e08ee7f442a688a32817404d9300ce4a70c2b75ca422b2173a52e9a800f5e520f349525b4c493701ae68ae0efc5e117b9a20735e47c37ccd977686b30d6cabb18f8e7c07ef9721f7daaf4b2c1fd02ec9a2e6e2fd458fa93e4f54d96d5e25ebaca4f322994ae737ee0181b9fac284e952b71fa18ecc7f1c3752a6385a596c094d36654008db0a2a785bf55bcb973d3c5e45ea9ca7506c10ecc0472fd4dd568e38548e87f8557d90290d8a8985cfa43853de5ff75d5a6d8f697c2a6a727675ea5aa1779b1cc98b4ff9556933c7bfa3ae59ada5c8d49191cbea2f2b457dd53c62a4dd257e808b3804cd18a95d566a818797fdc09f4b607dc97b634a9d9e447cc2252f51dd8ad9f5a10ccf32b7154992623957d963731bc4331adfc90c48361e4e2239892c82ff9260ad221c2e83c2352095d95a3d44a402e874edaa8a304f2e1c3d6a383a0515eb5657589a67691a22f10b89fd74123f7cec086d434da40ba509b0dbdf1fa82f4b16f9f3e6df6b0b28c3a85ab272e50e064fc37f681fcb5cfa0c0899a9b88d0a483281032cb16a80202b96cfe473ba073fcb9a6eeeee0032afe23506facba3ed1d11608d21a580ab87eeef70d18d9331eae104f6d77a4bc96bce642815485f513bb71ddc560bc31e995aba9faccd7d1bf74c8fe2b5d7137e3b771a2f408ac06d24bad2f7f4c8f6d7d977d7248415ccbd3420688ff681cf9b00724b6981b2555b86bce142c5d3bef47ebf75e989b337cb8cb98ed24402a98a4224685ceb2ded92f347e5192903dff7f6ed980cbf1413b8eb68474a9abac3fb206ef1ebe0d08dd999c9ecf811d0706d0a705a23ae530d3775e978159dc3c73b86dcd18a61e1c6c8b810041fbd80e0a4c9ff8a73933bb3dae152514ced9ee050e059c6f1bd0dbf2e3517ee3c2d770c296e6596290cf800508715da0799efced72be1ab153bec534129279639ba1afde05179952bf9e80133865b60c5669ef3b6972483e2936ac87a69c8e296a0c24cc0b2ce8583c99414ce7d7309c404b0652f27e6911fdfb59877366fa8754e716e50aa99cd04cbf7eb2c8e118b1a17d9965d6611dc65ac8c6b3a4d5d3df3097c4163c354509b50df0cc2daf0291bbd384a34dec960fd84a67cb30b761ee8161bb25d389bd20e15bfcf7f5edd77005e96e90c5a9bbacd7b3f9f5bbdb880f0a7e1254572b86cb28b3c310ba3052d3785b024ed3f3fafabf1393cf2d882b8bacca30d69adc024baede50d9b0bc2ffcd2bf5c6fef2fc290390162b563b8e846d7b615115818623113f01a1c216b9f588b65db63a459bcfce53020debb6de6e746ef2f9f1c8276ba8995e1bd02d3194e9875e1692ea0255743ba2175c4a804f57a4c19a2c7a4f8f36557878deba2d485aa67c2f36ccbb582f3c569e5d00fe8636857f30854abea6758389bcc832d0de97635ea41e42efa0b7c06fd4f84deeaebccfa8852e3c5582ade34fbe462b5244156d4545bd32377c65e3b0303879f8cc8f177056e39f99591dbaf1b2640f9b68c4cf3989fdd442cb1298d62ce43a21c56bc9556eb27431c04ed337fcd37c26387772677c25c7be21ee74d087c7b88457f30b34a493acb519295f38f4b9bc6764fcbd763d4f9e061d0fd8cb7800e2e0ec18d0fbfdbddc9af8d817b3cf16ce82c91f184f5c8184736203e1bcdb4b8c03a2176926cac0ba9fcf7e21604973d53ee3fc38263e80cea9b1cd9a5016d3e03141426a6802e0926485e8afff7cf8be9bdd2ce685128a7631314c4414a6ade6a85975c1b2958d9c52e455174ca71562eaf6102654466c66f5d3e251e6cae5efd91a88a2513f0587d80b9aafd1936b43beb4054bc35f1c42c0381618bbba181f0de8f4e7aa15f87bc7bb4609f88eadbb83bcc13f8caf7eca20a938c35378f8d3a810a7463d8a2487a157871a7402ab05b54bed456fb2d4c440976ccb4e724a20ba1941f3b3db4f8a185982bd719362b7e190052b5579835d1da2adcfdbec002fdb5f7b187fd365eb601432bf984ad6ee59e13aafba08485997587417b70f8cdf4f7370f04d94df49e135ed3012b87e50b93b27c78e1409f05a4bc0b75e6322068de9b0af459fdc40e3649fb2a7fb1296e00e7d48315705ecbb7815fedb45b8773309489e47aaa4009952604df5d6cd57ec310fc387ecdb296c11376715286df3d15f651310461e83c2ae6d407db6f81784b291e6c8f42907dd4c473cb72dedeb930668d6e5efd95bd1f69d9e818a744557689f7106d0d2a3c3e6f79c98559f9c31ca32307011fa3d70963cc2801babc9a23f73f5fa4bcd04285927f6ef7c5099a4620b85ca8dff2a56fe8aac89949dac74cf869739610d87068e3d32fdba1d5b7460b7857249091cb62b6d9f824ffb9b88a02ea4926da7b8b672ad08ec8c7508a3c5ba901e7c8c8a19e63bbc148a8bb307c6f5d87c736c9d6bcfaabdc7da7102a8bc466c6c11c0bf1973aaf9bc181f996b8aa726dc952dd26df33d6b2aa8de037308df7935ef3390e5939fd9cdf2044b40422197fac93f1762ad342d293162c109f39a369e48977af8ea32a7a098fd9cd7cd979b41a104b8359038cd6741a73968c72d09e9b9869d8dc5fc36b9bfdc89b8cffcede960561a9d1e4aa2453f712caecd2a4206947d3588190e3433bdb87a9241e08686dc78f00162f8239d660b74d42ae1d534ffc3a51fc308f98a5ac00f4da9bdcee4e6d0bf627d17366691a3ab8569b730ad31dcc5324c8835b19b65a11845a03434e10329c5feeeb1088b13a3bc3fe65c3eb6e549003d8d211b87823a44910b2a42e340dd2176a17a2e6ebb45cc59baa9a3bbfd74e6ee8d2c512a825292bdd7abe5ff7ede61b74376e5bc37faf8d69346fa32708df690b2d5b5f18727e4bdb899718e38dae959bb56d95ac153beb1426f3cca03105d5fed56e597822bfc31bb284a9848f1b6b9a1910ad2af8b76887cdd2b1de1f81cd542e0c889e89737d61f5e50ef964205a3b4c77c72271f83015e34989d60ef6d0d6c307902975d5dbe90a23ee1cde956cf70135c91a199d9f75500dc95604b9e7eb365ea858d90377601bad95e07a0f156ffc02778365315b67093aebe32a2a5f00ba8b0eae6fb0414eabe117fd590bc39e9208b4137977b5a8610462f2e83cff2b16edcb444b5d33035d0a80bcb1da228247cad6c11369c5026c5a8320d97cbac232b0ecc0b201552e0f41ab143040324217ad67e8606b34a3349e4ef0c34f9cf56d5b6d157c09b178b358491eb270093a99f522afa3aedaf5dc705fe1842b12515dfe1650dd92ab489bed299677eeff81da531569a3ad832ae273a0b47627561a35da92a6c1b161dbf496248f04feb5a407d99968d6ba0174f453d94708be5a57d82b980bd7751b4a9590dc7b4d38c912a8571ebc39150f7e52efad66cb6d3996710bc5a3e89576182a6a1e15d95dbd74c1ab791bee657547ffb645feb8566ed8db97003f1ff2312946a0404c8dfc0f0a240d8320795c83e66f1429eb56db9ba6e1cee43cbc9e95bd10ceccf1f2ff6b8264ed4e83928e0c5056ad07ba0dad0bb21bec76d7b6ee05a2f0bac88f17004e2e299ccb2679099cc838e25f78685509b69d3164c1fae4c538e683af818d223e8806f50da7504008173b9fc69eafb649dc4b516e4554edbe8c9a0ba46db39c962af343e9caada22d55e3d7ad01e5e5d7d146edfc3a93ce8afde8416b8e9a929b8d88909e11554f1b934a98be2d6e6e0ae2ff66f10be722958a0c0c3766f69d590fc56ed8ae47c289413d62310e8022369e8102d0407bfd30c103fb743c81360752a71f36be5a511c43ebdb493d96a7b2eb80494a028f6cc76a2d0eb0aa1f1392bb50a2ba71384f071473d0774e425dd2d212b537f8f654458e0a5d300780c3d29ddcabe9fdd95c14e6cbd924d1aad9eaa2e00d45278609ef27fdec8d81c9221d07b59370db0911550fdddc9ef3ba760109ba384b3ad7ba5747aa50e0b9832bf39cbf5244de38af8c273d497597be8d4e5575d13a580584436621bb5b7878d23991a6221381af19ef2be71e2c7dea6e5fc9dbe0039ccb02d13d978eebdd411727ee7faed65ca6c872bf9c37322ede378709e9f6a61a1b07c7ceeb94b7719d78a8a3d8221695ba"}]}], "4011c6ed3ec831c0a859df4fd6a1cf59a90c42b433580b288a28728fb104cc462f4e92a1a4d50c2d9d75ce8b5ae9b1d6e9a4a79cae905957835e850585441d5cb5c76b06ad60a5a9003ebacf0d40fb6c636fd81af39f9d170ef5af99cd3e3e7ff54f71ca5d83d2b122ebbbc1333a2c811bc4095b572ebbcb83561044b2794ae54b33e99f48eac0eb"}}}}}}, 0xfca) 05:19:00 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:19:00 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000150000000000", 0x32) 05:19:00 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x18, 0x0, &(0x7f0000000140)=[@acquire={0x40046304}, @clear_death], 0x0, 0x8126000, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x9, 0x125980) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:19:00 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000008100000000000000", 0x32) 05:19:00 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x900}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2260.120167][T12474] ref_ctr_offset mismatch. inode: 0x481b offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfffffff6 [ 2260.166177][T12467] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2260.176908][T12467] CPU: 0 PID: 12467 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2260.185590][T12467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2260.195762][T12467] Call Trace: [ 2260.199073][T12467] dump_stack+0x1fb/0x318 [ 2260.203435][T12467] dump_header+0xd8/0x960 [ 2260.207803][T12467] oom_kill_process+0xee/0x370 [ 2260.212598][T12467] out_of_memory+0x5dc/0x900 [ 2260.217221][T12467] try_charge+0x128f/0x18a0 [ 2260.221799][T12467] mem_cgroup_try_charge+0x216/0x550 [ 2260.227387][T12467] mem_cgroup_try_charge_delay+0x25/0xa0 [ 2260.233193][T12467] wp_page_copy+0x35f/0x1c50 [ 2260.237834][T12467] do_wp_page+0x5e4/0x16d0 [ 2260.242265][T12467] ? __kasan_check_write+0x14/0x20 [ 2260.247391][T12467] ? do_raw_spin_lock+0x103/0x7b0 [ 2260.252609][T12467] ? handle_mm_fault+0x235a/0x2900 [ 2260.257763][T12467] handle_mm_fault+0x241f/0x2900 [ 2260.262780][T12467] do_user_addr_fault+0x588/0xaf0 [ 2260.267867][T12467] do_page_fault+0x13b/0x250 [ 2260.272617][T12467] page_fault+0x39/0x40 [ 2260.276785][T12467] RIP: 0033:0x40419e [ 2260.280701][T12467] Code: 48 dc ff ff 0f 1f 84 00 00 00 00 00 0f b6 b5 84 00 00 00 bf 81 13 4c 00 31 c0 e8 0d dd ff ff e9 30 fe ff ff 8b 0b 48 83 f8 ff <48> 89 45 78 89 8d 80 00 00 00 0f 85 8d fd ff ff 85 c9 0f 85 85 fd [ 2260.300320][T12467] RSP: 002b:00007fe0b78f1c90 EFLAGS: 00010207 [ 2260.306407][T12467] RAX: 000000000000245f RBX: 00007fe0b78f26d4 RCX: 0000000000000000 [ 2260.314393][T12467] RDX: 0000000000000001 RSI: 0000000000403ecc RDI: 0000000000000000 [ 2260.322380][T12467] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2260.330374][T12467] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2260.339753][T12467] R13: 0000000000000074 R14: 00000000004c2d06 R15: 000000000076bf2c [ 2260.350810][T12467] memory: usage 307200kB, limit 307200kB, failcnt 16568 [ 2260.357975][T12467] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2260.365032][T12467] Memory cgroup stats for /syz4: [ 2260.365753][T12467] anon 118521856 [ 2260.365753][T12467] file 16384 [ 2260.365753][T12467] kernel_stack 29011968 [ 2260.365753][T12467] slab 52731904 [ 2260.365753][T12467] sock 0 [ 2260.365753][T12467] shmem 73728 [ 2260.365753][T12467] file_mapped 0 [ 2260.365753][T12467] file_dirty 0 [ 2260.365753][T12467] file_writeback 0 [ 2260.365753][T12467] anon_thp 0 [ 2260.365753][T12467] inactive_anon 786432 [ 2260.365753][T12467] active_anon 117719040 [ 2260.365753][T12467] inactive_file 98304 [ 2260.365753][T12467] active_file 0 [ 2260.365753][T12467] unevictable 0 [ 2260.365753][T12467] slab_reclaimable 7839744 [ 2260.365753][T12467] slab_unreclaimable 44892160 [ 2260.365753][T12467] pgfault 247170 [ 2260.365753][T12467] pgmajfault 0 [ 2260.365753][T12467] workingset_refault 3696 [ 2260.365753][T12467] workingset_activate 1749 [ 2260.365753][T12467] workingset_nodereclaim 0 [ 2260.365753][T12467] pgrefill 138624 [ 2260.365753][T12467] pgscan 156258 [ 2260.365753][T12467] pgsteal 20039 [ 2260.460980][T12467] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=23208,uid=0 [ 2260.477384][T12467] Memory cgroup out of memory: Killed process 23208 (syz-executor.4) total-vm:74704kB, anon-rss:160kB, file-rss:35820kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 05:19:01 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x18, 0x0, &(0x7f0000000140)=[@acquire={0x40046304}, @clear_death], 0x0, 0x8126000, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r3, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, 0x0) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x9, 0x125980) set_thread_area(0x0) pivot_root(0x0, 0x0) [ 2260.548808][ T1143] oom_reaper: reaped process 23208 (syz-executor.4), now anon-rss:0kB, file-rss:34860kB, shmem-rss:0kB [ 2260.567677][T12458] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2260.604175][T12458] CPU: 1 PID: 12458 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2260.612904][T12458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2260.623091][T12458] Call Trace: [ 2260.626400][T12458] dump_stack+0x1fb/0x318 [ 2260.630874][T12458] dump_header+0xd8/0x960 [ 2260.635230][T12458] oom_kill_process+0xee/0x370 [ 2260.640010][T12458] out_of_memory+0x5dc/0x900 [ 2260.644624][T12458] try_charge+0x128f/0x18a0 [ 2260.649196][T12458] mem_cgroup_try_charge+0x216/0x550 [ 2260.654696][T12458] mem_cgroup_try_charge_delay+0x25/0xa0 [ 2260.660344][T12458] wp_page_copy+0x35f/0x1c50 [ 2260.664989][T12458] do_wp_page+0x5e4/0x16d0 [ 2260.669434][T12458] ? __kasan_check_write+0x14/0x20 [ 2260.674713][T12458] ? do_raw_spin_lock+0x103/0x7b0 [ 2260.679763][T12458] ? handle_mm_fault+0x235a/0x2900 [ 2260.684910][T12458] handle_mm_fault+0x241f/0x2900 [ 2260.689907][T12458] do_user_addr_fault+0x588/0xaf0 [ 2260.694968][T12458] do_page_fault+0x13b/0x250 [ 2260.699581][T12458] page_fault+0x39/0x40 [ 2260.703758][T12458] RIP: 0033:0x40f61a [ 2260.707667][T12458] Code: 48 24 8b 4c 24 28 89 48 28 31 c0 48 8b 8c 04 20 01 00 00 48 89 8c 02 50 bf 76 00 48 83 c0 08 48 83 f8 48 75 e6 e8 76 3c ff ff <83> 05 e3 09 76 00 01 80 7c 24 07 00 74 0b f6 44 24 08 01 0f 84 b5 [ 2260.727289][T12458] RSP: 002b:00007ffeb3531150 EFLAGS: 00010207 [ 2260.733537][T12458] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 000000000045c479 [ 2260.741523][T12458] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 000000000076bf28 [ 2260.749528][T12458] RBP: 000000000076bf2c R08: 0000000000770dc0 R09: 00ffffffffffffff [ 2260.757729][T12458] R10: 00007ffeb3531210 R11: 0000000000000246 R12: 000000000076bf20 [ 2260.765721][T12458] R13: 0000000000000005 R14: 0000000000000000 R15: 000000000076bf2c [ 2260.793063][T12478] binder: BINDER_SET_CONTEXT_MGR already set 05:19:01 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000478800000000000000", 0x32) 05:19:01 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000160000000000", 0x32) [ 2260.800073][T12478] binder: 12478:12478 ioctl 40046207 0 returned -16 [ 2260.820790][T12458] memory: usage 306872kB, limit 307200kB, failcnt 16574 [ 2260.828790][T12458] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2260.836232][T12458] Memory cgroup stats for /syz4: [ 2260.836336][T12458] anon 118521856 [ 2260.836336][T12458] file 16384 [ 2260.836336][T12458] kernel_stack 29011968 [ 2260.836336][T12458] slab 52731904 [ 2260.836336][T12458] sock 0 [ 2260.836336][T12458] shmem 73728 [ 2260.836336][T12458] file_mapped 0 [ 2260.836336][T12458] file_dirty 0 [ 2260.836336][T12458] file_writeback 0 [ 2260.836336][T12458] anon_thp 0 [ 2260.836336][T12458] inactive_anon 786432 [ 2260.836336][T12458] active_anon 117719040 [ 2260.836336][T12458] inactive_file 98304 [ 2260.836336][T12458] active_file 0 [ 2260.836336][T12458] unevictable 0 [ 2260.836336][T12458] slab_reclaimable 7839744 [ 2260.836336][T12458] slab_unreclaimable 44892160 [ 2260.836336][T12458] pgfault 247170 05:19:02 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x18, 0x0, &(0x7f0000000140)=[@acquire={0x40046304}, @clear_death], 0x0, 0x8126000, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r3, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, 0x0) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x9, 0x125980) set_thread_area(0x0) pivot_root(0x0, 0x0) [ 2260.836336][T12458] pgmajfault 0 [ 2260.836336][T12458] workingset_refault 3696 [ 2260.836336][T12458] workingset_activate 1749 [ 2260.836336][T12458] workingset_nodereclaim 0 [ 2260.836336][T12458] pgrefill 138723 [ 2260.836336][T12458] pgscan 156324 [ 2260.836336][T12458] pgsteal 20039 05:19:02 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000488800000000000000", 0x32) 05:19:02 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000170000000000", 0x32) [ 2261.009886][T12458] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=23025,uid=0 [ 2261.144540][T12458] Memory cgroup out of memory: Killed process 23025 (syz-executor.4) total-vm:74836kB, anon-rss:168kB, file-rss:35812kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 2261.238935][T12473] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2261.253804][T12473] CPU: 1 PID: 12473 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2261.262531][T12473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2261.272741][T12473] Call Trace: [ 2261.276055][T12473] dump_stack+0x1fb/0x318 [ 2261.280413][T12473] dump_header+0xd8/0x960 [ 2261.284770][T12473] oom_kill_process+0xee/0x370 [ 2261.289565][T12473] out_of_memory+0x5dc/0x900 [ 2261.294384][T12473] try_charge+0x128f/0x18a0 [ 2261.298955][T12473] __memcg_kmem_charge_memcg+0x37/0x140 [ 2261.304521][T12473] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2261.310108][T12473] __memcg_kmem_charge+0x105/0x340 [ 2261.315262][T12473] __alloc_pages_nodemask+0x29a/0x5d0 [ 2261.320658][T12473] alloc_pages_current+0x2db/0x500 [ 2261.326256][T12473] pte_alloc_one+0x1f/0x180 [ 2261.330769][T12473] do_read_fault+0x2cf/0x9e0 [ 2261.335454][T12473] handle_mm_fault+0x1c01/0x2900 [ 2261.340424][T12473] do_user_addr_fault+0x588/0xaf0 [ 2261.345780][T12473] do_page_fault+0x13b/0x250 [ 2261.350377][T12473] page_fault+0x39/0x40 [ 2261.354744][T12473] RIP: 0033:0x45c479 [ 2261.358775][T12473] Code: Bad RIP value. [ 2261.362854][T12473] RSP: 002b:00007fe0b78f1c78 EFLAGS: 00010246 [ 2261.369020][T12473] RAX: 0000000000000000 RBX: 00007fe0b78f26d4 RCX: 000000000045c479 [ 2261.377112][T12473] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 2261.385157][T12473] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2261.393229][T12473] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2261.401255][T12473] R13: 0000000000000074 R14: 00000000004c2d06 R15: 000000000076bf2c [ 2261.412270][T12473] memory: usage 306696kB, limit 307200kB, failcnt 16574 [ 2261.419433][T12473] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2261.426393][T12473] Memory cgroup stats for /syz4: [ 2261.427854][T12473] anon 118370304 [ 2261.427854][T12473] file 16384 [ 2261.427854][T12473] kernel_stack 28975104 [ 2261.427854][T12473] slab 52731904 [ 2261.427854][T12473] sock 0 [ 2261.427854][T12473] shmem 73728 [ 2261.427854][T12473] file_mapped 0 [ 2261.427854][T12473] file_dirty 0 [ 2261.427854][T12473] file_writeback 0 [ 2261.427854][T12473] anon_thp 0 [ 2261.427854][T12473] inactive_anon 786432 [ 2261.427854][T12473] active_anon 117583872 [ 2261.427854][T12473] inactive_file 98304 [ 2261.427854][T12473] active_file 0 [ 2261.427854][T12473] unevictable 0 [ 2261.427854][T12473] slab_reclaimable 7839744 [ 2261.427854][T12473] slab_unreclaimable 44892160 [ 2261.427854][T12473] pgfault 247170 [ 2261.427854][T12473] pgmajfault 0 [ 2261.427854][T12473] workingset_refault 3696 [ 2261.427854][T12473] workingset_activate 1749 [ 2261.427854][T12473] workingset_nodereclaim 0 [ 2261.427854][T12473] pgrefill 138723 [ 2261.427854][T12473] pgscan 156357 [ 2261.427854][T12473] pgsteal 20039 [ 2261.524454][T12473] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=23006,uid=0 [ 2261.540095][T12473] Memory cgroup out of memory: Killed process 23006 (syz-executor.4) total-vm:74836kB, anon-rss:168kB, file-rss:35812kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 2261.568684][ T1143] oom_reaper: reaped process 23006 (syz-executor.4), now anon-rss:0kB, file-rss:34852kB, shmem-rss:0kB [ 2261.597158][T12467] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2261.607756][T12467] CPU: 0 PID: 12467 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2261.616658][T12467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2261.626713][T12467] Call Trace: [ 2261.630022][T12467] dump_stack+0x1fb/0x318 [ 2261.634664][T12467] dump_header+0xd8/0x960 [ 2261.639021][T12467] oom_kill_process+0xee/0x370 [ 2261.643825][T12467] out_of_memory+0x5dc/0x900 [ 2261.648454][T12467] try_charge+0x128f/0x18a0 [ 2261.653104][T12467] mem_cgroup_try_charge+0x216/0x550 [ 2261.658574][T12467] mem_cgroup_try_charge_delay+0x25/0xa0 [ 2261.664246][T12467] wp_page_copy+0x35f/0x1c50 [ 2261.668886][T12467] do_wp_page+0x5e4/0x16d0 [ 2261.673330][T12467] ? __kasan_check_write+0x14/0x20 [ 2261.678446][T12467] ? do_raw_spin_lock+0x103/0x7b0 [ 2261.683481][T12467] ? handle_mm_fault+0x235a/0x2900 [ 2261.688716][T12467] handle_mm_fault+0x241f/0x2900 [ 2261.694211][T12467] do_user_addr_fault+0x588/0xaf0 [ 2261.699291][T12467] do_page_fault+0x13b/0x250 [ 2261.704205][T12467] page_fault+0x39/0x40 [ 2261.708498][T12467] RIP: 0033:0x40419e [ 2261.712472][T12467] Code: 48 dc ff ff 0f 1f 84 00 00 00 00 00 0f b6 b5 84 00 00 00 bf 81 13 4c 00 31 c0 e8 0d dd ff ff e9 30 fe ff ff 8b 0b 48 83 f8 ff <48> 89 45 78 89 8d 80 00 00 00 0f 85 8d fd ff ff 85 c9 0f 85 85 fd [ 2261.732280][T12467] RSP: 002b:00007fe0b78f1c90 EFLAGS: 00010207 [ 2261.738342][T12467] RAX: 000000000000245f RBX: 00007fe0b78f26d4 RCX: 0000000000000000 [ 2261.746545][T12467] RDX: 0000000000000001 RSI: 0000000000403ecc RDI: 0000000000000000 [ 2261.754738][T12467] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2261.763057][T12467] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2261.771094][T12467] R13: 0000000000000074 R14: 00000000004c2d06 R15: 000000000076bf2c [ 2261.780806][T12467] memory: usage 306412kB, limit 307200kB, failcnt 16574 [ 2261.787922][T12467] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2261.795500][T12467] Memory cgroup stats for /syz4: [ 2261.796452][T12467] anon 118226944 [ 2261.796452][T12467] file 16384 [ 2261.796452][T12467] kernel_stack 28938240 [ 2261.796452][T12467] slab 52731904 [ 2261.796452][T12467] sock 0 [ 2261.796452][T12467] shmem 73728 [ 2261.796452][T12467] file_mapped 0 [ 2261.796452][T12467] file_dirty 0 [ 2261.796452][T12467] file_writeback 0 [ 2261.796452][T12467] anon_thp 0 [ 2261.796452][T12467] inactive_anon 786432 [ 2261.796452][T12467] active_anon 117448704 [ 2261.796452][T12467] inactive_file 98304 [ 2261.796452][T12467] active_file 0 [ 2261.796452][T12467] unevictable 0 [ 2261.796452][T12467] slab_reclaimable 7839744 [ 2261.796452][T12467] slab_unreclaimable 44892160 [ 2261.796452][T12467] pgfault 247170 [ 2261.796452][T12467] pgmajfault 0 [ 2261.796452][T12467] workingset_refault 3696 [ 2261.796452][T12467] workingset_activate 1749 [ 2261.796452][T12467] workingset_nodereclaim 0 [ 2261.796452][T12467] pgrefill 138723 [ 2261.796452][T12467] pgscan 156357 [ 2261.796452][T12467] pgsteal 20039 [ 2261.893037][T12467] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=19652,uid=0 [ 2261.909353][T12467] Memory cgroup out of memory: Killed process 19652 (syz-executor.4) total-vm:74704kB, anon-rss:160kB, file-rss:35820kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 2261.950654][ T9215] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 2261.963945][ T9215] CPU: 0 PID: 9215 Comm: syz-executor.1 Not tainted 5.6.0-rc3-syzkaller #0 [ 2261.972592][ T9215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2261.982671][ T9215] Call Trace: [ 2261.986126][ T9215] dump_stack+0x1fb/0x318 [ 2261.990506][ T9215] dump_header+0xd8/0x960 [ 2261.995036][ T9215] oom_kill_process+0xee/0x370 [ 2261.999840][ T9215] out_of_memory+0x5dc/0x900 [ 2262.004506][ T9215] try_charge+0x128f/0x18a0 [ 2262.009052][ T9215] __memcg_kmem_charge_memcg+0x37/0x140 [ 2262.014665][ T9215] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2262.020239][ T9215] __memcg_kmem_charge+0x105/0x340 [ 2262.028601][ T9215] __alloc_pages_nodemask+0x29a/0x5d0 [ 2262.034106][ T9215] alloc_pages_current+0x2db/0x500 [ 2262.039249][ T9215] pte_alloc_one+0x1f/0x180 [ 2262.043781][ T9215] __pte_alloc+0x20/0x2f0 [ 2262.048247][ T9215] copy_page_range+0x2434/0x2950 [ 2262.053423][ T9215] ? __vma_link_rb+0x822/0x840 [ 2262.058343][ T9215] dup_mmap+0x9f1/0xdf0 [ 2262.062625][ T9215] dup_mm+0x9e/0x340 [ 2262.066524][ T9215] copy_process+0x2080/0x57b0 [ 2262.071369][ T9215] ? debug_smp_processor_id+0x9/0x20 [ 2262.076702][ T9215] _do_fork+0x13e/0x660 [ 2262.080999][ T9215] ? check_preemption_disabled+0x44/0x260 [ 2262.086735][ T9215] ? debug_smp_processor_id+0x9/0x20 [ 2262.092164][ T9215] ? check_preemption_disabled+0x44/0x260 [ 2262.097885][ T9215] ? debug_smp_processor_id+0x9/0x20 [ 2262.103268][ T9215] ? check_preemption_disabled+0x44/0x260 [ 2262.109057][ T9215] __x64_sys_clone+0x20b/0x250 [ 2262.113855][ T9215] do_syscall_64+0xf7/0x1c0 [ 2262.118512][ T9215] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2262.124728][ T9215] RIP: 0033:0x45aa4a [ 2262.128755][ T9215] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2262.148659][ T9215] RSP: 002b:00007ffc28d10e20 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2262.157229][ T9215] RAX: ffffffffffffffda RBX: 00007ffc28d10e20 RCX: 000000000045aa4a [ 2262.165452][ T9215] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2262.173678][ T9215] RBP: 00007ffc28d10e60 R08: 0000000000000001 R09: 0000000002844940 [ 2262.181770][ T9215] R10: 0000000002844c10 R11: 0000000000000246 R12: 0000000000000001 [ 2262.189749][ T9215] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffc28d10eb0 [ 2262.198641][ T9215] memory: usage 307200kB, limit 307200kB, failcnt 12414 [ 2262.210542][ T9215] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2262.226995][ T9215] Memory cgroup stats for /syz1: [ 2262.227109][ T9215] anon 117362688 [ 2262.227109][ T9215] file 122880 [ 2262.227109][ T9215] kernel_stack 28311552 [ 2262.227109][ T9215] slab 54505472 [ 2262.227109][ T9215] sock 131072 [ 2262.227109][ T9215] shmem 0 [ 2262.227109][ T9215] file_mapped 135168 [ 2262.227109][ T9215] file_dirty 0 [ 2262.227109][ T9215] file_writeback 0 [ 2262.227109][ T9215] anon_thp 0 [ 2262.227109][ T9215] inactive_anon 516096 [ 2262.227109][ T9215] active_anon 117071872 [ 2262.227109][ T9215] inactive_file 4096 [ 2262.227109][ T9215] active_file 114688 [ 2262.227109][ T9215] unevictable 0 [ 2262.227109][ T9215] slab_reclaimable 10137600 [ 2262.227109][ T9215] slab_unreclaimable 44367872 [ 2262.227109][ T9215] pgfault 239019 [ 2262.227109][ T9215] pgmajfault 0 [ 2262.227109][ T9215] workingset_refault 2046 [ 2262.227109][ T9215] workingset_activate 528 [ 2262.227109][ T9215] workingset_nodereclaim 0 [ 2262.227109][ T9215] pgrefill 100236 [ 2262.227109][ T9215] pgscan 101648 [ 2262.227109][ T9215] pgsteal 3427 [ 2262.324839][ T9215] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=12426,uid=0 [ 2262.340883][ T9215] Memory cgroup out of memory: Killed process 12426 (syz-executor.1) total-vm:74836kB, anon-rss:164kB, file-rss:35804kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2262.360540][ T1143] oom_reaper: reaped process 12426 (syz-executor.1), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB [ 2262.408336][T12501] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2262.456319][T12501] CPU: 1 PID: 12501 Comm: syz-executor.1 Not tainted 5.6.0-rc3-syzkaller #0 [ 2262.465060][T12501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2262.475253][T12501] Call Trace: [ 2262.478563][T12501] dump_stack+0x1fb/0x318 [ 2262.482925][T12501] dump_header+0xd8/0x960 [ 2262.487280][T12501] oom_kill_process+0xee/0x370 [ 2262.492083][T12501] out_of_memory+0x5dc/0x900 [ 2262.496699][T12501] try_charge+0x128f/0x18a0 [ 2262.501501][T12501] __memcg_kmem_charge_memcg+0x37/0x140 [ 2262.507067][T12501] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2262.512644][T12501] __memcg_kmem_charge+0x105/0x340 [ 2262.517779][T12501] dup_task_struct+0x244/0x7d0 [ 2262.522646][T12501] copy_process+0x552/0x57b0 [ 2262.527245][T12501] ? debug_smp_processor_id+0x9/0x20 [ 2262.532896][T12501] ? check_preemption_disabled+0x44/0x260 [ 2262.539041][T12501] ? debug_smp_processor_id+0x9/0x20 [ 2262.544596][T12501] _do_fork+0x13e/0x660 [ 2262.548795][T12501] ? check_preemption_disabled+0x44/0x260 [ 2262.554885][T12501] ? debug_smp_processor_id+0x9/0x20 [ 2262.560285][T12501] ? check_preemption_disabled+0x44/0x260 [ 2262.565996][T12501] ? debug_smp_processor_id+0x9/0x20 [ 2262.571402][T12501] ? check_preemption_disabled+0x44/0x260 [ 2262.577128][T12501] __x64_sys_clone+0x20b/0x250 [ 2262.581929][T12501] do_syscall_64+0xf7/0x1c0 [ 2262.586433][T12501] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2262.592488][T12501] RIP: 0033:0x45ee49 [ 2262.596390][T12501] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2262.616282][T12501] RSP: 002b:00007ffc28d10b88 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2262.624723][T12501] RAX: ffffffffffffffda RBX: 00007fea86baa700 RCX: 000000000045ee49 [ 2262.632836][T12501] RDX: 00007fea86baa9d0 RSI: 00007fea86ba9db0 RDI: 00000000003d0f00 [ 2262.641440][T12501] RBP: 00007ffc28d10da0 R08: 00007fea86baa700 R09: 00007fea86baa700 [ 2262.649435][T12501] R10: 00007fea86baa9d0 R11: 0000000000000202 R12: 0000000000000000 [ 2262.657571][T12501] R13: 00007ffc28d10c3f R14: 00007fea86baa9c0 R15: 000000000076bf2c [ 2262.669759][T12501] memory: usage 307040kB, limit 307200kB, failcnt 12426 [ 2262.676751][T12501] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2262.689323][T12501] Memory cgroup stats for /syz1: [ 2262.689462][T12501] anon 117362688 [ 2262.689462][T12501] file 122880 [ 2262.689462][T12501] kernel_stack 28311552 [ 2262.689462][T12501] slab 54505472 [ 2262.689462][T12501] sock 131072 [ 2262.689462][T12501] shmem 0 [ 2262.689462][T12501] file_mapped 135168 [ 2262.689462][T12501] file_dirty 0 [ 2262.689462][T12501] file_writeback 0 [ 2262.689462][T12501] anon_thp 0 [ 2262.689462][T12501] inactive_anon 516096 [ 2262.689462][T12501] active_anon 117071872 [ 2262.689462][T12501] inactive_file 4096 [ 2262.689462][T12501] active_file 114688 [ 2262.689462][T12501] unevictable 0 [ 2262.689462][T12501] slab_reclaimable 10137600 [ 2262.689462][T12501] slab_unreclaimable 44367872 05:19:03 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @remote}}) write$tun(r0, &(0x7f00000021c0)={@void, @val={0x9}, @mpls={[], @ipv6=@icmpv6={0x0, 0x6, "9eef7b", 0xf98, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x3, 0x0, 0x0, 0x0, {0x0, 0x6, "6595c3", 0x0, 0x0, 0x0, @mcast2, @loopback, [@dstopts={0x11, 0x13, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7], [@padn={0x1, 0x1, [0x0]}, @enc_lim, @ra, @calipso={0x7, 0x30, {0x0, 0xa, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}}, @calipso={0x7, 0x40, {0x0, 0xe, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, @hao={0xc9, 0x10, @mcast2}, @jumbo, @pad1]}, @srh={0x2, 0xc, 0x4, 0x6, 0x0, 0x0, 0x0, [@loopback, @loopback, @remote, @mcast2, @local, @mcast2]}, @hopopts={0x0, 0x1b8, [], [@ra, @generic={0x0, 0xdbb, "0cad4f4a7eeb53720a5107b6d8001a2f2241086745756559ca43dcc86c24645dd1ca87e3caf5413013c6baee7f151d411bad8f23a85fadfe0f959c12d3393193f4499171ba7b0fdee3a48548863719a05490befc514e21c91ea0c4bcc0e488e1cec20d2c2a5a69ce3dd47d41718560907c58078035d2a51850b0d85282b4a9ab5626b195d85d2727ed7047b647859a72011ff3fa524341909f841651f63701526c6a7e741f3bded9c25d978a77f334d12931fdd5484306ec3d6b268311f46917b7e42efa149511bafa5415d17ac02ab8937249a68b2e3fddb941b0040ced142c2afedcbec1039d40f4923ea3d4475ac561a6a0e869569dd13e736bf127eacb110f8d010329fccadf8e48b27819c823ca0f507f87b3d63ef1869cba2fe3deb0ad1dbaa1a343ab0a856f3e248c6af4ddbfc11824031ce2beeae0991b79382da8b02e0d25715845fc86df5a6279d54d675789e58df953992123c28c532058750c5978a819ddaadbcbe1d7fc264cb688b91668e116227771f36e2a8eb8b7bc364dbda1b3225c6bf9d82ae1e69fe54b17ff692f8b47718b508b8a4e10735bcb55f90616e50d6ba8851388d0f1b39957374ddc9efb243ac2a2bc436e867f3e1499e62d9d158ac22d4d0350b45d1ff2db14ff9507defa68bd37bc5a2e4f7988329171dd59db16a044b748fb6e05e3ca8f863b2ddd8623495f0c3d183e1b610263f17d7629921562a42a3c45a515a30a2c3edc574dff264f881f61393447a1fd773a20e494ac3afc0df59da758af735fbd5e6ad689e95675e29c15617764084f5b6f4732435f63ccb423df6442ad322600e21be45296fd27ca9e08ee7f442a688a32817404d9300ce4a70c2b75ca422b2173a52e9a800f5e520f349525b4c493701ae68ae0efc5e117b9a20735e47c37ccd977686b30d6cabb18f8e7c07ef9721f7daaf4b2c1fd02ec9a2e6e2fd458fa93e4f54d96d5e25ebaca4f322994ae737ee0181b9fac284e952b71fa18ecc7f1c3752a6385a596c094d36654008db0a2a785bf55bcb973d3c5e45ea9ca7506c10ecc0472fd4dd568e38548e87f8557d90290d8a8985cfa43853de5ff75d5a6d8f697c2a6a727675ea5aa1779b1cc98b4ff9556933c7bfa3ae59ada5c8d49191cbea2f2b457dd53c62a4dd257e808b3804cd18a95d566a818797fdc09f4b607dc97b634a9d9e447cc2252f51dd8ad9f5a10ccf32b7154992623957d963731bc4331adfc90c48361e4e2239892c82ff9260ad221c2e83c2352095d95a3d44a402e874edaa8a304f2e1c3d6a383a0515eb5657589a67691a22f10b89fd74123f7cec086d434da40ba509b0dbdf1fa82f4b16f9f3e6df6b0b28c3a85ab272e50e064fc37f681fcb5cfa0c0899a9b88d0a483281032cb16a80202b96cfe473ba073fcb9a6eeeee0032afe23506facba3ed1d11608d21a580ab87eeef70d18d9331eae104f6d77a4bc96bce642815485f513bb71ddc560bc31e995aba9faccd7d1bf74c8fe2b5d7137e3b771a2f408ac06d24bad2f7f4c8f6d7d977d7248415ccbd3420688ff681cf9b00724b6981b2555b86bce142c5d3bef47ebf75e989b337cb8cb98ed24402a98a4224685ceb2ded92f347e5192903dff7f6ed980cbf1413b8eb68474a9abac3fb206ef1ebe0d08dd999c9ecf811d0706d0a705a23ae530d3775e978159dc3c73b86dcd18a61e1c6c8b810041fbd80e0a4c9ff8a73933bb3dae152514ced9ee050e059c6f1bd0dbf2e3517ee3c2d770c296e6596290cf800508715da0799efced72be1ab153bec534129279639ba1afde05179952bf9e80133865b60c5669ef3b6972483e2936ac87a69c8e296a0c24cc0b2ce8583c99414ce7d7309c404b0652f27e6911fdfb59877366fa8754e716e50aa99cd04cbf7eb2c8e118b1a17d9965d6611dc65ac8c6b3a4d5d3df3097c4163c354509b50df0cc2daf0291bbd384a34dec960fd84a67cb30b761ee8161bb25d389bd20e15bfcf7f5edd77005e96e90c5a9bbacd7b3f9f5bbdb880f0a7e1254572b86cb28b3c310ba3052d3785b024ed3f3fafabf1393cf2d882b8bacca30d69adc024baede50d9b0bc2ffcd2bf5c6fef2fc290390162b563b8e846d7b615115818623113f01a1c216b9f588b65db63a459bcfce53020debb6de6e746ef2f9f1c8276ba8995e1bd02d3194e9875e1692ea0255743ba2175c4a804f57a4c19a2c7a4f8f36557878deba2d485aa67c2f36ccbb582f3c569e5d00fe8636857f30854abea6758389bcc832d0de97635ea41e42efa0b7c06fd4f84deeaebccfa8852e3c5582ade34fbe462b5244156d4545bd32377c65e3b0303879f8cc8f177056e39f99591dbaf1b2640f9b68c4cf3989fdd442cb1298d62ce43a21c56bc9556eb27431c04ed337fcd37c26387772677c25c7be21ee74d087c7b88457f30b34a493acb519295f38f4b9bc6764fcbd763d4f9e061d0fd8cb7800e2e0ec18d0fbfdbddc9af8d817b3cf16ce82c91f184f5c8184736203e1bcdb4b8c03a2176926cac0ba9fcf7e21604973d53ee3fc38263e80cea9b1cd9a5016d3e03141426a6802e0926485e8afff7cf8be9bdd2ce685128a7631314c4414a6ade6a85975c1b2958d9c52e455174ca71562eaf6102654466c66f5d3e251e6cae5efd91a88a2513f0587d80b9aafd1936b43beb4054bc35f1c42c0381618bbba181f0de8f4e7aa15f87bc7bb4609f88eadbb83bcc13f8caf7eca20a938c35378f8d3a810a7463d8a2487a157871a7402ab05b54bed456fb2d4c440976ccb4e724a20ba1941f3b3db4f8a185982bd719362b7e190052b5579835d1da2adcfdbec002fdb5f7b187fd365eb601432bf984ad6ee59e13aafba08485997587417b70f8cdf4f7370f04d94df49e135ed3012b87e50b93b27c78e1409f05a4bc0b75e6322068de9b0af459fdc40e3649fb2a7fb1296e00e7d48315705ecbb7815fedb45b8773309489e47aaa4009952604df5d6cd57ec310fc387ecdb296c11376715286df3d15f651310461e83c2ae6d407db6f81784b291e6c8f42907dd4c473cb72dedeb930668d6e5efd95bd1f69d9e818a744557689f7106d0d2a3c3e6f79c98559f9c31ca32307011fa3d70963cc2801babc9a23f73f5fa4bcd04285927f6ef7c5099a4620b85ca8dff2a56fe8aac89949dac74cf869739610d87068e3d32fdba1d5b7460b7857249091cb62b6d9f824ffb9b88a02ea4926da7b8b672ad08ec8c7508a3c5ba901e7c8c8a19e63bbc148a8bb307c6f5d87c736c9d6bcfaabdc7da7102a8bc466c6c11c0bf1973aaf9bc181f996b8aa726dc952dd26df33d6b2aa8de037308df7935ef3390e5939fd9cdf2044b40422197fac93f1762ad342d293162c109f39a369e48977af8ea32a7a098fd9cd7cd979b41a104b8359038cd6741a73968c72d09e9b9869d8dc5fc36b9bfdc89b8cffcede960561a9d1e4aa2453f712caecd2a4206947d3588190e3433bdb87a9241e08686dc78f00162f8239d660b74d42ae1d534ffc3a51fc308f98a5ac00f4da9bdcee4e6d0bf627d17366691a3ab8569b730ad31dcc5324c8835b19b65a11845a03434e10329c5feeeb1088b13a3bc3fe65c3eb6e549003d8d211b87823a44910b2a42e340dd2176a17a2e6ebb45cc59baa9a3bbfd74e6ee8d2c512a825292bdd7abe5ff7ede61b74376e5bc37faf8d69346fa32708df690b2d5b5f18727e4bdb899718e38dae959bb56d95ac153beb1426f3cca03105d5fed56e597822bfc31bb284a9848f1b6b9a1910ad2af8b76887cdd2b1de1f81cd542e0c889e89737d61f5e50ef964205a3b4c77c72271f83015e34989d60ef6d0d6c307902975d5dbe90a23ee1cde956cf70135c91a199d9f75500dc95604b9e7eb365ea858d90377601bad95e07a0f156ffc02778365315b67093aebe32a2a5f00ba8b0eae6fb0414eabe117fd590bc39e9208b4137977b5a8610462f2e83cff2b16edcb444b5d33035d0a80bcb1da228247cad6c11369c5026c5a8320d97cbac232b0ecc0b201552e0f41ab143040324217ad67e8606b34a3349e4ef0c34f9cf56d5b6d157c09b178b358491eb270093a99f522afa3aedaf5dc705fe1842b12515dfe1650dd92ab489bed299677eeff81da531569a3ad832ae273a0b47627561a35da92a6c1b161dbf496248f04feb5a407d99968d6ba0174f453d94708be5a57d82b980bd7751b4a9590dc7b4d38c912a8571ebc39150f7e52efad66cb6d3996710bc5a3e89576182a6a1e15d95dbd74c1ab791bee657547ffb645feb8566ed8db97003f1ff2312946a0404c8dfc0f0a240d8320795c83e66f1429eb56db9ba6e1cee43cbc9e95bd10ceccf1f2ff6b8264ed4e83928e0c5056ad07ba0dad0bb21bec76d7b6ee05a2f0bac88f17004e2e299ccb2679099cc838e25f78685509b69d3164c1fae4c538e683af818d223e8806f50da7504008173b9fc69eafb649dc4b516e4554edbe8c9a0ba46db39c962af343e9caada22d55e3d7ad01e5e5d7d146edfc3a93ce8afde8416b8e9a929b8d88909e11554f1b934a98be2d6e6e0ae2ff66f10be722958a0c0c3766f69d590fc56ed8ae47c289413d62310e8022369e8102d0407bfd30c103fb743c81360752a71f36be5a511c43ebdb493d96a7b2eb80494a028f6cc76a2d0eb0aa1f1392bb50a2ba71384f071473d0774e425dd2d212b537f8f654458e0a5d300780c3d29ddcabe9fdd95c14e6cbd924d1aad9eaa2e00d45278609ef27fdec8d81c9221d07b59370db0911550fdddc9ef3ba760109ba384b3ad7ba5747aa50e0b9832bf39cbf5244de38af8c273d497597be8d4e5575d13a580584436621bb5b7878d23991a6221381af19ef2be71e2c7dea6e5fc9dbe0039ccb02d13d978eebdd411727ee7faed65ca6c872bf9c37322ede378709e9f6a61a1b07c7ceeb94b7719d78a8a3d8221695ba"}]}], "4011c6ed3ec831c0a859df4fd6a1cf59a90c42b433580b288a28728fb104cc462f4e92a1a4d50c2d9d75ce8b5ae9b1d6e9a4a79cae905957835e850585441d5cb5c76b06ad60a5a9003ebacf0d40fb6c636fd81af39f9d170ef5af99cd3e3e7ff54f71ca5d83d2b122ebbbc1333a2c811bc4095b572ebbcb83561044b2794ae54b33e99f48eac0eb"}}}}}}, 0xfca) 05:19:03 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0xa00}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 05:19:03 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000180000000000", 0x32) 05:19:03 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f0000000ec000000000000000", 0x32) 05:19:03 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) [ 2262.689462][T12501] pgfault 239052 [ 2262.689462][T12501] pgmajfault 0 [ 2262.689462][T12501] workingset_refault 2046 [ 2262.689462][T12501] workingset_activate 528 [ 2262.689462][T12501] workingset_nodereclaim 0 [ 2262.689462][T12501] pgrefill 100302 [ 2262.689462][T12501] pgscan 101681 [ 2262.689462][T12501] pgsteal 3427 [ 2262.793476][T12501] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=12851,uid=0 05:19:03 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000190000000000", 0x32) [ 2262.846050][T12501] Memory cgroup out of memory: Killed process 12851 (syz-executor.1) total-vm:74836kB, anon-rss:164kB, file-rss:35804kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 05:19:04 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000004003000000000000", 0x32) [ 2262.927559][T12514] ref_ctr_offset mismatch. inode: 0x4836 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfffffff6 05:19:04 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f0000000000001a0000000000", 0x32) [ 2263.036050][T12524] binder: BINDER_SET_CONTEXT_MGR already set 05:19:04 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x18, 0x0, &(0x7f0000000140)=[@acquire={0x40046304}, @clear_death], 0x0, 0x8126000, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r3, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, 0x0) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x9, 0x125980) set_thread_area(0x0) pivot_root(0x0, 0x0) [ 2263.098726][T12524] binder: 12524:12524 ioctl 40046207 0 returned -16 05:19:04 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0xb00}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 05:19:04 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) [ 2263.437046][T12535] binder: BINDER_SET_CONTEXT_MGR already set [ 2263.443479][T12535] binder: 12533:12535 ioctl 40046207 0 returned -16 [ 2263.460560][T12544] ref_ctr_offset mismatch. inode: 0x47df offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfffffff6 05:19:04 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x18, 0x0, &(0x7f0000000140)=[@acquire={0x40046304}, @clear_death], 0x0, 0x8126000, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r3, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) syz_open_dev$amidi(0x0, 0x9, 0x125980) set_thread_area(0x0) pivot_root(0x0, 0x0) [ 2263.860380][T12549] binder: BINDER_SET_CONTEXT_MGR already set [ 2263.869268][T12549] binder: 12549:12549 ioctl 40046207 0 returned -16 [ 2264.069319][T12537] ref_ctr_offset mismatch. inode: 0x47df offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfffffff6 05:19:05 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @remote}}) write$tun(r0, &(0x7f00000021c0)={@void, @val={0x9}, @mpls={[], @ipv6=@icmpv6={0x0, 0x6, "9eef7b", 0xf98, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x3, 0x0, 0x0, 0x0, {0x0, 0x6, "6595c3", 0x0, 0x0, 0x0, @mcast2, @loopback, [@dstopts={0x11, 0x13, [0x0, 0x0, 0x0, 0x0, 0x0, 0x8], [@padn={0x1, 0x1, [0x0]}, @enc_lim, @ra, @calipso={0x7, 0x30, {0x0, 0xa, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}}, @calipso={0x7, 0x40, {0x0, 0xe, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, @hao={0xc9, 0x10, @mcast2}, @jumbo, @pad1]}, @srh={0x2, 0xc, 0x4, 0x6, 0x0, 0x0, 0x0, [@loopback, @loopback, @remote, @mcast2, @local, @mcast2]}, @hopopts={0x0, 0x1b8, [], [@ra, @generic={0x0, 0xdbb, "0cad4f4a7eeb53720a5107b6d8001a2f2241086745756559ca43dcc86c24645dd1ca87e3caf5413013c6baee7f151d411bad8f23a85fadfe0f959c12d3393193f4499171ba7b0fdee3a48548863719a05490befc514e21c91ea0c4bcc0e488e1cec20d2c2a5a69ce3dd47d41718560907c58078035d2a51850b0d85282b4a9ab5626b195d85d2727ed7047b647859a72011ff3fa524341909f841651f63701526c6a7e741f3bded9c25d978a77f334d12931fdd5484306ec3d6b268311f46917b7e42efa149511bafa5415d17ac02ab8937249a68b2e3fddb941b0040ced142c2afedcbec1039d40f4923ea3d4475ac561a6a0e869569dd13e736bf127eacb110f8d010329fccadf8e48b27819c823ca0f507f87b3d63ef1869cba2fe3deb0ad1dbaa1a343ab0a856f3e248c6af4ddbfc11824031ce2beeae0991b79382da8b02e0d25715845fc86df5a6279d54d675789e58df953992123c28c532058750c5978a819ddaadbcbe1d7fc264cb688b91668e116227771f36e2a8eb8b7bc364dbda1b3225c6bf9d82ae1e69fe54b17ff692f8b47718b508b8a4e10735bcb55f90616e50d6ba8851388d0f1b39957374ddc9efb243ac2a2bc436e867f3e1499e62d9d158ac22d4d0350b45d1ff2db14ff9507defa68bd37bc5a2e4f7988329171dd59db16a044b748fb6e05e3ca8f863b2ddd8623495f0c3d183e1b610263f17d7629921562a42a3c45a515a30a2c3edc574dff264f881f61393447a1fd773a20e494ac3afc0df59da758af735fbd5e6ad689e95675e29c15617764084f5b6f4732435f63ccb423df6442ad322600e21be45296fd27ca9e08ee7f442a688a32817404d9300ce4a70c2b75ca422b2173a52e9a800f5e520f349525b4c493701ae68ae0efc5e117b9a20735e47c37ccd977686b30d6cabb18f8e7c07ef9721f7daaf4b2c1fd02ec9a2e6e2fd458fa93e4f54d96d5e25ebaca4f322994ae737ee0181b9fac284e952b71fa18ecc7f1c3752a6385a596c094d36654008db0a2a785bf55bcb973d3c5e45ea9ca7506c10ecc0472fd4dd568e38548e87f8557d90290d8a8985cfa43853de5ff75d5a6d8f697c2a6a727675ea5aa1779b1cc98b4ff9556933c7bfa3ae59ada5c8d49191cbea2f2b457dd53c62a4dd257e808b3804cd18a95d566a818797fdc09f4b607dc97b634a9d9e447cc2252f51dd8ad9f5a10ccf32b7154992623957d963731bc4331adfc90c48361e4e2239892c82ff9260ad221c2e83c2352095d95a3d44a402e874edaa8a304f2e1c3d6a383a0515eb5657589a67691a22f10b89fd74123f7cec086d434da40ba509b0dbdf1fa82f4b16f9f3e6df6b0b28c3a85ab272e50e064fc37f681fcb5cfa0c0899a9b88d0a483281032cb16a80202b96cfe473ba073fcb9a6eeeee0032afe23506facba3ed1d11608d21a580ab87eeef70d18d9331eae104f6d77a4bc96bce642815485f513bb71ddc560bc31e995aba9faccd7d1bf74c8fe2b5d7137e3b771a2f408ac06d24bad2f7f4c8f6d7d977d7248415ccbd3420688ff681cf9b00724b6981b2555b86bce142c5d3bef47ebf75e989b337cb8cb98ed24402a98a4224685ceb2ded92f347e5192903dff7f6ed980cbf1413b8eb68474a9abac3fb206ef1ebe0d08dd999c9ecf811d0706d0a705a23ae530d3775e978159dc3c73b86dcd18a61e1c6c8b810041fbd80e0a4c9ff8a73933bb3dae152514ced9ee050e059c6f1bd0dbf2e3517ee3c2d770c296e6596290cf800508715da0799efced72be1ab153bec534129279639ba1afde05179952bf9e80133865b60c5669ef3b6972483e2936ac87a69c8e296a0c24cc0b2ce8583c99414ce7d7309c404b0652f27e6911fdfb59877366fa8754e716e50aa99cd04cbf7eb2c8e118b1a17d9965d6611dc65ac8c6b3a4d5d3df3097c4163c354509b50df0cc2daf0291bbd384a34dec960fd84a67cb30b761ee8161bb25d389bd20e15bfcf7f5edd77005e96e90c5a9bbacd7b3f9f5bbdb880f0a7e1254572b86cb28b3c310ba3052d3785b024ed3f3fafabf1393cf2d882b8bacca30d69adc024baede50d9b0bc2ffcd2bf5c6fef2fc290390162b563b8e846d7b615115818623113f01a1c216b9f588b65db63a459bcfce53020debb6de6e746ef2f9f1c8276ba8995e1bd02d3194e9875e1692ea0255743ba2175c4a804f57a4c19a2c7a4f8f36557878deba2d485aa67c2f36ccbb582f3c569e5d00fe8636857f30854abea6758389bcc832d0de97635ea41e42efa0b7c06fd4f84deeaebccfa8852e3c5582ade34fbe462b5244156d4545bd32377c65e3b0303879f8cc8f177056e39f99591dbaf1b2640f9b68c4cf3989fdd442cb1298d62ce43a21c56bc9556eb27431c04ed337fcd37c26387772677c25c7be21ee74d087c7b88457f30b34a493acb519295f38f4b9bc6764fcbd763d4f9e061d0fd8cb7800e2e0ec18d0fbfdbddc9af8d817b3cf16ce82c91f184f5c8184736203e1bcdb4b8c03a2176926cac0ba9fcf7e21604973d53ee3fc38263e80cea9b1cd9a5016d3e03141426a6802e0926485e8afff7cf8be9bdd2ce685128a7631314c4414a6ade6a85975c1b2958d9c52e455174ca71562eaf6102654466c66f5d3e251e6cae5efd91a88a2513f0587d80b9aafd1936b43beb4054bc35f1c42c0381618bbba181f0de8f4e7aa15f87bc7bb4609f88eadbb83bcc13f8caf7eca20a938c35378f8d3a810a7463d8a2487a157871a7402ab05b54bed456fb2d4c440976ccb4e724a20ba1941f3b3db4f8a185982bd719362b7e190052b5579835d1da2adcfdbec002fdb5f7b187fd365eb601432bf984ad6ee59e13aafba08485997587417b70f8cdf4f7370f04d94df49e135ed3012b87e50b93b27c78e1409f05a4bc0b75e6322068de9b0af459fdc40e3649fb2a7fb1296e00e7d48315705ecbb7815fedb45b8773309489e47aaa4009952604df5d6cd57ec310fc387ecdb296c11376715286df3d15f651310461e83c2ae6d407db6f81784b291e6c8f42907dd4c473cb72dedeb930668d6e5efd95bd1f69d9e818a744557689f7106d0d2a3c3e6f79c98559f9c31ca32307011fa3d70963cc2801babc9a23f73f5fa4bcd04285927f6ef7c5099a4620b85ca8dff2a56fe8aac89949dac74cf869739610d87068e3d32fdba1d5b7460b7857249091cb62b6d9f824ffb9b88a02ea4926da7b8b672ad08ec8c7508a3c5ba901e7c8c8a19e63bbc148a8bb307c6f5d87c736c9d6bcfaabdc7da7102a8bc466c6c11c0bf1973aaf9bc181f996b8aa726dc952dd26df33d6b2aa8de037308df7935ef3390e5939fd9cdf2044b40422197fac93f1762ad342d293162c109f39a369e48977af8ea32a7a098fd9cd7cd979b41a104b8359038cd6741a73968c72d09e9b9869d8dc5fc36b9bfdc89b8cffcede960561a9d1e4aa2453f712caecd2a4206947d3588190e3433bdb87a9241e08686dc78f00162f8239d660b74d42ae1d534ffc3a51fc308f98a5ac00f4da9bdcee4e6d0bf627d17366691a3ab8569b730ad31dcc5324c8835b19b65a11845a03434e10329c5feeeb1088b13a3bc3fe65c3eb6e549003d8d211b87823a44910b2a42e340dd2176a17a2e6ebb45cc59baa9a3bbfd74e6ee8d2c512a825292bdd7abe5ff7ede61b74376e5bc37faf8d69346fa32708df690b2d5b5f18727e4bdb899718e38dae959bb56d95ac153beb1426f3cca03105d5fed56e597822bfc31bb284a9848f1b6b9a1910ad2af8b76887cdd2b1de1f81cd542e0c889e89737d61f5e50ef964205a3b4c77c72271f83015e34989d60ef6d0d6c307902975d5dbe90a23ee1cde956cf70135c91a199d9f75500dc95604b9e7eb365ea858d90377601bad95e07a0f156ffc02778365315b67093aebe32a2a5f00ba8b0eae6fb0414eabe117fd590bc39e9208b4137977b5a8610462f2e83cff2b16edcb444b5d33035d0a80bcb1da228247cad6c11369c5026c5a8320d97cbac232b0ecc0b201552e0f41ab143040324217ad67e8606b34a3349e4ef0c34f9cf56d5b6d157c09b178b358491eb270093a99f522afa3aedaf5dc705fe1842b12515dfe1650dd92ab489bed299677eeff81da531569a3ad832ae273a0b47627561a35da92a6c1b161dbf496248f04feb5a407d99968d6ba0174f453d94708be5a57d82b980bd7751b4a9590dc7b4d38c912a8571ebc39150f7e52efad66cb6d3996710bc5a3e89576182a6a1e15d95dbd74c1ab791bee657547ffb645feb8566ed8db97003f1ff2312946a0404c8dfc0f0a240d8320795c83e66f1429eb56db9ba6e1cee43cbc9e95bd10ceccf1f2ff6b8264ed4e83928e0c5056ad07ba0dad0bb21bec76d7b6ee05a2f0bac88f17004e2e299ccb2679099cc838e25f78685509b69d3164c1fae4c538e683af818d223e8806f50da7504008173b9fc69eafb649dc4b516e4554edbe8c9a0ba46db39c962af343e9caada22d55e3d7ad01e5e5d7d146edfc3a93ce8afde8416b8e9a929b8d88909e11554f1b934a98be2d6e6e0ae2ff66f10be722958a0c0c3766f69d590fc56ed8ae47c289413d62310e8022369e8102d0407bfd30c103fb743c81360752a71f36be5a511c43ebdb493d96a7b2eb80494a028f6cc76a2d0eb0aa1f1392bb50a2ba71384f071473d0774e425dd2d212b537f8f654458e0a5d300780c3d29ddcabe9fdd95c14e6cbd924d1aad9eaa2e00d45278609ef27fdec8d81c9221d07b59370db0911550fdddc9ef3ba760109ba384b3ad7ba5747aa50e0b9832bf39cbf5244de38af8c273d497597be8d4e5575d13a580584436621bb5b7878d23991a6221381af19ef2be71e2c7dea6e5fc9dbe0039ccb02d13d978eebdd411727ee7faed65ca6c872bf9c37322ede378709e9f6a61a1b07c7ceeb94b7719d78a8a3d8221695ba"}]}], "4011c6ed3ec831c0a859df4fd6a1cf59a90c42b433580b288a28728fb104cc462f4e92a1a4d50c2d9d75ce8b5ae9b1d6e9a4a79cae905957835e850585441d5cb5c76b06ad60a5a9003ebacf0d40fb6c636fd81af39f9d170ef5af99cd3e3e7ff54f71ca5d83d2b122ebbbc1333a2c811bc4095b572ebbcb83561044b2794ae54b33e99f48eac0eb"}}}}}}, 0xfca) 05:19:05 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000a00040000000000000", 0x32) 05:19:05 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x18, 0x0, &(0x7f0000000140)=[@acquire={0x40046304}, @clear_death], 0x0, 0x8126000, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r3, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) syz_open_dev$amidi(0x0, 0x9, 0x125980) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:19:05 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f0000000000001b0000000000", 0x32) 05:19:05 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:19:05 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0xc00}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2264.753946][ T9215] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 05:19:05 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000340000000000000", 0x32) 05:19:05 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f0000000000001c0000000000", 0x32) [ 2264.799408][ T9215] CPU: 1 PID: 9215 Comm: syz-executor.1 Not tainted 5.6.0-rc3-syzkaller #0 [ 2264.808051][ T9215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2264.818207][ T9215] Call Trace: [ 2264.821540][ T9215] dump_stack+0x1fb/0x318 [ 2264.825897][ T9215] dump_header+0xd8/0x960 [ 2264.830251][ T9215] oom_kill_process+0xee/0x370 [ 2264.835167][ T9215] out_of_memory+0x5dc/0x900 [ 2264.839812][ T9215] try_charge+0x128f/0x18a0 [ 2264.844515][ T9215] __memcg_kmem_charge_memcg+0x37/0x140 [ 2264.850082][ T9215] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2264.855646][ T9215] __memcg_kmem_charge+0x105/0x340 [ 2264.860784][ T9215] __alloc_pages_nodemask+0x29a/0x5d0 [ 2264.866194][ T9215] alloc_pages_current+0x2db/0x500 [ 2264.871429][ T9215] pte_alloc_one+0x1f/0x180 [ 2264.875966][ T9215] __pte_alloc+0x20/0x2f0 [ 2264.880329][ T9215] copy_page_range+0x2434/0x2950 [ 2264.885363][ T9215] ? __vma_link_rb+0x822/0x840 [ 2264.890163][ T9215] dup_mmap+0x9f1/0xdf0 [ 2264.894377][ T9215] dup_mm+0x9e/0x340 [ 2264.898293][ T9215] copy_process+0x2080/0x57b0 [ 2264.903005][ T9215] ? debug_smp_processor_id+0x9/0x20 [ 2264.908341][ T9215] _do_fork+0x13e/0x660 [ 2264.912524][ T9215] ? check_preemption_disabled+0x44/0x260 [ 2264.918268][ T9215] ? debug_smp_processor_id+0x9/0x20 [ 2264.923572][ T9215] ? check_preemption_disabled+0x44/0x260 [ 2264.929306][ T9215] ? debug_smp_processor_id+0x9/0x20 [ 2264.934609][ T9215] ? check_preemption_disabled+0x44/0x260 [ 2264.940359][ T9215] __x64_sys_clone+0x20b/0x250 [ 2264.945179][ T9215] do_syscall_64+0xf7/0x1c0 [ 2264.949714][ T9215] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2264.955636][ T9215] RIP: 0033:0x45aa4a [ 2264.959544][ T9215] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2264.979292][ T9215] RSP: 002b:00007ffc28d10e20 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2264.987956][ T9215] RAX: ffffffffffffffda RBX: 00007ffc28d10e20 RCX: 000000000045aa4a [ 2264.996244][ T9215] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2265.004367][ T9215] RBP: 00007ffc28d10e60 R08: 0000000000000001 R09: 0000000002844940 [ 2265.012350][ T9215] R10: 0000000002844c10 R11: 0000000000000246 R12: 0000000000000001 [ 2265.020331][ T9215] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffc28d10eb0 05:19:06 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x0, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) [ 2265.177532][ T9215] memory: usage 307152kB, limit 307200kB, failcnt 12464 [ 2265.189839][ T9215] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2265.205498][ T9215] Memory cgroup stats for /syz1: [ 2265.205617][ T9215] anon 117350400 [ 2265.205617][ T9215] file 122880 [ 2265.205617][ T9215] kernel_stack 28348416 [ 2265.205617][ T9215] slab 54505472 [ 2265.205617][ T9215] sock 131072 [ 2265.205617][ T9215] shmem 0 [ 2265.205617][ T9215] file_mapped 135168 [ 2265.205617][ T9215] file_dirty 0 [ 2265.205617][ T9215] file_writeback 0 [ 2265.205617][ T9215] anon_thp 0 [ 2265.205617][ T9215] inactive_anon 516096 [ 2265.205617][ T9215] active_anon 116936704 [ 2265.205617][ T9215] inactive_file 4096 [ 2265.205617][ T9215] active_file 114688 [ 2265.205617][ T9215] unevictable 0 [ 2265.205617][ T9215] slab_reclaimable 10137600 [ 2265.205617][ T9215] slab_unreclaimable 44367872 [ 2265.205617][ T9215] pgfault 239283 [ 2265.205617][ T9215] pgmajfault 0 [ 2265.205617][ T9215] workingset_refault 2046 [ 2265.205617][ T9215] workingset_activate 528 [ 2265.205617][ T9215] workingset_nodereclaim 0 [ 2265.205617][ T9215] pgrefill 100434 [ 2265.205617][ T9215] pgscan 101813 [ 2265.205617][ T9215] pgsteal 3460 [ 2265.304105][ T9215] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=12540,uid=0 [ 2265.323396][ T9215] Memory cgroup out of memory: Killed process 12540 (syz-executor.1) total-vm:74836kB, anon-rss:164kB, file-rss:35804kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2265.481132][T12582] ref_ctr_offset mismatch. inode: 0x47ca offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfffffff6 05:19:06 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000010000000000", 0x32) 05:19:06 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x18, 0x0, &(0x7f0000000140)=[@acquire={0x40046304}, @clear_death], 0x0, 0x8126000, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r3, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) syz_open_dev$amidi(0x0, 0x9, 0x125980) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:19:06 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f0000000000051c0000000000", 0x32) [ 2265.731551][T12584] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2265.910386][T12603] binder: BINDER_SET_CONTEXT_MGR already set [ 2265.918145][T12603] binder: 12603:12603 ioctl 40046207 0 returned -16 [ 2265.959772][T12584] CPU: 1 PID: 12584 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2265.968504][T12584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2265.978606][T12584] Call Trace: [ 2265.981903][T12584] dump_stack+0x1fb/0x318 [ 2265.986240][T12584] dump_header+0xd8/0x960 [ 2265.990589][T12584] oom_kill_process+0xee/0x370 [ 2265.995359][T12584] out_of_memory+0x5dc/0x900 [ 2265.999976][T12584] try_charge+0x128f/0x18a0 [ 2266.004535][T12584] __memcg_kmem_charge_memcg+0x37/0x140 [ 2266.010085][T12584] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2266.015647][T12584] __memcg_kmem_charge+0x105/0x340 [ 2266.020766][T12584] dup_task_struct+0x244/0x7d0 [ 2266.025539][T12584] copy_process+0x552/0x57b0 [ 2266.030123][T12584] ? _raw_spin_unlock+0x27/0x40 [ 2266.034972][T12584] ? do_anonymous_page+0x140e/0x1640 [ 2266.040297][T12584] _do_fork+0x13e/0x660 [ 2266.044591][T12584] ? check_preemption_disabled+0x44/0x260 [ 2266.050335][T12584] ? debug_smp_processor_id+0x9/0x20 [ 2266.055651][T12584] ? check_preemption_disabled+0x44/0x260 [ 2266.061404][T12584] ? debug_smp_processor_id+0x9/0x20 [ 2266.066694][T12584] ? check_preemption_disabled+0x44/0x260 [ 2266.072424][T12584] __x64_sys_clone+0x20b/0x250 [ 2266.077233][T12584] do_syscall_64+0xf7/0x1c0 [ 2266.081743][T12584] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2266.087653][T12584] RIP: 0033:0x45ee49 [ 2266.091580][T12584] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2266.111462][T12584] RSP: 002b:00007ffeb3531018 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2266.119877][T12584] RAX: ffffffffffffffda RBX: 00007fe0b78b0700 RCX: 000000000045ee49 [ 2266.127854][T12584] RDX: 00007fe0b78b09d0 RSI: 00007fe0b78afdb0 RDI: 00000000003d0f00 [ 2266.135840][T12584] RBP: 00007ffeb3531230 R08: 00007fe0b78b0700 R09: 00007fe0b78b0700 [ 2266.143812][T12584] R10: 00007fe0b78b09d0 R11: 0000000000000202 R12: 0000000000000000 [ 2266.151786][T12584] R13: 00007ffeb35310cf R14: 00007fe0b78b09c0 R15: 000000000076c06c [ 2266.268597][T12584] memory: usage 307200kB, limit 307200kB, failcnt 16608 [ 2266.275786][T12584] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2266.284142][T12584] Memory cgroup stats for /syz4: [ 2266.284225][T12584] anon 118493184 [ 2266.284225][T12584] file 16384 [ 2266.284225][T12584] kernel_stack 29048832 [ 2266.284225][T12584] slab 52731904 [ 2266.284225][T12584] sock 0 [ 2266.284225][T12584] shmem 73728 [ 2266.284225][T12584] file_mapped 0 [ 2266.284225][T12584] file_dirty 0 [ 2266.284225][T12584] file_writeback 0 [ 2266.284225][T12584] anon_thp 0 [ 2266.284225][T12584] inactive_anon 786432 [ 2266.284225][T12584] active_anon 117719040 [ 2266.284225][T12584] inactive_file 98304 [ 2266.284225][T12584] active_file 0 [ 2266.284225][T12584] unevictable 0 [ 2266.284225][T12584] slab_reclaimable 7839744 [ 2266.284225][T12584] slab_unreclaimable 44892160 [ 2266.284225][T12584] pgfault 247632 [ 2266.284225][T12584] pgmajfault 0 [ 2266.284225][T12584] workingset_refault 3729 [ 2266.284225][T12584] workingset_activate 1749 [ 2266.284225][T12584] workingset_nodereclaim 0 [ 2266.284225][T12584] pgrefill 138987 [ 2266.284225][T12584] pgscan 156654 [ 2266.284225][T12584] pgsteal 20072 [ 2266.387618][T12584] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=19049,uid=0 [ 2266.405313][T12584] Memory cgroup out of memory: Killed process 19049 (syz-executor.4) total-vm:74704kB, anon-rss:160kB, file-rss:35820kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 2266.425949][ T1143] oom_reaper: reaped process 19049 (syz-executor.4), now anon-rss:0kB, file-rss:34860kB, shmem-rss:0kB [ 2266.468243][T12592] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2266.481077][T12592] CPU: 0 PID: 12592 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2266.489761][T12592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2266.499821][T12592] Call Trace: [ 2266.503120][T12592] dump_stack+0x1fb/0x318 [ 2266.507467][T12592] dump_header+0xd8/0x960 [ 2266.511835][T12592] oom_kill_process+0xee/0x370 [ 2266.516606][T12592] out_of_memory+0x5dc/0x900 [ 2266.521201][T12592] try_charge+0x128f/0x18a0 [ 2266.525746][T12592] __memcg_kmem_charge_memcg+0x37/0x140 [ 2266.531463][T12592] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2266.537031][T12592] __memcg_kmem_charge+0x105/0x340 [ 2266.542185][T12592] __alloc_pages_nodemask+0x29a/0x5d0 [ 2266.547589][T12592] alloc_pages_current+0x2db/0x500 [ 2266.552720][T12592] pte_alloc_one+0x1f/0x180 [ 2266.557232][T12592] do_read_fault+0x2cf/0x9e0 [ 2266.561842][T12592] handle_mm_fault+0x1c01/0x2900 [ 2266.566828][T12592] do_user_addr_fault+0x588/0xaf0 [ 2266.572069][T12592] do_page_fault+0x13b/0x250 [ 2266.576674][T12592] page_fault+0x39/0x40 [ 2266.580837][T12592] RIP: 0033:0x45c479 [ 2266.584739][T12592] Code: Bad RIP value. [ 2266.588796][T12592] RSP: 002b:00007fe0b78d0c78 EFLAGS: 00010246 [ 2266.594904][T12592] RAX: 0000000000000000 RBX: 00007fe0b78d16d4 RCX: 000000000045c479 [ 2266.602897][T12592] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 2266.610884][T12592] RBP: 000000000076bfc0 R08: ffffffffffffffff R09: 0000000000000000 [ 2266.618869][T12592] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2266.626920][T12592] R13: 0000000000000074 R14: 00000000004c2d06 R15: 000000000076bfcc [ 2266.648016][T12592] memory: usage 306948kB, limit 307200kB, failcnt 16608 [ 2266.655478][T12592] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2266.663219][T12592] Memory cgroup stats for /syz4: [ 2266.663342][T12592] anon 118493184 [ 2266.663342][T12592] file 16384 [ 2266.663342][T12592] kernel_stack 28938240 [ 2266.663342][T12592] slab 52731904 [ 2266.663342][T12592] sock 0 [ 2266.663342][T12592] shmem 73728 [ 2266.663342][T12592] file_mapped 0 [ 2266.663342][T12592] file_dirty 0 [ 2266.663342][T12592] file_writeback 0 [ 2266.663342][T12592] anon_thp 0 [ 2266.663342][T12592] inactive_anon 786432 [ 2266.663342][T12592] active_anon 117719040 [ 2266.663342][T12592] inactive_file 98304 [ 2266.663342][T12592] active_file 0 [ 2266.663342][T12592] unevictable 0 [ 2266.663342][T12592] slab_reclaimable 7839744 [ 2266.663342][T12592] slab_unreclaimable 44892160 [ 2266.663342][T12592] pgfault 247665 [ 2266.663342][T12592] pgmajfault 0 [ 2266.663342][T12592] workingset_refault 3729 [ 2266.663342][T12592] workingset_activate 1749 [ 2266.663342][T12592] workingset_nodereclaim 0 [ 2266.663342][T12592] pgrefill 138987 [ 2266.663342][T12592] pgscan 156654 [ 2266.663342][T12592] pgsteal 20072 [ 2266.759626][T12592] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=19024,uid=0 [ 2266.776468][T12592] Memory cgroup out of memory: Killed process 19024 (syz-executor.4) total-vm:74704kB, anon-rss:160kB, file-rss:35820kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 2266.795984][ T1143] oom_reaper: reaped process 19024 (syz-executor.4), now anon-rss:0kB, file-rss:34860kB, shmem-rss:0kB 05:19:08 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @remote}}) write$tun(r0, &(0x7f00000021c0)={@void, @val={0x9}, @mpls={[], @ipv6=@icmpv6={0x0, 0x6, "9eef7b", 0xf98, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x3, 0x0, 0x0, 0x0, {0x0, 0x6, "6595c3", 0x0, 0x0, 0x0, @mcast2, @loopback, [@dstopts={0x11, 0x13, [0x0, 0x0, 0x0, 0x0, 0x0, 0x28], [@padn={0x1, 0x1, [0x0]}, @enc_lim, @ra, @calipso={0x7, 0x30, {0x0, 0xa, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}}, @calipso={0x7, 0x40, {0x0, 0xe, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, @hao={0xc9, 0x10, @mcast2}, @jumbo, @pad1]}, @srh={0x2, 0xc, 0x4, 0x6, 0x0, 0x0, 0x0, [@loopback, @loopback, @remote, @mcast2, @local, @mcast2]}, @hopopts={0x0, 0x1b8, [], [@ra, @generic={0x0, 0xdbb, "0cad4f4a7eeb53720a5107b6d8001a2f2241086745756559ca43dcc86c24645dd1ca87e3caf5413013c6baee7f151d411bad8f23a85fadfe0f959c12d3393193f4499171ba7b0fdee3a48548863719a05490befc514e21c91ea0c4bcc0e488e1cec20d2c2a5a69ce3dd47d41718560907c58078035d2a51850b0d85282b4a9ab5626b195d85d2727ed7047b647859a72011ff3fa524341909f841651f63701526c6a7e741f3bded9c25d978a77f334d12931fdd5484306ec3d6b268311f46917b7e42efa149511bafa5415d17ac02ab8937249a68b2e3fddb941b0040ced142c2afedcbec1039d40f4923ea3d4475ac561a6a0e869569dd13e736bf127eacb110f8d010329fccadf8e48b27819c823ca0f507f87b3d63ef1869cba2fe3deb0ad1dbaa1a343ab0a856f3e248c6af4ddbfc11824031ce2beeae0991b79382da8b02e0d25715845fc86df5a6279d54d675789e58df953992123c28c532058750c5978a819ddaadbcbe1d7fc264cb688b91668e116227771f36e2a8eb8b7bc364dbda1b3225c6bf9d82ae1e69fe54b17ff692f8b47718b508b8a4e10735bcb55f90616e50d6ba8851388d0f1b39957374ddc9efb243ac2a2bc436e867f3e1499e62d9d158ac22d4d0350b45d1ff2db14ff9507defa68bd37bc5a2e4f7988329171dd59db16a044b748fb6e05e3ca8f863b2ddd8623495f0c3d183e1b610263f17d7629921562a42a3c45a515a30a2c3edc574dff264f881f61393447a1fd773a20e494ac3afc0df59da758af735fbd5e6ad689e95675e29c15617764084f5b6f4732435f63ccb423df6442ad322600e21be45296fd27ca9e08ee7f442a688a32817404d9300ce4a70c2b75ca422b2173a52e9a800f5e520f349525b4c493701ae68ae0efc5e117b9a20735e47c37ccd977686b30d6cabb18f8e7c07ef9721f7daaf4b2c1fd02ec9a2e6e2fd458fa93e4f54d96d5e25ebaca4f322994ae737ee0181b9fac284e952b71fa18ecc7f1c3752a6385a596c094d36654008db0a2a785bf55bcb973d3c5e45ea9ca7506c10ecc0472fd4dd568e38548e87f8557d90290d8a8985cfa43853de5ff75d5a6d8f697c2a6a727675ea5aa1779b1cc98b4ff9556933c7bfa3ae59ada5c8d49191cbea2f2b457dd53c62a4dd257e808b3804cd18a95d566a818797fdc09f4b607dc97b634a9d9e447cc2252f51dd8ad9f5a10ccf32b7154992623957d963731bc4331adfc90c48361e4e2239892c82ff9260ad221c2e83c2352095d95a3d44a402e874edaa8a304f2e1c3d6a383a0515eb5657589a67691a22f10b89fd74123f7cec086d434da40ba509b0dbdf1fa82f4b16f9f3e6df6b0b28c3a85ab272e50e064fc37f681fcb5cfa0c0899a9b88d0a483281032cb16a80202b96cfe473ba073fcb9a6eeeee0032afe23506facba3ed1d11608d21a580ab87eeef70d18d9331eae104f6d77a4bc96bce642815485f513bb71ddc560bc31e995aba9faccd7d1bf74c8fe2b5d7137e3b771a2f408ac06d24bad2f7f4c8f6d7d977d7248415ccbd3420688ff681cf9b00724b6981b2555b86bce142c5d3bef47ebf75e989b337cb8cb98ed24402a98a4224685ceb2ded92f347e5192903dff7f6ed980cbf1413b8eb68474a9abac3fb206ef1ebe0d08dd999c9ecf811d0706d0a705a23ae530d3775e978159dc3c73b86dcd18a61e1c6c8b810041fbd80e0a4c9ff8a73933bb3dae152514ced9ee050e059c6f1bd0dbf2e3517ee3c2d770c296e6596290cf800508715da0799efced72be1ab153bec534129279639ba1afde05179952bf9e80133865b60c5669ef3b6972483e2936ac87a69c8e296a0c24cc0b2ce8583c99414ce7d7309c404b0652f27e6911fdfb59877366fa8754e716e50aa99cd04cbf7eb2c8e118b1a17d9965d6611dc65ac8c6b3a4d5d3df3097c4163c354509b50df0cc2daf0291bbd384a34dec960fd84a67cb30b761ee8161bb25d389bd20e15bfcf7f5edd77005e96e90c5a9bbacd7b3f9f5bbdb880f0a7e1254572b86cb28b3c310ba3052d3785b024ed3f3fafabf1393cf2d882b8bacca30d69adc024baede50d9b0bc2ffcd2bf5c6fef2fc290390162b563b8e846d7b615115818623113f01a1c216b9f588b65db63a459bcfce53020debb6de6e746ef2f9f1c8276ba8995e1bd02d3194e9875e1692ea0255743ba2175c4a804f57a4c19a2c7a4f8f36557878deba2d485aa67c2f36ccbb582f3c569e5d00fe8636857f30854abea6758389bcc832d0de97635ea41e42efa0b7c06fd4f84deeaebccfa8852e3c5582ade34fbe462b5244156d4545bd32377c65e3b0303879f8cc8f177056e39f99591dbaf1b2640f9b68c4cf3989fdd442cb1298d62ce43a21c56bc9556eb27431c04ed337fcd37c26387772677c25c7be21ee74d087c7b88457f30b34a493acb519295f38f4b9bc6764fcbd763d4f9e061d0fd8cb7800e2e0ec18d0fbfdbddc9af8d817b3cf16ce82c91f184f5c8184736203e1bcdb4b8c03a2176926cac0ba9fcf7e21604973d53ee3fc38263e80cea9b1cd9a5016d3e03141426a6802e0926485e8afff7cf8be9bdd2ce685128a7631314c4414a6ade6a85975c1b2958d9c52e455174ca71562eaf6102654466c66f5d3e251e6cae5efd91a88a2513f0587d80b9aafd1936b43beb4054bc35f1c42c0381618bbba181f0de8f4e7aa15f87bc7bb4609f88eadbb83bcc13f8caf7eca20a938c35378f8d3a810a7463d8a2487a157871a7402ab05b54bed456fb2d4c440976ccb4e724a20ba1941f3b3db4f8a185982bd719362b7e190052b5579835d1da2adcfdbec002fdb5f7b187fd365eb601432bf984ad6ee59e13aafba08485997587417b70f8cdf4f7370f04d94df49e135ed3012b87e50b93b27c78e1409f05a4bc0b75e6322068de9b0af459fdc40e3649fb2a7fb1296e00e7d48315705ecbb7815fedb45b8773309489e47aaa4009952604df5d6cd57ec310fc387ecdb296c11376715286df3d15f651310461e83c2ae6d407db6f81784b291e6c8f42907dd4c473cb72dedeb930668d6e5efd95bd1f69d9e818a744557689f7106d0d2a3c3e6f79c98559f9c31ca32307011fa3d70963cc2801babc9a23f73f5fa4bcd04285927f6ef7c5099a4620b85ca8dff2a56fe8aac89949dac74cf869739610d87068e3d32fdba1d5b7460b7857249091cb62b6d9f824ffb9b88a02ea4926da7b8b672ad08ec8c7508a3c5ba901e7c8c8a19e63bbc148a8bb307c6f5d87c736c9d6bcfaabdc7da7102a8bc466c6c11c0bf1973aaf9bc181f996b8aa726dc952dd26df33d6b2aa8de037308df7935ef3390e5939fd9cdf2044b40422197fac93f1762ad342d293162c109f39a369e48977af8ea32a7a098fd9cd7cd979b41a104b8359038cd6741a73968c72d09e9b9869d8dc5fc36b9bfdc89b8cffcede960561a9d1e4aa2453f712caecd2a4206947d3588190e3433bdb87a9241e08686dc78f00162f8239d660b74d42ae1d534ffc3a51fc308f98a5ac00f4da9bdcee4e6d0bf627d17366691a3ab8569b730ad31dcc5324c8835b19b65a11845a03434e10329c5feeeb1088b13a3bc3fe65c3eb6e549003d8d211b87823a44910b2a42e340dd2176a17a2e6ebb45cc59baa9a3bbfd74e6ee8d2c512a825292bdd7abe5ff7ede61b74376e5bc37faf8d69346fa32708df690b2d5b5f18727e4bdb899718e38dae959bb56d95ac153beb1426f3cca03105d5fed56e597822bfc31bb284a9848f1b6b9a1910ad2af8b76887cdd2b1de1f81cd542e0c889e89737d61f5e50ef964205a3b4c77c72271f83015e34989d60ef6d0d6c307902975d5dbe90a23ee1cde956cf70135c91a199d9f75500dc95604b9e7eb365ea858d90377601bad95e07a0f156ffc02778365315b67093aebe32a2a5f00ba8b0eae6fb0414eabe117fd590bc39e9208b4137977b5a8610462f2e83cff2b16edcb444b5d33035d0a80bcb1da228247cad6c11369c5026c5a8320d97cbac232b0ecc0b201552e0f41ab143040324217ad67e8606b34a3349e4ef0c34f9cf56d5b6d157c09b178b358491eb270093a99f522afa3aedaf5dc705fe1842b12515dfe1650dd92ab489bed299677eeff81da531569a3ad832ae273a0b47627561a35da92a6c1b161dbf496248f04feb5a407d99968d6ba0174f453d94708be5a57d82b980bd7751b4a9590dc7b4d38c912a8571ebc39150f7e52efad66cb6d3996710bc5a3e89576182a6a1e15d95dbd74c1ab791bee657547ffb645feb8566ed8db97003f1ff2312946a0404c8dfc0f0a240d8320795c83e66f1429eb56db9ba6e1cee43cbc9e95bd10ceccf1f2ff6b8264ed4e83928e0c5056ad07ba0dad0bb21bec76d7b6ee05a2f0bac88f17004e2e299ccb2679099cc838e25f78685509b69d3164c1fae4c538e683af818d223e8806f50da7504008173b9fc69eafb649dc4b516e4554edbe8c9a0ba46db39c962af343e9caada22d55e3d7ad01e5e5d7d146edfc3a93ce8afde8416b8e9a929b8d88909e11554f1b934a98be2d6e6e0ae2ff66f10be722958a0c0c3766f69d590fc56ed8ae47c289413d62310e8022369e8102d0407bfd30c103fb743c81360752a71f36be5a511c43ebdb493d96a7b2eb80494a028f6cc76a2d0eb0aa1f1392bb50a2ba71384f071473d0774e425dd2d212b537f8f654458e0a5d300780c3d29ddcabe9fdd95c14e6cbd924d1aad9eaa2e00d45278609ef27fdec8d81c9221d07b59370db0911550fdddc9ef3ba760109ba384b3ad7ba5747aa50e0b9832bf39cbf5244de38af8c273d497597be8d4e5575d13a580584436621bb5b7878d23991a6221381af19ef2be71e2c7dea6e5fc9dbe0039ccb02d13d978eebdd411727ee7faed65ca6c872bf9c37322ede378709e9f6a61a1b07c7ceeb94b7719d78a8a3d8221695ba"}]}], "4011c6ed3ec831c0a859df4fd6a1cf59a90c42b433580b288a28728fb104cc462f4e92a1a4d50c2d9d75ce8b5ae9b1d6e9a4a79cae905957835e850585441d5cb5c76b06ad60a5a9003ebacf0d40fb6c636fd81af39f9d170ef5af99cd3e3e7ff54f71ca5d83d2b122ebbbc1333a2c811bc4095b572ebbcb83561044b2794ae54b33e99f48eac0eb"}}}}}}, 0xfca) 05:19:08 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000020000000000", 0x32) 05:19:08 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f0000000000001d0000000000", 0x32) 05:19:08 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0xd00}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 05:19:08 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x18, 0x0, &(0x7f0000000140)=[@acquire={0x40046304}, @clear_death], 0x0, 0x8126000, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r3, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x0, 0x125980) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:19:08 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x0, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:19:08 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000030000000000", 0x32) [ 2267.100073][T12615] ref_ctr_offset mismatch. inode: 0x4843 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfffffff6 05:19:08 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f0000000000001e0000000000", 0x32) [ 2267.220104][T12626] binder: BINDER_SET_CONTEXT_MGR already set [ 2267.249514][T12626] binder: 12626:12626 ioctl 40046207 0 returned -16 05:19:08 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x18, 0x0, &(0x7f0000000140)=[@acquire={0x40046304}, @clear_death], 0x0, 0x8126000, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r3, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x0, 0x125980) set_thread_area(0x0) pivot_root(0x0, 0x0) [ 2267.552129][T12637] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2267.603221][T12637] CPU: 1 PID: 12637 Comm: syz-executor.1 Not tainted 5.6.0-rc3-syzkaller #0 [ 2267.611970][T12637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2267.622042][T12637] Call Trace: [ 2267.625362][T12637] dump_stack+0x1fb/0x318 [ 2267.629861][T12637] dump_header+0xd8/0x960 [ 2267.634217][T12637] oom_kill_process+0xee/0x370 [ 2267.638995][T12637] out_of_memory+0x5dc/0x900 [ 2267.643637][T12637] try_charge+0x128f/0x18a0 [ 2267.648208][T12637] mem_cgroup_try_charge+0x216/0x550 [ 2267.653523][T12637] mem_cgroup_try_charge_delay+0x25/0xa0 [ 2267.659178][T12637] wp_page_copy+0x35f/0x1c50 [ 2267.663815][T12637] do_wp_page+0x5e4/0x16d0 [ 2267.668259][T12637] ? __kasan_check_write+0x14/0x20 [ 2267.673699][T12637] ? do_raw_spin_lock+0x103/0x7b0 [ 2267.678730][T12637] ? handle_mm_fault+0x235a/0x2900 [ 2267.683868][T12637] handle_mm_fault+0x241f/0x2900 [ 2267.689489][T12637] do_user_addr_fault+0x588/0xaf0 [ 2267.694707][T12637] do_page_fault+0x13b/0x250 [ 2267.699325][T12637] page_fault+0x39/0x40 [ 2267.704039][T12637] RIP: 0033:0x4114c8 [ 2267.707944][T12637] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 78 1d 4c 00 31 c0 e8 e3 09 ff ff 31 ff e8 2c 06 ff ff 0f 1f 40 00 <89> 3c b5 00 00 74 00 eb b6 31 ed 0f 1f 44 00 00 80 3d 7e 11 87 00 [ 2267.730277][T12637] RSP: 002b:00007ffc28d10bf0 EFLAGS: 00010246 [ 2267.736504][T12637] RAX: 000000009ae457e7 RBX: 0000000014e963c9 RCX: 0000001b34a20000 [ 2267.744500][T12637] RDX: 0000000000000000 RSI: 00000000000017e7 RDI: ffffffff9ae457e7 [ 2267.752581][T12637] RBP: 0000000000000004 R08: 000000009ae457e7 R09: 000000009ae457eb [ 2267.760557][T12637] R10: 00007ffc28d10d90 R11: 0000000000000246 R12: 000000000076bfa8 [ 2267.768562][T12637] R13: 0000000080000000 R14: 00007fea88bab008 R15: 0000000000000004 [ 2267.780866][T12637] memory: usage 307024kB, limit 307200kB, failcnt 12483 05:19:08 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x0, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) [ 2267.857310][T12637] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2267.866703][T12637] Memory cgroup stats for /syz1: [ 2267.866809][T12637] anon 117301248 [ 2267.866809][T12637] file 122880 [ 2267.866809][T12637] kernel_stack 28348416 [ 2267.866809][T12637] slab 54505472 [ 2267.866809][T12637] sock 131072 [ 2267.866809][T12637] shmem 0 [ 2267.866809][T12637] file_mapped 135168 [ 2267.866809][T12637] file_dirty 0 [ 2267.866809][T12637] file_writeback 0 [ 2267.866809][T12637] anon_thp 0 [ 2267.866809][T12637] inactive_anon 516096 [ 2267.866809][T12637] active_anon 116936704 [ 2267.866809][T12637] inactive_file 4096 [ 2267.866809][T12637] active_file 114688 [ 2267.866809][T12637] unevictable 0 [ 2267.866809][T12637] slab_reclaimable 10137600 [ 2267.866809][T12637] slab_unreclaimable 44367872 [ 2267.866809][T12637] pgfault 239580 [ 2267.866809][T12637] pgmajfault 0 [ 2267.866809][T12637] workingset_refault 2046 [ 2267.866809][T12637] workingset_activate 528 [ 2267.866809][T12637] workingset_nodereclaim 0 [ 2267.866809][T12637] pgrefill 100665 05:19:09 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f0000000000001f0000000000", 0x32) 05:19:09 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000040000000000", 0x32) [ 2267.866809][T12637] pgscan 102077 [ 2267.866809][T12637] pgsteal 3460 [ 2267.985630][T12637] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=12585,uid=0 [ 2268.116237][T12637] Memory cgroup out of memory: Killed process 12585 (syz-executor.1) total-vm:74704kB, anon-rss:156kB, file-rss:35812kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2268.207499][ T1143] oom_reaper: reaped process 12585 (syz-executor.1), now anon-rss:0kB, file-rss:34852kB, shmem-rss:0kB [ 2268.393551][T12657] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2268.406135][T12657] CPU: 0 PID: 12657 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2268.414821][T12657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2268.425109][T12657] Call Trace: [ 2268.428432][T12657] dump_stack+0x1fb/0x318 [ 2268.432945][T12657] dump_header+0xd8/0x960 [ 2268.437305][T12657] oom_kill_process+0xee/0x370 [ 2268.442093][T12657] out_of_memory+0x5dc/0x900 [ 2268.446717][T12657] try_charge+0x128f/0x18a0 [ 2268.451287][T12657] __memcg_kmem_charge_memcg+0x37/0x140 [ 2268.456845][T12657] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2268.462422][T12657] __memcg_kmem_charge+0x105/0x340 [ 2268.467568][T12657] __alloc_pages_nodemask+0x29a/0x5d0 [ 2268.473009][T12657] alloc_pages_current+0x2db/0x500 [ 2268.478150][T12657] pte_alloc_one+0x1f/0x180 [ 2268.482675][T12657] do_read_fault+0x2cf/0x9e0 [ 2268.487312][T12657] handle_mm_fault+0x1c01/0x2900 [ 2268.492354][T12657] do_user_addr_fault+0x588/0xaf0 [ 2268.497446][T12657] do_page_fault+0x13b/0x250 [ 2268.502065][T12657] page_fault+0x39/0x40 [ 2268.506363][T12657] RIP: 0033:0x45c479 [ 2268.510309][T12657] Code: Bad RIP value. [ 2268.514621][T12657] RSP: 002b:00007fe0b78f1c78 EFLAGS: 00010246 [ 2268.520827][T12657] RAX: 0000000000000000 RBX: 00007fe0b78f26d4 RCX: 000000000045c479 [ 2268.528819][T12657] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 2268.536962][T12657] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2268.545049][T12657] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2268.553040][T12657] R13: 0000000000000074 R14: 00000000004c2d06 R15: 000000000076bf2c [ 2268.569334][T12657] memory: usage 307200kB, limit 307200kB, failcnt 16668 [ 2268.576449][T12657] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2268.591350][T12657] Memory cgroup stats for /syz4: [ 2268.591449][T12657] anon 118468608 [ 2268.591449][T12657] file 16384 [ 2268.591449][T12657] kernel_stack 29011968 [ 2268.591449][T12657] slab 52731904 [ 2268.591449][T12657] sock 0 [ 2268.591449][T12657] shmem 73728 [ 2268.591449][T12657] file_mapped 0 [ 2268.591449][T12657] file_dirty 0 [ 2268.591449][T12657] file_writeback 0 [ 2268.591449][T12657] anon_thp 0 [ 2268.591449][T12657] inactive_anon 786432 [ 2268.591449][T12657] active_anon 117719040 [ 2268.591449][T12657] inactive_file 98304 [ 2268.591449][T12657] active_file 0 [ 2268.591449][T12657] unevictable 0 [ 2268.591449][T12657] slab_reclaimable 7839744 [ 2268.591449][T12657] slab_unreclaimable 44892160 [ 2268.591449][T12657] pgfault 247863 [ 2268.591449][T12657] pgmajfault 0 [ 2268.591449][T12657] workingset_refault 3729 [ 2268.591449][T12657] workingset_activate 1749 [ 2268.591449][T12657] workingset_nodereclaim 0 [ 2268.591449][T12657] pgrefill 139253 [ 2268.591449][T12657] pgscan 156885 [ 2268.591449][T12657] pgsteal 20105 [ 2268.699010][T12657] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=19001,uid=0 [ 2268.716171][T12657] Memory cgroup out of memory: Killed process 19001 (syz-executor.4) total-vm:74704kB, anon-rss:160kB, file-rss:35820kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 2268.736440][ T1143] oom_reaper: reaped process 19001 (syz-executor.4), now anon-rss:0kB, file-rss:34860kB, shmem-rss:0kB [ 2268.753376][T12642] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2268.777556][T12642] CPU: 0 PID: 12642 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2268.786517][T12642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2268.796751][T12642] Call Trace: [ 2268.800052][T12642] dump_stack+0x1fb/0x318 [ 2268.804556][T12642] dump_header+0xd8/0x960 [ 2268.809029][T12642] oom_kill_process+0xee/0x370 [ 2268.813908][T12642] out_of_memory+0x5dc/0x900 [ 2268.818532][T12642] try_charge+0x128f/0x18a0 [ 2268.823245][T12642] mem_cgroup_try_charge+0x216/0x550 [ 2268.828804][T12642] mem_cgroup_try_charge_delay+0x25/0xa0 [ 2268.834482][T12642] wp_page_copy+0x35f/0x1c50 [ 2268.839235][T12642] do_wp_page+0x5e4/0x16d0 [ 2268.843807][T12642] ? __kasan_check_write+0x14/0x20 [ 2268.849072][T12642] ? do_raw_spin_lock+0x103/0x7b0 [ 2268.854473][T12642] ? handle_mm_fault+0x235a/0x2900 [ 2268.859611][T12642] handle_mm_fault+0x241f/0x2900 [ 2268.864652][T12642] do_user_addr_fault+0x588/0xaf0 [ 2268.869764][T12642] do_page_fault+0x13b/0x250 [ 2268.874367][T12642] page_fault+0x39/0x40 [ 2268.878523][T12642] RIP: 0033:0x4114c8 [ 2268.882763][T12642] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 78 1d 4c 00 31 c0 e8 e3 09 ff ff 31 ff e8 2c 06 ff ff 0f 1f 40 00 <89> 3c b5 00 00 74 00 eb b6 31 ed 0f 1f 44 00 00 80 3d 7e 11 87 00 [ 2268.902553][T12642] RSP: 002b:00007ffeb3531080 EFLAGS: 00010246 [ 2268.908990][T12642] RAX: 0000000097624f7d RBX: 000000009423c5bd RCX: 0000001b2d920000 [ 2268.916974][T12642] RDX: 0000000000000000 RSI: 0000000000000f7d RDI: ffffffff97624f7d [ 2268.924946][T12642] RBP: 0000000000000008 R08: 0000000097624f7d R09: 0000000097624f81 [ 2268.933486][T12642] R10: 00007ffeb3531220 R11: 0000000000000246 R12: 000000000076c048 [ 2268.941639][T12642] R13: 0000000080000000 R14: 00007fe0b96f3008 R15: 0000000000000036 [ 2268.953626][T12642] memory: usage 307044kB, limit 307200kB, failcnt 16668 [ 2268.960979][T12642] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2268.967837][T12642] Memory cgroup stats for /syz4: [ 2268.967946][T12642] anon 118468608 [ 2268.967946][T12642] file 16384 [ 2268.967946][T12642] kernel_stack 29011968 [ 2268.967946][T12642] slab 52731904 [ 2268.967946][T12642] sock 0 [ 2268.967946][T12642] shmem 73728 [ 2268.967946][T12642] file_mapped 0 [ 2268.967946][T12642] file_dirty 0 [ 2268.967946][T12642] file_writeback 0 [ 2268.967946][T12642] anon_thp 0 [ 2268.967946][T12642] inactive_anon 786432 [ 2268.967946][T12642] active_anon 117719040 [ 2268.967946][T12642] inactive_file 98304 [ 2268.967946][T12642] active_file 0 [ 2268.967946][T12642] unevictable 0 [ 2268.967946][T12642] slab_reclaimable 7839744 [ 2268.967946][T12642] slab_unreclaimable 44892160 [ 2268.967946][T12642] pgfault 247863 [ 2268.967946][T12642] pgmajfault 0 [ 2268.967946][T12642] workingset_refault 3729 [ 2268.967946][T12642] workingset_activate 1749 [ 2268.967946][T12642] workingset_nodereclaim 0 [ 2268.967946][T12642] pgrefill 139253 [ 2268.967946][T12642] pgscan 156885 [ 2268.967946][T12642] pgsteal 20105 [ 2269.064854][T12642] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8856,uid=0 [ 2269.081772][T12642] Memory cgroup out of memory: Killed process 8856 (syz-executor.4) total-vm:74836kB, anon-rss:168kB, file-rss:35808kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 2269.174267][T12644] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2269.192924][T12644] CPU: 0 PID: 12644 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2269.201659][T12644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2269.211880][T12644] Call Trace: [ 2269.215196][T12644] dump_stack+0x1fb/0x318 [ 2269.219679][T12644] dump_header+0xd8/0x960 [ 2269.224038][T12644] oom_kill_process+0xee/0x370 [ 2269.228841][T12644] out_of_memory+0x5dc/0x900 [ 2269.233458][T12644] try_charge+0x128f/0x18a0 [ 2269.238200][T12644] mem_cgroup_try_charge+0x216/0x550 [ 2269.243701][T12644] mem_cgroup_try_charge_delay+0x25/0xa0 [ 2269.249370][T12644] wp_page_copy+0x35f/0x1c50 [ 2269.254190][T12644] do_wp_page+0x5e4/0x16d0 [ 2269.258615][T12644] ? __kasan_check_write+0x14/0x20 [ 2269.263739][T12644] ? do_raw_spin_lock+0x103/0x7b0 [ 2269.268884][T12644] ? handle_mm_fault+0x235a/0x2900 [ 2269.274036][T12644] handle_mm_fault+0x241f/0x2900 [ 2269.279149][T12644] do_user_addr_fault+0x588/0xaf0 [ 2269.284240][T12644] do_page_fault+0x13b/0x250 [ 2269.288863][T12644] page_fault+0x39/0x40 [ 2269.293175][T12644] RIP: 0033:0x403f80 [ 2269.297074][T12644] Code: 80 3d fb e6 87 00 00 c6 85 84 00 00 00 00 74 0f 8b 05 e8 e6 87 00 39 45 24 0f 84 46 02 00 00 44 8b a5 80 00 00 00 48 8b 5d 78 fb e6 ff ff 48 2b 05 84 40 34 00 8b 75 00 4c 89 f1 45 89 e1 49 [ 2269.316682][T12644] RSP: 002b:00007fe0b78f1c90 EFLAGS: 00010246 [ 2269.322760][T12644] RAX: 00007fe0b98f3000 RBX: 000000000000247a RCX: 0000000000000000 [ 2269.331160][T12644] RDX: 000000000003ffff RSI: 0000000000403ecc RDI: 0000000000000000 [ 2269.339171][T12644] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2269.347241][T12644] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2269.355339][T12644] R13: 0000000000000074 R14: 00000000004c2d06 R15: 000000000076bf2c [ 2269.366960][T12644] memory: usage 306672kB, limit 307200kB, failcnt 16668 [ 2269.375185][T12644] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2269.383216][T12644] Memory cgroup stats for /syz4: [ 2269.383810][T12644] anon 118468608 [ 2269.383810][T12644] file 16384 [ 2269.383810][T12644] kernel_stack 28938240 [ 2269.383810][T12644] slab 52731904 [ 2269.383810][T12644] sock 0 [ 2269.383810][T12644] shmem 73728 [ 2269.383810][T12644] file_mapped 0 [ 2269.383810][T12644] file_dirty 0 [ 2269.383810][T12644] file_writeback 0 [ 2269.383810][T12644] anon_thp 0 [ 2269.383810][T12644] inactive_anon 786432 05:19:10 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @remote}}) write$tun(r0, &(0x7f00000021c0)={@void, @val={0x9}, @mpls={[], @ipv6=@icmpv6={0x0, 0x6, "9eef7b", 0xf98, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x3, 0x0, 0x0, 0x0, {0x0, 0x6, "6595c3", 0x0, 0x0, 0x0, @mcast2, @loopback, [@dstopts={0x11, 0x13, [0x0, 0x0, 0x0, 0x0, 0x0, 0x2b], [@padn={0x1, 0x1, [0x0]}, @enc_lim, @ra, @calipso={0x7, 0x30, {0x0, 0xa, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}}, @calipso={0x7, 0x40, {0x0, 0xe, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, @hao={0xc9, 0x10, @mcast2}, @jumbo, @pad1]}, @srh={0x2, 0xc, 0x4, 0x6, 0x0, 0x0, 0x0, [@loopback, @loopback, @remote, @mcast2, @local, @mcast2]}, @hopopts={0x0, 0x1b8, [], [@ra, @generic={0x0, 0xdbb, "0cad4f4a7eeb53720a5107b6d8001a2f2241086745756559ca43dcc86c24645dd1ca87e3caf5413013c6baee7f151d411bad8f23a85fadfe0f959c12d3393193f4499171ba7b0fdee3a48548863719a05490befc514e21c91ea0c4bcc0e488e1cec20d2c2a5a69ce3dd47d41718560907c58078035d2a51850b0d85282b4a9ab5626b195d85d2727ed7047b647859a72011ff3fa524341909f841651f63701526c6a7e741f3bded9c25d978a77f334d12931fdd5484306ec3d6b268311f46917b7e42efa149511bafa5415d17ac02ab8937249a68b2e3fddb941b0040ced142c2afedcbec1039d40f4923ea3d4475ac561a6a0e869569dd13e736bf127eacb110f8d010329fccadf8e48b27819c823ca0f507f87b3d63ef1869cba2fe3deb0ad1dbaa1a343ab0a856f3e248c6af4ddbfc11824031ce2beeae0991b79382da8b02e0d25715845fc86df5a6279d54d675789e58df953992123c28c532058750c5978a819ddaadbcbe1d7fc264cb688b91668e116227771f36e2a8eb8b7bc364dbda1b3225c6bf9d82ae1e69fe54b17ff692f8b47718b508b8a4e10735bcb55f90616e50d6ba8851388d0f1b39957374ddc9efb243ac2a2bc436e867f3e1499e62d9d158ac22d4d0350b45d1ff2db14ff9507defa68bd37bc5a2e4f7988329171dd59db16a044b748fb6e05e3ca8f863b2ddd8623495f0c3d183e1b610263f17d7629921562a42a3c45a515a30a2c3edc574dff264f881f61393447a1fd773a20e494ac3afc0df59da758af735fbd5e6ad689e95675e29c15617764084f5b6f4732435f63ccb423df6442ad322600e21be45296fd27ca9e08ee7f442a688a32817404d9300ce4a70c2b75ca422b2173a52e9a800f5e520f349525b4c493701ae68ae0efc5e117b9a20735e47c37ccd977686b30d6cabb18f8e7c07ef9721f7daaf4b2c1fd02ec9a2e6e2fd458fa93e4f54d96d5e25ebaca4f322994ae737ee0181b9fac284e952b71fa18ecc7f1c3752a6385a596c094d36654008db0a2a785bf55bcb973d3c5e45ea9ca7506c10ecc0472fd4dd568e38548e87f8557d90290d8a8985cfa43853de5ff75d5a6d8f697c2a6a727675ea5aa1779b1cc98b4ff9556933c7bfa3ae59ada5c8d49191cbea2f2b457dd53c62a4dd257e808b3804cd18a95d566a818797fdc09f4b607dc97b634a9d9e447cc2252f51dd8ad9f5a10ccf32b7154992623957d963731bc4331adfc90c48361e4e2239892c82ff9260ad221c2e83c2352095d95a3d44a402e874edaa8a304f2e1c3d6a383a0515eb5657589a67691a22f10b89fd74123f7cec086d434da40ba509b0dbdf1fa82f4b16f9f3e6df6b0b28c3a85ab272e50e064fc37f681fcb5cfa0c0899a9b88d0a483281032cb16a80202b96cfe473ba073fcb9a6eeeee0032afe23506facba3ed1d11608d21a580ab87eeef70d18d9331eae104f6d77a4bc96bce642815485f513bb71ddc560bc31e995aba9faccd7d1bf74c8fe2b5d7137e3b771a2f408ac06d24bad2f7f4c8f6d7d977d7248415ccbd3420688ff681cf9b00724b6981b2555b86bce142c5d3bef47ebf75e989b337cb8cb98ed24402a98a4224685ceb2ded92f347e5192903dff7f6ed980cbf1413b8eb68474a9abac3fb206ef1ebe0d08dd999c9ecf811d0706d0a705a23ae530d3775e978159dc3c73b86dcd18a61e1c6c8b810041fbd80e0a4c9ff8a73933bb3dae152514ced9ee050e059c6f1bd0dbf2e3517ee3c2d770c296e6596290cf800508715da0799efced72be1ab153bec534129279639ba1afde05179952bf9e80133865b60c5669ef3b6972483e2936ac87a69c8e296a0c24cc0b2ce8583c99414ce7d7309c404b0652f27e6911fdfb59877366fa8754e716e50aa99cd04cbf7eb2c8e118b1a17d9965d6611dc65ac8c6b3a4d5d3df3097c4163c354509b50df0cc2daf0291bbd384a34dec960fd84a67cb30b761ee8161bb25d389bd20e15bfcf7f5edd77005e96e90c5a9bbacd7b3f9f5bbdb880f0a7e1254572b86cb28b3c310ba3052d3785b024ed3f3fafabf1393cf2d882b8bacca30d69adc024baede50d9b0bc2ffcd2bf5c6fef2fc290390162b563b8e846d7b615115818623113f01a1c216b9f588b65db63a459bcfce53020debb6de6e746ef2f9f1c8276ba8995e1bd02d3194e9875e1692ea0255743ba2175c4a804f57a4c19a2c7a4f8f36557878deba2d485aa67c2f36ccbb582f3c569e5d00fe8636857f30854abea6758389bcc832d0de97635ea41e42efa0b7c06fd4f84deeaebccfa8852e3c5582ade34fbe462b5244156d4545bd32377c65e3b0303879f8cc8f177056e39f99591dbaf1b2640f9b68c4cf3989fdd442cb1298d62ce43a21c56bc9556eb27431c04ed337fcd37c26387772677c25c7be21ee74d087c7b88457f30b34a493acb519295f38f4b9bc6764fcbd763d4f9e061d0fd8cb7800e2e0ec18d0fbfdbddc9af8d817b3cf16ce82c91f184f5c8184736203e1bcdb4b8c03a2176926cac0ba9fcf7e21604973d53ee3fc38263e80cea9b1cd9a5016d3e03141426a6802e0926485e8afff7cf8be9bdd2ce685128a7631314c4414a6ade6a85975c1b2958d9c52e455174ca71562eaf6102654466c66f5d3e251e6cae5efd91a88a2513f0587d80b9aafd1936b43beb4054bc35f1c42c0381618bbba181f0de8f4e7aa15f87bc7bb4609f88eadbb83bcc13f8caf7eca20a938c35378f8d3a810a7463d8a2487a157871a7402ab05b54bed456fb2d4c440976ccb4e724a20ba1941f3b3db4f8a185982bd719362b7e190052b5579835d1da2adcfdbec002fdb5f7b187fd365eb601432bf984ad6ee59e13aafba08485997587417b70f8cdf4f7370f04d94df49e135ed3012b87e50b93b27c78e1409f05a4bc0b75e6322068de9b0af459fdc40e3649fb2a7fb1296e00e7d48315705ecbb7815fedb45b8773309489e47aaa4009952604df5d6cd57ec310fc387ecdb296c11376715286df3d15f651310461e83c2ae6d407db6f81784b291e6c8f42907dd4c473cb72dedeb930668d6e5efd95bd1f69d9e818a744557689f7106d0d2a3c3e6f79c98559f9c31ca32307011fa3d70963cc2801babc9a23f73f5fa4bcd04285927f6ef7c5099a4620b85ca8dff2a56fe8aac89949dac74cf869739610d87068e3d32fdba1d5b7460b7857249091cb62b6d9f824ffb9b88a02ea4926da7b8b672ad08ec8c7508a3c5ba901e7c8c8a19e63bbc148a8bb307c6f5d87c736c9d6bcfaabdc7da7102a8bc466c6c11c0bf1973aaf9bc181f996b8aa726dc952dd26df33d6b2aa8de037308df7935ef3390e5939fd9cdf2044b40422197fac93f1762ad342d293162c109f39a369e48977af8ea32a7a098fd9cd7cd979b41a104b8359038cd6741a73968c72d09e9b9869d8dc5fc36b9bfdc89b8cffcede960561a9d1e4aa2453f712caecd2a4206947d3588190e3433bdb87a9241e08686dc78f00162f8239d660b74d42ae1d534ffc3a51fc308f98a5ac00f4da9bdcee4e6d0bf627d17366691a3ab8569b730ad31dcc5324c8835b19b65a11845a03434e10329c5feeeb1088b13a3bc3fe65c3eb6e549003d8d211b87823a44910b2a42e340dd2176a17a2e6ebb45cc59baa9a3bbfd74e6ee8d2c512a825292bdd7abe5ff7ede61b74376e5bc37faf8d69346fa32708df690b2d5b5f18727e4bdb899718e38dae959bb56d95ac153beb1426f3cca03105d5fed56e597822bfc31bb284a9848f1b6b9a1910ad2af8b76887cdd2b1de1f81cd542e0c889e89737d61f5e50ef964205a3b4c77c72271f83015e34989d60ef6d0d6c307902975d5dbe90a23ee1cde956cf70135c91a199d9f75500dc95604b9e7eb365ea858d90377601bad95e07a0f156ffc02778365315b67093aebe32a2a5f00ba8b0eae6fb0414eabe117fd590bc39e9208b4137977b5a8610462f2e83cff2b16edcb444b5d33035d0a80bcb1da228247cad6c11369c5026c5a8320d97cbac232b0ecc0b201552e0f41ab143040324217ad67e8606b34a3349e4ef0c34f9cf56d5b6d157c09b178b358491eb270093a99f522afa3aedaf5dc705fe1842b12515dfe1650dd92ab489bed299677eeff81da531569a3ad832ae273a0b47627561a35da92a6c1b161dbf496248f04feb5a407d99968d6ba0174f453d94708be5a57d82b980bd7751b4a9590dc7b4d38c912a8571ebc39150f7e52efad66cb6d3996710bc5a3e89576182a6a1e15d95dbd74c1ab791bee657547ffb645feb8566ed8db97003f1ff2312946a0404c8dfc0f0a240d8320795c83e66f1429eb56db9ba6e1cee43cbc9e95bd10ceccf1f2ff6b8264ed4e83928e0c5056ad07ba0dad0bb21bec76d7b6ee05a2f0bac88f17004e2e299ccb2679099cc838e25f78685509b69d3164c1fae4c538e683af818d223e8806f50da7504008173b9fc69eafb649dc4b516e4554edbe8c9a0ba46db39c962af343e9caada22d55e3d7ad01e5e5d7d146edfc3a93ce8afde8416b8e9a929b8d88909e11554f1b934a98be2d6e6e0ae2ff66f10be722958a0c0c3766f69d590fc56ed8ae47c289413d62310e8022369e8102d0407bfd30c103fb743c81360752a71f36be5a511c43ebdb493d96a7b2eb80494a028f6cc76a2d0eb0aa1f1392bb50a2ba71384f071473d0774e425dd2d212b537f8f654458e0a5d300780c3d29ddcabe9fdd95c14e6cbd924d1aad9eaa2e00d45278609ef27fdec8d81c9221d07b59370db0911550fdddc9ef3ba760109ba384b3ad7ba5747aa50e0b9832bf39cbf5244de38af8c273d497597be8d4e5575d13a580584436621bb5b7878d23991a6221381af19ef2be71e2c7dea6e5fc9dbe0039ccb02d13d978eebdd411727ee7faed65ca6c872bf9c37322ede378709e9f6a61a1b07c7ceeb94b7719d78a8a3d8221695ba"}]}], "4011c6ed3ec831c0a859df4fd6a1cf59a90c42b433580b288a28728fb104cc462f4e92a1a4d50c2d9d75ce8b5ae9b1d6e9a4a79cae905957835e850585441d5cb5c76b06ad60a5a9003ebacf0d40fb6c636fd81af39f9d170ef5af99cd3e3e7ff54f71ca5d83d2b122ebbbc1333a2c811bc4095b572ebbcb83561044b2794ae54b33e99f48eac0eb"}}}}}}, 0xfca) 05:19:10 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0xe00}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 05:19:10 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000200000000000", 0x32) 05:19:10 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000050000000000", 0x32) 05:19:10 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x18, 0x0, &(0x7f0000000140)=[@acquire={0x40046304}, @clear_death], 0x0, 0x8126000, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r3, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x0, 0x125980) set_thread_area(0x0) pivot_root(0x0, 0x0) [ 2269.383810][T12644] active_anon 117719040 [ 2269.383810][T12644] inactive_file 98304 [ 2269.383810][T12644] active_file 0 [ 2269.383810][T12644] unevictable 0 [ 2269.383810][T12644] slab_reclaimable 7839744 [ 2269.383810][T12644] slab_unreclaimable 44892160 [ 2269.383810][T12644] pgfault 247863 [ 2269.383810][T12644] pgmajfault 0 [ 2269.383810][T12644] workingset_refault 3729 [ 2269.383810][T12644] workingset_activate 1749 [ 2269.383810][T12644] workingset_nodereclaim 0 [ 2269.383810][T12644] pgrefill 139253 [ 2269.383810][T12644] pgscan 156885 [ 2269.383810][T12644] pgsteal 20105 05:19:10 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000060000000000", 0x32) 05:19:10 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000210000000000", 0x32) [ 2269.559838][T12666] ref_ctr_offset mismatch. inode: 0x489d offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfffffff6 [ 2269.677481][T12644] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=7170,uid=0 [ 2269.737413][T12644] Memory cgroup out of memory: Killed process 7170 (syz-executor.4) total-vm:74968kB, anon-rss:176kB, file-rss:35800kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 2269.775290][T12669] binder: BINDER_SET_CONTEXT_MGR already set [ 2269.781527][T12669] binder: 12664:12669 ioctl 40046207 0 returned -16 [ 2269.783478][ T1143] oom_reaper: reaped process 7170 (syz-executor.4), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB 05:19:11 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x18, 0x0, &(0x7f0000000140)=[@acquire={0x40046304}, @clear_death], 0x0, 0x8126000, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r3, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x9, 0x0) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:19:11 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:19:11 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:19:11 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x18, 0x0, &(0x7f0000000140)=[@acquire={0x40046304}, @clear_death], 0x0, 0x8126000, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r3, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x9, 0x0) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:19:11 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000220000000000", 0x32) [ 2270.634972][T12705] binder: BINDER_SET_CONTEXT_MGR already set [ 2270.726367][T12705] binder: 12705:12705 ioctl 40046207 0 returned -16 05:19:12 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @remote}}) write$tun(r0, &(0x7f00000021c0)={@void, @val={0x9}, @mpls={[], @ipv6=@icmpv6={0x0, 0x6, "9eef7b", 0xf98, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x3, 0x0, 0x0, 0x0, {0x0, 0x6, "6595c3", 0x0, 0x0, 0x0, @mcast2, @loopback, [@dstopts={0x11, 0x13, [0x0, 0x0, 0x0, 0x0, 0x0, 0x2c], [@padn={0x1, 0x1, [0x0]}, @enc_lim, @ra, @calipso={0x7, 0x30, {0x0, 0xa, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}}, @calipso={0x7, 0x40, {0x0, 0xe, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, @hao={0xc9, 0x10, @mcast2}, @jumbo, @pad1]}, @srh={0x2, 0xc, 0x4, 0x6, 0x0, 0x0, 0x0, [@loopback, @loopback, @remote, @mcast2, @local, @mcast2]}, @hopopts={0x0, 0x1b8, [], [@ra, @generic={0x0, 0xdbb, "0cad4f4a7eeb53720a5107b6d8001a2f2241086745756559ca43dcc86c24645dd1ca87e3caf5413013c6baee7f151d411bad8f23a85fadfe0f959c12d3393193f4499171ba7b0fdee3a48548863719a05490befc514e21c91ea0c4bcc0e488e1cec20d2c2a5a69ce3dd47d41718560907c58078035d2a51850b0d85282b4a9ab5626b195d85d2727ed7047b647859a72011ff3fa524341909f841651f63701526c6a7e741f3bded9c25d978a77f334d12931fdd5484306ec3d6b268311f46917b7e42efa149511bafa5415d17ac02ab8937249a68b2e3fddb941b0040ced142c2afedcbec1039d40f4923ea3d4475ac561a6a0e869569dd13e736bf127eacb110f8d010329fccadf8e48b27819c823ca0f507f87b3d63ef1869cba2fe3deb0ad1dbaa1a343ab0a856f3e248c6af4ddbfc11824031ce2beeae0991b79382da8b02e0d25715845fc86df5a6279d54d675789e58df953992123c28c532058750c5978a819ddaadbcbe1d7fc264cb688b91668e116227771f36e2a8eb8b7bc364dbda1b3225c6bf9d82ae1e69fe54b17ff692f8b47718b508b8a4e10735bcb55f90616e50d6ba8851388d0f1b39957374ddc9efb243ac2a2bc436e867f3e1499e62d9d158ac22d4d0350b45d1ff2db14ff9507defa68bd37bc5a2e4f7988329171dd59db16a044b748fb6e05e3ca8f863b2ddd8623495f0c3d183e1b610263f17d7629921562a42a3c45a515a30a2c3edc574dff264f881f61393447a1fd773a20e494ac3afc0df59da758af735fbd5e6ad689e95675e29c15617764084f5b6f4732435f63ccb423df6442ad322600e21be45296fd27ca9e08ee7f442a688a32817404d9300ce4a70c2b75ca422b2173a52e9a800f5e520f349525b4c493701ae68ae0efc5e117b9a20735e47c37ccd977686b30d6cabb18f8e7c07ef9721f7daaf4b2c1fd02ec9a2e6e2fd458fa93e4f54d96d5e25ebaca4f322994ae737ee0181b9fac284e952b71fa18ecc7f1c3752a6385a596c094d36654008db0a2a785bf55bcb973d3c5e45ea9ca7506c10ecc0472fd4dd568e38548e87f8557d90290d8a8985cfa43853de5ff75d5a6d8f697c2a6a727675ea5aa1779b1cc98b4ff9556933c7bfa3ae59ada5c8d49191cbea2f2b457dd53c62a4dd257e808b3804cd18a95d566a818797fdc09f4b607dc97b634a9d9e447cc2252f51dd8ad9f5a10ccf32b7154992623957d963731bc4331adfc90c48361e4e2239892c82ff9260ad221c2e83c2352095d95a3d44a402e874edaa8a304f2e1c3d6a383a0515eb5657589a67691a22f10b89fd74123f7cec086d434da40ba509b0dbdf1fa82f4b16f9f3e6df6b0b28c3a85ab272e50e064fc37f681fcb5cfa0c0899a9b88d0a483281032cb16a80202b96cfe473ba073fcb9a6eeeee0032afe23506facba3ed1d11608d21a580ab87eeef70d18d9331eae104f6d77a4bc96bce642815485f513bb71ddc560bc31e995aba9faccd7d1bf74c8fe2b5d7137e3b771a2f408ac06d24bad2f7f4c8f6d7d977d7248415ccbd3420688ff681cf9b00724b6981b2555b86bce142c5d3bef47ebf75e989b337cb8cb98ed24402a98a4224685ceb2ded92f347e5192903dff7f6ed980cbf1413b8eb68474a9abac3fb206ef1ebe0d08dd999c9ecf811d0706d0a705a23ae530d3775e978159dc3c73b86dcd18a61e1c6c8b810041fbd80e0a4c9ff8a73933bb3dae152514ced9ee050e059c6f1bd0dbf2e3517ee3c2d770c296e6596290cf800508715da0799efced72be1ab153bec534129279639ba1afde05179952bf9e80133865b60c5669ef3b6972483e2936ac87a69c8e296a0c24cc0b2ce8583c99414ce7d7309c404b0652f27e6911fdfb59877366fa8754e716e50aa99cd04cbf7eb2c8e118b1a17d9965d6611dc65ac8c6b3a4d5d3df3097c4163c354509b50df0cc2daf0291bbd384a34dec960fd84a67cb30b761ee8161bb25d389bd20e15bfcf7f5edd77005e96e90c5a9bbacd7b3f9f5bbdb880f0a7e1254572b86cb28b3c310ba3052d3785b024ed3f3fafabf1393cf2d882b8bacca30d69adc024baede50d9b0bc2ffcd2bf5c6fef2fc290390162b563b8e846d7b615115818623113f01a1c216b9f588b65db63a459bcfce53020debb6de6e746ef2f9f1c8276ba8995e1bd02d3194e9875e1692ea0255743ba2175c4a804f57a4c19a2c7a4f8f36557878deba2d485aa67c2f36ccbb582f3c569e5d00fe8636857f30854abea6758389bcc832d0de97635ea41e42efa0b7c06fd4f84deeaebccfa8852e3c5582ade34fbe462b5244156d4545bd32377c65e3b0303879f8cc8f177056e39f99591dbaf1b2640f9b68c4cf3989fdd442cb1298d62ce43a21c56bc9556eb27431c04ed337fcd37c26387772677c25c7be21ee74d087c7b88457f30b34a493acb519295f38f4b9bc6764fcbd763d4f9e061d0fd8cb7800e2e0ec18d0fbfdbddc9af8d817b3cf16ce82c91f184f5c8184736203e1bcdb4b8c03a2176926cac0ba9fcf7e21604973d53ee3fc38263e80cea9b1cd9a5016d3e03141426a6802e0926485e8afff7cf8be9bdd2ce685128a7631314c4414a6ade6a85975c1b2958d9c52e455174ca71562eaf6102654466c66f5d3e251e6cae5efd91a88a2513f0587d80b9aafd1936b43beb4054bc35f1c42c0381618bbba181f0de8f4e7aa15f87bc7bb4609f88eadbb83bcc13f8caf7eca20a938c35378f8d3a810a7463d8a2487a157871a7402ab05b54bed456fb2d4c440976ccb4e724a20ba1941f3b3db4f8a185982bd719362b7e190052b5579835d1da2adcfdbec002fdb5f7b187fd365eb601432bf984ad6ee59e13aafba08485997587417b70f8cdf4f7370f04d94df49e135ed3012b87e50b93b27c78e1409f05a4bc0b75e6322068de9b0af459fdc40e3649fb2a7fb1296e00e7d48315705ecbb7815fedb45b8773309489e47aaa4009952604df5d6cd57ec310fc387ecdb296c11376715286df3d15f651310461e83c2ae6d407db6f81784b291e6c8f42907dd4c473cb72dedeb930668d6e5efd95bd1f69d9e818a744557689f7106d0d2a3c3e6f79c98559f9c31ca32307011fa3d70963cc2801babc9a23f73f5fa4bcd04285927f6ef7c5099a4620b85ca8dff2a56fe8aac89949dac74cf869739610d87068e3d32fdba1d5b7460b7857249091cb62b6d9f824ffb9b88a02ea4926da7b8b672ad08ec8c7508a3c5ba901e7c8c8a19e63bbc148a8bb307c6f5d87c736c9d6bcfaabdc7da7102a8bc466c6c11c0bf1973aaf9bc181f996b8aa726dc952dd26df33d6b2aa8de037308df7935ef3390e5939fd9cdf2044b40422197fac93f1762ad342d293162c109f39a369e48977af8ea32a7a098fd9cd7cd979b41a104b8359038cd6741a73968c72d09e9b9869d8dc5fc36b9bfdc89b8cffcede960561a9d1e4aa2453f712caecd2a4206947d3588190e3433bdb87a9241e08686dc78f00162f8239d660b74d42ae1d534ffc3a51fc308f98a5ac00f4da9bdcee4e6d0bf627d17366691a3ab8569b730ad31dcc5324c8835b19b65a11845a03434e10329c5feeeb1088b13a3bc3fe65c3eb6e549003d8d211b87823a44910b2a42e340dd2176a17a2e6ebb45cc59baa9a3bbfd74e6ee8d2c512a825292bdd7abe5ff7ede61b74376e5bc37faf8d69346fa32708df690b2d5b5f18727e4bdb899718e38dae959bb56d95ac153beb1426f3cca03105d5fed56e597822bfc31bb284a9848f1b6b9a1910ad2af8b76887cdd2b1de1f81cd542e0c889e89737d61f5e50ef964205a3b4c77c72271f83015e34989d60ef6d0d6c307902975d5dbe90a23ee1cde956cf70135c91a199d9f75500dc95604b9e7eb365ea858d90377601bad95e07a0f156ffc02778365315b67093aebe32a2a5f00ba8b0eae6fb0414eabe117fd590bc39e9208b4137977b5a8610462f2e83cff2b16edcb444b5d33035d0a80bcb1da228247cad6c11369c5026c5a8320d97cbac232b0ecc0b201552e0f41ab143040324217ad67e8606b34a3349e4ef0c34f9cf56d5b6d157c09b178b358491eb270093a99f522afa3aedaf5dc705fe1842b12515dfe1650dd92ab489bed299677eeff81da531569a3ad832ae273a0b47627561a35da92a6c1b161dbf496248f04feb5a407d99968d6ba0174f453d94708be5a57d82b980bd7751b4a9590dc7b4d38c912a8571ebc39150f7e52efad66cb6d3996710bc5a3e89576182a6a1e15d95dbd74c1ab791bee657547ffb645feb8566ed8db97003f1ff2312946a0404c8dfc0f0a240d8320795c83e66f1429eb56db9ba6e1cee43cbc9e95bd10ceccf1f2ff6b8264ed4e83928e0c5056ad07ba0dad0bb21bec76d7b6ee05a2f0bac88f17004e2e299ccb2679099cc838e25f78685509b69d3164c1fae4c538e683af818d223e8806f50da7504008173b9fc69eafb649dc4b516e4554edbe8c9a0ba46db39c962af343e9caada22d55e3d7ad01e5e5d7d146edfc3a93ce8afde8416b8e9a929b8d88909e11554f1b934a98be2d6e6e0ae2ff66f10be722958a0c0c3766f69d590fc56ed8ae47c289413d62310e8022369e8102d0407bfd30c103fb743c81360752a71f36be5a511c43ebdb493d96a7b2eb80494a028f6cc76a2d0eb0aa1f1392bb50a2ba71384f071473d0774e425dd2d212b537f8f654458e0a5d300780c3d29ddcabe9fdd95c14e6cbd924d1aad9eaa2e00d45278609ef27fdec8d81c9221d07b59370db0911550fdddc9ef3ba760109ba384b3ad7ba5747aa50e0b9832bf39cbf5244de38af8c273d497597be8d4e5575d13a580584436621bb5b7878d23991a6221381af19ef2be71e2c7dea6e5fc9dbe0039ccb02d13d978eebdd411727ee7faed65ca6c872bf9c37322ede378709e9f6a61a1b07c7ceeb94b7719d78a8a3d8221695ba"}]}], "4011c6ed3ec831c0a859df4fd6a1cf59a90c42b433580b288a28728fb104cc462f4e92a1a4d50c2d9d75ce8b5ae9b1d6e9a4a79cae905957835e850585441d5cb5c76b06ad60a5a9003ebacf0d40fb6c636fd81af39f9d170ef5af99cd3e3e7ff54f71ca5d83d2b122ebbbc1333a2c811bc4095b572ebbcb83561044b2794ae54b33e99f48eac0eb"}}}}}}, 0xfca) 05:19:12 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000070000000000", 0x32) 05:19:12 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0xf00}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 05:19:12 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000230000000000", 0x32) 05:19:12 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:19:12 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$sock_x25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={@null=' \x00', 0x3, 'xfrm0\x00'}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c616363b385439de95367d36573733d616e790100"]) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400}, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x18, 0x0, &(0x7f0000000140)=[@acquire={0x40046304}, @clear_death], 0x0, 0x8126000, 0x0}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r3, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x9, 0x0) set_thread_area(0x0) pivot_root(0x0, 0x0) [ 2271.339706][T12722] ref_ctr_offset mismatch. inode: 0x4777 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfffffff6 [ 2271.400693][T12717] binder: BINDER_SET_CONTEXT_MGR already set [ 2271.407038][T12717] binder: 12712:12717 ioctl 40046207 0 returned -16 05:19:12 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:19:12 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) [ 2271.740336][T12733] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2271.763281][T12733] CPU: 1 PID: 12733 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2271.772025][T12733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2271.782140][T12733] Call Trace: [ 2271.785447][T12733] dump_stack+0x1fb/0x318 [ 2271.789796][T12733] dump_header+0xd8/0x960 [ 2271.794153][T12733] oom_kill_process+0xee/0x370 [ 2271.798961][T12733] out_of_memory+0x5dc/0x900 [ 2271.803582][T12733] try_charge+0x128f/0x18a0 [ 2271.808161][T12733] mem_cgroup_try_charge+0x216/0x550 [ 2271.813484][T12733] mem_cgroup_try_charge_delay+0x25/0xa0 [ 2271.819130][T12733] do_anonymous_page+0x382/0x1640 [ 2271.824306][T12733] ? do_huge_pmd_anonymous_page+0x154/0xe50 [ 2271.830233][T12733] handle_mm_fault+0x1c17/0x2900 [ 2271.835338][T12733] do_user_addr_fault+0x588/0xaf0 [ 2271.840399][T12733] do_page_fault+0x13b/0x250 [ 2271.845017][T12733] page_fault+0x39/0x40 [ 2271.849295][T12733] RIP: 0033:0x40f61a [ 2271.853310][T12733] Code: 48 24 8b 4c 24 28 89 48 28 31 c0 48 8b 8c 04 20 01 00 00 48 89 8c 02 50 bf 76 00 48 83 c0 08 48 83 f8 48 75 e6 e8 76 3c ff ff <83> 05 e3 09 76 00 01 80 7c 24 07 00 74 0b f6 44 24 08 01 0f 84 b5 [ 2271.872916][T12733] RSP: 002b:00007ffeb3531150 EFLAGS: 00010217 [ 2271.878972][T12733] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000045c479 [ 2271.886938][T12733] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 000000000076bf28 [ 2271.894916][T12733] RBP: 000000000076bf2c R08: 00007fe0b78f2700 R09: 00ffffffffffffff [ 2271.902897][T12733] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000076bf20 [ 2271.910893][T12733] R13: 0000000000000005 R14: 0000000000000000 R15: 000000000076bf2c [ 2271.922809][T12733] memory: usage 307200kB, limit 307200kB, failcnt 16702 [ 2271.930551][T12733] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2271.938111][T12733] Memory cgroup stats for /syz4: [ 2271.938242][T12733] anon 118530048 [ 2271.938242][T12733] file 16384 [ 2271.938242][T12733] kernel_stack 28975104 [ 2271.938242][T12733] slab 52731904 [ 2271.938242][T12733] sock 0 [ 2271.938242][T12733] shmem 73728 [ 2271.938242][T12733] file_mapped 0 [ 2271.938242][T12733] file_dirty 0 [ 2271.938242][T12733] file_writeback 0 [ 2271.938242][T12733] anon_thp 0 [ 2271.938242][T12733] inactive_anon 786432 [ 2271.938242][T12733] active_anon 117719040 [ 2271.938242][T12733] inactive_file 98304 05:19:13 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000080000000000", 0x32) 05:19:13 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000240000000000", 0x32) [ 2271.938242][T12733] active_file 0 [ 2271.938242][T12733] unevictable 0 [ 2271.938242][T12733] slab_reclaimable 7839744 [ 2271.938242][T12733] slab_unreclaimable 44892160 [ 2271.938242][T12733] pgfault 248226 [ 2271.938242][T12733] pgmajfault 0 [ 2271.938242][T12733] workingset_refault 3729 [ 2271.938242][T12733] workingset_activate 1749 [ 2271.938242][T12733] workingset_nodereclaim 0 [ 2271.938242][T12733] pgrefill 139451 [ 2271.938242][T12733] pgscan 157116 [ 2271.938242][T12733] pgsteal 20105 05:19:13 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000250000000000", 0x32) 05:19:13 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x1100}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2272.108524][T12733] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=6355,uid=0 [ 2272.125332][T12733] Memory cgroup out of memory: Killed process 6355 (syz-executor.4) total-vm:74836kB, anon-rss:168kB, file-rss:35808kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 2272.222562][T12735] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2272.239711][T12735] CPU: 0 PID: 12735 Comm: syz-executor.1 Not tainted 5.6.0-rc3-syzkaller #0 [ 2272.249397][T12735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2272.259462][T12735] Call Trace: [ 2272.263005][T12735] dump_stack+0x1fb/0x318 [ 2272.267367][T12735] dump_header+0xd8/0x960 [ 2272.271727][T12735] oom_kill_process+0xee/0x370 [ 2272.276655][T12735] out_of_memory+0x5dc/0x900 [ 2272.281278][T12735] try_charge+0x128f/0x18a0 [ 2272.285855][T12735] mem_cgroup_try_charge+0x216/0x550 [ 2272.291178][T12735] mem_cgroup_try_charge_delay+0x25/0xa0 [ 2272.296852][T12735] wp_page_copy+0x35f/0x1c50 [ 2272.301516][T12735] do_wp_page+0x5e4/0x16d0 [ 2272.305965][T12735] ? __kasan_check_write+0x14/0x20 [ 2272.311099][T12735] ? do_raw_spin_lock+0x103/0x7b0 [ 2272.316141][T12735] ? handle_mm_fault+0x235a/0x2900 [ 2272.321293][T12735] handle_mm_fault+0x241f/0x2900 [ 2272.326296][T12735] do_user_addr_fault+0x588/0xaf0 [ 2272.331361][T12735] do_page_fault+0x13b/0x250 [ 2272.335984][T12735] page_fault+0x39/0x40 [ 2272.340150][T12735] RIP: 0033:0x45aa7e [ 2272.344055][T12735] Code: 00 00 85 c0 41 89 c5 0f 85 fc 00 00 00 64 8b 04 25 d0 02 00 00 41 39 c4 0f 84 12 02 00 00 48 8b 05 a7 de 82 00 48 85 c0 74 04 <48> 83 00 04 64 8b 04 25 d0 02 00 00 64 89 04 25 d4 02 00 00 0f 31 [ 2272.363698][T12735] RSP: 002b:00007ffc28d10e20 EFLAGS: 00010206 [ 2272.369794][T12735] RAX: 0000000000c88428 RBX: 00007ffc28d10e20 RCX: 000000000045aa4a [ 2272.377778][T12735] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2272.385781][T12735] RBP: 00007ffc28d10e60 R08: 0000000000000001 R09: 0000000002844940 [ 2272.393770][T12735] R10: 0000000002844c10 R11: 0000000000000246 R12: 0000000000000001 [ 2272.401756][T12735] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffc28d10eb0 [ 2272.435873][T12735] memory: usage 307200kB, limit 307200kB, failcnt 12508 [ 2272.443078][T12735] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2272.450951][T12735] Memory cgroup stats for /syz1: [ 2272.451051][T12735] anon 117391360 [ 2272.451051][T12735] file 0 [ 2272.451051][T12735] kernel_stack 28348416 [ 2272.451051][T12735] slab 54505472 [ 2272.451051][T12735] sock 131072 [ 2272.451051][T12735] shmem 0 [ 2272.451051][T12735] file_mapped 135168 [ 2272.451051][T12735] file_dirty 0 [ 2272.451051][T12735] file_writeback 0 [ 2272.451051][T12735] anon_thp 0 [ 2272.451051][T12735] inactive_anon 516096 [ 2272.451051][T12735] active_anon 117071872 [ 2272.451051][T12735] inactive_file 4096 [ 2272.451051][T12735] active_file 114688 [ 2272.451051][T12735] unevictable 0 [ 2272.451051][T12735] slab_reclaimable 10137600 [ 2272.451051][T12735] slab_unreclaimable 44367872 [ 2272.451051][T12735] pgfault 239910 [ 2272.451051][T12735] pgmajfault 0 [ 2272.451051][T12735] workingset_refault 2046 [ 2272.451051][T12735] workingset_activate 528 [ 2272.451051][T12735] workingset_nodereclaim 0 05:19:13 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @remote}}) write$tun(r0, &(0x7f00000021c0)={@void, @val={0x9}, @mpls={[], @ipv6=@icmpv6={0x0, 0x6, "9eef7b", 0xf98, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x3, 0x0, 0x0, 0x0, {0x0, 0x6, "6595c3", 0x0, 0x0, 0x0, @mcast2, @loopback, [@dstopts={0x11, 0x13, [0x0, 0x0, 0x0, 0x0, 0x0, 0x33], [@padn={0x1, 0x1, [0x0]}, @enc_lim, @ra, @calipso={0x7, 0x30, {0x0, 0xa, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}}, @calipso={0x7, 0x40, {0x0, 0xe, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, @hao={0xc9, 0x10, @mcast2}, @jumbo, @pad1]}, @srh={0x2, 0xc, 0x4, 0x6, 0x0, 0x0, 0x0, [@loopback, @loopback, @remote, @mcast2, @local, @mcast2]}, @hopopts={0x0, 0x1b8, [], [@ra, @generic={0x0, 0xdbb, "0cad4f4a7eeb53720a5107b6d8001a2f2241086745756559ca43dcc86c24645dd1ca87e3caf5413013c6baee7f151d411bad8f23a85fadfe0f959c12d3393193f4499171ba7b0fdee3a48548863719a05490befc514e21c91ea0c4bcc0e488e1cec20d2c2a5a69ce3dd47d41718560907c58078035d2a51850b0d85282b4a9ab5626b195d85d2727ed7047b647859a72011ff3fa524341909f841651f63701526c6a7e741f3bded9c25d978a77f334d12931fdd5484306ec3d6b268311f46917b7e42efa149511bafa5415d17ac02ab8937249a68b2e3fddb941b0040ced142c2afedcbec1039d40f4923ea3d4475ac561a6a0e869569dd13e736bf127eacb110f8d010329fccadf8e48b27819c823ca0f507f87b3d63ef1869cba2fe3deb0ad1dbaa1a343ab0a856f3e248c6af4ddbfc11824031ce2beeae0991b79382da8b02e0d25715845fc86df5a6279d54d675789e58df953992123c28c532058750c5978a819ddaadbcbe1d7fc264cb688b91668e116227771f36e2a8eb8b7bc364dbda1b3225c6bf9d82ae1e69fe54b17ff692f8b47718b508b8a4e10735bcb55f90616e50d6ba8851388d0f1b39957374ddc9efb243ac2a2bc436e867f3e1499e62d9d158ac22d4d0350b45d1ff2db14ff9507defa68bd37bc5a2e4f7988329171dd59db16a044b748fb6e05e3ca8f863b2ddd8623495f0c3d183e1b610263f17d7629921562a42a3c45a515a30a2c3edc574dff264f881f61393447a1fd773a20e494ac3afc0df59da758af735fbd5e6ad689e95675e29c15617764084f5b6f4732435f63ccb423df6442ad322600e21be45296fd27ca9e08ee7f442a688a32817404d9300ce4a70c2b75ca422b2173a52e9a800f5e520f349525b4c493701ae68ae0efc5e117b9a20735e47c37ccd977686b30d6cabb18f8e7c07ef9721f7daaf4b2c1fd02ec9a2e6e2fd458fa93e4f54d96d5e25ebaca4f322994ae737ee0181b9fac284e952b71fa18ecc7f1c3752a6385a596c094d36654008db0a2a785bf55bcb973d3c5e45ea9ca7506c10ecc0472fd4dd568e38548e87f8557d90290d8a8985cfa43853de5ff75d5a6d8f697c2a6a727675ea5aa1779b1cc98b4ff9556933c7bfa3ae59ada5c8d49191cbea2f2b457dd53c62a4dd257e808b3804cd18a95d566a818797fdc09f4b607dc97b634a9d9e447cc2252f51dd8ad9f5a10ccf32b7154992623957d963731bc4331adfc90c48361e4e2239892c82ff9260ad221c2e83c2352095d95a3d44a402e874edaa8a304f2e1c3d6a383a0515eb5657589a67691a22f10b89fd74123f7cec086d434da40ba509b0dbdf1fa82f4b16f9f3e6df6b0b28c3a85ab272e50e064fc37f681fcb5cfa0c0899a9b88d0a483281032cb16a80202b96cfe473ba073fcb9a6eeeee0032afe23506facba3ed1d11608d21a580ab87eeef70d18d9331eae104f6d77a4bc96bce642815485f513bb71ddc560bc31e995aba9faccd7d1bf74c8fe2b5d7137e3b771a2f408ac06d24bad2f7f4c8f6d7d977d7248415ccbd3420688ff681cf9b00724b6981b2555b86bce142c5d3bef47ebf75e989b337cb8cb98ed24402a98a4224685ceb2ded92f347e5192903dff7f6ed980cbf1413b8eb68474a9abac3fb206ef1ebe0d08dd999c9ecf811d0706d0a705a23ae530d3775e978159dc3c73b86dcd18a61e1c6c8b810041fbd80e0a4c9ff8a73933bb3dae152514ced9ee050e059c6f1bd0dbf2e3517ee3c2d770c296e6596290cf800508715da0799efced72be1ab153bec534129279639ba1afde05179952bf9e80133865b60c5669ef3b6972483e2936ac87a69c8e296a0c24cc0b2ce8583c99414ce7d7309c404b0652f27e6911fdfb59877366fa8754e716e50aa99cd04cbf7eb2c8e118b1a17d9965d6611dc65ac8c6b3a4d5d3df3097c4163c354509b50df0cc2daf0291bbd384a34dec960fd84a67cb30b761ee8161bb25d389bd20e15bfcf7f5edd77005e96e90c5a9bbacd7b3f9f5bbdb880f0a7e1254572b86cb28b3c310ba3052d3785b024ed3f3fafabf1393cf2d882b8bacca30d69adc024baede50d9b0bc2ffcd2bf5c6fef2fc290390162b563b8e846d7b615115818623113f01a1c216b9f588b65db63a459bcfce53020debb6de6e746ef2f9f1c8276ba8995e1bd02d3194e9875e1692ea0255743ba2175c4a804f57a4c19a2c7a4f8f36557878deba2d485aa67c2f36ccbb582f3c569e5d00fe8636857f30854abea6758389bcc832d0de97635ea41e42efa0b7c06fd4f84deeaebccfa8852e3c5582ade34fbe462b5244156d4545bd32377c65e3b0303879f8cc8f177056e39f99591dbaf1b2640f9b68c4cf3989fdd442cb1298d62ce43a21c56bc9556eb27431c04ed337fcd37c26387772677c25c7be21ee74d087c7b88457f30b34a493acb519295f38f4b9bc6764fcbd763d4f9e061d0fd8cb7800e2e0ec18d0fbfdbddc9af8d817b3cf16ce82c91f184f5c8184736203e1bcdb4b8c03a2176926cac0ba9fcf7e21604973d53ee3fc38263e80cea9b1cd9a5016d3e03141426a6802e0926485e8afff7cf8be9bdd2ce685128a7631314c4414a6ade6a85975c1b2958d9c52e455174ca71562eaf6102654466c66f5d3e251e6cae5efd91a88a2513f0587d80b9aafd1936b43beb4054bc35f1c42c0381618bbba181f0de8f4e7aa15f87bc7bb4609f88eadbb83bcc13f8caf7eca20a938c35378f8d3a810a7463d8a2487a157871a7402ab05b54bed456fb2d4c440976ccb4e724a20ba1941f3b3db4f8a185982bd719362b7e190052b5579835d1da2adcfdbec002fdb5f7b187fd365eb601432bf984ad6ee59e13aafba08485997587417b70f8cdf4f7370f04d94df49e135ed3012b87e50b93b27c78e1409f05a4bc0b75e6322068de9b0af459fdc40e3649fb2a7fb1296e00e7d48315705ecbb7815fedb45b8773309489e47aaa4009952604df5d6cd57ec310fc387ecdb296c11376715286df3d15f651310461e83c2ae6d407db6f81784b291e6c8f42907dd4c473cb72dedeb930668d6e5efd95bd1f69d9e818a744557689f7106d0d2a3c3e6f79c98559f9c31ca32307011fa3d70963cc2801babc9a23f73f5fa4bcd04285927f6ef7c5099a4620b85ca8dff2a56fe8aac89949dac74cf869739610d87068e3d32fdba1d5b7460b7857249091cb62b6d9f824ffb9b88a02ea4926da7b8b672ad08ec8c7508a3c5ba901e7c8c8a19e63bbc148a8bb307c6f5d87c736c9d6bcfaabdc7da7102a8bc466c6c11c0bf1973aaf9bc181f996b8aa726dc952dd26df33d6b2aa8de037308df7935ef3390e5939fd9cdf2044b40422197fac93f1762ad342d293162c109f39a369e48977af8ea32a7a098fd9cd7cd979b41a104b8359038cd6741a73968c72d09e9b9869d8dc5fc36b9bfdc89b8cffcede960561a9d1e4aa2453f712caecd2a4206947d3588190e3433bdb87a9241e08686dc78f00162f8239d660b74d42ae1d534ffc3a51fc308f98a5ac00f4da9bdcee4e6d0bf627d17366691a3ab8569b730ad31dcc5324c8835b19b65a11845a03434e10329c5feeeb1088b13a3bc3fe65c3eb6e549003d8d211b87823a44910b2a42e340dd2176a17a2e6ebb45cc59baa9a3bbfd74e6ee8d2c512a825292bdd7abe5ff7ede61b74376e5bc37faf8d69346fa32708df690b2d5b5f18727e4bdb899718e38dae959bb56d95ac153beb1426f3cca03105d5fed56e597822bfc31bb284a9848f1b6b9a1910ad2af8b76887cdd2b1de1f81cd542e0c889e89737d61f5e50ef964205a3b4c77c72271f83015e34989d60ef6d0d6c307902975d5dbe90a23ee1cde956cf70135c91a199d9f75500dc95604b9e7eb365ea858d90377601bad95e07a0f156ffc02778365315b67093aebe32a2a5f00ba8b0eae6fb0414eabe117fd590bc39e9208b4137977b5a8610462f2e83cff2b16edcb444b5d33035d0a80bcb1da228247cad6c11369c5026c5a8320d97cbac232b0ecc0b201552e0f41ab143040324217ad67e8606b34a3349e4ef0c34f9cf56d5b6d157c09b178b358491eb270093a99f522afa3aedaf5dc705fe1842b12515dfe1650dd92ab489bed299677eeff81da531569a3ad832ae273a0b47627561a35da92a6c1b161dbf496248f04feb5a407d99968d6ba0174f453d94708be5a57d82b980bd7751b4a9590dc7b4d38c912a8571ebc39150f7e52efad66cb6d3996710bc5a3e89576182a6a1e15d95dbd74c1ab791bee657547ffb645feb8566ed8db97003f1ff2312946a0404c8dfc0f0a240d8320795c83e66f1429eb56db9ba6e1cee43cbc9e95bd10ceccf1f2ff6b8264ed4e83928e0c5056ad07ba0dad0bb21bec76d7b6ee05a2f0bac88f17004e2e299ccb2679099cc838e25f78685509b69d3164c1fae4c538e683af818d223e8806f50da7504008173b9fc69eafb649dc4b516e4554edbe8c9a0ba46db39c962af343e9caada22d55e3d7ad01e5e5d7d146edfc3a93ce8afde8416b8e9a929b8d88909e11554f1b934a98be2d6e6e0ae2ff66f10be722958a0c0c3766f69d590fc56ed8ae47c289413d62310e8022369e8102d0407bfd30c103fb743c81360752a71f36be5a511c43ebdb493d96a7b2eb80494a028f6cc76a2d0eb0aa1f1392bb50a2ba71384f071473d0774e425dd2d212b537f8f654458e0a5d300780c3d29ddcabe9fdd95c14e6cbd924d1aad9eaa2e00d45278609ef27fdec8d81c9221d07b59370db0911550fdddc9ef3ba760109ba384b3ad7ba5747aa50e0b9832bf39cbf5244de38af8c273d497597be8d4e5575d13a580584436621bb5b7878d23991a6221381af19ef2be71e2c7dea6e5fc9dbe0039ccb02d13d978eebdd411727ee7faed65ca6c872bf9c37322ede378709e9f6a61a1b07c7ceeb94b7719d78a8a3d8221695ba"}]}], "4011c6ed3ec831c0a859df4fd6a1cf59a90c42b433580b288a28728fb104cc462f4e92a1a4d50c2d9d75ce8b5ae9b1d6e9a4a79cae905957835e850585441d5cb5c76b06ad60a5a9003ebacf0d40fb6c636fd81af39f9d170ef5af99cd3e3e7ff54f71ca5d83d2b122ebbbc1333a2c811bc4095b572ebbcb83561044b2794ae54b33e99f48eac0eb"}}}}}}, 0xfca) 05:19:13 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000260000000000", 0x32) 05:19:13 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000090000000000", 0x32) [ 2272.451051][T12735] pgrefill 101064 [ 2272.451051][T12735] pgscan 102448 [ 2272.451051][T12735] pgsteal 3460 [ 2272.451770][T12753] ref_ctr_offset mismatch. inode: 0x4777 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfffffff6 [ 2272.461276][T12735] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=12684,uid=0 05:19:13 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f0000000000000a0000000000", 0x32) 05:19:13 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000270000000000", 0x32) [ 2272.696515][T12735] Memory cgroup out of memory: Killed process 12684 (syz-executor.1) total-vm:74836kB, anon-rss:164kB, file-rss:35808kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2272.824722][T12733] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2272.862513][T12733] CPU: 1 PID: 12733 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2272.871257][T12733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2272.881326][T12733] Call Trace: [ 2272.884649][T12733] dump_stack+0x1fb/0x318 [ 2272.889015][T12733] dump_header+0xd8/0x960 [ 2272.893519][T12733] oom_kill_process+0xee/0x370 [ 2272.898312][T12733] out_of_memory+0x5dc/0x900 [ 2272.903063][T12733] try_charge+0x128f/0x18a0 [ 2272.907624][T12733] mem_cgroup_try_charge+0x216/0x550 [ 2272.912942][T12733] mem_cgroup_try_charge_delay+0x25/0xa0 [ 2272.918620][T12733] wp_page_copy+0x35f/0x1c50 [ 2272.923349][T12733] do_wp_page+0x5e4/0x16d0 [ 2272.927774][T12733] ? __kasan_check_write+0x14/0x20 [ 2272.932904][T12733] ? do_raw_spin_lock+0x103/0x7b0 [ 2272.937946][T12733] ? handle_mm_fault+0x235a/0x2900 [ 2272.943228][T12733] handle_mm_fault+0x241f/0x2900 [ 2272.948204][T12733] do_user_addr_fault+0x588/0xaf0 [ 2272.953230][T12733] do_page_fault+0x13b/0x250 [ 2272.957945][T12733] page_fault+0x39/0x40 [ 2272.962235][T12733] RIP: 0033:0x4114c8 [ 2272.966143][T12733] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 78 1d 4c 00 31 c0 e8 e3 09 ff ff 31 ff e8 2c 06 ff ff 0f 1f 40 00 <89> 3c b5 00 00 74 00 eb b6 31 ed 0f 1f 44 00 00 80 3d 7e 11 87 00 [ 2272.985838][T12733] RSP: 002b:00007ffeb3531080 EFLAGS: 00010246 [ 2272.991915][T12733] RAX: 00000000b2f30f85 RBX: 00000000f5959218 RCX: 0000001b2d920000 [ 2272.999902][T12733] RDX: 0000000000000000 RSI: 0000000000000f85 RDI: ffffffffb2f30f85 [ 2273.007884][T12733] RBP: 0000000000000000 R08: 00000000b2f30f85 R09: 00000000b2f30f89 [ 2273.015875][T12733] R10: 00007ffeb3531220 R11: 0000000000000246 R12: 000000000076c048 [ 2273.023999][T12733] R13: 0000000080000000 R14: 00007fe0b96f3008 R15: 0000000000000027 [ 2273.112822][T12733] memory: usage 307192kB, limit 307200kB, failcnt 16737 05:19:14 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f0000000000000b0000000000", 0x32) [ 2273.152293][T12751] ref_ctr_offset mismatch. inode: 0x4777 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfffffff6 [ 2273.152366][T12733] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2273.249046][T12733] Memory cgroup stats for /syz4: [ 2273.251777][T12733] anon 118525952 [ 2273.251777][T12733] file 16384 [ 2273.251777][T12733] kernel_stack 29011968 [ 2273.251777][T12733] slab 52731904 [ 2273.251777][T12733] sock 0 [ 2273.251777][T12733] shmem 73728 [ 2273.251777][T12733] file_mapped 0 [ 2273.251777][T12733] file_dirty 0 [ 2273.251777][T12733] file_writeback 0 [ 2273.251777][T12733] anon_thp 0 [ 2273.251777][T12733] inactive_anon 786432 [ 2273.251777][T12733] active_anon 117854208 [ 2273.251777][T12733] inactive_file 98304 [ 2273.251777][T12733] active_file 0 [ 2273.251777][T12733] unevictable 0 [ 2273.251777][T12733] slab_reclaimable 7839744 [ 2273.251777][T12733] slab_unreclaimable 44892160 [ 2273.251777][T12733] pgfault 248292 [ 2273.251777][T12733] pgmajfault 0 [ 2273.251777][T12733] workingset_refault 3729 [ 2273.251777][T12733] workingset_activate 1749 [ 2273.251777][T12733] workingset_nodereclaim 0 [ 2273.251777][T12733] pgrefill 139686 [ 2273.251777][T12733] pgscan 157348 [ 2273.251777][T12733] pgsteal 20105 [ 2273.357841][T12733] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=6216,uid=0 [ 2273.379929][T12733] Memory cgroup out of memory: Killed process 6216 (syz-executor.4) total-vm:74836kB, anon-rss:168kB, file-rss:35808kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 2273.424946][T12735] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2273.442576][T12735] CPU: 1 PID: 12735 Comm: syz-executor.1 Not tainted 5.6.0-rc3-syzkaller #0 [ 2273.451309][T12735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2273.461379][T12735] Call Trace: [ 2273.464697][T12735] dump_stack+0x1fb/0x318 [ 2273.469054][T12735] dump_header+0xd8/0x960 05:19:14 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) [ 2273.473398][T12735] oom_kill_process+0xee/0x370 [ 2273.478314][T12735] out_of_memory+0x5dc/0x900 [ 2273.482929][T12735] try_charge+0x128f/0x18a0 [ 2273.487509][T12735] __memcg_kmem_charge_memcg+0x37/0x140 [ 2273.493076][T12735] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2273.498649][T12735] __memcg_kmem_charge+0x105/0x340 [ 2273.503796][T12735] dup_task_struct+0x244/0x7d0 [ 2273.508595][T12735] copy_process+0x552/0x57b0 [ 2273.513326][T12735] ? debug_smp_processor_id+0x9/0x20 [ 2273.518630][T12735] ? check_preemption_disabled+0x44/0x260 [ 2273.524398][T12735] ? debug_smp_processor_id+0x9/0x20 [ 2273.529714][T12735] _do_fork+0x13e/0x660 [ 2273.533893][T12735] ? check_preemption_disabled+0x44/0x260 [ 2273.539644][T12735] ? debug_smp_processor_id+0x9/0x20 [ 2273.544945][T12735] ? check_preemption_disabled+0x44/0x260 [ 2273.550830][T12735] ? debug_smp_processor_id+0x9/0x20 [ 2273.556112][T12735] ? check_preemption_disabled+0x44/0x260 [ 2273.562018][T12735] __x64_sys_clone+0x20b/0x250 [ 2273.566787][T12735] do_syscall_64+0xf7/0x1c0 [ 2273.571434][T12735] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2273.577336][T12735] RIP: 0033:0x45ee49 [ 2273.581355][T12735] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2273.601178][T12735] RSP: 002b:00007ffc28d10b88 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2273.609600][T12735] RAX: ffffffffffffffda RBX: 00007fea86b89700 RCX: 000000000045ee49 [ 2273.617673][T12735] RDX: 00007fea86b899d0 RSI: 00007fea86b88db0 RDI: 00000000003d0f00 [ 2273.625640][T12735] RBP: 00007ffc28d10da0 R08: 00007fea86b89700 R09: 00007fea86b89700 [ 2273.633615][T12735] R10: 00007fea86b899d0 R11: 0000000000000202 R12: 0000000000000000 [ 2273.641591][T12735] R13: 00007ffc28d10c3f R14: 00007fea86b899c0 R15: 000000000076bfcc [ 2273.650747][T12735] memory: usage 307036kB, limit 307200kB, failcnt 12520 [ 2273.657878][T12735] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2273.690984][T12735] Memory cgroup stats for /syz1: [ 2273.691073][T12735] anon 117391360 [ 2273.691073][T12735] file 0 [ 2273.691073][T12735] kernel_stack 28385280 [ 2273.691073][T12735] slab 54505472 [ 2273.691073][T12735] sock 131072 [ 2273.691073][T12735] shmem 0 [ 2273.691073][T12735] file_mapped 135168 [ 2273.691073][T12735] file_dirty 0 [ 2273.691073][T12735] file_writeback 0 [ 2273.691073][T12735] anon_thp 0 [ 2273.691073][T12735] inactive_anon 516096 [ 2273.691073][T12735] active_anon 117071872 [ 2273.691073][T12735] inactive_file 4096 [ 2273.691073][T12735] active_file 114688 [ 2273.691073][T12735] unevictable 0 [ 2273.691073][T12735] slab_reclaimable 10137600 [ 2273.691073][T12735] slab_unreclaimable 44367872 [ 2273.691073][T12735] pgfault 239976 [ 2273.691073][T12735] pgmajfault 0 [ 2273.691073][T12735] workingset_refault 2046 [ 2273.691073][T12735] workingset_activate 528 [ 2273.691073][T12735] workingset_nodereclaim 0 [ 2273.691073][T12735] pgrefill 101130 [ 2273.691073][T12735] pgscan 102514 [ 2273.691073][T12735] pgsteal 3460 [ 2273.795308][T12735] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=11875,uid=0 [ 2273.843037][T12735] Memory cgroup out of memory: Killed process 11875 (syz-executor.1) total-vm:74704kB, anon-rss:156kB, file-rss:35812kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 05:19:15 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:19:15 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000280000000000", 0x32) 05:19:15 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f0000000000000c0000000000", 0x32) 05:19:15 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x1200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 05:19:15 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @remote}}) write$tun(r0, &(0x7f00000021c0)={@void, @val={0x9}, @mpls={[], @ipv6=@icmpv6={0x0, 0x6, "9eef7b", 0xf98, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x3, 0x0, 0x0, 0x0, {0x0, 0x6, "6595c3", 0x0, 0x0, 0x0, @mcast2, @loopback, [@dstopts={0x11, 0x13, [0x0, 0x0, 0x0, 0x0, 0x0, 0x3b], [@padn={0x1, 0x1, [0x0]}, @enc_lim, @ra, @calipso={0x7, 0x30, {0x0, 0xa, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}}, @calipso={0x7, 0x40, {0x0, 0xe, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, @hao={0xc9, 0x10, @mcast2}, @jumbo, @pad1]}, @srh={0x2, 0xc, 0x4, 0x6, 0x0, 0x0, 0x0, [@loopback, @loopback, @remote, @mcast2, @local, @mcast2]}, @hopopts={0x0, 0x1b8, [], [@ra, @generic={0x0, 0xdbb, "0cad4f4a7eeb53720a5107b6d8001a2f2241086745756559ca43dcc86c24645dd1ca87e3caf5413013c6baee7f151d411bad8f23a85fadfe0f959c12d3393193f4499171ba7b0fdee3a48548863719a05490befc514e21c91ea0c4bcc0e488e1cec20d2c2a5a69ce3dd47d41718560907c58078035d2a51850b0d85282b4a9ab5626b195d85d2727ed7047b647859a72011ff3fa524341909f841651f63701526c6a7e741f3bded9c25d978a77f334d12931fdd5484306ec3d6b268311f46917b7e42efa149511bafa5415d17ac02ab8937249a68b2e3fddb941b0040ced142c2afedcbec1039d40f4923ea3d4475ac561a6a0e869569dd13e736bf127eacb110f8d010329fccadf8e48b27819c823ca0f507f87b3d63ef1869cba2fe3deb0ad1dbaa1a343ab0a856f3e248c6af4ddbfc11824031ce2beeae0991b79382da8b02e0d25715845fc86df5a6279d54d675789e58df953992123c28c532058750c5978a819ddaadbcbe1d7fc264cb688b91668e116227771f36e2a8eb8b7bc364dbda1b3225c6bf9d82ae1e69fe54b17ff692f8b47718b508b8a4e10735bcb55f90616e50d6ba8851388d0f1b39957374ddc9efb243ac2a2bc436e867f3e1499e62d9d158ac22d4d0350b45d1ff2db14ff9507defa68bd37bc5a2e4f7988329171dd59db16a044b748fb6e05e3ca8f863b2ddd8623495f0c3d183e1b610263f17d7629921562a42a3c45a515a30a2c3edc574dff264f881f61393447a1fd773a20e494ac3afc0df59da758af735fbd5e6ad689e95675e29c15617764084f5b6f4732435f63ccb423df6442ad322600e21be45296fd27ca9e08ee7f442a688a32817404d9300ce4a70c2b75ca422b2173a52e9a800f5e520f349525b4c493701ae68ae0efc5e117b9a20735e47c37ccd977686b30d6cabb18f8e7c07ef9721f7daaf4b2c1fd02ec9a2e6e2fd458fa93e4f54d96d5e25ebaca4f322994ae737ee0181b9fac284e952b71fa18ecc7f1c3752a6385a596c094d36654008db0a2a785bf55bcb973d3c5e45ea9ca7506c10ecc0472fd4dd568e38548e87f8557d90290d8a8985cfa43853de5ff75d5a6d8f697c2a6a727675ea5aa1779b1cc98b4ff9556933c7bfa3ae59ada5c8d49191cbea2f2b457dd53c62a4dd257e808b3804cd18a95d566a818797fdc09f4b607dc97b634a9d9e447cc2252f51dd8ad9f5a10ccf32b7154992623957d963731bc4331adfc90c48361e4e2239892c82ff9260ad221c2e83c2352095d95a3d44a402e874edaa8a304f2e1c3d6a383a0515eb5657589a67691a22f10b89fd74123f7cec086d434da40ba509b0dbdf1fa82f4b16f9f3e6df6b0b28c3a85ab272e50e064fc37f681fcb5cfa0c0899a9b88d0a483281032cb16a80202b96cfe473ba073fcb9a6eeeee0032afe23506facba3ed1d11608d21a580ab87eeef70d18d9331eae104f6d77a4bc96bce642815485f513bb71ddc560bc31e995aba9faccd7d1bf74c8fe2b5d7137e3b771a2f408ac06d24bad2f7f4c8f6d7d977d7248415ccbd3420688ff681cf9b00724b6981b2555b86bce142c5d3bef47ebf75e989b337cb8cb98ed24402a98a4224685ceb2ded92f347e5192903dff7f6ed980cbf1413b8eb68474a9abac3fb206ef1ebe0d08dd999c9ecf811d0706d0a705a23ae530d3775e978159dc3c73b86dcd18a61e1c6c8b810041fbd80e0a4c9ff8a73933bb3dae152514ced9ee050e059c6f1bd0dbf2e3517ee3c2d770c296e6596290cf800508715da0799efced72be1ab153bec534129279639ba1afde05179952bf9e80133865b60c5669ef3b6972483e2936ac87a69c8e296a0c24cc0b2ce8583c99414ce7d7309c404b0652f27e6911fdfb59877366fa8754e716e50aa99cd04cbf7eb2c8e118b1a17d9965d6611dc65ac8c6b3a4d5d3df3097c4163c354509b50df0cc2daf0291bbd384a34dec960fd84a67cb30b761ee8161bb25d389bd20e15bfcf7f5edd77005e96e90c5a9bbacd7b3f9f5bbdb880f0a7e1254572b86cb28b3c310ba3052d3785b024ed3f3fafabf1393cf2d882b8bacca30d69adc024baede50d9b0bc2ffcd2bf5c6fef2fc290390162b563b8e846d7b615115818623113f01a1c216b9f588b65db63a459bcfce53020debb6de6e746ef2f9f1c8276ba8995e1bd02d3194e9875e1692ea0255743ba2175c4a804f57a4c19a2c7a4f8f36557878deba2d485aa67c2f36ccbb582f3c569e5d00fe8636857f30854abea6758389bcc832d0de97635ea41e42efa0b7c06fd4f84deeaebccfa8852e3c5582ade34fbe462b5244156d4545bd32377c65e3b0303879f8cc8f177056e39f99591dbaf1b2640f9b68c4cf3989fdd442cb1298d62ce43a21c56bc9556eb27431c04ed337fcd37c26387772677c25c7be21ee74d087c7b88457f30b34a493acb519295f38f4b9bc6764fcbd763d4f9e061d0fd8cb7800e2e0ec18d0fbfdbddc9af8d817b3cf16ce82c91f184f5c8184736203e1bcdb4b8c03a2176926cac0ba9fcf7e21604973d53ee3fc38263e80cea9b1cd9a5016d3e03141426a6802e0926485e8afff7cf8be9bdd2ce685128a7631314c4414a6ade6a85975c1b2958d9c52e455174ca71562eaf6102654466c66f5d3e251e6cae5efd91a88a2513f0587d80b9aafd1936b43beb4054bc35f1c42c0381618bbba181f0de8f4e7aa15f87bc7bb4609f88eadbb83bcc13f8caf7eca20a938c35378f8d3a810a7463d8a2487a157871a7402ab05b54bed456fb2d4c440976ccb4e724a20ba1941f3b3db4f8a185982bd719362b7e190052b5579835d1da2adcfdbec002fdb5f7b187fd365eb601432bf984ad6ee59e13aafba08485997587417b70f8cdf4f7370f04d94df49e135ed3012b87e50b93b27c78e1409f05a4bc0b75e6322068de9b0af459fdc40e3649fb2a7fb1296e00e7d48315705ecbb7815fedb45b8773309489e47aaa4009952604df5d6cd57ec310fc387ecdb296c11376715286df3d15f651310461e83c2ae6d407db6f81784b291e6c8f42907dd4c473cb72dedeb930668d6e5efd95bd1f69d9e818a744557689f7106d0d2a3c3e6f79c98559f9c31ca32307011fa3d70963cc2801babc9a23f73f5fa4bcd04285927f6ef7c5099a4620b85ca8dff2a56fe8aac89949dac74cf869739610d87068e3d32fdba1d5b7460b7857249091cb62b6d9f824ffb9b88a02ea4926da7b8b672ad08ec8c7508a3c5ba901e7c8c8a19e63bbc148a8bb307c6f5d87c736c9d6bcfaabdc7da7102a8bc466c6c11c0bf1973aaf9bc181f996b8aa726dc952dd26df33d6b2aa8de037308df7935ef3390e5939fd9cdf2044b40422197fac93f1762ad342d293162c109f39a369e48977af8ea32a7a098fd9cd7cd979b41a104b8359038cd6741a73968c72d09e9b9869d8dc5fc36b9bfdc89b8cffcede960561a9d1e4aa2453f712caecd2a4206947d3588190e3433bdb87a9241e08686dc78f00162f8239d660b74d42ae1d534ffc3a51fc308f98a5ac00f4da9bdcee4e6d0bf627d17366691a3ab8569b730ad31dcc5324c8835b19b65a11845a03434e10329c5feeeb1088b13a3bc3fe65c3eb6e549003d8d211b87823a44910b2a42e340dd2176a17a2e6ebb45cc59baa9a3bbfd74e6ee8d2c512a825292bdd7abe5ff7ede61b74376e5bc37faf8d69346fa32708df690b2d5b5f18727e4bdb899718e38dae959bb56d95ac153beb1426f3cca03105d5fed56e597822bfc31bb284a9848f1b6b9a1910ad2af8b76887cdd2b1de1f81cd542e0c889e89737d61f5e50ef964205a3b4c77c72271f83015e34989d60ef6d0d6c307902975d5dbe90a23ee1cde956cf70135c91a199d9f75500dc95604b9e7eb365ea858d90377601bad95e07a0f156ffc02778365315b67093aebe32a2a5f00ba8b0eae6fb0414eabe117fd590bc39e9208b4137977b5a8610462f2e83cff2b16edcb444b5d33035d0a80bcb1da228247cad6c11369c5026c5a8320d97cbac232b0ecc0b201552e0f41ab143040324217ad67e8606b34a3349e4ef0c34f9cf56d5b6d157c09b178b358491eb270093a99f522afa3aedaf5dc705fe1842b12515dfe1650dd92ab489bed299677eeff81da531569a3ad832ae273a0b47627561a35da92a6c1b161dbf496248f04feb5a407d99968d6ba0174f453d94708be5a57d82b980bd7751b4a9590dc7b4d38c912a8571ebc39150f7e52efad66cb6d3996710bc5a3e89576182a6a1e15d95dbd74c1ab791bee657547ffb645feb8566ed8db97003f1ff2312946a0404c8dfc0f0a240d8320795c83e66f1429eb56db9ba6e1cee43cbc9e95bd10ceccf1f2ff6b8264ed4e83928e0c5056ad07ba0dad0bb21bec76d7b6ee05a2f0bac88f17004e2e299ccb2679099cc838e25f78685509b69d3164c1fae4c538e683af818d223e8806f50da7504008173b9fc69eafb649dc4b516e4554edbe8c9a0ba46db39c962af343e9caada22d55e3d7ad01e5e5d7d146edfc3a93ce8afde8416b8e9a929b8d88909e11554f1b934a98be2d6e6e0ae2ff66f10be722958a0c0c3766f69d590fc56ed8ae47c289413d62310e8022369e8102d0407bfd30c103fb743c81360752a71f36be5a511c43ebdb493d96a7b2eb80494a028f6cc76a2d0eb0aa1f1392bb50a2ba71384f071473d0774e425dd2d212b537f8f654458e0a5d300780c3d29ddcabe9fdd95c14e6cbd924d1aad9eaa2e00d45278609ef27fdec8d81c9221d07b59370db0911550fdddc9ef3ba760109ba384b3ad7ba5747aa50e0b9832bf39cbf5244de38af8c273d497597be8d4e5575d13a580584436621bb5b7878d23991a6221381af19ef2be71e2c7dea6e5fc9dbe0039ccb02d13d978eebdd411727ee7faed65ca6c872bf9c37322ede378709e9f6a61a1b07c7ceeb94b7719d78a8a3d8221695ba"}]}], "4011c6ed3ec831c0a859df4fd6a1cf59a90c42b433580b288a28728fb104cc462f4e92a1a4d50c2d9d75ce8b5ae9b1d6e9a4a79cae905957835e850585441d5cb5c76b06ad60a5a9003ebacf0d40fb6c636fd81af39f9d170ef5af99cd3e3e7ff54f71ca5d83d2b122ebbbc1333a2c811bc4095b572ebbcb83561044b2794ae54b33e99f48eac0eb"}}}}}}, 0xfca) 05:19:15 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000290000000000", 0x32) 05:19:15 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f0000000000000d0000000000", 0x32) [ 2274.199676][T12810] ref_ctr_offset mismatch. inode: 0x4854 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfffffff6 05:19:15 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) [ 2274.638649][T12821] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2274.681086][T12821] CPU: 0 PID: 12821 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2274.689821][T12821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2274.700015][T12821] Call Trace: [ 2274.703347][T12821] dump_stack+0x1fb/0x318 [ 2274.707811][T12821] dump_header+0xd8/0x960 [ 2274.712176][T12821] oom_kill_process+0xee/0x370 [ 2274.716960][T12821] out_of_memory+0x5dc/0x900 [ 2274.721597][T12821] try_charge+0x128f/0x18a0 [ 2274.726188][T12821] mem_cgroup_try_charge+0x216/0x550 [ 2274.731592][T12821] mem_cgroup_try_charge_delay+0x25/0xa0 [ 2274.737391][T12821] do_anonymous_page+0x382/0x1640 [ 2274.742448][T12821] ? do_huge_pmd_anonymous_page+0x154/0xe50 [ 2274.748392][T12821] handle_mm_fault+0x1c17/0x2900 [ 2274.753398][T12821] do_user_addr_fault+0x588/0xaf0 [ 2274.758478][T12821] do_page_fault+0x13b/0x250 [ 2274.763148][T12821] page_fault+0x39/0x40 [ 2274.767443][T12821] RIP: 0033:0x40f61a [ 2274.771495][T12821] Code: 48 24 8b 4c 24 28 89 48 28 31 c0 48 8b 8c 04 20 01 00 00 48 89 8c 02 50 bf 76 00 48 83 c0 08 48 83 f8 48 75 e6 e8 76 3c ff ff <83> 05 e3 09 76 00 01 80 7c 24 07 00 74 0b f6 44 24 08 01 0f 84 b5 [ 2274.791117][T12821] RSP: 002b:00007ffeb3531150 EFLAGS: 00010217 [ 2274.797219][T12821] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000045c479 [ 2274.805312][T12821] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 000000000076bf28 [ 2274.813323][T12821] RBP: 000000000076bf2c R08: 00007fe0b78f2700 R09: 00ffffffffffffff [ 2274.821315][T12821] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000076bf20 [ 2274.829432][T12821] R13: 0000000000000005 R14: 0000000000000000 R15: 000000000076bf2c [ 2274.876524][T12821] memory: usage 307200kB, limit 307200kB, failcnt 16768 [ 2274.885297][T12821] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2274.898167][T12821] Memory cgroup stats for /syz4: [ 2274.898264][T12821] anon 118525952 [ 2274.898264][T12821] file 16384 [ 2274.898264][T12821] kernel_stack 28975104 [ 2274.898264][T12821] slab 52731904 [ 2274.898264][T12821] sock 0 [ 2274.898264][T12821] shmem 73728 [ 2274.898264][T12821] file_mapped 0 [ 2274.898264][T12821] file_dirty 0 [ 2274.898264][T12821] file_writeback 0 [ 2274.898264][T12821] anon_thp 0 [ 2274.898264][T12821] inactive_anon 786432 [ 2274.898264][T12821] active_anon 117854208 [ 2274.898264][T12821] inactive_file 98304 [ 2274.898264][T12821] active_file 0 [ 2274.898264][T12821] unevictable 0 [ 2274.898264][T12821] slab_reclaimable 7839744 [ 2274.898264][T12821] slab_unreclaimable 44892160 [ 2274.898264][T12821] pgfault 248457 [ 2274.898264][T12821] pgmajfault 0 [ 2274.898264][T12821] workingset_refault 3762 05:19:16 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f0000000000000e0000000000", 0x32) 05:19:16 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f0000000000002a0000000000", 0x32) [ 2274.898264][T12821] workingset_activate 1749 [ 2274.898264][T12821] workingset_nodereclaim 0 [ 2274.898264][T12821] pgrefill 139851 [ 2274.898264][T12821] pgscan 157513 [ 2274.898264][T12821] pgsteal 20105 [ 2275.003970][T12821] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=6063,uid=0 05:19:16 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f0000000000000f0000000000", 0x32) 05:19:16 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x1400}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2275.154029][T12821] Memory cgroup out of memory: Killed process 6063 (syz-executor.4) total-vm:74968kB, anon-rss:176kB, file-rss:35800kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 2275.225668][T12838] ref_ctr_offset mismatch. inode: 0x4854 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfffffff6 [ 2275.348061][T12814] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2275.379339][T12814] CPU: 1 PID: 12814 Comm: syz-executor.1 Not tainted 5.6.0-rc3-syzkaller #0 [ 2275.388078][T12814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2275.398150][T12814] Call Trace: [ 2275.401576][T12814] dump_stack+0x1fb/0x318 [ 2275.405958][T12814] dump_header+0xd8/0x960 [ 2275.410316][T12814] oom_kill_process+0xee/0x370 [ 2275.415115][T12814] out_of_memory+0x5dc/0x900 [ 2275.419743][T12814] try_charge+0x128f/0x18a0 [ 2275.424318][T12814] mem_cgroup_try_charge+0x216/0x550 [ 2275.429639][T12814] mem_cgroup_try_charge_delay+0x25/0xa0 [ 2275.435524][T12814] wp_page_copy+0x35f/0x1c50 [ 2275.440279][T12814] do_wp_page+0x5e4/0x16d0 [ 2275.444706][T12814] ? __kasan_check_write+0x14/0x20 [ 2275.449853][T12814] ? do_raw_spin_lock+0x103/0x7b0 [ 2275.454913][T12814] ? handle_mm_fault+0x235a/0x2900 [ 2275.460070][T12814] handle_mm_fault+0x241f/0x2900 [ 2275.465188][T12814] do_user_addr_fault+0x588/0xaf0 [ 2275.470396][T12814] do_page_fault+0x13b/0x250 [ 2275.475024][T12814] page_fault+0x39/0x40 [ 2275.479201][T12814] RIP: 0033:0x45f097 [ 2275.483262][T12814] Code: 03 00 00 e8 fb 81 fb ff f4 66 2e 0f 1f 84 00 00 00 00 00 f7 c7 02 00 00 00 75 27 64 8b 04 25 08 03 00 00 41 89 c3 41 83 e3 fd 64 44 0f b1 1c 25 08 03 00 00 75 ec 44 89 d8 83 e0 0c 83 f8 04 [ 2275.502917][T12814] RSP: 002b:00007ffc28d10c88 EFLAGS: 00010246 [ 2275.509006][T12814] RAX: 0000000000000002 RBX: 000000000022b734 RCX: 000000000045a941 [ 2275.516991][T12814] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2275.524981][T12814] RBP: 0000000000000001 R08: ffffffff8135cb65 R09: 00000000f5ab22af [ 2275.532965][T12814] R10: 00007ffc28d10d90 R11: 0000000000000000 R12: 000000000076bf20 [ 2275.541060][T12814] R13: 000000000076c920 R14: 000000000022b54f R15: 000000000076bfcc [ 2275.549072][T12814] ? do_page_fault+0x25/0x250 [ 2275.577940][T12814] memory: usage 307200kB, limit 307200kB, failcnt 12589 [ 2275.593430][T12814] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2275.603587][T12814] Memory cgroup stats for /syz1: [ 2275.603708][T12814] anon 117387264 [ 2275.603708][T12814] file 0 [ 2275.603708][T12814] kernel_stack 28385280 [ 2275.603708][T12814] slab 54505472 [ 2275.603708][T12814] sock 131072 [ 2275.603708][T12814] shmem 0 [ 2275.603708][T12814] file_mapped 135168 [ 2275.603708][T12814] file_dirty 0 [ 2275.603708][T12814] file_writeback 0 [ 2275.603708][T12814] anon_thp 0 [ 2275.603708][T12814] inactive_anon 516096 [ 2275.603708][T12814] active_anon 117071872 [ 2275.603708][T12814] inactive_file 4096 [ 2275.603708][T12814] active_file 114688 [ 2275.603708][T12814] unevictable 0 [ 2275.603708][T12814] slab_reclaimable 10137600 [ 2275.603708][T12814] slab_unreclaimable 44367872 [ 2275.603708][T12814] pgfault 240141 [ 2275.603708][T12814] pgmajfault 0 [ 2275.603708][T12814] workingset_refault 2046 [ 2275.603708][T12814] workingset_activate 528 [ 2275.603708][T12814] workingset_nodereclaim 0 [ 2275.603708][T12814] pgrefill 101296 [ 2275.603708][T12814] pgscan 102647 [ 2275.603708][T12814] pgsteal 3460 [ 2275.706842][T12814] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=12814,uid=0 [ 2275.727368][T12814] Memory cgroup out of memory: Killed process 12814 (syz-executor.1) total-vm:74836kB, anon-rss:164kB, file-rss:35804kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2275.752044][ T1143] oom_reaper: reaped process 12814 (syz-executor.1), now anon-rss:0kB, file-rss:34860kB, shmem-rss:0kB [ 2275.756107][T12830] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 05:19:16 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:19:16 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f0000000000002b0000000000", 0x32) 05:19:16 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000100000000000", 0x32) [ 2275.788727][T12830] CPU: 1 PID: 12830 Comm: syz-executor.1 Not tainted 5.6.0-rc3-syzkaller #0 [ 2275.797610][T12830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2275.807673][T12830] Call Trace: [ 2275.811119][T12830] dump_stack+0x1fb/0x318 [ 2275.815471][T12830] dump_header+0xd8/0x960 [ 2275.819819][T12830] oom_kill_process+0xee/0x370 [ 2275.824599][T12830] out_of_memory+0x5dc/0x900 [ 2275.829340][T12830] try_charge+0x128f/0x18a0 [ 2275.833914][T12830] __memcg_kmem_charge_memcg+0x37/0x140 [ 2275.839485][T12830] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2275.845268][T12830] __memcg_kmem_charge+0x105/0x340 [ 2275.850402][T12830] __alloc_pages_nodemask+0x29a/0x5d0 [ 2275.855972][T12830] alloc_pages_current+0x2db/0x500 [ 2275.861129][T12830] pte_alloc_one+0x1f/0x180 [ 2275.865688][T12830] do_read_fault+0x2cf/0x9e0 [ 2275.870290][T12830] handle_mm_fault+0x1c01/0x2900 [ 2275.875251][T12830] do_user_addr_fault+0x588/0xaf0 [ 2275.880288][T12830] do_page_fault+0x13b/0x250 [ 2275.884885][T12830] page_fault+0x39/0x40 [ 2275.889117][T12830] RIP: 0033:0x45c479 [ 2275.893202][T12830] Code: Bad RIP value. [ 2275.897267][T12830] RSP: 002b:00007fea86ba9c78 EFLAGS: 00010246 [ 2275.903474][T12830] RAX: 0000000000000000 RBX: 00007fea86baa6d4 RCX: 000000000045c479 [ 2275.911447][T12830] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 2275.919452][T12830] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2275.927706][T12830] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2275.935813][T12830] R13: 0000000000000074 R14: 00000000004c2d06 R15: 000000000076bf2c [ 2275.946471][T12830] memory: usage 306980kB, limit 307200kB, failcnt 12593 [ 2275.953537][T12830] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2275.961801][T12830] Memory cgroup stats for /syz1: [ 2275.961913][T12830] anon 117387264 [ 2275.961913][T12830] file 0 [ 2275.961913][T12830] kernel_stack 28348416 [ 2275.961913][T12830] slab 54505472 [ 2275.961913][T12830] sock 131072 [ 2275.961913][T12830] shmem 0 [ 2275.961913][T12830] file_mapped 135168 [ 2275.961913][T12830] file_dirty 0 [ 2275.961913][T12830] file_writeback 0 [ 2275.961913][T12830] anon_thp 0 [ 2275.961913][T12830] inactive_anon 516096 [ 2275.961913][T12830] active_anon 117071872 [ 2275.961913][T12830] inactive_file 4096 [ 2275.961913][T12830] active_file 114688 [ 2275.961913][T12830] unevictable 0 [ 2275.961913][T12830] slab_reclaimable 10137600 [ 2275.961913][T12830] slab_unreclaimable 44367872 [ 2275.961913][T12830] pgfault 240141 [ 2275.961913][T12830] pgmajfault 0 [ 2275.961913][T12830] workingset_refault 2046 [ 2275.961913][T12830] workingset_activate 528 [ 2275.961913][T12830] workingset_nodereclaim 0 [ 2275.961913][T12830] pgrefill 101296 [ 2275.961913][T12830] pgscan 102647 [ 2275.961913][T12830] pgsteal 3460 [ 2276.064717][T12830] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=11279,uid=0 [ 2276.081955][T12830] Memory cgroup out of memory: Killed process 11279 (syz-executor.1) total-vm:74836kB, anon-rss:164kB, file-rss:35804kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2276.133278][T12846] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2276.145975][T12846] CPU: 0 PID: 12846 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2276.154793][T12846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2276.164886][T12846] Call Trace: [ 2276.168188][T12846] dump_stack+0x1fb/0x318 [ 2276.172544][T12846] dump_header+0xd8/0x960 [ 2276.176879][T12846] oom_kill_process+0xee/0x370 [ 2276.181659][T12846] out_of_memory+0x5dc/0x900 [ 2276.186260][T12846] try_charge+0x128f/0x18a0 [ 2276.190905][T12846] __memcg_kmem_charge_memcg+0x37/0x140 [ 2276.196458][T12846] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2276.202127][T12846] __memcg_kmem_charge+0x105/0x340 [ 2276.207276][T12846] __alloc_pages_nodemask+0x29a/0x5d0 [ 2276.212703][T12846] alloc_pages_current+0x2db/0x500 [ 2276.218735][T12846] pte_alloc_one+0x1f/0x180 [ 2276.224690][T12846] __pte_alloc+0x20/0x2f0 [ 2276.229032][T12846] copy_page_range+0x2434/0x2950 [ 2276.239122][T12846] ? __vma_link_rb+0x822/0x840 [ 2276.244050][T12846] dup_mmap+0x9f1/0xdf0 [ 2276.248289][T12846] dup_mm+0x9e/0x340 [ 2276.253878][T12846] copy_process+0x2080/0x57b0 [ 2276.258669][T12846] ? debug_smp_processor_id+0x9/0x20 [ 2276.264444][T12846] _do_fork+0x13e/0x660 [ 2276.268975][T12846] ? check_preemption_disabled+0x44/0x260 [ 2276.275044][T12846] ? debug_smp_processor_id+0x9/0x20 [ 2276.280356][T12846] ? check_preemption_disabled+0x44/0x260 [ 2276.286426][T12846] ? debug_smp_processor_id+0x9/0x20 [ 2276.291721][T12846] ? check_preemption_disabled+0x44/0x260 [ 2276.297457][T12846] __x64_sys_clone+0x20b/0x250 [ 2276.302819][T12846] do_syscall_64+0xf7/0x1c0 [ 2276.307635][T12846] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2276.314110][T12846] RIP: 0033:0x45c479 [ 2276.318193][T12846] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2276.338171][T12846] RSP: 002b:00007fe0b78afc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2276.346822][T12846] RAX: ffffffffffffffda RBX: 00007fe0b78b06d4 RCX: 000000000045c479 [ 2276.355029][T12846] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 2276.363531][T12846] RBP: 000000000076c060 R08: ffffffffffffffff R09: 0000000000000000 [ 2276.371930][T12846] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2276.380039][T12846] R13: 0000000000000074 R14: 00000000004c2d06 R15: 000000000076c06c [ 2276.390922][T12846] memory: usage 307108kB, limit 307200kB, failcnt 16790 [ 2276.397910][T12846] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2276.405054][T12846] Memory cgroup stats for /syz4: [ 2276.405311][T12846] anon 118390784 [ 2276.405311][T12846] file 16384 [ 2276.405311][T12846] kernel_stack 29085696 [ 2276.405311][T12846] slab 52731904 [ 2276.405311][T12846] sock 0 [ 2276.405311][T12846] shmem 73728 [ 2276.405311][T12846] file_mapped 0 [ 2276.405311][T12846] file_dirty 0 [ 2276.405311][T12846] file_writeback 0 [ 2276.405311][T12846] anon_thp 0 [ 2276.405311][T12846] inactive_anon 786432 [ 2276.405311][T12846] active_anon 117719040 [ 2276.405311][T12846] inactive_file 98304 [ 2276.405311][T12846] active_file 0 [ 2276.405311][T12846] unevictable 0 [ 2276.405311][T12846] slab_reclaimable 7839744 [ 2276.405311][T12846] slab_unreclaimable 44892160 [ 2276.405311][T12846] pgfault 248490 [ 2276.405311][T12846] pgmajfault 0 [ 2276.405311][T12846] workingset_refault 3762 [ 2276.405311][T12846] workingset_activate 1749 05:19:17 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @remote}}) write$tun(r0, &(0x7f00000021c0)={@void, @val={0x9}, @mpls={[], @ipv6=@icmpv6={0x0, 0x6, "9eef7b", 0xf98, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x3, 0x0, 0x0, 0x0, {0x0, 0x6, "6595c3", 0x0, 0x0, 0x0, @mcast2, @loopback, [@dstopts={0x11, 0x13, [0x0, 0x0, 0x0, 0x0, 0x0, 0x3c], [@padn={0x1, 0x1, [0x0]}, @enc_lim, @ra, @calipso={0x7, 0x30, {0x0, 0xa, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}}, @calipso={0x7, 0x40, {0x0, 0xe, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, @hao={0xc9, 0x10, @mcast2}, @jumbo, @pad1]}, @srh={0x2, 0xc, 0x4, 0x6, 0x0, 0x0, 0x0, [@loopback, @loopback, @remote, @mcast2, @local, @mcast2]}, @hopopts={0x0, 0x1b8, [], [@ra, @generic={0x0, 0xdbb, "0cad4f4a7eeb53720a5107b6d8001a2f2241086745756559ca43dcc86c24645dd1ca87e3caf5413013c6baee7f151d411bad8f23a85fadfe0f959c12d3393193f4499171ba7b0fdee3a48548863719a05490befc514e21c91ea0c4bcc0e488e1cec20d2c2a5a69ce3dd47d41718560907c58078035d2a51850b0d85282b4a9ab5626b195d85d2727ed7047b647859a72011ff3fa524341909f841651f63701526c6a7e741f3bded9c25d978a77f334d12931fdd5484306ec3d6b268311f46917b7e42efa149511bafa5415d17ac02ab8937249a68b2e3fddb941b0040ced142c2afedcbec1039d40f4923ea3d4475ac561a6a0e869569dd13e736bf127eacb110f8d010329fccadf8e48b27819c823ca0f507f87b3d63ef1869cba2fe3deb0ad1dbaa1a343ab0a856f3e248c6af4ddbfc11824031ce2beeae0991b79382da8b02e0d25715845fc86df5a6279d54d675789e58df953992123c28c532058750c5978a819ddaadbcbe1d7fc264cb688b91668e116227771f36e2a8eb8b7bc364dbda1b3225c6bf9d82ae1e69fe54b17ff692f8b47718b508b8a4e10735bcb55f90616e50d6ba8851388d0f1b39957374ddc9efb243ac2a2bc436e867f3e1499e62d9d158ac22d4d0350b45d1ff2db14ff9507defa68bd37bc5a2e4f7988329171dd59db16a044b748fb6e05e3ca8f863b2ddd8623495f0c3d183e1b610263f17d7629921562a42a3c45a515a30a2c3edc574dff264f881f61393447a1fd773a20e494ac3afc0df59da758af735fbd5e6ad689e95675e29c15617764084f5b6f4732435f63ccb423df6442ad322600e21be45296fd27ca9e08ee7f442a688a32817404d9300ce4a70c2b75ca422b2173a52e9a800f5e520f349525b4c493701ae68ae0efc5e117b9a20735e47c37ccd977686b30d6cabb18f8e7c07ef9721f7daaf4b2c1fd02ec9a2e6e2fd458fa93e4f54d96d5e25ebaca4f322994ae737ee0181b9fac284e952b71fa18ecc7f1c3752a6385a596c094d36654008db0a2a785bf55bcb973d3c5e45ea9ca7506c10ecc0472fd4dd568e38548e87f8557d90290d8a8985cfa43853de5ff75d5a6d8f697c2a6a727675ea5aa1779b1cc98b4ff9556933c7bfa3ae59ada5c8d49191cbea2f2b457dd53c62a4dd257e808b3804cd18a95d566a818797fdc09f4b607dc97b634a9d9e447cc2252f51dd8ad9f5a10ccf32b7154992623957d963731bc4331adfc90c48361e4e2239892c82ff9260ad221c2e83c2352095d95a3d44a402e874edaa8a304f2e1c3d6a383a0515eb5657589a67691a22f10b89fd74123f7cec086d434da40ba509b0dbdf1fa82f4b16f9f3e6df6b0b28c3a85ab272e50e064fc37f681fcb5cfa0c0899a9b88d0a483281032cb16a80202b96cfe473ba073fcb9a6eeeee0032afe23506facba3ed1d11608d21a580ab87eeef70d18d9331eae104f6d77a4bc96bce642815485f513bb71ddc560bc31e995aba9faccd7d1bf74c8fe2b5d7137e3b771a2f408ac06d24bad2f7f4c8f6d7d977d7248415ccbd3420688ff681cf9b00724b6981b2555b86bce142c5d3bef47ebf75e989b337cb8cb98ed24402a98a4224685ceb2ded92f347e5192903dff7f6ed980cbf1413b8eb68474a9abac3fb206ef1ebe0d08dd999c9ecf811d0706d0a705a23ae530d3775e978159dc3c73b86dcd18a61e1c6c8b810041fbd80e0a4c9ff8a73933bb3dae152514ced9ee050e059c6f1bd0dbf2e3517ee3c2d770c296e6596290cf800508715da0799efced72be1ab153bec534129279639ba1afde05179952bf9e80133865b60c5669ef3b6972483e2936ac87a69c8e296a0c24cc0b2ce8583c99414ce7d7309c404b0652f27e6911fdfb59877366fa8754e716e50aa99cd04cbf7eb2c8e118b1a17d9965d6611dc65ac8c6b3a4d5d3df3097c4163c354509b50df0cc2daf0291bbd384a34dec960fd84a67cb30b761ee8161bb25d389bd20e15bfcf7f5edd77005e96e90c5a9bbacd7b3f9f5bbdb880f0a7e1254572b86cb28b3c310ba3052d3785b024ed3f3fafabf1393cf2d882b8bacca30d69adc024baede50d9b0bc2ffcd2bf5c6fef2fc290390162b563b8e846d7b615115818623113f01a1c216b9f588b65db63a459bcfce53020debb6de6e746ef2f9f1c8276ba8995e1bd02d3194e9875e1692ea0255743ba2175c4a804f57a4c19a2c7a4f8f36557878deba2d485aa67c2f36ccbb582f3c569e5d00fe8636857f30854abea6758389bcc832d0de97635ea41e42efa0b7c06fd4f84deeaebccfa8852e3c5582ade34fbe462b5244156d4545bd32377c65e3b0303879f8cc8f177056e39f99591dbaf1b2640f9b68c4cf3989fdd442cb1298d62ce43a21c56bc9556eb27431c04ed337fcd37c26387772677c25c7be21ee74d087c7b88457f30b34a493acb519295f38f4b9bc6764fcbd763d4f9e061d0fd8cb7800e2e0ec18d0fbfdbddc9af8d817b3cf16ce82c91f184f5c8184736203e1bcdb4b8c03a2176926cac0ba9fcf7e21604973d53ee3fc38263e80cea9b1cd9a5016d3e03141426a6802e0926485e8afff7cf8be9bdd2ce685128a7631314c4414a6ade6a85975c1b2958d9c52e455174ca71562eaf6102654466c66f5d3e251e6cae5efd91a88a2513f0587d80b9aafd1936b43beb4054bc35f1c42c0381618bbba181f0de8f4e7aa15f87bc7bb4609f88eadbb83bcc13f8caf7eca20a938c35378f8d3a810a7463d8a2487a157871a7402ab05b54bed456fb2d4c440976ccb4e724a20ba1941f3b3db4f8a185982bd719362b7e190052b5579835d1da2adcfdbec002fdb5f7b187fd365eb601432bf984ad6ee59e13aafba08485997587417b70f8cdf4f7370f04d94df49e135ed3012b87e50b93b27c78e1409f05a4bc0b75e6322068de9b0af459fdc40e3649fb2a7fb1296e00e7d48315705ecbb7815fedb45b8773309489e47aaa4009952604df5d6cd57ec310fc387ecdb296c11376715286df3d15f651310461e83c2ae6d407db6f81784b291e6c8f42907dd4c473cb72dedeb930668d6e5efd95bd1f69d9e818a744557689f7106d0d2a3c3e6f79c98559f9c31ca32307011fa3d70963cc2801babc9a23f73f5fa4bcd04285927f6ef7c5099a4620b85ca8dff2a56fe8aac89949dac74cf869739610d87068e3d32fdba1d5b7460b7857249091cb62b6d9f824ffb9b88a02ea4926da7b8b672ad08ec8c7508a3c5ba901e7c8c8a19e63bbc148a8bb307c6f5d87c736c9d6bcfaabdc7da7102a8bc466c6c11c0bf1973aaf9bc181f996b8aa726dc952dd26df33d6b2aa8de037308df7935ef3390e5939fd9cdf2044b40422197fac93f1762ad342d293162c109f39a369e48977af8ea32a7a098fd9cd7cd979b41a104b8359038cd6741a73968c72d09e9b9869d8dc5fc36b9bfdc89b8cffcede960561a9d1e4aa2453f712caecd2a4206947d3588190e3433bdb87a9241e08686dc78f00162f8239d660b74d42ae1d534ffc3a51fc308f98a5ac00f4da9bdcee4e6d0bf627d17366691a3ab8569b730ad31dcc5324c8835b19b65a11845a03434e10329c5feeeb1088b13a3bc3fe65c3eb6e549003d8d211b87823a44910b2a42e340dd2176a17a2e6ebb45cc59baa9a3bbfd74e6ee8d2c512a825292bdd7abe5ff7ede61b74376e5bc37faf8d69346fa32708df690b2d5b5f18727e4bdb899718e38dae959bb56d95ac153beb1426f3cca03105d5fed56e597822bfc31bb284a9848f1b6b9a1910ad2af8b76887cdd2b1de1f81cd542e0c889e89737d61f5e50ef964205a3b4c77c72271f83015e34989d60ef6d0d6c307902975d5dbe90a23ee1cde956cf70135c91a199d9f75500dc95604b9e7eb365ea858d90377601bad95e07a0f156ffc02778365315b67093aebe32a2a5f00ba8b0eae6fb0414eabe117fd590bc39e9208b4137977b5a8610462f2e83cff2b16edcb444b5d33035d0a80bcb1da228247cad6c11369c5026c5a8320d97cbac232b0ecc0b201552e0f41ab143040324217ad67e8606b34a3349e4ef0c34f9cf56d5b6d157c09b178b358491eb270093a99f522afa3aedaf5dc705fe1842b12515dfe1650dd92ab489bed299677eeff81da531569a3ad832ae273a0b47627561a35da92a6c1b161dbf496248f04feb5a407d99968d6ba0174f453d94708be5a57d82b980bd7751b4a9590dc7b4d38c912a8571ebc39150f7e52efad66cb6d3996710bc5a3e89576182a6a1e15d95dbd74c1ab791bee657547ffb645feb8566ed8db97003f1ff2312946a0404c8dfc0f0a240d8320795c83e66f1429eb56db9ba6e1cee43cbc9e95bd10ceccf1f2ff6b8264ed4e83928e0c5056ad07ba0dad0bb21bec76d7b6ee05a2f0bac88f17004e2e299ccb2679099cc838e25f78685509b69d3164c1fae4c538e683af818d223e8806f50da7504008173b9fc69eafb649dc4b516e4554edbe8c9a0ba46db39c962af343e9caada22d55e3d7ad01e5e5d7d146edfc3a93ce8afde8416b8e9a929b8d88909e11554f1b934a98be2d6e6e0ae2ff66f10be722958a0c0c3766f69d590fc56ed8ae47c289413d62310e8022369e8102d0407bfd30c103fb743c81360752a71f36be5a511c43ebdb493d96a7b2eb80494a028f6cc76a2d0eb0aa1f1392bb50a2ba71384f071473d0774e425dd2d212b537f8f654458e0a5d300780c3d29ddcabe9fdd95c14e6cbd924d1aad9eaa2e00d45278609ef27fdec8d81c9221d07b59370db0911550fdddc9ef3ba760109ba384b3ad7ba5747aa50e0b9832bf39cbf5244de38af8c273d497597be8d4e5575d13a580584436621bb5b7878d23991a6221381af19ef2be71e2c7dea6e5fc9dbe0039ccb02d13d978eebdd411727ee7faed65ca6c872bf9c37322ede378709e9f6a61a1b07c7ceeb94b7719d78a8a3d8221695ba"}]}], "4011c6ed3ec831c0a859df4fd6a1cf59a90c42b433580b288a28728fb104cc462f4e92a1a4d50c2d9d75ce8b5ae9b1d6e9a4a79cae905957835e850585441d5cb5c76b06ad60a5a9003ebacf0d40fb6c636fd81af39f9d170ef5af99cd3e3e7ff54f71ca5d83d2b122ebbbc1333a2c811bc4095b572ebbcb83561044b2794ae54b33e99f48eac0eb"}}}}}}, 0xfca) [ 2276.405311][T12846] workingset_nodereclaim 0 [ 2276.405311][T12846] pgrefill 139884 [ 2276.405311][T12846] pgscan 157546 [ 2276.405311][T12846] pgsteal 20105 [ 2276.503023][T12846] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=4893,uid=0 [ 2276.518677][T12846] Memory cgroup out of memory: Killed process 4893 (syz-executor.4) total-vm:74704kB, anon-rss:160kB, file-rss:35816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 05:19:17 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f0000000000002c0000000000", 0x32) 05:19:17 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000110000000000", 0x32) 05:19:17 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x2000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2276.900003][T12874] ref_ctr_offset mismatch. inode: 0x4161 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfffffff6 [ 2276.915063][T12872] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2276.939420][T12872] CPU: 0 PID: 12872 Comm: syz-executor.1 Not tainted 5.6.0-rc3-syzkaller #0 [ 2276.948278][T12872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2276.958450][T12872] Call Trace: [ 2276.961766][T12872] dump_stack+0x1fb/0x318 [ 2276.966119][T12872] dump_header+0xd8/0x960 [ 2276.970625][T12872] oom_kill_process+0xee/0x370 [ 2276.975445][T12872] out_of_memory+0x5dc/0x900 [ 2276.980077][T12872] try_charge+0x128f/0x18a0 [ 2276.984769][T12872] __memcg_kmem_charge_memcg+0x37/0x140 [ 2276.990391][T12872] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2276.995984][T12872] __memcg_kmem_charge+0x105/0x340 [ 2277.001324][T12872] __alloc_pages_nodemask+0x29a/0x5d0 [ 2277.006944][T12872] alloc_pages_current+0x2db/0x500 [ 2277.012085][T12872] pte_alloc_one+0x1f/0x180 [ 2277.016604][T12872] do_read_fault+0x2cf/0x9e0 [ 2277.021233][T12872] handle_mm_fault+0x1c01/0x2900 [ 2277.026231][T12872] do_user_addr_fault+0x588/0xaf0 [ 2277.031288][T12872] do_page_fault+0x13b/0x250 [ 2277.035892][T12872] page_fault+0x39/0x40 [ 2277.040046][T12872] RIP: 0033:0x45c479 [ 2277.043948][T12872] Code: Bad RIP value. 05:19:18 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) [ 2277.048014][T12872] RSP: 002b:00007fea86b88c78 EFLAGS: 00010246 [ 2277.054233][T12872] RAX: 0000000000000000 RBX: 00007fea86b896d4 RCX: 000000000045c479 [ 2277.062227][T12872] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 2277.070215][T12872] RBP: 000000000076bfc0 R08: ffffffffffffffff R09: 0000000000000000 [ 2277.078301][T12872] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2277.086307][T12872] R13: 0000000000000074 R14: 00000000004c2d06 R15: 000000000076bfcc [ 2277.199459][T12872] memory: usage 307200kB, limit 307200kB, failcnt 12638 05:19:18 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) [ 2277.303377][T12872] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2277.399692][T12872] Memory cgroup stats for /syz1: [ 2277.401946][T12872] anon 117387264 [ 2277.401946][T12872] file 0 [ 2277.401946][T12872] kernel_stack 28385280 [ 2277.401946][T12872] slab 54505472 [ 2277.401946][T12872] sock 131072 [ 2277.401946][T12872] shmem 0 [ 2277.401946][T12872] file_mapped 135168 [ 2277.401946][T12872] file_dirty 0 [ 2277.401946][T12872] file_writeback 0 [ 2277.401946][T12872] anon_thp 0 [ 2277.401946][T12872] inactive_anon 516096 [ 2277.401946][T12872] active_anon 116936704 [ 2277.401946][T12872] inactive_file 4096 [ 2277.401946][T12872] active_file 0 [ 2277.401946][T12872] unevictable 0 [ 2277.401946][T12872] slab_reclaimable 10137600 [ 2277.401946][T12872] slab_unreclaimable 44367872 [ 2277.401946][T12872] pgfault 240207 [ 2277.401946][T12872] pgmajfault 0 [ 2277.401946][T12872] workingset_refault 2046 [ 2277.401946][T12872] workingset_activate 528 [ 2277.401946][T12872] workingset_nodereclaim 0 [ 2277.401946][T12872] pgrefill 101527 [ 2277.401946][T12872] pgscan 102912 [ 2277.401946][T12872] pgsteal 3460 [ 2277.545922][T12872] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=9355,uid=0 [ 2277.564377][T12872] Memory cgroup out of memory: Killed process 9355 (syz-executor.1) total-vm:74968kB, anon-rss:172kB, file-rss:35796kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 05:19:18 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000120000000000", 0x32) [ 2277.629863][T12870] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2277.719387][T12870] CPU: 1 PID: 12870 Comm: syz-executor.1 Not tainted 5.6.0-rc3-syzkaller #0 [ 2277.728124][T12870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2277.738199][T12870] Call Trace: [ 2277.741505][T12870] dump_stack+0x1fb/0x318 [ 2277.745863][T12870] dump_header+0xd8/0x960 [ 2277.750240][T12870] oom_kill_process+0xee/0x370 [ 2277.755004][T12870] out_of_memory+0x5dc/0x900 [ 2277.759605][T12870] try_charge+0x128f/0x18a0 [ 2277.764184][T12870] mem_cgroup_try_charge+0x216/0x550 [ 2277.769498][T12870] mem_cgroup_try_charge_delay+0x25/0xa0 [ 2277.775132][T12870] wp_page_copy+0x35f/0x1c50 [ 2277.779777][T12870] do_wp_page+0x5e4/0x16d0 [ 2277.784178][T12870] ? __kasan_check_write+0x14/0x20 [ 2277.789367][T12870] ? do_raw_spin_lock+0x103/0x7b0 [ 2277.794392][T12870] ? handle_mm_fault+0x235a/0x2900 [ 2277.799520][T12870] handle_mm_fault+0x241f/0x2900 [ 2277.804606][T12870] do_user_addr_fault+0x588/0xaf0 [ 2277.809661][T12870] do_page_fault+0x13b/0x250 [ 2277.814274][T12870] page_fault+0x39/0x40 [ 2277.818481][T12870] RIP: 0033:0x403f80 [ 2277.822358][T12870] Code: 80 3d fb e6 87 00 00 c6 85 84 00 00 00 00 74 0f 8b 05 e8 e6 87 00 39 45 24 0f 84 46 02 00 00 44 8b a5 80 00 00 00 48 8b 5d 78 fb e6 ff ff 48 2b 05 84 40 34 00 8b 75 00 4c 89 f1 45 89 e1 49 [ 2277.841949][T12870] RSP: 002b:00007fea86b88c90 EFLAGS: 00010246 [ 2277.847995][T12870] RAX: 00007fea889ab000 RBX: 0000000000003a20 RCX: 0000000000000000 [ 2277.855949][T12870] RDX: 000000000002403f RSI: 0000000000403ecc RDI: 0000000000000000 05:19:19 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f0000000000002d0000000000", 0x32) 05:19:19 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000130000000000", 0x32) [ 2277.863916][T12870] RBP: 000000000076bfc0 R08: ffffffffffffffff R09: 0000000000000000 [ 2277.871880][T12870] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2277.879870][T12870] R13: 0000000000000074 R14: 00000000004c2d06 R15: 000000000076bfcc [ 2277.890098][T12870] memory: usage 306888kB, limit 307200kB, failcnt 12642 [ 2277.904852][T12870] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2277.929428][T12870] Memory cgroup stats for /syz1: [ 2277.929534][T12870] anon 117387264 [ 2277.929534][T12870] file 0 [ 2277.929534][T12870] kernel_stack 28385280 [ 2277.929534][T12870] slab 54505472 [ 2277.929534][T12870] sock 131072 [ 2277.929534][T12870] shmem 0 [ 2277.929534][T12870] file_mapped 135168 [ 2277.929534][T12870] file_dirty 0 [ 2277.929534][T12870] file_writeback 0 [ 2277.929534][T12870] anon_thp 0 [ 2277.929534][T12870] inactive_anon 516096 [ 2277.929534][T12870] active_anon 116936704 [ 2277.929534][T12870] inactive_file 4096 [ 2277.929534][T12870] active_file 0 [ 2277.929534][T12870] unevictable 0 [ 2277.929534][T12870] slab_reclaimable 10137600 [ 2277.929534][T12870] slab_unreclaimable 44367872 [ 2277.929534][T12870] pgfault 240207 [ 2277.929534][T12870] pgmajfault 0 [ 2277.929534][T12870] workingset_refault 2046 [ 2277.929534][T12870] workingset_activate 528 [ 2277.929534][T12870] workingset_nodereclaim 0 [ 2277.929534][T12870] pgrefill 101560 [ 2277.929534][T12870] pgscan 102945 [ 2277.929534][T12870] pgsteal 3460 [ 2278.126554][T12870] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8838,uid=0 [ 2278.158219][T12870] Memory cgroup out of memory: Killed process 8838 (syz-executor.1) total-vm:74704kB, anon-rss:156kB, file-rss:35812kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2278.227613][T12849] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2278.285704][T12849] CPU: 0 PID: 12849 Comm: syz-executor.1 Not tainted 5.6.0-rc3-syzkaller #0 [ 2278.294423][T12849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2278.304496][T12849] Call Trace: [ 2278.307805][T12849] dump_stack+0x1fb/0x318 [ 2278.312156][T12849] dump_header+0xd8/0x960 [ 2278.316511][T12849] oom_kill_process+0xee/0x370 [ 2278.321304][T12849] out_of_memory+0x5dc/0x900 [ 2278.325923][T12849] try_charge+0x128f/0x18a0 [ 2278.330625][T12849] mem_cgroup_try_charge+0x216/0x550 [ 2278.336000][T12849] mem_cgroup_try_charge_delay+0x25/0xa0 [ 2278.341652][T12849] wp_page_copy+0x35f/0x1c50 [ 2278.346310][T12849] do_wp_page+0x5e4/0x16d0 [ 2278.351267][T12849] ? __kasan_check_write+0x14/0x20 [ 2278.356505][T12849] ? do_raw_spin_lock+0x103/0x7b0 [ 2278.361549][T12849] ? handle_mm_fault+0x235a/0x2900 [ 2278.366710][T12849] handle_mm_fault+0x241f/0x2900 [ 2278.371716][T12849] do_user_addr_fault+0x588/0xaf0 [ 2278.376916][T12849] do_page_fault+0x13b/0x250 [ 2278.381541][T12849] page_fault+0x39/0x40 [ 2278.385715][T12849] RIP: 0033:0x417b03 [ 2278.389617][T12849] Code: e9 4c 89 e2 ff 74 24 48 4c 8b 4c 24 10 89 ee 4c 8b 44 24 18 48 89 df e8 cb f7 ff ff 66 2e 0f 1f 84 00 00 00 00 00 90 48 f7 d8 <64> 89 04 25 d4 ff ff ff 48 83 c8 ff c3 48 81 ec 98 00 00 00 31 ff [ 2278.409232][T12849] RSP: 002b:00007ffc28d10cb8 EFLAGS: 00010213 [ 2278.415308][T12849] RAX: 000000000000006e RBX: 00000000000003e8 RCX: 000000000045c479 [ 2278.423434][T12849] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000076bfcc [ 2278.431416][T12849] RBP: 000000000000002d R08: 00ffffffffffffff R09: 00ffffffffffffff [ 2278.439396][T12849] R10: 00007ffc28d10d90 R11: 0000000000000246 R12: 000000000076bfc0 [ 2278.447542][T12849] R13: 000000000022bdd7 R14: 000000000022be04 R15: 000000000076bfcc [ 2278.464381][T12849] memory: usage 306600kB, limit 307200kB, failcnt 12642 [ 2278.472526][T12849] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2278.480522][T12849] Memory cgroup stats for /syz1: [ 2278.480644][T12849] anon 117239808 [ 2278.480644][T12849] file 0 [ 2278.480644][T12849] kernel_stack 28348416 [ 2278.480644][T12849] slab 54505472 [ 2278.480644][T12849] sock 131072 [ 2278.480644][T12849] shmem 0 [ 2278.480644][T12849] file_mapped 135168 [ 2278.480644][T12849] file_dirty 0 [ 2278.480644][T12849] file_writeback 0 [ 2278.480644][T12849] anon_thp 0 [ 2278.480644][T12849] inactive_anon 516096 [ 2278.480644][T12849] active_anon 116801536 [ 2278.480644][T12849] inactive_file 4096 [ 2278.480644][T12849] active_file 0 [ 2278.480644][T12849] unevictable 0 [ 2278.480644][T12849] slab_reclaimable 10137600 [ 2278.480644][T12849] slab_unreclaimable 44367872 [ 2278.480644][T12849] pgfault 240207 [ 2278.480644][T12849] pgmajfault 0 [ 2278.480644][T12849] workingset_refault 2046 [ 2278.480644][T12849] workingset_activate 528 [ 2278.480644][T12849] workingset_nodereclaim 0 [ 2278.480644][T12849] pgrefill 101560 [ 2278.480644][T12849] pgscan 102945 [ 2278.480644][T12849] pgsteal 3460 [ 2278.584163][T12849] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8562,uid=0 [ 2278.600135][T12849] Memory cgroup out of memory: Killed process 8562 (syz-executor.1) total-vm:74704kB, anon-rss:156kB, file-rss:35812kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2278.642754][T12880] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2278.664331][T12880] CPU: 1 PID: 12880 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2278.673183][T12880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2278.683253][T12880] Call Trace: [ 2278.686581][T12880] dump_stack+0x1fb/0x318 [ 2278.690939][T12880] dump_header+0xd8/0x960 [ 2278.695286][T12880] oom_kill_process+0xee/0x370 [ 2278.700074][T12880] out_of_memory+0x5dc/0x900 [ 2278.704678][T12880] try_charge+0x128f/0x18a0 [ 2278.709231][T12880] mem_cgroup_try_charge+0x216/0x550 [ 2278.714532][T12880] mem_cgroup_try_charge_delay+0x25/0xa0 [ 2278.720287][T12880] wp_page_copy+0x35f/0x1c50 [ 2278.724929][T12880] do_wp_page+0x5e4/0x16d0 [ 2278.729486][T12880] ? __kasan_check_write+0x14/0x20 [ 2278.734609][T12880] ? do_raw_spin_lock+0x103/0x7b0 [ 2278.739853][T12880] ? handle_mm_fault+0x235a/0x2900 [ 2278.744998][T12880] handle_mm_fault+0x241f/0x2900 [ 2278.749993][T12880] do_user_addr_fault+0x588/0xaf0 [ 2278.755056][T12880] do_page_fault+0x13b/0x250 [ 2278.759666][T12880] page_fault+0x39/0x40 [ 2278.763832][T12880] RIP: 0033:0x4114c8 [ 2278.767740][T12880] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 78 1d 4c 00 31 c0 e8 e3 09 ff ff 31 ff e8 2c 06 ff ff 0f 1f 40 00 <89> 3c b5 00 00 74 00 eb b6 31 ed 0f 1f 44 00 00 80 3d 7e 11 87 00 [ 2278.787347][T12880] RSP: 002b:00007ffeb3531080 EFLAGS: 00010246 [ 2278.793561][T12880] RAX: 000000009ae457e7 RBX: 0000000014e963c9 RCX: 0000001b2d920000 [ 2278.802349][T12880] RDX: 0000000000000000 RSI: 00000000000017e7 RDI: ffffffff9ae457e7 [ 2278.810329][T12880] RBP: 0000000000000004 R08: 000000009ae457e7 R09: 000000009ae457eb [ 2278.818455][T12880] R10: 00007ffeb3531220 R11: 0000000000000246 R12: 000000000076bfa8 [ 2278.826421][T12880] R13: 0000000080000000 R14: 00007fe0b98f3008 R15: 0000000000000004 [ 2278.837319][T12880] memory: usage 307168kB, limit 307200kB, failcnt 16821 [ 2278.847104][T12880] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2278.857380][T12880] Memory cgroup stats for /syz4: [ 2278.857467][T12880] anon 118480896 [ 2278.857467][T12880] file 16384 [ 2278.857467][T12880] kernel_stack 28975104 [ 2278.857467][T12880] slab 52596736 [ 2278.857467][T12880] sock 0 [ 2278.857467][T12880] shmem 73728 [ 2278.857467][T12880] file_mapped 0 [ 2278.857467][T12880] file_dirty 0 [ 2278.857467][T12880] file_writeback 0 [ 2278.857467][T12880] anon_thp 0 [ 2278.857467][T12880] inactive_anon 786432 [ 2278.857467][T12880] active_anon 117719040 [ 2278.857467][T12880] inactive_file 98304 [ 2278.857467][T12880] active_file 0 [ 2278.857467][T12880] unevictable 0 [ 2278.857467][T12880] slab_reclaimable 7704576 [ 2278.857467][T12880] slab_unreclaimable 44892160 [ 2278.857467][T12880] pgfault 248688 [ 2278.857467][T12880] pgmajfault 0 [ 2278.857467][T12880] workingset_refault 3762 [ 2278.857467][T12880] workingset_activate 1749 [ 2278.857467][T12880] workingset_nodereclaim 0 [ 2278.857467][T12880] pgrefill 139917 [ 2278.857467][T12880] pgscan 157579 [ 2278.857467][T12880] pgsteal 20105 [ 2278.954856][T12880] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=4755,uid=0 [ 2278.970804][T12880] Memory cgroup out of memory: Killed process 4755 (syz-executor.4) total-vm:74704kB, anon-rss:160kB, file-rss:35816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 05:19:20 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) 05:19:20 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f0000000000002e0000000000", 0x32) 05:19:20 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000140000000000", 0x32) 05:19:20 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @remote}}) write$tun(r0, &(0x7f00000021c0)={@void, @val={0x9}, @mpls={[], @ipv6=@icmpv6={0x0, 0x6, "9eef7b", 0xf98, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x3, 0x0, 0x0, 0x0, {0x0, 0x6, "6595c3", 0x0, 0x0, 0x0, @mcast2, @loopback, [@dstopts={0x11, 0x13, [0x0, 0x0, 0x0, 0x0, 0x0, 0x3d], [@padn={0x1, 0x1, [0x0]}, @enc_lim, @ra, @calipso={0x7, 0x30, {0x0, 0xa, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}}, @calipso={0x7, 0x40, {0x0, 0xe, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, @hao={0xc9, 0x10, @mcast2}, @jumbo, @pad1]}, @srh={0x2, 0xc, 0x4, 0x6, 0x0, 0x0, 0x0, [@loopback, @loopback, @remote, @mcast2, @local, @mcast2]}, @hopopts={0x0, 0x1b8, [], [@ra, @generic={0x0, 0xdbb, "0cad4f4a7eeb53720a5107b6d8001a2f2241086745756559ca43dcc86c24645dd1ca87e3caf5413013c6baee7f151d411bad8f23a85fadfe0f959c12d3393193f4499171ba7b0fdee3a48548863719a05490befc514e21c91ea0c4bcc0e488e1cec20d2c2a5a69ce3dd47d41718560907c58078035d2a51850b0d85282b4a9ab5626b195d85d2727ed7047b647859a72011ff3fa524341909f841651f63701526c6a7e741f3bded9c25d978a77f334d12931fdd5484306ec3d6b268311f46917b7e42efa149511bafa5415d17ac02ab8937249a68b2e3fddb941b0040ced142c2afedcbec1039d40f4923ea3d4475ac561a6a0e869569dd13e736bf127eacb110f8d010329fccadf8e48b27819c823ca0f507f87b3d63ef1869cba2fe3deb0ad1dbaa1a343ab0a856f3e248c6af4ddbfc11824031ce2beeae0991b79382da8b02e0d25715845fc86df5a6279d54d675789e58df953992123c28c532058750c5978a819ddaadbcbe1d7fc264cb688b91668e116227771f36e2a8eb8b7bc364dbda1b3225c6bf9d82ae1e69fe54b17ff692f8b47718b508b8a4e10735bcb55f90616e50d6ba8851388d0f1b39957374ddc9efb243ac2a2bc436e867f3e1499e62d9d158ac22d4d0350b45d1ff2db14ff9507defa68bd37bc5a2e4f7988329171dd59db16a044b748fb6e05e3ca8f863b2ddd8623495f0c3d183e1b610263f17d7629921562a42a3c45a515a30a2c3edc574dff264f881f61393447a1fd773a20e494ac3afc0df59da758af735fbd5e6ad689e95675e29c15617764084f5b6f4732435f63ccb423df6442ad322600e21be45296fd27ca9e08ee7f442a688a32817404d9300ce4a70c2b75ca422b2173a52e9a800f5e520f349525b4c493701ae68ae0efc5e117b9a20735e47c37ccd977686b30d6cabb18f8e7c07ef9721f7daaf4b2c1fd02ec9a2e6e2fd458fa93e4f54d96d5e25ebaca4f322994ae737ee0181b9fac284e952b71fa18ecc7f1c3752a6385a596c094d36654008db0a2a785bf55bcb973d3c5e45ea9ca7506c10ecc0472fd4dd568e38548e87f8557d90290d8a8985cfa43853de5ff75d5a6d8f697c2a6a727675ea5aa1779b1cc98b4ff9556933c7bfa3ae59ada5c8d49191cbea2f2b457dd53c62a4dd257e808b3804cd18a95d566a818797fdc09f4b607dc97b634a9d9e447cc2252f51dd8ad9f5a10ccf32b7154992623957d963731bc4331adfc90c48361e4e2239892c82ff9260ad221c2e83c2352095d95a3d44a402e874edaa8a304f2e1c3d6a383a0515eb5657589a67691a22f10b89fd74123f7cec086d434da40ba509b0dbdf1fa82f4b16f9f3e6df6b0b28c3a85ab272e50e064fc37f681fcb5cfa0c0899a9b88d0a483281032cb16a80202b96cfe473ba073fcb9a6eeeee0032afe23506facba3ed1d11608d21a580ab87eeef70d18d9331eae104f6d77a4bc96bce642815485f513bb71ddc560bc31e995aba9faccd7d1bf74c8fe2b5d7137e3b771a2f408ac06d24bad2f7f4c8f6d7d977d7248415ccbd3420688ff681cf9b00724b6981b2555b86bce142c5d3bef47ebf75e989b337cb8cb98ed24402a98a4224685ceb2ded92f347e5192903dff7f6ed980cbf1413b8eb68474a9abac3fb206ef1ebe0d08dd999c9ecf811d0706d0a705a23ae530d3775e978159dc3c73b86dcd18a61e1c6c8b810041fbd80e0a4c9ff8a73933bb3dae152514ced9ee050e059c6f1bd0dbf2e3517ee3c2d770c296e6596290cf800508715da0799efced72be1ab153bec534129279639ba1afde05179952bf9e80133865b60c5669ef3b6972483e2936ac87a69c8e296a0c24cc0b2ce8583c99414ce7d7309c404b0652f27e6911fdfb59877366fa8754e716e50aa99cd04cbf7eb2c8e118b1a17d9965d6611dc65ac8c6b3a4d5d3df3097c4163c354509b50df0cc2daf0291bbd384a34dec960fd84a67cb30b761ee8161bb25d389bd20e15bfcf7f5edd77005e96e90c5a9bbacd7b3f9f5bbdb880f0a7e1254572b86cb28b3c310ba3052d3785b024ed3f3fafabf1393cf2d882b8bacca30d69adc024baede50d9b0bc2ffcd2bf5c6fef2fc290390162b563b8e846d7b615115818623113f01a1c216b9f588b65db63a459bcfce53020debb6de6e746ef2f9f1c8276ba8995e1bd02d3194e9875e1692ea0255743ba2175c4a804f57a4c19a2c7a4f8f36557878deba2d485aa67c2f36ccbb582f3c569e5d00fe8636857f30854abea6758389bcc832d0de97635ea41e42efa0b7c06fd4f84deeaebccfa8852e3c5582ade34fbe462b5244156d4545bd32377c65e3b0303879f8cc8f177056e39f99591dbaf1b2640f9b68c4cf3989fdd442cb1298d62ce43a21c56bc9556eb27431c04ed337fcd37c26387772677c25c7be21ee74d087c7b88457f30b34a493acb519295f38f4b9bc6764fcbd763d4f9e061d0fd8cb7800e2e0ec18d0fbfdbddc9af8d817b3cf16ce82c91f184f5c8184736203e1bcdb4b8c03a2176926cac0ba9fcf7e21604973d53ee3fc38263e80cea9b1cd9a5016d3e03141426a6802e0926485e8afff7cf8be9bdd2ce685128a7631314c4414a6ade6a85975c1b2958d9c52e455174ca71562eaf6102654466c66f5d3e251e6cae5efd91a88a2513f0587d80b9aafd1936b43beb4054bc35f1c42c0381618bbba181f0de8f4e7aa15f87bc7bb4609f88eadbb83bcc13f8caf7eca20a938c35378f8d3a810a7463d8a2487a157871a7402ab05b54bed456fb2d4c440976ccb4e724a20ba1941f3b3db4f8a185982bd719362b7e190052b5579835d1da2adcfdbec002fdb5f7b187fd365eb601432bf984ad6ee59e13aafba08485997587417b70f8cdf4f7370f04d94df49e135ed3012b87e50b93b27c78e1409f05a4bc0b75e6322068de9b0af459fdc40e3649fb2a7fb1296e00e7d48315705ecbb7815fedb45b8773309489e47aaa4009952604df5d6cd57ec310fc387ecdb296c11376715286df3d15f651310461e83c2ae6d407db6f81784b291e6c8f42907dd4c473cb72dedeb930668d6e5efd95bd1f69d9e818a744557689f7106d0d2a3c3e6f79c98559f9c31ca32307011fa3d70963cc2801babc9a23f73f5fa4bcd04285927f6ef7c5099a4620b85ca8dff2a56fe8aac89949dac74cf869739610d87068e3d32fdba1d5b7460b7857249091cb62b6d9f824ffb9b88a02ea4926da7b8b672ad08ec8c7508a3c5ba901e7c8c8a19e63bbc148a8bb307c6f5d87c736c9d6bcfaabdc7da7102a8bc466c6c11c0bf1973aaf9bc181f996b8aa726dc952dd26df33d6b2aa8de037308df7935ef3390e5939fd9cdf2044b40422197fac93f1762ad342d293162c109f39a369e48977af8ea32a7a098fd9cd7cd979b41a104b8359038cd6741a73968c72d09e9b9869d8dc5fc36b9bfdc89b8cffcede960561a9d1e4aa2453f712caecd2a4206947d3588190e3433bdb87a9241e08686dc78f00162f8239d660b74d42ae1d534ffc3a51fc308f98a5ac00f4da9bdcee4e6d0bf627d17366691a3ab8569b730ad31dcc5324c8835b19b65a11845a03434e10329c5feeeb1088b13a3bc3fe65c3eb6e549003d8d211b87823a44910b2a42e340dd2176a17a2e6ebb45cc59baa9a3bbfd74e6ee8d2c512a825292bdd7abe5ff7ede61b74376e5bc37faf8d69346fa32708df690b2d5b5f18727e4bdb899718e38dae959bb56d95ac153beb1426f3cca03105d5fed56e597822bfc31bb284a9848f1b6b9a1910ad2af8b76887cdd2b1de1f81cd542e0c889e89737d61f5e50ef964205a3b4c77c72271f83015e34989d60ef6d0d6c307902975d5dbe90a23ee1cde956cf70135c91a199d9f75500dc95604b9e7eb365ea858d90377601bad95e07a0f156ffc02778365315b67093aebe32a2a5f00ba8b0eae6fb0414eabe117fd590bc39e9208b4137977b5a8610462f2e83cff2b16edcb444b5d33035d0a80bcb1da228247cad6c11369c5026c5a8320d97cbac232b0ecc0b201552e0f41ab143040324217ad67e8606b34a3349e4ef0c34f9cf56d5b6d157c09b178b358491eb270093a99f522afa3aedaf5dc705fe1842b12515dfe1650dd92ab489bed299677eeff81da531569a3ad832ae273a0b47627561a35da92a6c1b161dbf496248f04feb5a407d99968d6ba0174f453d94708be5a57d82b980bd7751b4a9590dc7b4d38c912a8571ebc39150f7e52efad66cb6d3996710bc5a3e89576182a6a1e15d95dbd74c1ab791bee657547ffb645feb8566ed8db97003f1ff2312946a0404c8dfc0f0a240d8320795c83e66f1429eb56db9ba6e1cee43cbc9e95bd10ceccf1f2ff6b8264ed4e83928e0c5056ad07ba0dad0bb21bec76d7b6ee05a2f0bac88f17004e2e299ccb2679099cc838e25f78685509b69d3164c1fae4c538e683af818d223e8806f50da7504008173b9fc69eafb649dc4b516e4554edbe8c9a0ba46db39c962af343e9caada22d55e3d7ad01e5e5d7d146edfc3a93ce8afde8416b8e9a929b8d88909e11554f1b934a98be2d6e6e0ae2ff66f10be722958a0c0c3766f69d590fc56ed8ae47c289413d62310e8022369e8102d0407bfd30c103fb743c81360752a71f36be5a511c43ebdb493d96a7b2eb80494a028f6cc76a2d0eb0aa1f1392bb50a2ba71384f071473d0774e425dd2d212b537f8f654458e0a5d300780c3d29ddcabe9fdd95c14e6cbd924d1aad9eaa2e00d45278609ef27fdec8d81c9221d07b59370db0911550fdddc9ef3ba760109ba384b3ad7ba5747aa50e0b9832bf39cbf5244de38af8c273d497597be8d4e5575d13a580584436621bb5b7878d23991a6221381af19ef2be71e2c7dea6e5fc9dbe0039ccb02d13d978eebdd411727ee7faed65ca6c872bf9c37322ede378709e9f6a61a1b07c7ceeb94b7719d78a8a3d8221695ba"}]}], "4011c6ed3ec831c0a859df4fd6a1cf59a90c42b433580b288a28728fb104cc462f4e92a1a4d50c2d9d75ce8b5ae9b1d6e9a4a79cae905957835e850585441d5cb5c76b06ad60a5a9003ebacf0d40fb6c636fd81af39f9d170ef5af99cd3e3e7ff54f71ca5d83d2b122ebbbc1333a2c811bc4095b572ebbcb83561044b2794ae54b33e99f48eac0eb"}}}}}}, 0xfca) 05:19:20 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x2500}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 05:19:20 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:19:20 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f0000000000002f0000000000", 0x32) 05:19:20 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000150000000000", 0x32) [ 2279.210990][T12917] ref_ctr_offset mismatch. inode: 0x4855 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfffffff6 05:19:20 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2279.555631][T12922] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2279.566365][T12922] CPU: 0 PID: 12922 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2279.575055][T12922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2279.585152][T12922] Call Trace: [ 2279.588462][T12922] dump_stack+0x1fb/0x318 [ 2279.592812][T12922] dump_header+0xd8/0x960 [ 2279.597180][T12922] oom_kill_process+0xee/0x370 [ 2279.602013][T12922] out_of_memory+0x5dc/0x900 [ 2279.606725][T12922] try_charge+0x128f/0x18a0 [ 2279.611305][T12922] __memcg_kmem_charge_memcg+0x37/0x140 [ 2279.616879][T12922] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2279.622450][T12922] __memcg_kmem_charge+0x105/0x340 [ 2279.627587][T12922] dup_task_struct+0x244/0x7d0 [ 2279.632386][T12922] copy_process+0x552/0x57b0 [ 2279.637044][T12922] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2279.642538][T12922] ? check_preemption_disabled+0xa6/0x260 [ 2279.648317][T12922] _do_fork+0x13e/0x660 [ 2279.652500][T12922] ? check_preemption_disabled+0x44/0x260 [ 2279.658327][T12922] ? debug_smp_processor_id+0x9/0x20 [ 2279.663629][T12922] ? check_preemption_disabled+0x44/0x260 [ 2279.669360][T12922] ? debug_smp_processor_id+0x9/0x20 [ 2279.674666][T12922] ? check_preemption_disabled+0x44/0x260 [ 2279.680408][T12922] __x64_sys_clone+0x20b/0x250 [ 2279.685209][T12922] do_syscall_64+0xf7/0x1c0 [ 2279.689740][T12922] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2279.696367][T12922] RIP: 0033:0x45c479 [ 2279.700279][T12922] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2279.720058][T12922] RSP: 002b:00007fe0b78f1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2279.728482][T12922] RAX: ffffffffffffffda RBX: 00007fe0b78f26d4 RCX: 000000000045c479 [ 2279.736468][T12922] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 2279.744456][T12922] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2279.752458][T12922] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2279.760440][T12922] R13: 0000000000000074 R14: 00000000004c2d06 R15: 000000000076bf2c [ 2279.771396][T12922] memory: usage 307200kB, limit 307200kB, failcnt 16855 [ 2279.778741][T12922] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2279.785825][T12922] Memory cgroup stats for /syz4: [ 2279.786564][T12922] anon 118480896 [ 2279.786564][T12922] file 16384 [ 2279.786564][T12922] kernel_stack 28975104 [ 2279.786564][T12922] slab 52596736 [ 2279.786564][T12922] sock 0 [ 2279.786564][T12922] shmem 73728 [ 2279.786564][T12922] file_mapped 0 [ 2279.786564][T12922] file_dirty 0 [ 2279.786564][T12922] file_writeback 0 [ 2279.786564][T12922] anon_thp 0 [ 2279.786564][T12922] inactive_anon 786432 [ 2279.786564][T12922] active_anon 117719040 [ 2279.786564][T12922] inactive_file 98304 [ 2279.786564][T12922] active_file 0 [ 2279.786564][T12922] unevictable 0 [ 2279.786564][T12922] slab_reclaimable 7704576 [ 2279.786564][T12922] slab_unreclaimable 44892160 [ 2279.786564][T12922] pgfault 248820 [ 2279.786564][T12922] pgmajfault 0 [ 2279.786564][T12922] workingset_refault 3762 [ 2279.786564][T12922] workingset_activate 1749 [ 2279.786564][T12922] workingset_nodereclaim 0 [ 2279.786564][T12922] pgrefill 140082 [ 2279.786564][T12922] pgscan 157711 [ 2279.786564][T12922] pgsteal 20105 [ 2279.881147][T12922] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=1420,uid=0 [ 2279.898232][T12922] Memory cgroup out of memory: Killed process 1420 (syz-executor.4) total-vm:74704kB, anon-rss:160kB, file-rss:35816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 2279.950277][ T1143] oom_reaper: reaped process 1420 (syz-executor.4), now anon-rss:0kB, file-rss:34856kB, shmem-rss:0kB [ 2280.115710][T12922] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2280.128698][T12922] CPU: 0 PID: 12922 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2280.137434][T12922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2280.147510][T12922] Call Trace: [ 2280.150818][T12922] dump_stack+0x1fb/0x318 [ 2280.155173][T12922] dump_header+0xd8/0x960 [ 2280.159546][T12922] oom_kill_process+0xee/0x370 05:19:21 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) [ 2280.164457][T12922] out_of_memory+0x5dc/0x900 [ 2280.169076][T12922] try_charge+0x128f/0x18a0 [ 2280.173648][T12922] __memcg_kmem_charge_memcg+0x37/0x140 [ 2280.179205][T12922] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2280.184897][T12922] __memcg_kmem_charge+0x105/0x340 [ 2280.190045][T12922] __alloc_pages_nodemask+0x29a/0x5d0 [ 2280.195483][T12922] alloc_pages_current+0x2db/0x500 [ 2280.200634][T12922] pte_alloc_one+0x1f/0x180 [ 2280.205158][T12922] __pte_alloc+0x20/0x2f0 [ 2280.209499][T12922] copy_page_range+0x2434/0x2950 [ 2280.214512][T12922] ? __vma_link_rb+0x822/0x840 [ 2280.219307][T12922] dup_mmap+0x9f1/0xdf0 [ 2280.223506][T12922] dup_mm+0x9e/0x340 [ 2280.227423][T12922] copy_process+0x2080/0x57b0 [ 2280.232140][T12922] _do_fork+0x13e/0x660 [ 2280.236301][T12922] ? check_preemption_disabled+0x44/0x260 [ 2280.242021][T12922] ? debug_smp_processor_id+0x9/0x20 [ 2280.247318][T12922] ? check_preemption_disabled+0x44/0x260 [ 2280.253042][T12922] ? debug_smp_processor_id+0x9/0x20 [ 2280.258347][T12922] ? check_preemption_disabled+0x44/0x260 [ 2280.264251][T12922] __x64_sys_clone+0x20b/0x250 [ 2280.269050][T12922] do_syscall_64+0xf7/0x1c0 [ 2280.273727][T12922] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2280.279624][T12922] RIP: 0033:0x45c479 [ 2280.283528][T12922] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2280.303162][T12922] RSP: 002b:00007fe0b78f1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2280.311577][T12922] RAX: ffffffffffffffda RBX: 00007fe0b78f26d4 RCX: 000000000045c479 [ 2280.319561][T12922] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 2280.327556][T12922] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2280.335793][T12922] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2280.343792][T12922] R13: 0000000000000074 R14: 00000000004c2d06 R15: 000000000076bf2c [ 2280.356274][T12922] memory: usage 307044kB, limit 307200kB, failcnt 16873 [ 2280.363640][T12922] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2280.370691][T12922] Memory cgroup stats for /syz4: [ 2280.371121][T12922] anon 118480896 [ 2280.371121][T12922] file 16384 [ 2280.371121][T12922] kernel_stack 28975104 [ 2280.371121][T12922] slab 52596736 [ 2280.371121][T12922] sock 0 [ 2280.371121][T12922] shmem 73728 [ 2280.371121][T12922] file_mapped 0 [ 2280.371121][T12922] file_dirty 0 [ 2280.371121][T12922] file_writeback 0 [ 2280.371121][T12922] anon_thp 0 [ 2280.371121][T12922] inactive_anon 786432 [ 2280.371121][T12922] active_anon 117719040 [ 2280.371121][T12922] inactive_file 98304 [ 2280.371121][T12922] active_file 0 [ 2280.371121][T12922] unevictable 0 [ 2280.371121][T12922] slab_reclaimable 7704576 [ 2280.371121][T12922] slab_unreclaimable 44892160 [ 2280.371121][T12922] pgfault 248820 [ 2280.371121][T12922] pgmajfault 0 [ 2280.371121][T12922] workingset_refault 3762 [ 2280.371121][T12922] workingset_activate 1749 [ 2280.371121][T12922] workingset_nodereclaim 0 [ 2280.371121][T12922] pgrefill 140181 [ 2280.371121][T12922] pgscan 157843 [ 2280.371121][T12922] pgsteal 20105 [ 2280.465806][T12922] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=32453,uid=0 [ 2280.481877][T12922] Memory cgroup out of memory: Killed process 32453 (syz-executor.4) total-vm:74704kB, anon-rss:160kB, file-rss:35816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 05:19:21 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000300000000000", 0x32) 05:19:21 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000160000000000", 0x32) [ 2280.507133][ T1143] oom_reaper: reaped process 32453 (syz-executor.4), now anon-rss:0kB, file-rss:34856kB, shmem-rss:0kB 05:19:21 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x4800}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 05:19:21 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(0x0, 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:19:21 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000310000000000", 0x32) [ 2280.900449][T12964] ref_ctr_offset mismatch. inode: 0x47dd offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfffffff6 05:19:22 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @remote}}) write$tun(r0, &(0x7f00000021c0)={@void, @val={0x9}, @mpls={[], @ipv6=@icmpv6={0x0, 0x6, "9eef7b", 0xf98, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x3, 0x0, 0x0, 0x0, {0x0, 0x6, "6595c3", 0x0, 0x0, 0x0, @mcast2, @loopback, [@dstopts={0x11, 0x13, [0x0, 0x0, 0x0, 0x0, 0x0, 0xff], [@padn={0x1, 0x1, [0x0]}, @enc_lim, @ra, @calipso={0x7, 0x30, {0x0, 0xa, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}}, @calipso={0x7, 0x40, {0x0, 0xe, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, @hao={0xc9, 0x10, @mcast2}, @jumbo, @pad1]}, @srh={0x2, 0xc, 0x4, 0x6, 0x0, 0x0, 0x0, [@loopback, @loopback, @remote, @mcast2, @local, @mcast2]}, @hopopts={0x0, 0x1b8, [], [@ra, @generic={0x0, 0xdbb, "0cad4f4a7eeb53720a5107b6d8001a2f2241086745756559ca43dcc86c24645dd1ca87e3caf5413013c6baee7f151d411bad8f23a85fadfe0f959c12d3393193f4499171ba7b0fdee3a48548863719a05490befc514e21c91ea0c4bcc0e488e1cec20d2c2a5a69ce3dd47d41718560907c58078035d2a51850b0d85282b4a9ab5626b195d85d2727ed7047b647859a72011ff3fa524341909f841651f63701526c6a7e741f3bded9c25d978a77f334d12931fdd5484306ec3d6b268311f46917b7e42efa149511bafa5415d17ac02ab8937249a68b2e3fddb941b0040ced142c2afedcbec1039d40f4923ea3d4475ac561a6a0e869569dd13e736bf127eacb110f8d010329fccadf8e48b27819c823ca0f507f87b3d63ef1869cba2fe3deb0ad1dbaa1a343ab0a856f3e248c6af4ddbfc11824031ce2beeae0991b79382da8b02e0d25715845fc86df5a6279d54d675789e58df953992123c28c532058750c5978a819ddaadbcbe1d7fc264cb688b91668e116227771f36e2a8eb8b7bc364dbda1b3225c6bf9d82ae1e69fe54b17ff692f8b47718b508b8a4e10735bcb55f90616e50d6ba8851388d0f1b39957374ddc9efb243ac2a2bc436e867f3e1499e62d9d158ac22d4d0350b45d1ff2db14ff9507defa68bd37bc5a2e4f7988329171dd59db16a044b748fb6e05e3ca8f863b2ddd8623495f0c3d183e1b610263f17d7629921562a42a3c45a515a30a2c3edc574dff264f881f61393447a1fd773a20e494ac3afc0df59da758af735fbd5e6ad689e95675e29c15617764084f5b6f4732435f63ccb423df6442ad322600e21be45296fd27ca9e08ee7f442a688a32817404d9300ce4a70c2b75ca422b2173a52e9a800f5e520f349525b4c493701ae68ae0efc5e117b9a20735e47c37ccd977686b30d6cabb18f8e7c07ef9721f7daaf4b2c1fd02ec9a2e6e2fd458fa93e4f54d96d5e25ebaca4f322994ae737ee0181b9fac284e952b71fa18ecc7f1c3752a6385a596c094d36654008db0a2a785bf55bcb973d3c5e45ea9ca7506c10ecc0472fd4dd568e38548e87f8557d90290d8a8985cfa43853de5ff75d5a6d8f697c2a6a727675ea5aa1779b1cc98b4ff9556933c7bfa3ae59ada5c8d49191cbea2f2b457dd53c62a4dd257e808b3804cd18a95d566a818797fdc09f4b607dc97b634a9d9e447cc2252f51dd8ad9f5a10ccf32b7154992623957d963731bc4331adfc90c48361e4e2239892c82ff9260ad221c2e83c2352095d95a3d44a402e874edaa8a304f2e1c3d6a383a0515eb5657589a67691a22f10b89fd74123f7cec086d434da40ba509b0dbdf1fa82f4b16f9f3e6df6b0b28c3a85ab272e50e064fc37f681fcb5cfa0c0899a9b88d0a483281032cb16a80202b96cfe473ba073fcb9a6eeeee0032afe23506facba3ed1d11608d21a580ab87eeef70d18d9331eae104f6d77a4bc96bce642815485f513bb71ddc560bc31e995aba9faccd7d1bf74c8fe2b5d7137e3b771a2f408ac06d24bad2f7f4c8f6d7d977d7248415ccbd3420688ff681cf9b00724b6981b2555b86bce142c5d3bef47ebf75e989b337cb8cb98ed24402a98a4224685ceb2ded92f347e5192903dff7f6ed980cbf1413b8eb68474a9abac3fb206ef1ebe0d08dd999c9ecf811d0706d0a705a23ae530d3775e978159dc3c73b86dcd18a61e1c6c8b810041fbd80e0a4c9ff8a73933bb3dae152514ced9ee050e059c6f1bd0dbf2e3517ee3c2d770c296e6596290cf800508715da0799efced72be1ab153bec534129279639ba1afde05179952bf9e80133865b60c5669ef3b6972483e2936ac87a69c8e296a0c24cc0b2ce8583c99414ce7d7309c404b0652f27e6911fdfb59877366fa8754e716e50aa99cd04cbf7eb2c8e118b1a17d9965d6611dc65ac8c6b3a4d5d3df3097c4163c354509b50df0cc2daf0291bbd384a34dec960fd84a67cb30b761ee8161bb25d389bd20e15bfcf7f5edd77005e96e90c5a9bbacd7b3f9f5bbdb880f0a7e1254572b86cb28b3c310ba3052d3785b024ed3f3fafabf1393cf2d882b8bacca30d69adc024baede50d9b0bc2ffcd2bf5c6fef2fc290390162b563b8e846d7b615115818623113f01a1c216b9f588b65db63a459bcfce53020debb6de6e746ef2f9f1c8276ba8995e1bd02d3194e9875e1692ea0255743ba2175c4a804f57a4c19a2c7a4f8f36557878deba2d485aa67c2f36ccbb582f3c569e5d00fe8636857f30854abea6758389bcc832d0de97635ea41e42efa0b7c06fd4f84deeaebccfa8852e3c5582ade34fbe462b5244156d4545bd32377c65e3b0303879f8cc8f177056e39f99591dbaf1b2640f9b68c4cf3989fdd442cb1298d62ce43a21c56bc9556eb27431c04ed337fcd37c26387772677c25c7be21ee74d087c7b88457f30b34a493acb519295f38f4b9bc6764fcbd763d4f9e061d0fd8cb7800e2e0ec18d0fbfdbddc9af8d817b3cf16ce82c91f184f5c8184736203e1bcdb4b8c03a2176926cac0ba9fcf7e21604973d53ee3fc38263e80cea9b1cd9a5016d3e03141426a6802e0926485e8afff7cf8be9bdd2ce685128a7631314c4414a6ade6a85975c1b2958d9c52e455174ca71562eaf6102654466c66f5d3e251e6cae5efd91a88a2513f0587d80b9aafd1936b43beb4054bc35f1c42c0381618bbba181f0de8f4e7aa15f87bc7bb4609f88eadbb83bcc13f8caf7eca20a938c35378f8d3a810a7463d8a2487a157871a7402ab05b54bed456fb2d4c440976ccb4e724a20ba1941f3b3db4f8a185982bd719362b7e190052b5579835d1da2adcfdbec002fdb5f7b187fd365eb601432bf984ad6ee59e13aafba08485997587417b70f8cdf4f7370f04d94df49e135ed3012b87e50b93b27c78e1409f05a4bc0b75e6322068de9b0af459fdc40e3649fb2a7fb1296e00e7d48315705ecbb7815fedb45b8773309489e47aaa4009952604df5d6cd57ec310fc387ecdb296c11376715286df3d15f651310461e83c2ae6d407db6f81784b291e6c8f42907dd4c473cb72dedeb930668d6e5efd95bd1f69d9e818a744557689f7106d0d2a3c3e6f79c98559f9c31ca32307011fa3d70963cc2801babc9a23f73f5fa4bcd04285927f6ef7c5099a4620b85ca8dff2a56fe8aac89949dac74cf869739610d87068e3d32fdba1d5b7460b7857249091cb62b6d9f824ffb9b88a02ea4926da7b8b672ad08ec8c7508a3c5ba901e7c8c8a19e63bbc148a8bb307c6f5d87c736c9d6bcfaabdc7da7102a8bc466c6c11c0bf1973aaf9bc181f996b8aa726dc952dd26df33d6b2aa8de037308df7935ef3390e5939fd9cdf2044b40422197fac93f1762ad342d293162c109f39a369e48977af8ea32a7a098fd9cd7cd979b41a104b8359038cd6741a73968c72d09e9b9869d8dc5fc36b9bfdc89b8cffcede960561a9d1e4aa2453f712caecd2a4206947d3588190e3433bdb87a9241e08686dc78f00162f8239d660b74d42ae1d534ffc3a51fc308f98a5ac00f4da9bdcee4e6d0bf627d17366691a3ab8569b730ad31dcc5324c8835b19b65a11845a03434e10329c5feeeb1088b13a3bc3fe65c3eb6e549003d8d211b87823a44910b2a42e340dd2176a17a2e6ebb45cc59baa9a3bbfd74e6ee8d2c512a825292bdd7abe5ff7ede61b74376e5bc37faf8d69346fa32708df690b2d5b5f18727e4bdb899718e38dae959bb56d95ac153beb1426f3cca03105d5fed56e597822bfc31bb284a9848f1b6b9a1910ad2af8b76887cdd2b1de1f81cd542e0c889e89737d61f5e50ef964205a3b4c77c72271f83015e34989d60ef6d0d6c307902975d5dbe90a23ee1cde956cf70135c91a199d9f75500dc95604b9e7eb365ea858d90377601bad95e07a0f156ffc02778365315b67093aebe32a2a5f00ba8b0eae6fb0414eabe117fd590bc39e9208b4137977b5a8610462f2e83cff2b16edcb444b5d33035d0a80bcb1da228247cad6c11369c5026c5a8320d97cbac232b0ecc0b201552e0f41ab143040324217ad67e8606b34a3349e4ef0c34f9cf56d5b6d157c09b178b358491eb270093a99f522afa3aedaf5dc705fe1842b12515dfe1650dd92ab489bed299677eeff81da531569a3ad832ae273a0b47627561a35da92a6c1b161dbf496248f04feb5a407d99968d6ba0174f453d94708be5a57d82b980bd7751b4a9590dc7b4d38c912a8571ebc39150f7e52efad66cb6d3996710bc5a3e89576182a6a1e15d95dbd74c1ab791bee657547ffb645feb8566ed8db97003f1ff2312946a0404c8dfc0f0a240d8320795c83e66f1429eb56db9ba6e1cee43cbc9e95bd10ceccf1f2ff6b8264ed4e83928e0c5056ad07ba0dad0bb21bec76d7b6ee05a2f0bac88f17004e2e299ccb2679099cc838e25f78685509b69d3164c1fae4c538e683af818d223e8806f50da7504008173b9fc69eafb649dc4b516e4554edbe8c9a0ba46db39c962af343e9caada22d55e3d7ad01e5e5d7d146edfc3a93ce8afde8416b8e9a929b8d88909e11554f1b934a98be2d6e6e0ae2ff66f10be722958a0c0c3766f69d590fc56ed8ae47c289413d62310e8022369e8102d0407bfd30c103fb743c81360752a71f36be5a511c43ebdb493d96a7b2eb80494a028f6cc76a2d0eb0aa1f1392bb50a2ba71384f071473d0774e425dd2d212b537f8f654458e0a5d300780c3d29ddcabe9fdd95c14e6cbd924d1aad9eaa2e00d45278609ef27fdec8d81c9221d07b59370db0911550fdddc9ef3ba760109ba384b3ad7ba5747aa50e0b9832bf39cbf5244de38af8c273d497597be8d4e5575d13a580584436621bb5b7878d23991a6221381af19ef2be71e2c7dea6e5fc9dbe0039ccb02d13d978eebdd411727ee7faed65ca6c872bf9c37322ede378709e9f6a61a1b07c7ceeb94b7719d78a8a3d8221695ba"}]}], "4011c6ed3ec831c0a859df4fd6a1cf59a90c42b433580b288a28728fb104cc462f4e92a1a4d50c2d9d75ce8b5ae9b1d6e9a4a79cae905957835e850585441d5cb5c76b06ad60a5a9003ebacf0d40fb6c636fd81af39f9d170ef5af99cd3e3e7ff54f71ca5d83d2b122ebbbc1333a2c811bc4095b572ebbcb83561044b2794ae54b33e99f48eac0eb"}}}}}}, 0xfca) 05:19:22 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000170000000000", 0x32) 05:19:22 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(0x0, 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:19:22 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) 05:19:22 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000320000000000", 0x32) 05:19:22 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x4c00}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2281.550032][T12984] ref_ctr_offset mismatch. inode: 0x4833 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfffffff6 [ 2281.680104][T12980] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2281.690609][T12980] CPU: 1 PID: 12980 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2281.699358][T12980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2281.709430][T12980] Call Trace: [ 2281.712735][T12980] dump_stack+0x1fb/0x318 [ 2281.717264][T12980] dump_header+0xd8/0x960 [ 2281.721800][T12980] oom_kill_process+0xee/0x370 [ 2281.726640][T12980] out_of_memory+0x5dc/0x900 [ 2281.731422][T12980] try_charge+0x128f/0x18a0 [ 2281.736015][T12980] __memcg_kmem_charge_memcg+0x37/0x140 [ 2281.741597][T12980] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2281.747208][T12980] __memcg_kmem_charge+0x105/0x340 [ 2281.752495][T12980] dup_task_struct+0x244/0x7d0 [ 2281.757302][T12980] copy_process+0x552/0x57b0 [ 2281.762091][T12980] ? debug_smp_processor_id+0x9/0x20 [ 2281.767407][T12980] ? check_preemption_disabled+0x44/0x260 [ 2281.773142][T12980] ? debug_smp_processor_id+0x9/0x20 [ 2281.778485][T12980] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2281.784152][T12980] _do_fork+0x13e/0x660 [ 2281.788449][T12980] ? check_preemption_disabled+0x44/0x260 [ 2281.794199][T12980] ? debug_smp_processor_id+0x9/0x20 [ 2281.799527][T12980] ? check_preemption_disabled+0x44/0x260 [ 2281.805391][T12980] ? debug_smp_processor_id+0x9/0x20 [ 2281.810904][T12980] ? check_preemption_disabled+0x44/0x260 [ 2281.816771][T12980] __x64_sys_clone+0x20b/0x250 [ 2281.821691][T12980] do_syscall_64+0xf7/0x1c0 [ 2281.826223][T12980] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2281.832282][T12980] RIP: 0033:0x45c479 [ 2281.836191][T12980] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2281.855808][T12980] RSP: 002b:00007fe0b78f1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2281.864240][T12980] RAX: ffffffffffffffda RBX: 00007fe0b78f26d4 RCX: 000000000045c479 [ 2281.872333][T12980] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 05:19:22 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000180000000000", 0x32) 05:19:22 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000330000000000", 0x32) [ 2281.880322][T12980] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2281.888311][T12980] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2281.896585][T12980] R13: 0000000000000074 R14: 00000000004c2d06 R15: 000000000076bf2c [ 2281.906433][T12980] memory: usage 307200kB, limit 307200kB, failcnt 16914 [ 2281.913746][T12980] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2281.920909][T12980] Memory cgroup stats for /syz4: [ 2281.921787][T12980] anon 118476800 [ 2281.921787][T12980] file 16384 [ 2281.921787][T12980] kernel_stack 29011968 [ 2281.921787][T12980] slab 52596736 [ 2281.921787][T12980] sock 0 [ 2281.921787][T12980] shmem 73728 [ 2281.921787][T12980] file_mapped 0 [ 2281.921787][T12980] file_dirty 0 [ 2281.921787][T12980] file_writeback 0 [ 2281.921787][T12980] anon_thp 0 [ 2281.921787][T12980] inactive_anon 786432 [ 2281.921787][T12980] active_anon 117719040 [ 2281.921787][T12980] inactive_file 98304 [ 2281.921787][T12980] active_file 0 [ 2281.921787][T12980] unevictable 0 [ 2281.921787][T12980] slab_reclaimable 7704576 [ 2281.921787][T12980] slab_unreclaimable 44892160 [ 2281.921787][T12980] pgfault 249018 [ 2281.921787][T12980] pgmajfault 0 [ 2281.921787][T12980] workingset_refault 3762 [ 2281.921787][T12980] workingset_activate 1749 [ 2281.921787][T12980] workingset_nodereclaim 0 [ 2281.921787][T12980] pgrefill 140247 [ 2281.921787][T12980] pgscan 157909 [ 2281.921787][T12980] pgsteal 20105 [ 2282.017413][T12980] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=30061,uid=0 [ 2282.033792][T12980] Memory cgroup out of memory: Killed process 30061 (syz-executor.4) total-vm:74968kB, anon-rss:176kB, file-rss:35800kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 2282.057744][ T1143] oom_reaper: reaped process 30061 (syz-executor.4), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB [ 2282.103052][T12978] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2282.207939][T12978] CPU: 0 PID: 12978 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2282.216682][T12978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2282.226756][T12978] Call Trace: [ 2282.230073][T12978] dump_stack+0x1fb/0x318 [ 2282.234540][T12978] dump_header+0xd8/0x960 [ 2282.238887][T12978] oom_kill_process+0xee/0x370 [ 2282.243658][T12978] out_of_memory+0x5dc/0x900 [ 2282.248266][T12978] try_charge+0x128f/0x18a0 [ 2282.252821][T12978] mem_cgroup_try_charge+0x216/0x550 [ 2282.258283][T12978] mem_cgroup_try_charge_delay+0x25/0xa0 [ 2282.264068][T12978] do_anonymous_page+0x382/0x1640 [ 2282.269210][T12978] handle_mm_fault+0x1c17/0x2900 [ 2282.274377][T12978] do_user_addr_fault+0x588/0xaf0 [ 2282.279449][T12978] do_page_fault+0x13b/0x250 [ 2282.284199][T12978] page_fault+0x39/0x40 [ 2282.288388][T12978] RIP: 0033:0x413c6f [ 2282.292284][T12978] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 2282.311904][T12978] RSP: 002b:00007ffeb3531060 EFLAGS: 00010206 [ 2282.317985][T12978] RAX: 00007fe0b78b1000 RBX: 0000000000020000 RCX: 000000000045c4ca [ 2282.325998][T12978] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 2282.333986][T12978] RBP: 00007ffeb3531140 R08: ffffffffffffffff R09: 0000000000000000 [ 2282.341970][T12978] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffeb3531230 [ 2282.349966][T12978] R13: 00007fe0b78d1700 R14: 0000000000000001 R15: 000000000076bfcc [ 2282.362997][T12978] memory: usage 307028kB, limit 307200kB, failcnt 16915 [ 2282.370978][T12978] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2282.410898][T12978] Memory cgroup stats for /syz4: [ 2282.411011][T12978] anon 118476800 [ 2282.411011][T12978] file 16384 [ 2282.411011][T12978] kernel_stack 29011968 [ 2282.411011][T12978] slab 52596736 [ 2282.411011][T12978] sock 0 [ 2282.411011][T12978] shmem 73728 [ 2282.411011][T12978] file_mapped 0 [ 2282.411011][T12978] file_dirty 0 [ 2282.411011][T12978] file_writeback 0 [ 2282.411011][T12978] anon_thp 0 [ 2282.411011][T12978] inactive_anon 786432 [ 2282.411011][T12978] active_anon 117583872 [ 2282.411011][T12978] inactive_file 98304 05:19:23 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000190000000000", 0x32) 05:19:23 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000340000000000", 0x32) [ 2282.411011][T12978] active_file 0 [ 2282.411011][T12978] unevictable 0 [ 2282.411011][T12978] slab_reclaimable 7704576 [ 2282.411011][T12978] slab_unreclaimable 44892160 [ 2282.411011][T12978] pgfault 249018 [ 2282.411011][T12978] pgmajfault 0 [ 2282.411011][T12978] workingset_refault 3762 [ 2282.411011][T12978] workingset_activate 1749 [ 2282.411011][T12978] workingset_nodereclaim 0 [ 2282.411011][T12978] pgrefill 140247 [ 2282.411011][T12978] pgscan 157909 [ 2282.411011][T12978] pgsteal 20105 [ 2282.524866][T12978] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=26510,uid=0 [ 2282.545102][T12978] Memory cgroup out of memory: Killed process 26510 (syz-executor.4) total-vm:74836kB, anon-rss:168kB, file-rss:35808kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 05:19:23 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f0000000000001a0000000000", 0x32) 05:19:23 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000350000000000", 0x32) [ 2282.789610][T12986] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2282.864098][T12986] CPU: 0 PID: 12986 Comm: syz-executor.1 Not tainted 5.6.0-rc3-syzkaller #0 [ 2282.873011][T12986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2282.883206][T12986] Call Trace: [ 2282.886527][T12986] dump_stack+0x1fb/0x318 [ 2282.890881][T12986] dump_header+0xd8/0x960 [ 2282.895239][T12986] oom_kill_process+0xee/0x370 [ 2282.900009][T12986] out_of_memory+0x5dc/0x900 [ 2282.904810][T12986] try_charge+0x128f/0x18a0 [ 2282.909342][T12986] mem_cgroup_try_charge+0x216/0x550 [ 2282.914630][T12986] mem_cgroup_try_charge_delay+0x25/0xa0 [ 2282.920261][T12986] wp_page_copy+0x35f/0x1c50 [ 2282.924866][T12986] do_wp_page+0x5e4/0x16d0 [ 2282.929269][T12986] ? __kasan_check_write+0x14/0x20 [ 2282.934402][T12986] ? do_raw_spin_lock+0x103/0x7b0 [ 2282.939427][T12986] ? handle_mm_fault+0x235a/0x2900 [ 2282.944539][T12986] handle_mm_fault+0x241f/0x2900 [ 2282.949499][T12986] do_user_addr_fault+0x588/0xaf0 [ 2282.954529][T12986] do_page_fault+0x13b/0x250 [ 2282.959140][T12986] page_fault+0x39/0x40 [ 2282.963304][T12986] RIP: 0033:0x403ecf [ 2282.967213][T12986] Code: e7 87 00 00 74 0f 8b 05 a3 e7 87 00 39 45 24 0f 84 d6 01 00 00 80 3d a8 e7 87 00 00 0f 85 51 03 00 00 e8 54 2d 01 00 48 89 c3 00 00 00 00 00 4b 8d 44 6d 00 48 8d 3c c5 a0 83 4d 00 48 8b 47 [ 2282.986813][T12986] RSP: 002b:00007fea86ba9c90 EFLAGS: 00010207 [ 2282.992992][T12986] RAX: 00007fea86baa6d4 RBX: 00007fea86baa6d4 RCX: 00000000004ca762 [ 2283.000962][T12986] RDX: 00000000001f2a0a RSI: 0000000000000000 RDI: 000000000076bfa8 [ 2283.008925][T12986] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2283.016888][T12986] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2283.024850][T12986] R13: 00000000000007fa R14: 00000000004ca762 R15: 000000000076bf2c [ 2283.088991][T12986] memory: usage 307204kB, limit 307200kB, failcnt 12690 [ 2283.103468][T12986] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2283.113811][T12986] Memory cgroup stats for /syz1: [ 2283.114644][T12986] anon 117374976 [ 2283.114644][T12986] file 0 [ 2283.114644][T12986] kernel_stack 28348416 [ 2283.114644][T12986] slab 54370304 [ 2283.114644][T12986] sock 131072 [ 2283.114644][T12986] shmem 0 [ 2283.114644][T12986] file_mapped 135168 [ 2283.114644][T12986] file_dirty 0 [ 2283.114644][T12986] file_writeback 0 [ 2283.114644][T12986] anon_thp 0 [ 2283.114644][T12986] inactive_anon 516096 [ 2283.114644][T12986] active_anon 116936704 [ 2283.114644][T12986] inactive_file 4096 [ 2283.114644][T12986] active_file 0 [ 2283.114644][T12986] unevictable 0 [ 2283.114644][T12986] slab_reclaimable 10002432 [ 2283.114644][T12986] slab_unreclaimable 44367872 [ 2283.114644][T12986] pgfault 240603 [ 2283.114644][T12986] pgmajfault 0 [ 2283.114644][T12986] workingset_refault 2046 [ 2283.114644][T12986] workingset_activate 528 [ 2283.114644][T12986] workingset_nodereclaim 0 [ 2283.114644][T12986] pgrefill 101792 [ 2283.114644][T12986] pgscan 103178 [ 2283.114644][T12986] pgsteal 3460 [ 2283.231175][T12986] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8531,uid=0 [ 2283.248855][T12986] Memory cgroup out of memory: Killed process 8531 (syz-executor.1) total-vm:74836kB, anon-rss:164kB, file-rss:35804kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2283.273718][ T1143] oom_reaper: reaped process 8531 (syz-executor.1), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 05:19:24 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @remote}}) write$tun(r0, &(0x7f00000021c0)={@void, @val={0x9}, @mpls={[], @ipv6=@icmpv6={0x0, 0x6, "9eef7b", 0xf98, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x3, 0x0, 0x0, 0x0, {0x0, 0x6, "6595c3", 0x0, 0x0, 0x0, @mcast2, @loopback, [@dstopts={0x11, 0x13, [], [@padn={0x0, 0x1, [0x0]}, @enc_lim, @ra, @calipso={0x7, 0x30, {0x0, 0xa, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}}, @calipso={0x7, 0x40, {0x0, 0xe, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, @hao={0xc9, 0x10, @mcast2}, @jumbo, @pad1]}, @srh={0x2, 0xc, 0x4, 0x6, 0x0, 0x0, 0x0, [@loopback, @loopback, @remote, @mcast2, @local, @mcast2]}, @hopopts={0x0, 0x1b8, [], [@ra, @generic={0x0, 0xdbb, "0cad4f4a7eeb53720a5107b6d8001a2f2241086745756559ca43dcc86c24645dd1ca87e3caf5413013c6baee7f151d411bad8f23a85fadfe0f959c12d3393193f4499171ba7b0fdee3a48548863719a05490befc514e21c91ea0c4bcc0e488e1cec20d2c2a5a69ce3dd47d41718560907c58078035d2a51850b0d85282b4a9ab5626b195d85d2727ed7047b647859a72011ff3fa524341909f841651f63701526c6a7e741f3bded9c25d978a77f334d12931fdd5484306ec3d6b268311f46917b7e42efa149511bafa5415d17ac02ab8937249a68b2e3fddb941b0040ced142c2afedcbec1039d40f4923ea3d4475ac561a6a0e869569dd13e736bf127eacb110f8d010329fccadf8e48b27819c823ca0f507f87b3d63ef1869cba2fe3deb0ad1dbaa1a343ab0a856f3e248c6af4ddbfc11824031ce2beeae0991b79382da8b02e0d25715845fc86df5a6279d54d675789e58df953992123c28c532058750c5978a819ddaadbcbe1d7fc264cb688b91668e116227771f36e2a8eb8b7bc364dbda1b3225c6bf9d82ae1e69fe54b17ff692f8b47718b508b8a4e10735bcb55f90616e50d6ba8851388d0f1b39957374ddc9efb243ac2a2bc436e867f3e1499e62d9d158ac22d4d0350b45d1ff2db14ff9507defa68bd37bc5a2e4f7988329171dd59db16a044b748fb6e05e3ca8f863b2ddd8623495f0c3d183e1b610263f17d7629921562a42a3c45a515a30a2c3edc574dff264f881f61393447a1fd773a20e494ac3afc0df59da758af735fbd5e6ad689e95675e29c15617764084f5b6f4732435f63ccb423df6442ad322600e21be45296fd27ca9e08ee7f442a688a32817404d9300ce4a70c2b75ca422b2173a52e9a800f5e520f349525b4c493701ae68ae0efc5e117b9a20735e47c37ccd977686b30d6cabb18f8e7c07ef9721f7daaf4b2c1fd02ec9a2e6e2fd458fa93e4f54d96d5e25ebaca4f322994ae737ee0181b9fac284e952b71fa18ecc7f1c3752a6385a596c094d36654008db0a2a785bf55bcb973d3c5e45ea9ca7506c10ecc0472fd4dd568e38548e87f8557d90290d8a8985cfa43853de5ff75d5a6d8f697c2a6a727675ea5aa1779b1cc98b4ff9556933c7bfa3ae59ada5c8d49191cbea2f2b457dd53c62a4dd257e808b3804cd18a95d566a818797fdc09f4b607dc97b634a9d9e447cc2252f51dd8ad9f5a10ccf32b7154992623957d963731bc4331adfc90c48361e4e2239892c82ff9260ad221c2e83c2352095d95a3d44a402e874edaa8a304f2e1c3d6a383a0515eb5657589a67691a22f10b89fd74123f7cec086d434da40ba509b0dbdf1fa82f4b16f9f3e6df6b0b28c3a85ab272e50e064fc37f681fcb5cfa0c0899a9b88d0a483281032cb16a80202b96cfe473ba073fcb9a6eeeee0032afe23506facba3ed1d11608d21a580ab87eeef70d18d9331eae104f6d77a4bc96bce642815485f513bb71ddc560bc31e995aba9faccd7d1bf74c8fe2b5d7137e3b771a2f408ac06d24bad2f7f4c8f6d7d977d7248415ccbd3420688ff681cf9b00724b6981b2555b86bce142c5d3bef47ebf75e989b337cb8cb98ed24402a98a4224685ceb2ded92f347e5192903dff7f6ed980cbf1413b8eb68474a9abac3fb206ef1ebe0d08dd999c9ecf811d0706d0a705a23ae530d3775e978159dc3c73b86dcd18a61e1c6c8b810041fbd80e0a4c9ff8a73933bb3dae152514ced9ee050e059c6f1bd0dbf2e3517ee3c2d770c296e6596290cf800508715da0799efced72be1ab153bec534129279639ba1afde05179952bf9e80133865b60c5669ef3b6972483e2936ac87a69c8e296a0c24cc0b2ce8583c99414ce7d7309c404b0652f27e6911fdfb59877366fa8754e716e50aa99cd04cbf7eb2c8e118b1a17d9965d6611dc65ac8c6b3a4d5d3df3097c4163c354509b50df0cc2daf0291bbd384a34dec960fd84a67cb30b761ee8161bb25d389bd20e15bfcf7f5edd77005e96e90c5a9bbacd7b3f9f5bbdb880f0a7e1254572b86cb28b3c310ba3052d3785b024ed3f3fafabf1393cf2d882b8bacca30d69adc024baede50d9b0bc2ffcd2bf5c6fef2fc290390162b563b8e846d7b615115818623113f01a1c216b9f588b65db63a459bcfce53020debb6de6e746ef2f9f1c8276ba8995e1bd02d3194e9875e1692ea0255743ba2175c4a804f57a4c19a2c7a4f8f36557878deba2d485aa67c2f36ccbb582f3c569e5d00fe8636857f30854abea6758389bcc832d0de97635ea41e42efa0b7c06fd4f84deeaebccfa8852e3c5582ade34fbe462b5244156d4545bd32377c65e3b0303879f8cc8f177056e39f99591dbaf1b2640f9b68c4cf3989fdd442cb1298d62ce43a21c56bc9556eb27431c04ed337fcd37c26387772677c25c7be21ee74d087c7b88457f30b34a493acb519295f38f4b9bc6764fcbd763d4f9e061d0fd8cb7800e2e0ec18d0fbfdbddc9af8d817b3cf16ce82c91f184f5c8184736203e1bcdb4b8c03a2176926cac0ba9fcf7e21604973d53ee3fc38263e80cea9b1cd9a5016d3e03141426a6802e0926485e8afff7cf8be9bdd2ce685128a7631314c4414a6ade6a85975c1b2958d9c52e455174ca71562eaf6102654466c66f5d3e251e6cae5efd91a88a2513f0587d80b9aafd1936b43beb4054bc35f1c42c0381618bbba181f0de8f4e7aa15f87bc7bb4609f88eadbb83bcc13f8caf7eca20a938c35378f8d3a810a7463d8a2487a157871a7402ab05b54bed456fb2d4c440976ccb4e724a20ba1941f3b3db4f8a185982bd719362b7e190052b5579835d1da2adcfdbec002fdb5f7b187fd365eb601432bf984ad6ee59e13aafba08485997587417b70f8cdf4f7370f04d94df49e135ed3012b87e50b93b27c78e1409f05a4bc0b75e6322068de9b0af459fdc40e3649fb2a7fb1296e00e7d48315705ecbb7815fedb45b8773309489e47aaa4009952604df5d6cd57ec310fc387ecdb296c11376715286df3d15f651310461e83c2ae6d407db6f81784b291e6c8f42907dd4c473cb72dedeb930668d6e5efd95bd1f69d9e818a744557689f7106d0d2a3c3e6f79c98559f9c31ca32307011fa3d70963cc2801babc9a23f73f5fa4bcd04285927f6ef7c5099a4620b85ca8dff2a56fe8aac89949dac74cf869739610d87068e3d32fdba1d5b7460b7857249091cb62b6d9f824ffb9b88a02ea4926da7b8b672ad08ec8c7508a3c5ba901e7c8c8a19e63bbc148a8bb307c6f5d87c736c9d6bcfaabdc7da7102a8bc466c6c11c0bf1973aaf9bc181f996b8aa726dc952dd26df33d6b2aa8de037308df7935ef3390e5939fd9cdf2044b40422197fac93f1762ad342d293162c109f39a369e48977af8ea32a7a098fd9cd7cd979b41a104b8359038cd6741a73968c72d09e9b9869d8dc5fc36b9bfdc89b8cffcede960561a9d1e4aa2453f712caecd2a4206947d3588190e3433bdb87a9241e08686dc78f00162f8239d660b74d42ae1d534ffc3a51fc308f98a5ac00f4da9bdcee4e6d0bf627d17366691a3ab8569b730ad31dcc5324c8835b19b65a11845a03434e10329c5feeeb1088b13a3bc3fe65c3eb6e549003d8d211b87823a44910b2a42e340dd2176a17a2e6ebb45cc59baa9a3bbfd74e6ee8d2c512a825292bdd7abe5ff7ede61b74376e5bc37faf8d69346fa32708df690b2d5b5f18727e4bdb899718e38dae959bb56d95ac153beb1426f3cca03105d5fed56e597822bfc31bb284a9848f1b6b9a1910ad2af8b76887cdd2b1de1f81cd542e0c889e89737d61f5e50ef964205a3b4c77c72271f83015e34989d60ef6d0d6c307902975d5dbe90a23ee1cde956cf70135c91a199d9f75500dc95604b9e7eb365ea858d90377601bad95e07a0f156ffc02778365315b67093aebe32a2a5f00ba8b0eae6fb0414eabe117fd590bc39e9208b4137977b5a8610462f2e83cff2b16edcb444b5d33035d0a80bcb1da228247cad6c11369c5026c5a8320d97cbac232b0ecc0b201552e0f41ab143040324217ad67e8606b34a3349e4ef0c34f9cf56d5b6d157c09b178b358491eb270093a99f522afa3aedaf5dc705fe1842b12515dfe1650dd92ab489bed299677eeff81da531569a3ad832ae273a0b47627561a35da92a6c1b161dbf496248f04feb5a407d99968d6ba0174f453d94708be5a57d82b980bd7751b4a9590dc7b4d38c912a8571ebc39150f7e52efad66cb6d3996710bc5a3e89576182a6a1e15d95dbd74c1ab791bee657547ffb645feb8566ed8db97003f1ff2312946a0404c8dfc0f0a240d8320795c83e66f1429eb56db9ba6e1cee43cbc9e95bd10ceccf1f2ff6b8264ed4e83928e0c5056ad07ba0dad0bb21bec76d7b6ee05a2f0bac88f17004e2e299ccb2679099cc838e25f78685509b69d3164c1fae4c538e683af818d223e8806f50da7504008173b9fc69eafb649dc4b516e4554edbe8c9a0ba46db39c962af343e9caada22d55e3d7ad01e5e5d7d146edfc3a93ce8afde8416b8e9a929b8d88909e11554f1b934a98be2d6e6e0ae2ff66f10be722958a0c0c3766f69d590fc56ed8ae47c289413d62310e8022369e8102d0407bfd30c103fb743c81360752a71f36be5a511c43ebdb493d96a7b2eb80494a028f6cc76a2d0eb0aa1f1392bb50a2ba71384f071473d0774e425dd2d212b537f8f654458e0a5d300780c3d29ddcabe9fdd95c14e6cbd924d1aad9eaa2e00d45278609ef27fdec8d81c9221d07b59370db0911550fdddc9ef3ba760109ba384b3ad7ba5747aa50e0b9832bf39cbf5244de38af8c273d497597be8d4e5575d13a580584436621bb5b7878d23991a6221381af19ef2be71e2c7dea6e5fc9dbe0039ccb02d13d978eebdd411727ee7faed65ca6c872bf9c37322ede378709e9f6a61a1b07c7ceeb94b7719d78a8a3d8221695ba"}]}], "4011c6ed3ec831c0a859df4fd6a1cf59a90c42b433580b288a28728fb104cc462f4e92a1a4d50c2d9d75ce8b5ae9b1d6e9a4a79cae905957835e850585441d5cb5c76b06ad60a5a9003ebacf0d40fb6c636fd81af39f9d170ef5af99cd3e3e7ff54f71ca5d83d2b122ebbbc1333a2c811bc4095b572ebbcb83561044b2794ae54b33e99f48eac0eb"}}}}}}, 0xfca) 05:19:24 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(0x0, 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:19:24 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) 05:19:24 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x5e01}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 05:19:24 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000360000000000", 0x32) 05:19:24 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f0000000000001b0000000000", 0x32) 05:19:24 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000370000000000", 0x32) 05:19:24 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f0000000000001c0000000000", 0x32) [ 2283.780091][T13033] ref_ctr_offset mismatch. inode: 0x47c6 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfffffff6 05:19:25 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(0x0, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) [ 2284.168736][T13028] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2284.217652][T13028] CPU: 0 PID: 13028 Comm: syz-executor.1 Not tainted 5.6.0-rc3-syzkaller #0 [ 2284.226387][T13028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2284.236827][T13028] Call Trace: [ 2284.240255][T13028] dump_stack+0x1fb/0x318 [ 2284.244725][T13028] dump_header+0xd8/0x960 [ 2284.249246][T13028] oom_kill_process+0xee/0x370 [ 2284.254957][T13028] out_of_memory+0x5dc/0x900 [ 2284.259547][T13028] try_charge+0x128f/0x18a0 [ 2284.264108][T13028] __memcg_kmem_charge_memcg+0x37/0x140 [ 2284.269677][T13028] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2284.276106][T13028] __memcg_kmem_charge+0x105/0x340 [ 2284.281239][T13028] dup_task_struct+0x244/0x7d0 [ 2284.286030][T13028] copy_process+0x552/0x57b0 [ 2284.290659][T13028] ? _raw_spin_unlock+0x27/0x40 [ 2284.295533][T13028] ? do_anonymous_page+0x140e/0x1640 [ 2284.301816][T13028] _do_fork+0x13e/0x660 [ 2284.305981][T13028] ? check_preemption_disabled+0x44/0x260 [ 2284.311722][T13028] ? debug_smp_processor_id+0x9/0x20 [ 2284.317035][T13028] ? check_preemption_disabled+0x44/0x260 [ 2284.322761][T13028] ? debug_smp_processor_id+0x9/0x20 [ 2284.328076][T13028] ? check_preemption_disabled+0x44/0x260 [ 2284.333798][T13028] __x64_sys_clone+0x20b/0x250 [ 2284.338597][T13028] do_syscall_64+0xf7/0x1c0 [ 2284.343104][T13028] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2284.349150][T13028] RIP: 0033:0x45ee49 [ 2284.353059][T13028] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2284.372906][T13028] RSP: 002b:00007ffc28d10b88 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2284.381335][T13028] RAX: ffffffffffffffda RBX: 00007fea86b68700 RCX: 000000000045ee49 [ 2284.389304][T13028] RDX: 00007fea86b689d0 RSI: 00007fea86b67db0 RDI: 00000000003d0f00 [ 2284.397436][T13028] RBP: 00007ffc28d10da0 R08: 00007fea86b68700 R09: 00007fea86b68700 [ 2284.405423][T13028] R10: 00007fea86b689d0 R11: 0000000000000202 R12: 0000000000000000 [ 2284.413393][T13028] R13: 00007ffc28d10c3f R14: 00007fea86b689c0 R15: 000000000076c06c [ 2284.446782][T13028] memory: usage 307200kB, limit 307200kB, failcnt 12727 [ 2284.474209][T13028] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2284.486661][T13028] Memory cgroup stats for /syz1: [ 2284.486759][T13028] anon 117374976 [ 2284.486759][T13028] file 0 [ 2284.486759][T13028] kernel_stack 28385280 [ 2284.486759][T13028] slab 54370304 [ 2284.486759][T13028] sock 131072 [ 2284.486759][T13028] shmem 0 [ 2284.486759][T13028] file_mapped 135168 [ 2284.486759][T13028] file_dirty 0 [ 2284.486759][T13028] file_writeback 0 [ 2284.486759][T13028] anon_thp 0 [ 2284.486759][T13028] inactive_anon 516096 [ 2284.486759][T13028] active_anon 116936704 [ 2284.486759][T13028] inactive_file 4096 [ 2284.486759][T13028] active_file 0 [ 2284.486759][T13028] unevictable 0 [ 2284.486759][T13028] slab_reclaimable 10002432 [ 2284.486759][T13028] slab_unreclaimable 44367872 [ 2284.486759][T13028] pgfault 240702 [ 2284.486759][T13028] pgmajfault 0 [ 2284.486759][T13028] workingset_refault 2046 [ 2284.486759][T13028] workingset_activate 528 [ 2284.486759][T13028] workingset_nodereclaim 0 [ 2284.486759][T13028] pgrefill 101957 [ 2284.486759][T13028] pgscan 103376 [ 2284.486759][T13028] pgsteal 3460 [ 2284.586026][T13028] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8453,uid=0 [ 2284.602466][T13028] Memory cgroup out of memory: Killed process 8453 (syz-executor.1) total-vm:74836kB, anon-rss:164kB, file-rss:35804kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2284.622624][ T1143] oom_reaper: reaped process 8453 (syz-executor.1), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB [ 2284.684953][T13060] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2284.698294][T13060] CPU: 0 PID: 13060 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2284.707109][T13060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2284.717430][T13060] Call Trace: [ 2284.720862][T13060] dump_stack+0x1fb/0x318 [ 2284.725220][T13060] dump_header+0xd8/0x960 [ 2284.729584][T13060] oom_kill_process+0xee/0x370 [ 2284.734530][T13060] out_of_memory+0x5dc/0x900 [ 2284.739159][T13060] try_charge+0x128f/0x18a0 [ 2284.743862][T13060] __memcg_kmem_charge_memcg+0x37/0x140 [ 2284.749558][T13060] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2284.755140][T13060] __memcg_kmem_charge+0x105/0x340 [ 2284.760297][T13060] __alloc_pages_nodemask+0x29a/0x5d0 [ 2284.765735][T13060] alloc_pages_current+0x2db/0x500 [ 2284.770870][T13060] __pmd_alloc+0x39/0x3d0 [ 2284.775225][T13060] copy_page_range+0x2555/0x2950 [ 2284.780177][T13060] ? lockdep_hardirqs_on+0x4a5/0x7a0 [ 2284.785663][T13060] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2284.791669][T13060] ? trace_hardirqs_on_caller+0x74/0x80 [ 2284.797258][T13060] ? vma_gap_callbacks_rotate+0x1fc/0x230 [ 2284.802998][T13060] ? init_admin_reserve+0xc0/0xc0 [ 2284.808049][T13060] dup_mmap+0x9f1/0xdf0 [ 2284.812541][T13060] dup_mm+0x9e/0x340 [ 2284.816455][T13060] copy_process+0x2080/0x57b0 [ 2284.821161][T13060] ? debug_smp_processor_id+0x9/0x20 [ 2284.826462][T13060] _do_fork+0x13e/0x660 [ 2284.830612][T13060] ? retint_kernel+0x2b/0x2b [ 2284.835316][T13060] ? trace_hardirqs_on_caller+0x74/0x80 [ 2284.841006][T13060] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2284.846603][T13060] __x64_sys_clone+0x20b/0x250 [ 2284.851385][T13060] do_syscall_64+0xf7/0x1c0 [ 2284.855900][T13060] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2284.861798][T13060] RIP: 0033:0x45c479 [ 2284.865694][T13060] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2284.885303][T13060] RSP: 002b:00007fe0b78f1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2284.893738][T13060] RAX: ffffffffffffffda RBX: 00007fe0b78f26d4 RCX: 000000000045c479 [ 2284.901715][T13060] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 2284.909861][T13060] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2284.917821][T13060] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2284.925806][T13060] R13: 0000000000000074 R14: 00000000004c2d06 R15: 000000000076bf2c [ 2284.935313][T13060] memory: usage 307200kB, limit 307200kB, failcnt 16944 [ 2284.942993][T13060] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2284.950758][T13060] Memory cgroup stats for /syz4: [ 2284.951749][T13060] anon 118611968 [ 2284.951749][T13060] file 16384 [ 2284.951749][T13060] kernel_stack 29011968 [ 2284.951749][T13060] slab 52596736 [ 2284.951749][T13060] sock 0 [ 2284.951749][T13060] shmem 73728 [ 2284.951749][T13060] file_mapped 0 [ 2284.951749][T13060] file_dirty 0 [ 2284.951749][T13060] file_writeback 0 [ 2284.951749][T13060] anon_thp 0 [ 2284.951749][T13060] inactive_anon 786432 [ 2284.951749][T13060] active_anon 117719040 [ 2284.951749][T13060] inactive_file 98304 [ 2284.951749][T13060] active_file 0 [ 2284.951749][T13060] unevictable 0 [ 2284.951749][T13060] slab_reclaimable 7704576 [ 2284.951749][T13060] slab_unreclaimable 44892160 [ 2284.951749][T13060] pgfault 249183 [ 2284.951749][T13060] pgmajfault 0 [ 2284.951749][T13060] workingset_refault 3762 [ 2284.951749][T13060] workingset_activate 1749 [ 2284.951749][T13060] workingset_nodereclaim 0 [ 2284.951749][T13060] pgrefill 140445 [ 2284.951749][T13060] pgscan 158074 [ 2284.951749][T13060] pgsteal 20105 [ 2285.051365][T13060] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=23613,uid=0 [ 2285.067938][T13060] Memory cgroup out of memory: Killed process 23613 (syz-executor.4) total-vm:74704kB, anon-rss:160kB, file-rss:35816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 2285.093869][ T1143] oom_reaper: reaped process 23613 (syz-executor.4), now anon-rss:0kB, file-rss:34856kB, shmem-rss:0kB 05:19:26 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) 05:19:26 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x6000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 05:19:26 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f0000000000001d0000000000", 0x32) [ 2285.439829][T13079] ref_ctr_offset mismatch. inode: 0x47ae offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfffffff6 [ 2285.585620][T13066] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2285.596578][T13066] CPU: 0 PID: 13066 Comm: syz-executor.1 Not tainted 5.6.0-rc3-syzkaller #0 [ 2285.605277][T13066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2285.615487][T13066] Call Trace: [ 2285.618794][T13066] dump_stack+0x1fb/0x318 [ 2285.623149][T13066] dump_header+0xd8/0x960 [ 2285.627681][T13066] oom_kill_process+0xee/0x370 [ 2285.632497][T13066] out_of_memory+0x5dc/0x900 [ 2285.637133][T13066] try_charge+0x128f/0x18a0 [ 2285.641691][T13066] mem_cgroup_try_charge+0x216/0x550 [ 2285.647000][T13066] mem_cgroup_try_charge_delay+0x25/0xa0 [ 2285.652639][T13066] wp_page_copy+0x35f/0x1c50 [ 2285.657262][T13066] do_wp_page+0x5e4/0x16d0 [ 2285.661676][T13066] ? __kasan_check_write+0x14/0x20 [ 2285.666804][T13066] ? do_raw_spin_lock+0x103/0x7b0 [ 2285.671840][T13066] ? handle_mm_fault+0x235a/0x2900 [ 2285.677003][T13066] handle_mm_fault+0x241f/0x2900 [ 2285.681993][T13066] do_user_addr_fault+0x588/0xaf0 [ 2285.687039][T13066] do_page_fault+0x13b/0x250 [ 2285.691638][T13066] page_fault+0x39/0x40 [ 2285.697933][T13066] RIP: 0033:0x413c9a [ 2285.702093][T13066] Code: 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 c7 45 18 01 00 00 00 49 89 85 10 05 00 00 48 8b 05 ae 47 87 00 00 01 00 00 00 c7 05 ba 47 87 00 01 00 00 00 41 c7 85 1c 06 00 [ 2285.721711][T13066] RSP: 002b:00007ffc28d10bd0 EFLAGS: 00010206 [ 2285.727803][T13066] RAX: 0000000000c88928 RBX: 0000000000020000 RCX: 000000000045c4ca [ 2285.735898][T13066] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 2285.744165][T13066] RBP: 00007ffc28d10cb0 R08: ffffffffffffffff R09: 0000000000000000 [ 2285.752290][T13066] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc28d10da0 [ 2285.760267][T13066] R13: 00007fea86b47700 R14: 0000000000000003 R15: 000000000076c10c [ 2286.055089][T13066] memory: usage 307128kB, limit 307200kB, failcnt 12766 [ 2286.077712][T13072] ref_ctr_offset mismatch. inode: 0x47ae offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfffffff6 [ 2286.080129][T13066] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2286.176885][T13066] Memory cgroup stats for /syz1: [ 2286.187063][T13066] anon 117510144 [ 2286.187063][T13066] file 0 [ 2286.187063][T13066] kernel_stack 28422144 [ 2286.187063][T13066] slab 54370304 [ 2286.187063][T13066] sock 131072 [ 2286.187063][T13066] shmem 0 [ 2286.187063][T13066] file_mapped 135168 [ 2286.187063][T13066] file_dirty 0 [ 2286.187063][T13066] file_writeback 0 [ 2286.187063][T13066] anon_thp 0 [ 2286.187063][T13066] inactive_anon 516096 [ 2286.187063][T13066] active_anon 117071872 [ 2286.187063][T13066] inactive_file 4096 [ 2286.187063][T13066] active_file 0 [ 2286.187063][T13066] unevictable 0 [ 2286.187063][T13066] slab_reclaimable 10002432 [ 2286.187063][T13066] slab_unreclaimable 44367872 [ 2286.187063][T13066] pgfault 240801 [ 2286.187063][T13066] pgmajfault 0 [ 2286.187063][T13066] workingset_refault 2046 [ 2286.187063][T13066] workingset_activate 528 [ 2286.187063][T13066] workingset_nodereclaim 0 [ 2286.187063][T13066] pgrefill 102254 [ 2286.187063][T13066] pgscan 103608 [ 2286.187063][T13066] pgsteal 3460 [ 2286.290244][T13066] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8431,uid=0 [ 2286.340203][T13066] Memory cgroup out of memory: Killed process 8431 (syz-executor.1) total-vm:74704kB, anon-rss:156kB, file-rss:35812kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 05:19:27 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @remote}}) write$tun(r0, &(0x7f00000021c0)={@void, @val={0x9}, @mpls={[], @ipv6=@icmpv6={0x0, 0x6, "9eef7b", 0xf98, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x3, 0x0, 0x0, 0x0, {0x0, 0x6, "6595c3", 0x0, 0x0, 0x0, @mcast2, @loopback, [@dstopts={0x11, 0x13, [], [@padn={0x2, 0x1, [0x0]}, @enc_lim, @ra, @calipso={0x7, 0x30, {0x0, 0xa, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}}, @calipso={0x7, 0x40, {0x0, 0xe, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, @hao={0xc9, 0x10, @mcast2}, @jumbo, @pad1]}, @srh={0x2, 0xc, 0x4, 0x6, 0x0, 0x0, 0x0, [@loopback, @loopback, @remote, @mcast2, @local, @mcast2]}, @hopopts={0x0, 0x1b8, [], [@ra, @generic={0x0, 0xdbb, "0cad4f4a7eeb53720a5107b6d8001a2f2241086745756559ca43dcc86c24645dd1ca87e3caf5413013c6baee7f151d411bad8f23a85fadfe0f959c12d3393193f4499171ba7b0fdee3a48548863719a05490befc514e21c91ea0c4bcc0e488e1cec20d2c2a5a69ce3dd47d41718560907c58078035d2a51850b0d85282b4a9ab5626b195d85d2727ed7047b647859a72011ff3fa524341909f841651f63701526c6a7e741f3bded9c25d978a77f334d12931fdd5484306ec3d6b268311f46917b7e42efa149511bafa5415d17ac02ab8937249a68b2e3fddb941b0040ced142c2afedcbec1039d40f4923ea3d4475ac561a6a0e869569dd13e736bf127eacb110f8d010329fccadf8e48b27819c823ca0f507f87b3d63ef1869cba2fe3deb0ad1dbaa1a343ab0a856f3e248c6af4ddbfc11824031ce2beeae0991b79382da8b02e0d25715845fc86df5a6279d54d675789e58df953992123c28c532058750c5978a819ddaadbcbe1d7fc264cb688b91668e116227771f36e2a8eb8b7bc364dbda1b3225c6bf9d82ae1e69fe54b17ff692f8b47718b508b8a4e10735bcb55f90616e50d6ba8851388d0f1b39957374ddc9efb243ac2a2bc436e867f3e1499e62d9d158ac22d4d0350b45d1ff2db14ff9507defa68bd37bc5a2e4f7988329171dd59db16a044b748fb6e05e3ca8f863b2ddd8623495f0c3d183e1b610263f17d7629921562a42a3c45a515a30a2c3edc574dff264f881f61393447a1fd773a20e494ac3afc0df59da758af735fbd5e6ad689e95675e29c15617764084f5b6f4732435f63ccb423df6442ad322600e21be45296fd27ca9e08ee7f442a688a32817404d9300ce4a70c2b75ca422b2173a52e9a800f5e520f349525b4c493701ae68ae0efc5e117b9a20735e47c37ccd977686b30d6cabb18f8e7c07ef9721f7daaf4b2c1fd02ec9a2e6e2fd458fa93e4f54d96d5e25ebaca4f322994ae737ee0181b9fac284e952b71fa18ecc7f1c3752a6385a596c094d36654008db0a2a785bf55bcb973d3c5e45ea9ca7506c10ecc0472fd4dd568e38548e87f8557d90290d8a8985cfa43853de5ff75d5a6d8f697c2a6a727675ea5aa1779b1cc98b4ff9556933c7bfa3ae59ada5c8d49191cbea2f2b457dd53c62a4dd257e808b3804cd18a95d566a818797fdc09f4b607dc97b634a9d9e447cc2252f51dd8ad9f5a10ccf32b7154992623957d963731bc4331adfc90c48361e4e2239892c82ff9260ad221c2e83c2352095d95a3d44a402e874edaa8a304f2e1c3d6a383a0515eb5657589a67691a22f10b89fd74123f7cec086d434da40ba509b0dbdf1fa82f4b16f9f3e6df6b0b28c3a85ab272e50e064fc37f681fcb5cfa0c0899a9b88d0a483281032cb16a80202b96cfe473ba073fcb9a6eeeee0032afe23506facba3ed1d11608d21a580ab87eeef70d18d9331eae104f6d77a4bc96bce642815485f513bb71ddc560bc31e995aba9faccd7d1bf74c8fe2b5d7137e3b771a2f408ac06d24bad2f7f4c8f6d7d977d7248415ccbd3420688ff681cf9b00724b6981b2555b86bce142c5d3bef47ebf75e989b337cb8cb98ed24402a98a4224685ceb2ded92f347e5192903dff7f6ed980cbf1413b8eb68474a9abac3fb206ef1ebe0d08dd999c9ecf811d0706d0a705a23ae530d3775e978159dc3c73b86dcd18a61e1c6c8b810041fbd80e0a4c9ff8a73933bb3dae152514ced9ee050e059c6f1bd0dbf2e3517ee3c2d770c296e6596290cf800508715da0799efced72be1ab153bec534129279639ba1afde05179952bf9e80133865b60c5669ef3b6972483e2936ac87a69c8e296a0c24cc0b2ce8583c99414ce7d7309c404b0652f27e6911fdfb59877366fa8754e716e50aa99cd04cbf7eb2c8e118b1a17d9965d6611dc65ac8c6b3a4d5d3df3097c4163c354509b50df0cc2daf0291bbd384a34dec960fd84a67cb30b761ee8161bb25d389bd20e15bfcf7f5edd77005e96e90c5a9bbacd7b3f9f5bbdb880f0a7e1254572b86cb28b3c310ba3052d3785b024ed3f3fafabf1393cf2d882b8bacca30d69adc024baede50d9b0bc2ffcd2bf5c6fef2fc290390162b563b8e846d7b615115818623113f01a1c216b9f588b65db63a459bcfce53020debb6de6e746ef2f9f1c8276ba8995e1bd02d3194e9875e1692ea0255743ba2175c4a804f57a4c19a2c7a4f8f36557878deba2d485aa67c2f36ccbb582f3c569e5d00fe8636857f30854abea6758389bcc832d0de97635ea41e42efa0b7c06fd4f84deeaebccfa8852e3c5582ade34fbe462b5244156d4545bd32377c65e3b0303879f8cc8f177056e39f99591dbaf1b2640f9b68c4cf3989fdd442cb1298d62ce43a21c56bc9556eb27431c04ed337fcd37c26387772677c25c7be21ee74d087c7b88457f30b34a493acb519295f38f4b9bc6764fcbd763d4f9e061d0fd8cb7800e2e0ec18d0fbfdbddc9af8d817b3cf16ce82c91f184f5c8184736203e1bcdb4b8c03a2176926cac0ba9fcf7e21604973d53ee3fc38263e80cea9b1cd9a5016d3e03141426a6802e0926485e8afff7cf8be9bdd2ce685128a7631314c4414a6ade6a85975c1b2958d9c52e455174ca71562eaf6102654466c66f5d3e251e6cae5efd91a88a2513f0587d80b9aafd1936b43beb4054bc35f1c42c0381618bbba181f0de8f4e7aa15f87bc7bb4609f88eadbb83bcc13f8caf7eca20a938c35378f8d3a810a7463d8a2487a157871a7402ab05b54bed456fb2d4c440976ccb4e724a20ba1941f3b3db4f8a185982bd719362b7e190052b5579835d1da2adcfdbec002fdb5f7b187fd365eb601432bf984ad6ee59e13aafba08485997587417b70f8cdf4f7370f04d94df49e135ed3012b87e50b93b27c78e1409f05a4bc0b75e6322068de9b0af459fdc40e3649fb2a7fb1296e00e7d48315705ecbb7815fedb45b8773309489e47aaa4009952604df5d6cd57ec310fc387ecdb296c11376715286df3d15f651310461e83c2ae6d407db6f81784b291e6c8f42907dd4c473cb72dedeb930668d6e5efd95bd1f69d9e818a744557689f7106d0d2a3c3e6f79c98559f9c31ca32307011fa3d70963cc2801babc9a23f73f5fa4bcd04285927f6ef7c5099a4620b85ca8dff2a56fe8aac89949dac74cf869739610d87068e3d32fdba1d5b7460b7857249091cb62b6d9f824ffb9b88a02ea4926da7b8b672ad08ec8c7508a3c5ba901e7c8c8a19e63bbc148a8bb307c6f5d87c736c9d6bcfaabdc7da7102a8bc466c6c11c0bf1973aaf9bc181f996b8aa726dc952dd26df33d6b2aa8de037308df7935ef3390e5939fd9cdf2044b40422197fac93f1762ad342d293162c109f39a369e48977af8ea32a7a098fd9cd7cd979b41a104b8359038cd6741a73968c72d09e9b9869d8dc5fc36b9bfdc89b8cffcede960561a9d1e4aa2453f712caecd2a4206947d3588190e3433bdb87a9241e08686dc78f00162f8239d660b74d42ae1d534ffc3a51fc308f98a5ac00f4da9bdcee4e6d0bf627d17366691a3ab8569b730ad31dcc5324c8835b19b65a11845a03434e10329c5feeeb1088b13a3bc3fe65c3eb6e549003d8d211b87823a44910b2a42e340dd2176a17a2e6ebb45cc59baa9a3bbfd74e6ee8d2c512a825292bdd7abe5ff7ede61b74376e5bc37faf8d69346fa32708df690b2d5b5f18727e4bdb899718e38dae959bb56d95ac153beb1426f3cca03105d5fed56e597822bfc31bb284a9848f1b6b9a1910ad2af8b76887cdd2b1de1f81cd542e0c889e89737d61f5e50ef964205a3b4c77c72271f83015e34989d60ef6d0d6c307902975d5dbe90a23ee1cde956cf70135c91a199d9f75500dc95604b9e7eb365ea858d90377601bad95e07a0f156ffc02778365315b67093aebe32a2a5f00ba8b0eae6fb0414eabe117fd590bc39e9208b4137977b5a8610462f2e83cff2b16edcb444b5d33035d0a80bcb1da228247cad6c11369c5026c5a8320d97cbac232b0ecc0b201552e0f41ab143040324217ad67e8606b34a3349e4ef0c34f9cf56d5b6d157c09b178b358491eb270093a99f522afa3aedaf5dc705fe1842b12515dfe1650dd92ab489bed299677eeff81da531569a3ad832ae273a0b47627561a35da92a6c1b161dbf496248f04feb5a407d99968d6ba0174f453d94708be5a57d82b980bd7751b4a9590dc7b4d38c912a8571ebc39150f7e52efad66cb6d3996710bc5a3e89576182a6a1e15d95dbd74c1ab791bee657547ffb645feb8566ed8db97003f1ff2312946a0404c8dfc0f0a240d8320795c83e66f1429eb56db9ba6e1cee43cbc9e95bd10ceccf1f2ff6b8264ed4e83928e0c5056ad07ba0dad0bb21bec76d7b6ee05a2f0bac88f17004e2e299ccb2679099cc838e25f78685509b69d3164c1fae4c538e683af818d223e8806f50da7504008173b9fc69eafb649dc4b516e4554edbe8c9a0ba46db39c962af343e9caada22d55e3d7ad01e5e5d7d146edfc3a93ce8afde8416b8e9a929b8d88909e11554f1b934a98be2d6e6e0ae2ff66f10be722958a0c0c3766f69d590fc56ed8ae47c289413d62310e8022369e8102d0407bfd30c103fb743c81360752a71f36be5a511c43ebdb493d96a7b2eb80494a028f6cc76a2d0eb0aa1f1392bb50a2ba71384f071473d0774e425dd2d212b537f8f654458e0a5d300780c3d29ddcabe9fdd95c14e6cbd924d1aad9eaa2e00d45278609ef27fdec8d81c9221d07b59370db0911550fdddc9ef3ba760109ba384b3ad7ba5747aa50e0b9832bf39cbf5244de38af8c273d497597be8d4e5575d13a580584436621bb5b7878d23991a6221381af19ef2be71e2c7dea6e5fc9dbe0039ccb02d13d978eebdd411727ee7faed65ca6c872bf9c37322ede378709e9f6a61a1b07c7ceeb94b7719d78a8a3d8221695ba"}]}], "4011c6ed3ec831c0a859df4fd6a1cf59a90c42b433580b288a28728fb104cc462f4e92a1a4d50c2d9d75ce8b5ae9b1d6e9a4a79cae905957835e850585441d5cb5c76b06ad60a5a9003ebacf0d40fb6c636fd81af39f9d170ef5af99cd3e3e7ff54f71ca5d83d2b122ebbbc1333a2c811bc4095b572ebbcb83561044b2794ae54b33e99f48eac0eb"}}}}}}, 0xfca) 05:19:27 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(0x0, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:19:27 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000380000000000", 0x32) 05:19:27 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f0000000000001e0000000000", 0x32) 05:19:27 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x6800}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 05:19:27 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) 05:19:27 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000390000000000", 0x32) 05:19:27 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f0000000000001f0000000000", 0x32) [ 2286.907317][T13094] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2286.920841][T13094] CPU: 0 PID: 13094 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2286.929541][T13094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2286.939833][T13094] Call Trace: [ 2286.943283][T13094] dump_stack+0x1fb/0x318 [ 2286.947650][T13094] dump_header+0xd8/0x960 [ 2286.952014][T13094] oom_kill_process+0xee/0x370 [ 2286.957039][T13094] out_of_memory+0x5dc/0x900 [ 2286.961769][T13094] try_charge+0x128f/0x18a0 [ 2286.966363][T13094] __memcg_kmem_charge_memcg+0x37/0x140 [ 2286.971940][T13094] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2286.977528][T13094] __memcg_kmem_charge+0x105/0x340 [ 2286.982835][T13094] __alloc_pages_nodemask+0x29a/0x5d0 [ 2286.988250][T13094] alloc_pages_current+0x2db/0x500 [ 2286.993408][T13094] pte_alloc_one+0x1f/0x180 [ 2286.997951][T13094] __pte_alloc+0x20/0x2f0 [ 2287.002317][T13094] copy_page_range+0x2434/0x2950 [ 2287.007290][T13094] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2287.012890][T13094] dup_mmap+0x9f1/0xdf0 [ 2287.017089][T13094] dup_mm+0x9e/0x340 [ 2287.021008][T13094] copy_process+0x2080/0x57b0 [ 2287.025866][T13094] ? retint_kernel+0x2b/0x2b [ 2287.030604][T13094] _do_fork+0x13e/0x660 [ 2287.034808][T13094] ? check_preemption_disabled+0x44/0x260 [ 2287.040673][T13094] ? debug_smp_processor_id+0x9/0x20 [ 2287.045980][T13094] ? check_preemption_disabled+0x44/0x260 [ 2287.051719][T13094] ? debug_smp_processor_id+0x9/0x20 [ 2287.057023][T13094] ? check_preemption_disabled+0x44/0x260 [ 2287.062906][T13094] __x64_sys_clone+0x20b/0x250 [ 2287.067725][T13094] do_syscall_64+0xf7/0x1c0 [ 2287.072254][T13094] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2287.078163][T13094] RIP: 0033:0x45c479 [ 2287.082074][T13094] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2287.101825][T13094] RSP: 002b:00007fe0b78f1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2287.110257][T13094] RAX: ffffffffffffffda RBX: 00007fe0b78f26d4 RCX: 000000000045c479 [ 2287.118351][T13094] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 2287.126339][T13094] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2287.134331][T13094] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2287.142450][T13094] R13: 0000000000000074 R14: 00000000004c2d06 R15: 000000000076bf2c [ 2287.153801][T13094] memory: usage 307200kB, limit 307200kB, failcnt 16988 [ 2287.161308][T13094] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2287.168518][T13094] Memory cgroup stats for /syz4: [ 2287.170920][T13094] anon 118611968 [ 2287.170920][T13094] file 16384 [ 2287.170920][T13094] kernel_stack 29048832 [ 2287.170920][T13094] slab 52596736 [ 2287.170920][T13094] sock 0 [ 2287.170920][T13094] shmem 73728 [ 2287.170920][T13094] file_mapped 0 [ 2287.170920][T13094] file_dirty 0 [ 2287.170920][T13094] file_writeback 0 [ 2287.170920][T13094] anon_thp 0 [ 2287.170920][T13094] inactive_anon 786432 [ 2287.170920][T13094] active_anon 117719040 [ 2287.170920][T13094] inactive_file 98304 [ 2287.170920][T13094] active_file 0 [ 2287.170920][T13094] unevictable 0 [ 2287.170920][T13094] slab_reclaimable 7704576 [ 2287.170920][T13094] slab_unreclaimable 44892160 [ 2287.170920][T13094] pgfault 249315 [ 2287.170920][T13094] pgmajfault 0 [ 2287.170920][T13094] workingset_refault 3762 [ 2287.170920][T13094] workingset_activate 1749 [ 2287.170920][T13094] workingset_nodereclaim 0 [ 2287.170920][T13094] pgrefill 140676 [ 2287.170920][T13094] pgscan 158339 [ 2287.170920][T13094] pgsteal 20105 [ 2287.266620][T13094] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=23519,uid=0 [ 2287.282978][T13094] Memory cgroup out of memory: Killed process 23519 (syz-executor.4) total-vm:74704kB, anon-rss:160kB, file-rss:35816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 2287.308074][ T1143] oom_reaper: reaped process 23519 (syz-executor.4), now anon-rss:0kB, file-rss:34856kB, shmem-rss:0kB [ 2287.421397][T13104] ref_ctr_offset mismatch. inode: 0x4835 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfffffff6 05:19:28 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(0x0, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:19:28 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x6c00}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 05:19:28 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) [ 2287.829937][T13128] ref_ctr_offset mismatch. inode: 0x47e5 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfffffff6 [ 2288.056023][T13125] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2288.068551][T13125] CPU: 1 PID: 13125 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2288.077234][T13125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2288.087507][T13125] Call Trace: [ 2288.090976][T13125] dump_stack+0x1fb/0x318 [ 2288.095336][T13125] dump_header+0xd8/0x960 [ 2288.099700][T13125] oom_kill_process+0xee/0x370 [ 2288.104492][T13125] out_of_memory+0x5dc/0x900 [ 2288.109117][T13125] try_charge+0x128f/0x18a0 [ 2288.113700][T13125] __memcg_kmem_charge_memcg+0x37/0x140 [ 2288.119282][T13125] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2288.125039][T13125] __memcg_kmem_charge+0x105/0x340 [ 2288.130217][T13125] __alloc_pages_nodemask+0x29a/0x5d0 [ 2288.135637][T13125] alloc_pages_current+0x2db/0x500 [ 2288.140807][T13125] pte_alloc_one+0x1f/0x180 [ 2288.145339][T13125] __pte_alloc+0x20/0x2f0 [ 2288.149689][T13125] copy_page_range+0x2434/0x2950 [ 2288.154798][T13125] ? __vma_link_rb+0x822/0x840 [ 2288.159608][T13125] dup_mmap+0x9f1/0xdf0 [ 2288.163810][T13125] dup_mm+0x9e/0x340 [ 2288.167728][T13125] copy_process+0x2080/0x57b0 [ 2288.172559][T13125] ? trace_hardirqs_off+0x74/0x80 [ 2288.177632][T13125] _do_fork+0x13e/0x660 [ 2288.181830][T13125] ? do_syscall_64+0xb9/0x1c0 [ 2288.186628][T13125] __x64_sys_clone+0x20b/0x250 [ 2288.191439][T13125] do_syscall_64+0xf7/0x1c0 [ 2288.196079][T13125] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2288.201992][T13125] RIP: 0033:0x45c479 [ 2288.205902][T13125] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2288.225519][T13125] RSP: 002b:00007fe0b78f1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2288.233950][T13125] RAX: ffffffffffffffda RBX: 00007fe0b78f26d4 RCX: 000000000045c479 [ 2288.241935][T13125] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 2288.249948][T13125] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2288.257943][T13125] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2288.266032][T13125] R13: 0000000000000074 R14: 00000000004c2d06 R15: 000000000076bf2c [ 2288.275141][T13125] memory: usage 307192kB, limit 307200kB, failcnt 17035 [ 2288.282646][T13125] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2288.290418][T13125] Memory cgroup stats for /syz4: [ 2288.291164][T13125] anon 118472704 [ 2288.291164][T13125] file 16384 [ 2288.291164][T13125] kernel_stack 29011968 [ 2288.291164][T13125] slab 52596736 [ 2288.291164][T13125] sock 0 [ 2288.291164][T13125] shmem 73728 [ 2288.291164][T13125] file_mapped 0 [ 2288.291164][T13125] file_dirty 0 [ 2288.291164][T13125] file_writeback 0 [ 2288.291164][T13125] anon_thp 0 [ 2288.291164][T13125] inactive_anon 786432 [ 2288.291164][T13125] active_anon 117719040 [ 2288.291164][T13125] inactive_file 98304 [ 2288.291164][T13125] active_file 0 [ 2288.291164][T13125] unevictable 0 [ 2288.291164][T13125] slab_reclaimable 7704576 [ 2288.291164][T13125] slab_unreclaimable 44892160 [ 2288.291164][T13125] pgfault 249381 [ 2288.291164][T13125] pgmajfault 0 [ 2288.291164][T13125] workingset_refault 3762 [ 2288.291164][T13125] workingset_activate 1749 [ 2288.291164][T13125] workingset_nodereclaim 0 [ 2288.291164][T13125] pgrefill 140908 [ 2288.291164][T13125] pgscan 158572 [ 2288.291164][T13125] pgsteal 20105 [ 2288.388752][T13125] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=23395,uid=0 [ 2288.405552][T13125] Memory cgroup out of memory: Killed process 23395 (syz-executor.4) total-vm:74704kB, anon-rss:160kB, file-rss:35816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 2288.430028][ T1143] oom_reaper: reaped process 23395 (syz-executor.4), now anon-rss:0kB, file-rss:34856kB, shmem-rss:0kB 05:19:29 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000200000000000", 0x32) [ 2288.495200][T13129] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2288.578628][T13129] CPU: 1 PID: 13129 Comm: syz-executor.1 Not tainted 5.6.0-rc3-syzkaller #0 [ 2288.587362][T13129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2288.597425][T13129] Call Trace: [ 2288.600736][T13129] dump_stack+0x1fb/0x318 [ 2288.605091][T13129] dump_header+0xd8/0x960 [ 2288.609458][T13129] oom_kill_process+0xee/0x370 [ 2288.614261][T13129] out_of_memory+0x5dc/0x900 [ 2288.618884][T13129] try_charge+0x128f/0x18a0 [ 2288.623460][T13129] __memcg_kmem_charge_memcg+0x37/0x140 [ 2288.629032][T13129] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2288.634606][T13129] __memcg_kmem_charge+0x105/0x340 [ 2288.639737][T13129] dup_task_struct+0x244/0x7d0 [ 2288.644520][T13129] copy_process+0x552/0x57b0 [ 2288.649113][T13129] ? debug_smp_processor_id+0x9/0x20 [ 2288.654417][T13129] ? check_preemption_disabled+0x44/0x260 [ 2288.660133][T13129] ? debug_smp_processor_id+0x9/0x20 [ 2288.665455][T13129] _do_fork+0x13e/0x660 [ 2288.669621][T13129] ? check_preemption_disabled+0x44/0x260 [ 2288.675835][T13129] ? debug_smp_processor_id+0x9/0x20 [ 2288.681523][T13129] ? check_preemption_disabled+0x44/0x260 [ 2288.687273][T13129] ? debug_smp_processor_id+0x9/0x20 [ 2288.692585][T13129] ? check_preemption_disabled+0x44/0x260 [ 2288.698338][T13129] __x64_sys_clone+0x20b/0x250 [ 2288.703146][T13129] do_syscall_64+0xf7/0x1c0 [ 2288.707675][T13129] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2288.713578][T13129] RIP: 0033:0x45ee49 [ 2288.717506][T13129] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2288.737350][T13129] RSP: 002b:00007ffc28d10b88 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2288.745774][T13129] RAX: ffffffffffffffda RBX: 00007fea86b89700 RCX: 000000000045ee49 [ 2288.753854][T13129] RDX: 00007fea86b899d0 RSI: 00007fea86b88db0 RDI: 00000000003d0f00 [ 2288.761836][T13129] RBP: 00007ffc28d10da0 R08: 00007fea86b89700 R09: 00007fea86b89700 [ 2288.769824][T13129] R10: 00007fea86b899d0 R11: 0000000000000202 R12: 0000000000000000 [ 2288.777808][T13129] R13: 00007ffc28d10c3f R14: 00007fea86b899c0 R15: 000000000076bfcc [ 2288.820157][T13129] memory: usage 307200kB, limit 307200kB, failcnt 12824 [ 2288.865669][T13129] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2288.956206][T13129] Memory cgroup stats for /syz1: [ 2288.956311][T13129] anon 117510144 [ 2288.956311][T13129] file 0 [ 2288.956311][T13129] kernel_stack 28385280 [ 2288.956311][T13129] slab 54370304 [ 2288.956311][T13129] sock 131072 [ 2288.956311][T13129] shmem 0 [ 2288.956311][T13129] file_mapped 135168 [ 2288.956311][T13129] file_dirty 0 [ 2288.956311][T13129] file_writeback 0 [ 2288.956311][T13129] anon_thp 0 [ 2288.956311][T13129] inactive_anon 516096 [ 2288.956311][T13129] active_anon 117071872 [ 2288.956311][T13129] inactive_file 4096 [ 2288.956311][T13129] active_file 0 [ 2288.956311][T13129] unevictable 0 [ 2288.956311][T13129] slab_reclaimable 10002432 [ 2288.956311][T13129] slab_unreclaimable 44367872 [ 2288.956311][T13129] pgfault 240999 [ 2288.956311][T13129] pgmajfault 0 [ 2288.956311][T13129] workingset_refault 2079 [ 2288.956311][T13129] workingset_activate 528 [ 2288.956311][T13129] workingset_nodereclaim 0 [ 2288.956311][T13129] pgrefill 102585 [ 2288.956311][T13129] pgscan 103971 [ 2288.956311][T13129] pgsteal 3493 [ 2289.066984][T13129] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8365,uid=0 [ 2289.101854][T13129] Memory cgroup out of memory: Killed process 8365 (syz-executor.1) total-vm:74836kB, anon-rss:164kB, file-rss:35804kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 05:19:30 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @remote}}) write$tun(r0, &(0x7f00000021c0)={@void, @val={0x9}, @mpls={[], @ipv6=@icmpv6={0x0, 0x6, "9eef7b", 0xf98, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x3, 0x0, 0x0, 0x0, {0x0, 0x6, "6595c3", 0x0, 0x0, 0x0, @mcast2, @loopback, [@dstopts={0x11, 0x13, [], [@padn={0x3, 0x1, [0x0]}, @enc_lim, @ra, @calipso={0x7, 0x30, {0x0, 0xa, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}}, @calipso={0x7, 0x40, {0x0, 0xe, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, @hao={0xc9, 0x10, @mcast2}, @jumbo, @pad1]}, @srh={0x2, 0xc, 0x4, 0x6, 0x0, 0x0, 0x0, [@loopback, @loopback, @remote, @mcast2, @local, @mcast2]}, @hopopts={0x0, 0x1b8, [], [@ra, @generic={0x0, 0xdbb, "0cad4f4a7eeb53720a5107b6d8001a2f2241086745756559ca43dcc86c24645dd1ca87e3caf5413013c6baee7f151d411bad8f23a85fadfe0f959c12d3393193f4499171ba7b0fdee3a48548863719a05490befc514e21c91ea0c4bcc0e488e1cec20d2c2a5a69ce3dd47d41718560907c58078035d2a51850b0d85282b4a9ab5626b195d85d2727ed7047b647859a72011ff3fa524341909f841651f63701526c6a7e741f3bded9c25d978a77f334d12931fdd5484306ec3d6b268311f46917b7e42efa149511bafa5415d17ac02ab8937249a68b2e3fddb941b0040ced142c2afedcbec1039d40f4923ea3d4475ac561a6a0e869569dd13e736bf127eacb110f8d010329fccadf8e48b27819c823ca0f507f87b3d63ef1869cba2fe3deb0ad1dbaa1a343ab0a856f3e248c6af4ddbfc11824031ce2beeae0991b79382da8b02e0d25715845fc86df5a6279d54d675789e58df953992123c28c532058750c5978a819ddaadbcbe1d7fc264cb688b91668e116227771f36e2a8eb8b7bc364dbda1b3225c6bf9d82ae1e69fe54b17ff692f8b47718b508b8a4e10735bcb55f90616e50d6ba8851388d0f1b39957374ddc9efb243ac2a2bc436e867f3e1499e62d9d158ac22d4d0350b45d1ff2db14ff9507defa68bd37bc5a2e4f7988329171dd59db16a044b748fb6e05e3ca8f863b2ddd8623495f0c3d183e1b610263f17d7629921562a42a3c45a515a30a2c3edc574dff264f881f61393447a1fd773a20e494ac3afc0df59da758af735fbd5e6ad689e95675e29c15617764084f5b6f4732435f63ccb423df6442ad322600e21be45296fd27ca9e08ee7f442a688a32817404d9300ce4a70c2b75ca422b2173a52e9a800f5e520f349525b4c493701ae68ae0efc5e117b9a20735e47c37ccd977686b30d6cabb18f8e7c07ef9721f7daaf4b2c1fd02ec9a2e6e2fd458fa93e4f54d96d5e25ebaca4f322994ae737ee0181b9fac284e952b71fa18ecc7f1c3752a6385a596c094d36654008db0a2a785bf55bcb973d3c5e45ea9ca7506c10ecc0472fd4dd568e38548e87f8557d90290d8a8985cfa43853de5ff75d5a6d8f697c2a6a727675ea5aa1779b1cc98b4ff9556933c7bfa3ae59ada5c8d49191cbea2f2b457dd53c62a4dd257e808b3804cd18a95d566a818797fdc09f4b607dc97b634a9d9e447cc2252f51dd8ad9f5a10ccf32b7154992623957d963731bc4331adfc90c48361e4e2239892c82ff9260ad221c2e83c2352095d95a3d44a402e874edaa8a304f2e1c3d6a383a0515eb5657589a67691a22f10b89fd74123f7cec086d434da40ba509b0dbdf1fa82f4b16f9f3e6df6b0b28c3a85ab272e50e064fc37f681fcb5cfa0c0899a9b88d0a483281032cb16a80202b96cfe473ba073fcb9a6eeeee0032afe23506facba3ed1d11608d21a580ab87eeef70d18d9331eae104f6d77a4bc96bce642815485f513bb71ddc560bc31e995aba9faccd7d1bf74c8fe2b5d7137e3b771a2f408ac06d24bad2f7f4c8f6d7d977d7248415ccbd3420688ff681cf9b00724b6981b2555b86bce142c5d3bef47ebf75e989b337cb8cb98ed24402a98a4224685ceb2ded92f347e5192903dff7f6ed980cbf1413b8eb68474a9abac3fb206ef1ebe0d08dd999c9ecf811d0706d0a705a23ae530d3775e978159dc3c73b86dcd18a61e1c6c8b810041fbd80e0a4c9ff8a73933bb3dae152514ced9ee050e059c6f1bd0dbf2e3517ee3c2d770c296e6596290cf800508715da0799efced72be1ab153bec534129279639ba1afde05179952bf9e80133865b60c5669ef3b6972483e2936ac87a69c8e296a0c24cc0b2ce8583c99414ce7d7309c404b0652f27e6911fdfb59877366fa8754e716e50aa99cd04cbf7eb2c8e118b1a17d9965d6611dc65ac8c6b3a4d5d3df3097c4163c354509b50df0cc2daf0291bbd384a34dec960fd84a67cb30b761ee8161bb25d389bd20e15bfcf7f5edd77005e96e90c5a9bbacd7b3f9f5bbdb880f0a7e1254572b86cb28b3c310ba3052d3785b024ed3f3fafabf1393cf2d882b8bacca30d69adc024baede50d9b0bc2ffcd2bf5c6fef2fc290390162b563b8e846d7b615115818623113f01a1c216b9f588b65db63a459bcfce53020debb6de6e746ef2f9f1c8276ba8995e1bd02d3194e9875e1692ea0255743ba2175c4a804f57a4c19a2c7a4f8f36557878deba2d485aa67c2f36ccbb582f3c569e5d00fe8636857f30854abea6758389bcc832d0de97635ea41e42efa0b7c06fd4f84deeaebccfa8852e3c5582ade34fbe462b5244156d4545bd32377c65e3b0303879f8cc8f177056e39f99591dbaf1b2640f9b68c4cf3989fdd442cb1298d62ce43a21c56bc9556eb27431c04ed337fcd37c26387772677c25c7be21ee74d087c7b88457f30b34a493acb519295f38f4b9bc6764fcbd763d4f9e061d0fd8cb7800e2e0ec18d0fbfdbddc9af8d817b3cf16ce82c91f184f5c8184736203e1bcdb4b8c03a2176926cac0ba9fcf7e21604973d53ee3fc38263e80cea9b1cd9a5016d3e03141426a6802e0926485e8afff7cf8be9bdd2ce685128a7631314c4414a6ade6a85975c1b2958d9c52e455174ca71562eaf6102654466c66f5d3e251e6cae5efd91a88a2513f0587d80b9aafd1936b43beb4054bc35f1c42c0381618bbba181f0de8f4e7aa15f87bc7bb4609f88eadbb83bcc13f8caf7eca20a938c35378f8d3a810a7463d8a2487a157871a7402ab05b54bed456fb2d4c440976ccb4e724a20ba1941f3b3db4f8a185982bd719362b7e190052b5579835d1da2adcfdbec002fdb5f7b187fd365eb601432bf984ad6ee59e13aafba08485997587417b70f8cdf4f7370f04d94df49e135ed3012b87e50b93b27c78e1409f05a4bc0b75e6322068de9b0af459fdc40e3649fb2a7fb1296e00e7d48315705ecbb7815fedb45b8773309489e47aaa4009952604df5d6cd57ec310fc387ecdb296c11376715286df3d15f651310461e83c2ae6d407db6f81784b291e6c8f42907dd4c473cb72dedeb930668d6e5efd95bd1f69d9e818a744557689f7106d0d2a3c3e6f79c98559f9c31ca32307011fa3d70963cc2801babc9a23f73f5fa4bcd04285927f6ef7c5099a4620b85ca8dff2a56fe8aac89949dac74cf869739610d87068e3d32fdba1d5b7460b7857249091cb62b6d9f824ffb9b88a02ea4926da7b8b672ad08ec8c7508a3c5ba901e7c8c8a19e63bbc148a8bb307c6f5d87c736c9d6bcfaabdc7da7102a8bc466c6c11c0bf1973aaf9bc181f996b8aa726dc952dd26df33d6b2aa8de037308df7935ef3390e5939fd9cdf2044b40422197fac93f1762ad342d293162c109f39a369e48977af8ea32a7a098fd9cd7cd979b41a104b8359038cd6741a73968c72d09e9b9869d8dc5fc36b9bfdc89b8cffcede960561a9d1e4aa2453f712caecd2a4206947d3588190e3433bdb87a9241e08686dc78f00162f8239d660b74d42ae1d534ffc3a51fc308f98a5ac00f4da9bdcee4e6d0bf627d17366691a3ab8569b730ad31dcc5324c8835b19b65a11845a03434e10329c5feeeb1088b13a3bc3fe65c3eb6e549003d8d211b87823a44910b2a42e340dd2176a17a2e6ebb45cc59baa9a3bbfd74e6ee8d2c512a825292bdd7abe5ff7ede61b74376e5bc37faf8d69346fa32708df690b2d5b5f18727e4bdb899718e38dae959bb56d95ac153beb1426f3cca03105d5fed56e597822bfc31bb284a9848f1b6b9a1910ad2af8b76887cdd2b1de1f81cd542e0c889e89737d61f5e50ef964205a3b4c77c72271f83015e34989d60ef6d0d6c307902975d5dbe90a23ee1cde956cf70135c91a199d9f75500dc95604b9e7eb365ea858d90377601bad95e07a0f156ffc02778365315b67093aebe32a2a5f00ba8b0eae6fb0414eabe117fd590bc39e9208b4137977b5a8610462f2e83cff2b16edcb444b5d33035d0a80bcb1da228247cad6c11369c5026c5a8320d97cbac232b0ecc0b201552e0f41ab143040324217ad67e8606b34a3349e4ef0c34f9cf56d5b6d157c09b178b358491eb270093a99f522afa3aedaf5dc705fe1842b12515dfe1650dd92ab489bed299677eeff81da531569a3ad832ae273a0b47627561a35da92a6c1b161dbf496248f04feb5a407d99968d6ba0174f453d94708be5a57d82b980bd7751b4a9590dc7b4d38c912a8571ebc39150f7e52efad66cb6d3996710bc5a3e89576182a6a1e15d95dbd74c1ab791bee657547ffb645feb8566ed8db97003f1ff2312946a0404c8dfc0f0a240d8320795c83e66f1429eb56db9ba6e1cee43cbc9e95bd10ceccf1f2ff6b8264ed4e83928e0c5056ad07ba0dad0bb21bec76d7b6ee05a2f0bac88f17004e2e299ccb2679099cc838e25f78685509b69d3164c1fae4c538e683af818d223e8806f50da7504008173b9fc69eafb649dc4b516e4554edbe8c9a0ba46db39c962af343e9caada22d55e3d7ad01e5e5d7d146edfc3a93ce8afde8416b8e9a929b8d88909e11554f1b934a98be2d6e6e0ae2ff66f10be722958a0c0c3766f69d590fc56ed8ae47c289413d62310e8022369e8102d0407bfd30c103fb743c81360752a71f36be5a511c43ebdb493d96a7b2eb80494a028f6cc76a2d0eb0aa1f1392bb50a2ba71384f071473d0774e425dd2d212b537f8f654458e0a5d300780c3d29ddcabe9fdd95c14e6cbd924d1aad9eaa2e00d45278609ef27fdec8d81c9221d07b59370db0911550fdddc9ef3ba760109ba384b3ad7ba5747aa50e0b9832bf39cbf5244de38af8c273d497597be8d4e5575d13a580584436621bb5b7878d23991a6221381af19ef2be71e2c7dea6e5fc9dbe0039ccb02d13d978eebdd411727ee7faed65ca6c872bf9c37322ede378709e9f6a61a1b07c7ceeb94b7719d78a8a3d8221695ba"}]}], "4011c6ed3ec831c0a859df4fd6a1cf59a90c42b433580b288a28728fb104cc462f4e92a1a4d50c2d9d75ce8b5ae9b1d6e9a4a79cae905957835e850585441d5cb5c76b06ad60a5a9003ebacf0d40fb6c636fd81af39f9d170ef5af99cd3e3e7ff54f71ca5d83d2b122ebbbc1333a2c811bc4095b572ebbcb83561044b2794ae54b33e99f48eac0eb"}}}}}}, 0xfca) 05:19:30 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f0000000000003a0000000000", 0x32) 05:19:30 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x7400}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 05:19:30 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(0x0, &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:19:30 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000210000000000", 0x32) 05:19:30 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f0000000000003b0000000000", 0x32) 05:19:30 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) [ 2289.568571][T13157] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2289.581548][T13157] CPU: 0 PID: 13157 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2289.590239][T13157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2289.600313][T13157] Call Trace: [ 2289.603633][T13157] dump_stack+0x1fb/0x318 [ 2289.607992][T13157] dump_header+0xd8/0x960 [ 2289.612355][T13157] oom_kill_process+0xee/0x370 [ 2289.617133][T13157] out_of_memory+0x5dc/0x900 [ 2289.621874][T13157] try_charge+0x128f/0x18a0 [ 2289.626544][T13157] __memcg_kmem_charge_memcg+0x37/0x140 [ 2289.632241][T13157] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2289.637945][T13157] __memcg_kmem_charge+0x105/0x340 [ 2289.643084][T13157] __alloc_pages_nodemask+0x29a/0x5d0 [ 2289.649354][T13157] alloc_pages_current+0x2db/0x500 [ 2289.654563][T13157] pte_alloc_one+0x1f/0x180 [ 2289.659113][T13157] __pte_alloc+0x20/0x2f0 [ 2289.663470][T13157] copy_page_range+0x2434/0x2950 [ 2289.668475][T13157] ? dup_mmap+0x9d2/0xdf0 [ 2289.672926][T13157] ? dup_mmap+0x9e1/0xdf0 [ 2289.677282][T13157] ? __sanitizer_cov_trace_pc+0x35/0x50 [ 2289.682859][T13157] dup_mmap+0x9f1/0xdf0 [ 2289.687173][T13157] dup_mm+0x9e/0x340 [ 2289.691087][T13157] copy_process+0x2080/0x57b0 [ 2289.695811][T13157] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2289.701295][T13157] ? retint_kernel+0x2b/0x2b [ 2289.706011][T13157] _do_fork+0x13e/0x660 [ 2289.710160][T13157] ? retint_kernel+0x2b/0x2b [ 2289.714874][T13157] __x64_sys_clone+0x20b/0x250 [ 2289.719667][T13157] do_syscall_64+0xf7/0x1c0 [ 2289.724227][T13157] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2289.730155][T13157] RIP: 0033:0x45c479 [ 2289.734122][T13157] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2289.753904][T13157] RSP: 002b:00007fe0b78f1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2289.762331][T13157] RAX: ffffffffffffffda RBX: 00007fe0b78f26d4 RCX: 000000000045c479 [ 2289.770316][T13157] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 2289.778305][T13157] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2289.786287][T13157] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2289.794419][T13157] R13: 0000000000000074 R14: 00000000004c2d06 R15: 000000000076bf2c [ 2289.804894][T13157] memory: usage 307200kB, limit 307200kB, failcnt 17084 [ 2289.812702][T13157] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2289.820028][T13157] Memory cgroup stats for /syz4: [ 2289.820880][T13157] anon 118472704 [ 2289.820880][T13157] file 16384 [ 2289.820880][T13157] kernel_stack 29011968 [ 2289.820880][T13157] slab 52596736 [ 2289.820880][T13157] sock 0 [ 2289.820880][T13157] shmem 73728 [ 2289.820880][T13157] file_mapped 0 [ 2289.820880][T13157] file_dirty 0 [ 2289.820880][T13157] file_writeback 0 [ 2289.820880][T13157] anon_thp 0 [ 2289.820880][T13157] inactive_anon 786432 [ 2289.820880][T13157] active_anon 117854208 [ 2289.820880][T13157] inactive_file 98304 [ 2289.820880][T13157] active_file 0 [ 2289.820880][T13157] unevictable 0 [ 2289.820880][T13157] slab_reclaimable 7704576 [ 2289.820880][T13157] slab_unreclaimable 44892160 [ 2289.820880][T13157] pgfault 249513 [ 2289.820880][T13157] pgmajfault 0 [ 2289.820880][T13157] workingset_refault 3762 [ 2289.820880][T13157] workingset_activate 1749 [ 2289.820880][T13157] workingset_nodereclaim 0 [ 2289.820880][T13157] pgrefill 141073 [ 2289.820880][T13157] pgscan 158737 [ 2289.820880][T13157] pgsteal 20105 [ 2289.918359][T13157] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=23225,uid=0 [ 2289.934988][T13157] Memory cgroup out of memory: Killed process 23225 (syz-executor.4) total-vm:74704kB, anon-rss:160kB, file-rss:35816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 2289.959725][ T1143] oom_reaper: reaped process 23225 (syz-executor.4), now anon-rss:0kB, file-rss:34856kB, shmem-rss:0kB [ 2289.991578][T13159] ref_ctr_offset mismatch. inode: 0x4833 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfffffff6 05:19:31 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000220000000000", 0x32) [ 2290.109503][T13157] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2290.121989][T13157] CPU: 0 PID: 13157 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2290.130706][T13157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2290.140786][T13157] Call Trace: [ 2290.144094][T13157] dump_stack+0x1fb/0x318 [ 2290.148456][T13157] dump_header+0xd8/0x960 [ 2290.152810][T13157] oom_kill_process+0xee/0x370 [ 2290.157595][T13157] out_of_memory+0x5dc/0x900 [ 2290.162334][T13157] try_charge+0x128f/0x18a0 [ 2290.167151][T13157] mem_cgroup_try_charge+0x216/0x550 [ 2290.172476][T13157] mem_cgroup_try_charge_delay+0x25/0xa0 [ 2290.178151][T13157] wp_page_copy+0x35f/0x1c50 [ 2290.182803][T13157] do_wp_page+0x5e4/0x16d0 [ 2290.187254][T13157] ? __kasan_check_write+0x14/0x20 [ 2290.192551][T13157] ? do_raw_spin_lock+0x103/0x7b0 [ 2290.197601][T13157] ? handle_mm_fault+0x235a/0x2900 [ 2290.203198][T13157] handle_mm_fault+0x241f/0x2900 [ 2290.208201][T13157] do_user_addr_fault+0x588/0xaf0 [ 2290.213294][T13157] do_page_fault+0x13b/0x250 [ 2290.217937][T13157] page_fault+0x39/0x40 [ 2290.222126][T13157] RIP: 0010:copy_user_generic_unrolled+0x89/0xc0 [ 2290.228476][T13157] Code: 38 4c 89 47 20 4c 89 4f 28 4c 89 57 30 4c 89 5f 38 48 8d 76 40 48 8d 7f 40 ff c9 75 b6 89 d1 83 e2 07 c1 e9 03 74 12 4c 8b 06 <4c> 89 07 48 8d 76 08 48 8d 7f 08 ff c9 75 ee 21 d2 74 10 89 d1 8a [ 2290.248236][T13157] RSP: 0018:ffffc9001a0d7e50 EFLAGS: 00010202 [ 2290.254319][T13157] RAX: ffffffff83a0ba01 RBX: 0000000020000d48 RCX: 0000000000000001 [ 2290.262686][T13157] RDX: 0000000000000000 RSI: ffffc9001a0d7e98 RDI: 0000000020000d40 [ 2290.270674][T13157] RBP: ffffc9001a0d7e80 R08: 0000000600000005 R09: fffff5200341afd4 [ 2290.278651][T13157] R10: fffff5200341afd4 R11: 0000000000000000 R12: 0000000000000008 [ 2290.286643][T13157] R13: 00007ffffffff000 R14: ffffc9001a0d7e98 R15: 0000000020000d40 [ 2290.294662][T13157] ? _copy_to_user+0x41/0x150 [ 2290.299496][T13157] ? _copy_to_user+0x104/0x150 [ 2290.304291][T13157] do_pipe2+0x79/0x230 [ 2290.308368][T13157] ? do_syscall_64+0xb9/0x1c0 [ 2290.313074][T13157] __x64_sys_pipe2+0x5a/0x70 [ 2290.317702][T13157] do_syscall_64+0xf7/0x1c0 [ 2290.322431][T13157] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2290.328338][T13157] RIP: 0033:0x45c479 [ 2290.332379][T13157] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2290.352003][T13157] RSP: 002b:00007fe0b78f1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000125 [ 2290.360469][T13157] RAX: ffffffffffffffda RBX: 00007fe0b78f26d4 RCX: 000000000045c479 [ 2290.368464][T13157] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000d40 [ 2290.376553][T13157] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2290.385117][T13157] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2290.393256][T13157] R13: 000000000000081b R14: 00000000004ca921 R15: 000000000076bf2c [ 2290.403797][T13157] memory: usage 307044kB, limit 307200kB, failcnt 17093 [ 2290.411049][T13157] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2290.418101][T13157] Memory cgroup stats for /syz4: [ 2290.419024][T13157] anon 118472704 [ 2290.419024][T13157] file 16384 [ 2290.419024][T13157] kernel_stack 28975104 [ 2290.419024][T13157] slab 52596736 [ 2290.419024][T13157] sock 0 [ 2290.419024][T13157] shmem 73728 [ 2290.419024][T13157] file_mapped 0 [ 2290.419024][T13157] file_dirty 0 [ 2290.419024][T13157] file_writeback 0 [ 2290.419024][T13157] anon_thp 0 [ 2290.419024][T13157] inactive_anon 786432 [ 2290.419024][T13157] active_anon 117719040 [ 2290.419024][T13157] inactive_file 98304 [ 2290.419024][T13157] active_file 0 [ 2290.419024][T13157] unevictable 0 [ 2290.419024][T13157] slab_reclaimable 7704576 [ 2290.419024][T13157] slab_unreclaimable 44892160 [ 2290.419024][T13157] pgfault 249546 [ 2290.419024][T13157] pgmajfault 0 [ 2290.419024][T13157] workingset_refault 3762 [ 2290.419024][T13157] workingset_activate 1749 [ 2290.419024][T13157] workingset_nodereclaim 0 [ 2290.419024][T13157] pgrefill 141172 [ 2290.419024][T13157] pgscan 158836 [ 2290.419024][T13157] pgsteal 20105 [ 2290.514898][T13157] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=23185,uid=0 [ 2290.531453][T13157] Memory cgroup out of memory: Killed process 23185 (syz-executor.4) total-vm:74704kB, anon-rss:160kB, file-rss:35816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 2290.567409][T13161] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 05:19:31 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000230000000000", 0x32) [ 2290.649635][T13161] CPU: 1 PID: 13161 Comm: syz-executor.1 Not tainted 5.6.0-rc3-syzkaller #0 [ 2290.658502][T13161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2290.669638][T13161] Call Trace: [ 2290.672982][T13161] dump_stack+0x1fb/0x318 [ 2290.677436][T13161] dump_header+0xd8/0x960 [ 2290.681790][T13161] oom_kill_process+0xee/0x370 [ 2290.686685][T13161] out_of_memory+0x5dc/0x900 [ 2290.691303][T13161] try_charge+0x128f/0x18a0 05:19:31 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000240000000000", 0x32) [ 2290.695883][T13161] __memcg_kmem_charge_memcg+0x37/0x140 [ 2290.701444][T13161] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2290.707021][T13161] __memcg_kmem_charge+0x105/0x340 [ 2290.712157][T13161] dup_task_struct+0x244/0x7d0 [ 2290.716953][T13161] copy_process+0x552/0x57b0 [ 2290.721563][T13161] ? debug_smp_processor_id+0x9/0x20 [ 2290.726895][T13161] ? check_preemption_disabled+0x44/0x260 [ 2290.732671][T13161] ? debug_smp_processor_id+0x9/0x20 [ 2290.738106][T13161] _do_fork+0x13e/0x660 [ 2290.742320][T13161] ? check_preemption_disabled+0x44/0x260 05:19:31 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000250000000000", 0x32) [ 2290.748062][T13161] ? debug_smp_processor_id+0x9/0x20 [ 2290.753373][T13161] ? check_preemption_disabled+0x44/0x260 [ 2290.759106][T13161] ? debug_smp_processor_id+0x9/0x20 [ 2290.764410][T13161] ? check_preemption_disabled+0x44/0x260 [ 2290.770162][T13161] __x64_sys_clone+0x20b/0x250 [ 2290.774973][T13161] do_syscall_64+0xf7/0x1c0 [ 2290.779523][T13161] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2290.785442][T13161] RIP: 0033:0x45ee49 [ 2290.789355][T13161] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2290.809370][T13161] RSP: 002b:00007ffc28d10b88 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2290.818091][T13161] RAX: ffffffffffffffda RBX: 00007fea86b89700 RCX: 000000000045ee49 [ 2290.826077][T13161] RDX: 00007fea86b899d0 RSI: 00007fea86b88db0 RDI: 00000000003d0f00 [ 2290.834066][T13161] RBP: 00007ffc28d10da0 R08: 00007fea86b89700 R09: 00007fea86b89700 [ 2290.842054][T13161] R10: 00007fea86b899d0 R11: 0000000000000202 R12: 0000000000000000 [ 2290.850274][T13161] R13: 00007ffc28d10c3f R14: 00007fea86b899c0 R15: 000000000076bfcc [ 2290.890518][T13161] memory: usage 307096kB, limit 307200kB, failcnt 12880 05:19:32 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(0x0, &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) [ 2290.897648][T13161] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2290.929503][T13161] Memory cgroup stats for /syz1: [ 2290.929603][T13161] anon 117510144 [ 2290.929603][T13161] file 0 [ 2290.929603][T13161] kernel_stack 28385280 [ 2290.929603][T13161] slab 54370304 [ 2290.929603][T13161] sock 131072 [ 2290.929603][T13161] shmem 0 [ 2290.929603][T13161] file_mapped 135168 [ 2290.929603][T13161] file_dirty 0 [ 2290.929603][T13161] file_writeback 0 [ 2290.929603][T13161] anon_thp 0 [ 2290.929603][T13161] inactive_anon 516096 [ 2290.929603][T13161] active_anon 117071872 [ 2290.929603][T13161] inactive_file 4096 [ 2290.929603][T13161] active_file 0 [ 2290.929603][T13161] unevictable 0 [ 2290.929603][T13161] slab_reclaimable 10002432 [ 2290.929603][T13161] slab_unreclaimable 44367872 [ 2290.929603][T13161] pgfault 241098 [ 2290.929603][T13161] pgmajfault 0 [ 2290.929603][T13161] workingset_refault 2079 [ 2290.929603][T13161] workingset_activate 528 [ 2290.929603][T13161] workingset_nodereclaim 0 [ 2290.929603][T13161] pgrefill 103249 [ 2290.929603][T13161] pgscan 104631 [ 2290.929603][T13161] pgsteal 3493 [ 2291.039432][T13161] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8358,uid=0 [ 2291.056683][T13161] Memory cgroup out of memory: Killed process 8358 (syz-executor.1) total-vm:74836kB, anon-rss:164kB, file-rss:35804kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 05:19:32 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f0000000000003c0000000000", 0x32) 05:19:32 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x7a00}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 05:19:32 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000260000000000", 0x32) 05:19:32 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @remote}}) write$tun(r0, &(0x7f00000021c0)={@void, @val={0x9}, @mpls={[], @ipv6=@icmpv6={0x0, 0x6, "9eef7b", 0xf98, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x3, 0x0, 0x0, 0x0, {0x0, 0x6, "6595c3", 0x0, 0x0, 0x0, @mcast2, @loopback, [@dstopts={0x11, 0x13, [], [@padn={0x4, 0x1, [0x0]}, @enc_lim, @ra, @calipso={0x7, 0x30, {0x0, 0xa, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}}, @calipso={0x7, 0x40, {0x0, 0xe, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, @hao={0xc9, 0x10, @mcast2}, @jumbo, @pad1]}, @srh={0x2, 0xc, 0x4, 0x6, 0x0, 0x0, 0x0, [@loopback, @loopback, @remote, @mcast2, @local, @mcast2]}, @hopopts={0x0, 0x1b8, [], [@ra, @generic={0x0, 0xdbb, "0cad4f4a7eeb53720a5107b6d8001a2f2241086745756559ca43dcc86c24645dd1ca87e3caf5413013c6baee7f151d411bad8f23a85fadfe0f959c12d3393193f4499171ba7b0fdee3a48548863719a05490befc514e21c91ea0c4bcc0e488e1cec20d2c2a5a69ce3dd47d41718560907c58078035d2a51850b0d85282b4a9ab5626b195d85d2727ed7047b647859a72011ff3fa524341909f841651f63701526c6a7e741f3bded9c25d978a77f334d12931fdd5484306ec3d6b268311f46917b7e42efa149511bafa5415d17ac02ab8937249a68b2e3fddb941b0040ced142c2afedcbec1039d40f4923ea3d4475ac561a6a0e869569dd13e736bf127eacb110f8d010329fccadf8e48b27819c823ca0f507f87b3d63ef1869cba2fe3deb0ad1dbaa1a343ab0a856f3e248c6af4ddbfc11824031ce2beeae0991b79382da8b02e0d25715845fc86df5a6279d54d675789e58df953992123c28c532058750c5978a819ddaadbcbe1d7fc264cb688b91668e116227771f36e2a8eb8b7bc364dbda1b3225c6bf9d82ae1e69fe54b17ff692f8b47718b508b8a4e10735bcb55f90616e50d6ba8851388d0f1b39957374ddc9efb243ac2a2bc436e867f3e1499e62d9d158ac22d4d0350b45d1ff2db14ff9507defa68bd37bc5a2e4f7988329171dd59db16a044b748fb6e05e3ca8f863b2ddd8623495f0c3d183e1b610263f17d7629921562a42a3c45a515a30a2c3edc574dff264f881f61393447a1fd773a20e494ac3afc0df59da758af735fbd5e6ad689e95675e29c15617764084f5b6f4732435f63ccb423df6442ad322600e21be45296fd27ca9e08ee7f442a688a32817404d9300ce4a70c2b75ca422b2173a52e9a800f5e520f349525b4c493701ae68ae0efc5e117b9a20735e47c37ccd977686b30d6cabb18f8e7c07ef9721f7daaf4b2c1fd02ec9a2e6e2fd458fa93e4f54d96d5e25ebaca4f322994ae737ee0181b9fac284e952b71fa18ecc7f1c3752a6385a596c094d36654008db0a2a785bf55bcb973d3c5e45ea9ca7506c10ecc0472fd4dd568e38548e87f8557d90290d8a8985cfa43853de5ff75d5a6d8f697c2a6a727675ea5aa1779b1cc98b4ff9556933c7bfa3ae59ada5c8d49191cbea2f2b457dd53c62a4dd257e808b3804cd18a95d566a818797fdc09f4b607dc97b634a9d9e447cc2252f51dd8ad9f5a10ccf32b7154992623957d963731bc4331adfc90c48361e4e2239892c82ff9260ad221c2e83c2352095d95a3d44a402e874edaa8a304f2e1c3d6a383a0515eb5657589a67691a22f10b89fd74123f7cec086d434da40ba509b0dbdf1fa82f4b16f9f3e6df6b0b28c3a85ab272e50e064fc37f681fcb5cfa0c0899a9b88d0a483281032cb16a80202b96cfe473ba073fcb9a6eeeee0032afe23506facba3ed1d11608d21a580ab87eeef70d18d9331eae104f6d77a4bc96bce642815485f513bb71ddc560bc31e995aba9faccd7d1bf74c8fe2b5d7137e3b771a2f408ac06d24bad2f7f4c8f6d7d977d7248415ccbd3420688ff681cf9b00724b6981b2555b86bce142c5d3bef47ebf75e989b337cb8cb98ed24402a98a4224685ceb2ded92f347e5192903dff7f6ed980cbf1413b8eb68474a9abac3fb206ef1ebe0d08dd999c9ecf811d0706d0a705a23ae530d3775e978159dc3c73b86dcd18a61e1c6c8b810041fbd80e0a4c9ff8a73933bb3dae152514ced9ee050e059c6f1bd0dbf2e3517ee3c2d770c296e6596290cf800508715da0799efced72be1ab153bec534129279639ba1afde05179952bf9e80133865b60c5669ef3b6972483e2936ac87a69c8e296a0c24cc0b2ce8583c99414ce7d7309c404b0652f27e6911fdfb59877366fa8754e716e50aa99cd04cbf7eb2c8e118b1a17d9965d6611dc65ac8c6b3a4d5d3df3097c4163c354509b50df0cc2daf0291bbd384a34dec960fd84a67cb30b761ee8161bb25d389bd20e15bfcf7f5edd77005e96e90c5a9bbacd7b3f9f5bbdb880f0a7e1254572b86cb28b3c310ba3052d3785b024ed3f3fafabf1393cf2d882b8bacca30d69adc024baede50d9b0bc2ffcd2bf5c6fef2fc290390162b563b8e846d7b615115818623113f01a1c216b9f588b65db63a459bcfce53020debb6de6e746ef2f9f1c8276ba8995e1bd02d3194e9875e1692ea0255743ba2175c4a804f57a4c19a2c7a4f8f36557878deba2d485aa67c2f36ccbb582f3c569e5d00fe8636857f30854abea6758389bcc832d0de97635ea41e42efa0b7c06fd4f84deeaebccfa8852e3c5582ade34fbe462b5244156d4545bd32377c65e3b0303879f8cc8f177056e39f99591dbaf1b2640f9b68c4cf3989fdd442cb1298d62ce43a21c56bc9556eb27431c04ed337fcd37c26387772677c25c7be21ee74d087c7b88457f30b34a493acb519295f38f4b9bc6764fcbd763d4f9e061d0fd8cb7800e2e0ec18d0fbfdbddc9af8d817b3cf16ce82c91f184f5c8184736203e1bcdb4b8c03a2176926cac0ba9fcf7e21604973d53ee3fc38263e80cea9b1cd9a5016d3e03141426a6802e0926485e8afff7cf8be9bdd2ce685128a7631314c4414a6ade6a85975c1b2958d9c52e455174ca71562eaf6102654466c66f5d3e251e6cae5efd91a88a2513f0587d80b9aafd1936b43beb4054bc35f1c42c0381618bbba181f0de8f4e7aa15f87bc7bb4609f88eadbb83bcc13f8caf7eca20a938c35378f8d3a810a7463d8a2487a157871a7402ab05b54bed456fb2d4c440976ccb4e724a20ba1941f3b3db4f8a185982bd719362b7e190052b5579835d1da2adcfdbec002fdb5f7b187fd365eb601432bf984ad6ee59e13aafba08485997587417b70f8cdf4f7370f04d94df49e135ed3012b87e50b93b27c78e1409f05a4bc0b75e6322068de9b0af459fdc40e3649fb2a7fb1296e00e7d48315705ecbb7815fedb45b8773309489e47aaa4009952604df5d6cd57ec310fc387ecdb296c11376715286df3d15f651310461e83c2ae6d407db6f81784b291e6c8f42907dd4c473cb72dedeb930668d6e5efd95bd1f69d9e818a744557689f7106d0d2a3c3e6f79c98559f9c31ca32307011fa3d70963cc2801babc9a23f73f5fa4bcd04285927f6ef7c5099a4620b85ca8dff2a56fe8aac89949dac74cf869739610d87068e3d32fdba1d5b7460b7857249091cb62b6d9f824ffb9b88a02ea4926da7b8b672ad08ec8c7508a3c5ba901e7c8c8a19e63bbc148a8bb307c6f5d87c736c9d6bcfaabdc7da7102a8bc466c6c11c0bf1973aaf9bc181f996b8aa726dc952dd26df33d6b2aa8de037308df7935ef3390e5939fd9cdf2044b40422197fac93f1762ad342d293162c109f39a369e48977af8ea32a7a098fd9cd7cd979b41a104b8359038cd6741a73968c72d09e9b9869d8dc5fc36b9bfdc89b8cffcede960561a9d1e4aa2453f712caecd2a4206947d3588190e3433bdb87a9241e08686dc78f00162f8239d660b74d42ae1d534ffc3a51fc308f98a5ac00f4da9bdcee4e6d0bf627d17366691a3ab8569b730ad31dcc5324c8835b19b65a11845a03434e10329c5feeeb1088b13a3bc3fe65c3eb6e549003d8d211b87823a44910b2a42e340dd2176a17a2e6ebb45cc59baa9a3bbfd74e6ee8d2c512a825292bdd7abe5ff7ede61b74376e5bc37faf8d69346fa32708df690b2d5b5f18727e4bdb899718e38dae959bb56d95ac153beb1426f3cca03105d5fed56e597822bfc31bb284a9848f1b6b9a1910ad2af8b76887cdd2b1de1f81cd542e0c889e89737d61f5e50ef964205a3b4c77c72271f83015e34989d60ef6d0d6c307902975d5dbe90a23ee1cde956cf70135c91a199d9f75500dc95604b9e7eb365ea858d90377601bad95e07a0f156ffc02778365315b67093aebe32a2a5f00ba8b0eae6fb0414eabe117fd590bc39e9208b4137977b5a8610462f2e83cff2b16edcb444b5d33035d0a80bcb1da228247cad6c11369c5026c5a8320d97cbac232b0ecc0b201552e0f41ab143040324217ad67e8606b34a3349e4ef0c34f9cf56d5b6d157c09b178b358491eb270093a99f522afa3aedaf5dc705fe1842b12515dfe1650dd92ab489bed299677eeff81da531569a3ad832ae273a0b47627561a35da92a6c1b161dbf496248f04feb5a407d99968d6ba0174f453d94708be5a57d82b980bd7751b4a9590dc7b4d38c912a8571ebc39150f7e52efad66cb6d3996710bc5a3e89576182a6a1e15d95dbd74c1ab791bee657547ffb645feb8566ed8db97003f1ff2312946a0404c8dfc0f0a240d8320795c83e66f1429eb56db9ba6e1cee43cbc9e95bd10ceccf1f2ff6b8264ed4e83928e0c5056ad07ba0dad0bb21bec76d7b6ee05a2f0bac88f17004e2e299ccb2679099cc838e25f78685509b69d3164c1fae4c538e683af818d223e8806f50da7504008173b9fc69eafb649dc4b516e4554edbe8c9a0ba46db39c962af343e9caada22d55e3d7ad01e5e5d7d146edfc3a93ce8afde8416b8e9a929b8d88909e11554f1b934a98be2d6e6e0ae2ff66f10be722958a0c0c3766f69d590fc56ed8ae47c289413d62310e8022369e8102d0407bfd30c103fb743c81360752a71f36be5a511c43ebdb493d96a7b2eb80494a028f6cc76a2d0eb0aa1f1392bb50a2ba71384f071473d0774e425dd2d212b537f8f654458e0a5d300780c3d29ddcabe9fdd95c14e6cbd924d1aad9eaa2e00d45278609ef27fdec8d81c9221d07b59370db0911550fdddc9ef3ba760109ba384b3ad7ba5747aa50e0b9832bf39cbf5244de38af8c273d497597be8d4e5575d13a580584436621bb5b7878d23991a6221381af19ef2be71e2c7dea6e5fc9dbe0039ccb02d13d978eebdd411727ee7faed65ca6c872bf9c37322ede378709e9f6a61a1b07c7ceeb94b7719d78a8a3d8221695ba"}]}], "4011c6ed3ec831c0a859df4fd6a1cf59a90c42b433580b288a28728fb104cc462f4e92a1a4d50c2d9d75ce8b5ae9b1d6e9a4a79cae905957835e850585441d5cb5c76b06ad60a5a9003ebacf0d40fb6c636fd81af39f9d170ef5af99cd3e3e7ff54f71ca5d83d2b122ebbbc1333a2c811bc4095b572ebbcb83561044b2794ae54b33e99f48eac0eb"}}}}}}, 0xfca) 05:19:32 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(0x0, &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:19:32 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) 05:19:33 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f0000000000003d0000000000", 0x32) [ 2291.971856][T13200] ref_ctr_offset mismatch. inode: 0x4862 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfffffff6 05:19:33 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000270000000000", 0x32) [ 2292.168195][T13204] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2292.181583][T13204] CPU: 1 PID: 13204 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2292.190266][T13204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2292.200337][T13204] Call Trace: [ 2292.203656][T13204] dump_stack+0x1fb/0x318 [ 2292.208022][T13204] dump_header+0xd8/0x960 [ 2292.212384][T13204] oom_kill_process+0xee/0x370 [ 2292.217170][T13204] out_of_memory+0x5dc/0x900 [ 2292.221793][T13204] try_charge+0x128f/0x18a0 [ 2292.226379][T13204] __memcg_kmem_charge_memcg+0x37/0x140 [ 2292.231951][T13204] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2292.237526][T13204] __memcg_kmem_charge+0x105/0x340 [ 2292.242663][T13204] __alloc_pages_nodemask+0x29a/0x5d0 [ 2292.248214][T13204] alloc_pages_current+0x2db/0x500 [ 2292.253365][T13204] pte_alloc_one+0x1f/0x180 [ 2292.257926][T13204] __pte_alloc+0x20/0x2f0 [ 2292.262425][T13204] copy_page_range+0x2434/0x2950 [ 2292.267608][T13204] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2292.273141][T13204] ? __vma_link_rb+0x822/0x840 [ 2292.277937][T13204] dup_mmap+0x9f1/0xdf0 [ 2292.282138][T13204] dup_mm+0x9e/0x340 [ 2292.286052][T13204] copy_process+0x2080/0x57b0 [ 2292.290770][T13204] ? retint_kernel+0x2b/0x2b [ 2292.295407][T13204] _do_fork+0x13e/0x660 [ 2292.299586][T13204] ? retint_kernel+0x2b/0x2b [ 2292.304202][T13204] ? trace_hardirqs_on_caller+0x74/0x80 [ 2292.309771][T13204] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2292.315277][T13204] __x64_sys_clone+0x20b/0x250 [ 2292.320100][T13204] do_syscall_64+0xf7/0x1c0 [ 2292.324656][T13204] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2292.330830][T13204] RIP: 0033:0x45c479 [ 2292.334733][T13204] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2292.354467][T13204] RSP: 002b:00007fe0b78f1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 05:19:33 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000280000000000", 0x32) [ 2292.362899][T13204] RAX: ffffffffffffffda RBX: 00007fe0b78f26d4 RCX: 000000000045c479 [ 2292.371002][T13204] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 2292.378994][T13204] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2292.387167][T13204] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2292.395152][T13204] R13: 0000000000000074 R14: 00000000004c2d06 R15: 000000000076bf2c [ 2292.418569][T13204] memory: usage 307200kB, limit 307200kB, failcnt 17107 [ 2292.425826][T13204] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2292.433028][T13204] Memory cgroup stats for /syz4: [ 2292.433887][T13204] anon 118456320 [ 2292.433887][T13204] file 16384 [ 2292.433887][T13204] kernel_stack 29011968 [ 2292.433887][T13204] slab 52596736 [ 2292.433887][T13204] sock 0 [ 2292.433887][T13204] shmem 73728 [ 2292.433887][T13204] file_mapped 0 [ 2292.433887][T13204] file_dirty 0 [ 2292.433887][T13204] file_writeback 0 [ 2292.433887][T13204] anon_thp 0 [ 2292.433887][T13204] inactive_anon 786432 [ 2292.433887][T13204] active_anon 117719040 [ 2292.433887][T13204] inactive_file 98304 [ 2292.433887][T13204] active_file 0 [ 2292.433887][T13204] unevictable 0 [ 2292.433887][T13204] slab_reclaimable 7704576 [ 2292.433887][T13204] slab_unreclaimable 44892160 [ 2292.433887][T13204] pgfault 249711 [ 2292.433887][T13204] pgmajfault 0 [ 2292.433887][T13204] workingset_refault 3762 [ 2292.433887][T13204] workingset_activate 1782 [ 2292.433887][T13204] workingset_nodereclaim 0 [ 2292.433887][T13204] pgrefill 141470 [ 2292.433887][T13204] pgscan 159068 [ 2292.433887][T13204] pgsteal 20105 [ 2292.529434][T13204] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=23168,uid=0 [ 2292.545598][T13204] Memory cgroup out of memory: Killed process 23168 (syz-executor.4) total-vm:74704kB, anon-rss:160kB, file-rss:35816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 2292.573604][T13209] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2292.590103][ T1143] oom_reaper: reaped process 23168 (syz-executor.4), now anon-rss:0kB, file-rss:34856kB, shmem-rss:0kB [ 2292.631396][T13209] CPU: 1 PID: 13209 Comm: syz-executor.1 Not tainted 5.6.0-rc3-syzkaller #0 [ 2292.640137][T13209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2292.650346][T13209] Call Trace: [ 2292.653664][T13209] dump_stack+0x1fb/0x318 [ 2292.658143][T13209] dump_header+0xd8/0x960 [ 2292.662598][T13209] oom_kill_process+0xee/0x370 [ 2292.667406][T13209] out_of_memory+0x5dc/0x900 [ 2292.672558][T13209] try_charge+0x128f/0x18a0 [ 2292.677132][T13209] __memcg_kmem_charge_memcg+0x37/0x140 [ 2292.685325][T13209] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2292.690933][T13209] __memcg_kmem_charge+0x105/0x340 [ 2292.696067][T13209] __alloc_pages_nodemask+0x29a/0x5d0 [ 2292.701474][T13209] alloc_pages_current+0x2db/0x500 [ 2292.706617][T13209] pte_alloc_one+0x1f/0x180 [ 2292.711140][T13209] __pte_alloc+0x20/0x2f0 [ 2292.715601][T13209] copy_page_range+0x2434/0x2950 [ 2292.720655][T13209] ? __vma_link_rb+0x822/0x840 [ 2292.725466][T13209] dup_mmap+0x9f1/0xdf0 [ 2292.729677][T13209] dup_mm+0x9e/0x340 [ 2292.733626][T13209] copy_process+0x2080/0x57b0 [ 2292.738772][T13209] ? debug_smp_processor_id+0x9/0x20 [ 2292.744155][T13209] _do_fork+0x13e/0x660 [ 2292.748382][T13209] ? check_preemption_disabled+0x44/0x260 [ 2292.754129][T13209] ? debug_smp_processor_id+0x9/0x20 [ 2292.759458][T13209] ? check_preemption_disabled+0x44/0x260 [ 2292.765330][T13209] ? debug_smp_processor_id+0x9/0x20 [ 2292.770676][T13209] ? check_preemption_disabled+0x44/0x260 [ 2292.776490][T13209] __x64_sys_clone+0x20b/0x250 [ 2292.781567][T13209] do_syscall_64+0xf7/0x1c0 [ 2292.786098][T13209] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2292.792109][T13209] RIP: 0033:0x45c479 [ 2292.796024][T13209] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2292.815780][T13209] RSP: 002b:00007fea86b88c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2292.824205][T13209] RAX: ffffffffffffffda RBX: 00007fea86b896d4 RCX: 000000000045c479 [ 2292.833768][T13209] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 2292.841763][T13209] RBP: 000000000076bfc0 R08: ffffffffffffffff R09: 0000000000000000 [ 2292.849751][T13209] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2292.858082][T13209] R13: 0000000000000074 R14: 00000000004c2d06 R15: 000000000076bfcc [ 2292.869561][T13209] memory: usage 307200kB, limit 307200kB, failcnt 12890 [ 2292.877046][T13209] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2292.897926][T13209] Memory cgroup stats for /syz1: [ 2292.898046][T13209] anon 117645312 [ 2292.898046][T13209] file 0 [ 2292.898046][T13209] kernel_stack 28459008 [ 2292.898046][T13209] slab 54370304 [ 2292.898046][T13209] sock 131072 [ 2292.898046][T13209] shmem 0 [ 2292.898046][T13209] file_mapped 135168 [ 2292.898046][T13209] file_dirty 0 [ 2292.898046][T13209] file_writeback 0 [ 2292.898046][T13209] anon_thp 0 [ 2292.898046][T13209] inactive_anon 516096 [ 2292.898046][T13209] active_anon 117071872 [ 2292.898046][T13209] inactive_file 4096 [ 2292.898046][T13209] active_file 0 [ 2292.898046][T13209] unevictable 0 [ 2292.898046][T13209] slab_reclaimable 10002432 [ 2292.898046][T13209] slab_unreclaimable 44367872 [ 2292.898046][T13209] pgfault 241230 [ 2292.898046][T13209] pgmajfault 0 [ 2292.898046][T13209] workingset_refault 2112 [ 2292.898046][T13209] workingset_activate 528 [ 2292.898046][T13209] workingset_nodereclaim 0 [ 2292.898046][T13209] pgrefill 103580 [ 2292.898046][T13209] pgscan 104961 [ 2292.898046][T13209] pgsteal 3527 [ 2293.000032][T13209] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=12729,uid=0 [ 2293.031663][T13209] Memory cgroup out of memory: Killed process 12729 (syz-executor.1) total-vm:74836kB, anon-rss:164kB, file-rss:35800kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 05:19:34 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 2293.076126][T13196] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2293.125672][T13196] CPU: 0 PID: 13196 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2293.134513][T13196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2293.144584][T13196] Call Trace: [ 2293.147890][T13196] dump_stack+0x1fb/0x318 [ 2293.152245][T13196] dump_header+0xd8/0x960 [ 2293.156715][T13196] oom_kill_process+0xee/0x370 [ 2293.161629][T13196] out_of_memory+0x5dc/0x900 [ 2293.166248][T13196] try_charge+0x128f/0x18a0 [ 2293.170927][T13196] mem_cgroup_try_charge+0x216/0x550 [ 2293.176254][T13196] mem_cgroup_try_charge_delay+0x25/0xa0 [ 2293.182022][T13196] wp_page_copy+0x35f/0x1c50 [ 2293.186672][T13196] do_wp_page+0x5e4/0x16d0 [ 2293.191101][T13196] ? __kasan_check_write+0x14/0x20 [ 2293.196244][T13196] ? do_raw_spin_lock+0x103/0x7b0 [ 2293.201312][T13196] ? handle_mm_fault+0x235a/0x2900 [ 2293.206463][T13196] handle_mm_fault+0x241f/0x2900 [ 2293.211461][T13196] do_user_addr_fault+0x588/0xaf0 [ 2293.216529][T13196] do_page_fault+0x13b/0x250 [ 2293.221303][T13196] page_fault+0x39/0x40 [ 2293.225457][T13196] RIP: 0033:0x417b03 [ 2293.229489][T13196] Code: e9 4c 89 e2 ff 74 24 48 4c 8b 4c 24 10 89 ee 4c 8b 44 24 18 48 89 df e8 cb f7 ff ff 66 2e 0f 1f 84 00 00 00 00 00 90 48 f7 d8 <64> 89 04 25 d4 ff ff ff 48 83 c8 ff c3 48 81 ec 98 00 00 00 31 ff [ 2293.249493][T13196] RSP: 002b:00007ffeb3531148 EFLAGS: 00010213 [ 2293.255581][T13196] RAX: 000000000000006e RBX: 00000000000003e8 RCX: 000000000045c479 [ 2293.263701][T13196] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000076bf2c 05:19:34 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0xa002}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2293.271696][T13196] RBP: 000000000000002d R08: 00ffffffffffffff R09: 00ffffffffffffff [ 2293.279824][T13196] R10: 00007ffeb3531220 R11: 0000000000000246 R12: 000000000076bf20 [ 2293.287871][T13196] R13: 000000000022f92a R14: 000000000022f957 R15: 000000000076bf2c [ 2293.299602][T13196] memory: usage 306980kB, limit 307200kB, failcnt 17119 [ 2293.318531][T13196] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2293.351487][T13196] Memory cgroup stats for /syz4: [ 2293.351831][T13196] anon 118456320 [ 2293.351831][T13196] file 16384 [ 2293.351831][T13196] kernel_stack 28975104 [ 2293.351831][T13196] slab 52596736 [ 2293.351831][T13196] sock 0 [ 2293.351831][T13196] shmem 73728 [ 2293.351831][T13196] file_mapped 0 [ 2293.351831][T13196] file_dirty 0 [ 2293.351831][T13196] file_writeback 0 [ 2293.351831][T13196] anon_thp 0 [ 2293.351831][T13196] inactive_anon 786432 [ 2293.351831][T13196] active_anon 117719040 [ 2293.351831][T13196] inactive_file 98304 [ 2293.351831][T13196] active_file 0 [ 2293.351831][T13196] unevictable 0 [ 2293.351831][T13196] slab_reclaimable 7704576 [ 2293.351831][T13196] slab_unreclaimable 44892160 [ 2293.351831][T13196] pgfault 249711 [ 2293.351831][T13196] pgmajfault 0 [ 2293.351831][T13196] workingset_refault 3762 [ 2293.351831][T13196] workingset_activate 1782 [ 2293.351831][T13196] workingset_nodereclaim 0 [ 2293.351831][T13196] pgrefill 141569 [ 2293.351831][T13196] pgscan 159234 [ 2293.351831][T13196] pgsteal 20105 [ 2293.452435][T13196] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=22827,uid=0 [ 2293.469068][T13196] Memory cgroup out of memory: Killed process 22827 (syz-executor.4) total-vm:74704kB, anon-rss:160kB, file-rss:35816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 2293.490186][ T1143] oom_reaper: reaped process 22827 (syz-executor.4), now anon-rss:0kB, file-rss:34856kB, shmem-rss:0kB [ 2293.507928][T13229] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2293.525794][T13229] CPU: 0 PID: 13229 Comm: syz-executor.1 Not tainted 5.6.0-rc3-syzkaller #0 [ 2293.534641][T13229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2293.544711][T13229] Call Trace: [ 2293.548063][T13229] dump_stack+0x1fb/0x318 [ 2293.552429][T13229] dump_header+0xd8/0x960 [ 2293.556906][T13229] oom_kill_process+0xee/0x370 [ 2293.561702][T13229] out_of_memory+0x5dc/0x900 [ 2293.566332][T13229] try_charge+0x128f/0x18a0 [ 2293.570908][T13229] __memcg_kmem_charge_memcg+0x37/0x140 [ 2293.576484][T13229] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2293.582058][T13229] __memcg_kmem_charge+0x105/0x340 [ 2293.587215][T13229] __alloc_pages_nodemask+0x29a/0x5d0 [ 2293.592918][T13229] alloc_pages_current+0x2db/0x500 [ 2293.598094][T13229] pte_alloc_one+0x1f/0x180 [ 2293.602747][T13229] __pte_alloc+0x20/0x2f0 [ 2293.607085][T13229] copy_page_range+0x2434/0x2950 [ 2293.612117][T13229] ? __vma_link_rb+0x822/0x840 [ 2293.616913][T13229] dup_mmap+0x9f1/0xdf0 [ 2293.621146][T13229] dup_mm+0x9e/0x340 [ 2293.625062][T13229] copy_process+0x2080/0x57b0 [ 2293.629770][T13229] ? debug_smp_processor_id+0x9/0x20 [ 2293.635107][T13229] _do_fork+0x13e/0x660 [ 2293.639286][T13229] ? check_preemption_disabled+0x44/0x260 [ 2293.645032][T13229] ? debug_smp_processor_id+0x9/0x20 [ 2293.650591][T13229] ? check_preemption_disabled+0x44/0x260 [ 2293.656351][T13229] ? debug_smp_processor_id+0x9/0x20 [ 2293.661672][T13229] ? check_preemption_disabled+0x44/0x260 [ 2293.667430][T13229] __x64_sys_clone+0x20b/0x250 [ 2293.672337][T13229] do_syscall_64+0xf7/0x1c0 [ 2293.676888][T13229] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2293.682801][T13229] RIP: 0033:0x45c479 [ 2293.686719][T13229] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 05:19:34 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) [ 2293.706549][T13229] RSP: 002b:00007fea86b88c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2293.715150][T13229] RAX: ffffffffffffffda RBX: 00007fea86b896d4 RCX: 000000000045c479 [ 2293.724116][T13229] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 2293.732109][T13229] RBP: 000000000076bfc0 R08: ffffffffffffffff R09: 0000000000000000 [ 2293.740208][T13229] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2293.748300][T13229] R13: 0000000000000074 R14: 00000000004c2d06 R15: 000000000076bfcc 05:19:34 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000290000000000", 0x32) 05:19:34 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f0000000000003e0000000000", 0x32) [ 2293.860051][T13229] memory: usage 307200kB, limit 307200kB, failcnt 12908 [ 2293.872941][T13229] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2293.897320][T13229] Memory cgroup stats for /syz1: [ 2293.897417][T13229] anon 117641216 [ 2293.897417][T13229] file 0 05:19:35 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) [ 2293.897417][T13229] kernel_stack 28422144 [ 2293.897417][T13229] slab 54370304 [ 2293.897417][T13229] sock 131072 [ 2293.897417][T13229] shmem 0 [ 2293.897417][T13229] file_mapped 135168 [ 2293.897417][T13229] file_dirty 0 [ 2293.897417][T13229] file_writeback 0 [ 2293.897417][T13229] anon_thp 0 [ 2293.897417][T13229] inactive_anon 516096 [ 2293.897417][T13229] active_anon 117071872 [ 2293.897417][T13229] inactive_file 4096 [ 2293.897417][T13229] active_file 0 [ 2293.897417][T13229] unevictable 0 [ 2293.897417][T13229] slab_reclaimable 10002432 [ 2293.897417][T13229] slab_unreclaimable 44367872 [ 2293.897417][T13229] pgfault 241329 [ 2293.897417][T13229] pgmajfault 0 [ 2293.897417][T13229] workingset_refault 2112 [ 2293.897417][T13229] workingset_activate 528 [ 2293.897417][T13229] workingset_nodereclaim 0 [ 2293.897417][T13229] pgrefill 103713 [ 2293.897417][T13229] pgscan 105127 [ 2293.897417][T13229] pgsteal 3527 [ 2293.995224][T13229] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=12478,uid=0 [ 2294.011268][T13229] Memory cgroup out of memory: Killed process 12478 (syz-executor.1) total-vm:74704kB, anon-rss:156kB, file-rss:35808kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2294.072920][T13237] ref_ctr_offset mismatch. inode: 0x47ae offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfffffff6 [ 2294.414507][T13262] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2294.426997][T13262] CPU: 1 PID: 13262 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2294.435784][T13262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2294.445847][T13262] Call Trace: [ 2294.449157][T13262] dump_stack+0x1fb/0x318 [ 2294.453627][T13262] dump_header+0xd8/0x960 [ 2294.457963][T13262] oom_kill_process+0xee/0x370 [ 2294.462873][T13262] out_of_memory+0x5dc/0x900 [ 2294.467616][T13262] try_charge+0x128f/0x18a0 [ 2294.472153][T13262] ? trace_hardirqs_on_caller+0x74/0x80 [ 2294.477898][T13262] __memcg_kmem_charge_memcg+0x37/0x140 [ 2294.483457][T13262] __memcg_kmem_charge+0x105/0x340 [ 2294.488587][T13262] __alloc_pages_nodemask+0x29a/0x5d0 [ 2294.494009][T13262] alloc_pages_current+0x2db/0x500 [ 2294.499263][T13262] __pmd_alloc+0x39/0x3d0 [ 2294.503604][T13262] copy_page_range+0x2555/0x2950 [ 2294.508807][T13262] ? retint_kernel+0x2b/0x2b [ 2294.513452][T13262] ? vma_gap_callbacks_rotate+0x1fc/0x230 [ 2294.519230][T13262] ? init_admin_reserve+0xc0/0xc0 [ 2294.524316][T13262] dup_mmap+0x9f1/0xdf0 [ 2294.528483][T13262] dup_mm+0x9e/0x340 [ 2294.532606][T13262] copy_process+0x2080/0x57b0 [ 2294.537326][T13262] _do_fork+0x13e/0x660 [ 2294.541510][T13262] ? check_preemption_disabled+0x44/0x260 [ 2294.547236][T13262] ? debug_smp_processor_id+0x9/0x20 [ 2294.552706][T13262] ? check_preemption_disabled+0x44/0x260 [ 2294.558462][T13262] ? debug_smp_processor_id+0x9/0x20 [ 2294.563754][T13262] ? check_preemption_disabled+0x44/0x260 [ 2294.569618][T13262] __x64_sys_clone+0x20b/0x250 [ 2294.574571][T13262] do_syscall_64+0xf7/0x1c0 [ 2294.579084][T13262] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2294.584993][T13262] RIP: 0033:0x45c479 [ 2294.589012][T13262] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2294.608611][T13262] RSP: 002b:00007fe0b78f1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2294.617324][T13262] RAX: ffffffffffffffda RBX: 00007fe0b78f26d4 RCX: 000000000045c479 [ 2294.625326][T13262] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 2294.633297][T13262] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2294.641382][T13262] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2294.649598][T13262] R13: 0000000000000074 R14: 00000000004c2d06 R15: 000000000076bf2c [ 2294.657894][T13262] memory: usage 307200kB, limit 307200kB, failcnt 17155 [ 2294.665051][T13262] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2294.672105][T13262] Memory cgroup stats for /syz4: [ 2294.672968][T13262] anon 118456320 [ 2294.672968][T13262] file 16384 [ 2294.672968][T13262] kernel_stack 29011968 [ 2294.672968][T13262] slab 52596736 [ 2294.672968][T13262] sock 0 [ 2294.672968][T13262] shmem 73728 [ 2294.672968][T13262] file_mapped 0 [ 2294.672968][T13262] file_dirty 0 [ 2294.672968][T13262] file_writeback 0 [ 2294.672968][T13262] anon_thp 0 [ 2294.672968][T13262] inactive_anon 786432 [ 2294.672968][T13262] active_anon 117854208 [ 2294.672968][T13262] inactive_file 0 [ 2294.672968][T13262] active_file 0 [ 2294.672968][T13262] unevictable 0 [ 2294.672968][T13262] slab_reclaimable 7704576 [ 2294.672968][T13262] slab_unreclaimable 44892160 [ 2294.672968][T13262] pgfault 249909 [ 2294.672968][T13262] pgmajfault 0 [ 2294.672968][T13262] workingset_refault 3762 [ 2294.672968][T13262] workingset_activate 1782 [ 2294.672968][T13262] workingset_nodereclaim 0 [ 2294.672968][T13262] pgrefill 141866 [ 2294.672968][T13262] pgscan 159499 [ 2294.672968][T13262] pgsteal 20105 [ 2294.768320][T13262] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=19629,uid=0 [ 2294.784354][T13262] Memory cgroup out of memory: Killed process 19629 (syz-executor.4) total-vm:74704kB, anon-rss:160kB, file-rss:35816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 2294.809757][ T1143] oom_reaper: reaped process 19629 (syz-executor.4), now anon-rss:0kB, file-rss:34856kB, shmem-rss:0kB 05:19:36 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @remote}}) write$tun(r0, &(0x7f00000021c0)={@void, @val={0x9}, @mpls={[], @ipv6=@icmpv6={0x0, 0x6, "9eef7b", 0xf98, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x3, 0x0, 0x0, 0x0, {0x0, 0x6, "6595c3", 0x0, 0x0, 0x0, @mcast2, @loopback, [@dstopts={0x11, 0x13, [], [@padn={0x11, 0x1, [0x0]}, @enc_lim, @ra, @calipso={0x7, 0x30, {0x0, 0xa, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}}, @calipso={0x7, 0x40, {0x0, 0xe, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, @hao={0xc9, 0x10, @mcast2}, @jumbo, @pad1]}, @srh={0x2, 0xc, 0x4, 0x6, 0x0, 0x0, 0x0, [@loopback, @loopback, @remote, @mcast2, @local, @mcast2]}, @hopopts={0x0, 0x1b8, [], [@ra, @generic={0x0, 0xdbb, "0cad4f4a7eeb53720a5107b6d8001a2f2241086745756559ca43dcc86c24645dd1ca87e3caf5413013c6baee7f151d411bad8f23a85fadfe0f959c12d3393193f4499171ba7b0fdee3a48548863719a05490befc514e21c91ea0c4bcc0e488e1cec20d2c2a5a69ce3dd47d41718560907c58078035d2a51850b0d85282b4a9ab5626b195d85d2727ed7047b647859a72011ff3fa524341909f841651f63701526c6a7e741f3bded9c25d978a77f334d12931fdd5484306ec3d6b268311f46917b7e42efa149511bafa5415d17ac02ab8937249a68b2e3fddb941b0040ced142c2afedcbec1039d40f4923ea3d4475ac561a6a0e869569dd13e736bf127eacb110f8d010329fccadf8e48b27819c823ca0f507f87b3d63ef1869cba2fe3deb0ad1dbaa1a343ab0a856f3e248c6af4ddbfc11824031ce2beeae0991b79382da8b02e0d25715845fc86df5a6279d54d675789e58df953992123c28c532058750c5978a819ddaadbcbe1d7fc264cb688b91668e116227771f36e2a8eb8b7bc364dbda1b3225c6bf9d82ae1e69fe54b17ff692f8b47718b508b8a4e10735bcb55f90616e50d6ba8851388d0f1b39957374ddc9efb243ac2a2bc436e867f3e1499e62d9d158ac22d4d0350b45d1ff2db14ff9507defa68bd37bc5a2e4f7988329171dd59db16a044b748fb6e05e3ca8f863b2ddd8623495f0c3d183e1b610263f17d7629921562a42a3c45a515a30a2c3edc574dff264f881f61393447a1fd773a20e494ac3afc0df59da758af735fbd5e6ad689e95675e29c15617764084f5b6f4732435f63ccb423df6442ad322600e21be45296fd27ca9e08ee7f442a688a32817404d9300ce4a70c2b75ca422b2173a52e9a800f5e520f349525b4c493701ae68ae0efc5e117b9a20735e47c37ccd977686b30d6cabb18f8e7c07ef9721f7daaf4b2c1fd02ec9a2e6e2fd458fa93e4f54d96d5e25ebaca4f322994ae737ee0181b9fac284e952b71fa18ecc7f1c3752a6385a596c094d36654008db0a2a785bf55bcb973d3c5e45ea9ca7506c10ecc0472fd4dd568e38548e87f8557d90290d8a8985cfa43853de5ff75d5a6d8f697c2a6a727675ea5aa1779b1cc98b4ff9556933c7bfa3ae59ada5c8d49191cbea2f2b457dd53c62a4dd257e808b3804cd18a95d566a818797fdc09f4b607dc97b634a9d9e447cc2252f51dd8ad9f5a10ccf32b7154992623957d963731bc4331adfc90c48361e4e2239892c82ff9260ad221c2e83c2352095d95a3d44a402e874edaa8a304f2e1c3d6a383a0515eb5657589a67691a22f10b89fd74123f7cec086d434da40ba509b0dbdf1fa82f4b16f9f3e6df6b0b28c3a85ab272e50e064fc37f681fcb5cfa0c0899a9b88d0a483281032cb16a80202b96cfe473ba073fcb9a6eeeee0032afe23506facba3ed1d11608d21a580ab87eeef70d18d9331eae104f6d77a4bc96bce642815485f513bb71ddc560bc31e995aba9faccd7d1bf74c8fe2b5d7137e3b771a2f408ac06d24bad2f7f4c8f6d7d977d7248415ccbd3420688ff681cf9b00724b6981b2555b86bce142c5d3bef47ebf75e989b337cb8cb98ed24402a98a4224685ceb2ded92f347e5192903dff7f6ed980cbf1413b8eb68474a9abac3fb206ef1ebe0d08dd999c9ecf811d0706d0a705a23ae530d3775e978159dc3c73b86dcd18a61e1c6c8b810041fbd80e0a4c9ff8a73933bb3dae152514ced9ee050e059c6f1bd0dbf2e3517ee3c2d770c296e6596290cf800508715da0799efced72be1ab153bec534129279639ba1afde05179952bf9e80133865b60c5669ef3b6972483e2936ac87a69c8e296a0c24cc0b2ce8583c99414ce7d7309c404b0652f27e6911fdfb59877366fa8754e716e50aa99cd04cbf7eb2c8e118b1a17d9965d6611dc65ac8c6b3a4d5d3df3097c4163c354509b50df0cc2daf0291bbd384a34dec960fd84a67cb30b761ee8161bb25d389bd20e15bfcf7f5edd77005e96e90c5a9bbacd7b3f9f5bbdb880f0a7e1254572b86cb28b3c310ba3052d3785b024ed3f3fafabf1393cf2d882b8bacca30d69adc024baede50d9b0bc2ffcd2bf5c6fef2fc290390162b563b8e846d7b615115818623113f01a1c216b9f588b65db63a459bcfce53020debb6de6e746ef2f9f1c8276ba8995e1bd02d3194e9875e1692ea0255743ba2175c4a804f57a4c19a2c7a4f8f36557878deba2d485aa67c2f36ccbb582f3c569e5d00fe8636857f30854abea6758389bcc832d0de97635ea41e42efa0b7c06fd4f84deeaebccfa8852e3c5582ade34fbe462b5244156d4545bd32377c65e3b0303879f8cc8f177056e39f99591dbaf1b2640f9b68c4cf3989fdd442cb1298d62ce43a21c56bc9556eb27431c04ed337fcd37c26387772677c25c7be21ee74d087c7b88457f30b34a493acb519295f38f4b9bc6764fcbd763d4f9e061d0fd8cb7800e2e0ec18d0fbfdbddc9af8d817b3cf16ce82c91f184f5c8184736203e1bcdb4b8c03a2176926cac0ba9fcf7e21604973d53ee3fc38263e80cea9b1cd9a5016d3e03141426a6802e0926485e8afff7cf8be9bdd2ce685128a7631314c4414a6ade6a85975c1b2958d9c52e455174ca71562eaf6102654466c66f5d3e251e6cae5efd91a88a2513f0587d80b9aafd1936b43beb4054bc35f1c42c0381618bbba181f0de8f4e7aa15f87bc7bb4609f88eadbb83bcc13f8caf7eca20a938c35378f8d3a810a7463d8a2487a157871a7402ab05b54bed456fb2d4c440976ccb4e724a20ba1941f3b3db4f8a185982bd719362b7e190052b5579835d1da2adcfdbec002fdb5f7b187fd365eb601432bf984ad6ee59e13aafba08485997587417b70f8cdf4f7370f04d94df49e135ed3012b87e50b93b27c78e1409f05a4bc0b75e6322068de9b0af459fdc40e3649fb2a7fb1296e00e7d48315705ecbb7815fedb45b8773309489e47aaa4009952604df5d6cd57ec310fc387ecdb296c11376715286df3d15f651310461e83c2ae6d407db6f81784b291e6c8f42907dd4c473cb72dedeb930668d6e5efd95bd1f69d9e818a744557689f7106d0d2a3c3e6f79c98559f9c31ca32307011fa3d70963cc2801babc9a23f73f5fa4bcd04285927f6ef7c5099a4620b85ca8dff2a56fe8aac89949dac74cf869739610d87068e3d32fdba1d5b7460b7857249091cb62b6d9f824ffb9b88a02ea4926da7b8b672ad08ec8c7508a3c5ba901e7c8c8a19e63bbc148a8bb307c6f5d87c736c9d6bcfaabdc7da7102a8bc466c6c11c0bf1973aaf9bc181f996b8aa726dc952dd26df33d6b2aa8de037308df7935ef3390e5939fd9cdf2044b40422197fac93f1762ad342d293162c109f39a369e48977af8ea32a7a098fd9cd7cd979b41a104b8359038cd6741a73968c72d09e9b9869d8dc5fc36b9bfdc89b8cffcede960561a9d1e4aa2453f712caecd2a4206947d3588190e3433bdb87a9241e08686dc78f00162f8239d660b74d42ae1d534ffc3a51fc308f98a5ac00f4da9bdcee4e6d0bf627d17366691a3ab8569b730ad31dcc5324c8835b19b65a11845a03434e10329c5feeeb1088b13a3bc3fe65c3eb6e549003d8d211b87823a44910b2a42e340dd2176a17a2e6ebb45cc59baa9a3bbfd74e6ee8d2c512a825292bdd7abe5ff7ede61b74376e5bc37faf8d69346fa32708df690b2d5b5f18727e4bdb899718e38dae959bb56d95ac153beb1426f3cca03105d5fed56e597822bfc31bb284a9848f1b6b9a1910ad2af8b76887cdd2b1de1f81cd542e0c889e89737d61f5e50ef964205a3b4c77c72271f83015e34989d60ef6d0d6c307902975d5dbe90a23ee1cde956cf70135c91a199d9f75500dc95604b9e7eb365ea858d90377601bad95e07a0f156ffc02778365315b67093aebe32a2a5f00ba8b0eae6fb0414eabe117fd590bc39e9208b4137977b5a8610462f2e83cff2b16edcb444b5d33035d0a80bcb1da228247cad6c11369c5026c5a8320d97cbac232b0ecc0b201552e0f41ab143040324217ad67e8606b34a3349e4ef0c34f9cf56d5b6d157c09b178b358491eb270093a99f522afa3aedaf5dc705fe1842b12515dfe1650dd92ab489bed299677eeff81da531569a3ad832ae273a0b47627561a35da92a6c1b161dbf496248f04feb5a407d99968d6ba0174f453d94708be5a57d82b980bd7751b4a9590dc7b4d38c912a8571ebc39150f7e52efad66cb6d3996710bc5a3e89576182a6a1e15d95dbd74c1ab791bee657547ffb645feb8566ed8db97003f1ff2312946a0404c8dfc0f0a240d8320795c83e66f1429eb56db9ba6e1cee43cbc9e95bd10ceccf1f2ff6b8264ed4e83928e0c5056ad07ba0dad0bb21bec76d7b6ee05a2f0bac88f17004e2e299ccb2679099cc838e25f78685509b69d3164c1fae4c538e683af818d223e8806f50da7504008173b9fc69eafb649dc4b516e4554edbe8c9a0ba46db39c962af343e9caada22d55e3d7ad01e5e5d7d146edfc3a93ce8afde8416b8e9a929b8d88909e11554f1b934a98be2d6e6e0ae2ff66f10be722958a0c0c3766f69d590fc56ed8ae47c289413d62310e8022369e8102d0407bfd30c103fb743c81360752a71f36be5a511c43ebdb493d96a7b2eb80494a028f6cc76a2d0eb0aa1f1392bb50a2ba71384f071473d0774e425dd2d212b537f8f654458e0a5d300780c3d29ddcabe9fdd95c14e6cbd924d1aad9eaa2e00d45278609ef27fdec8d81c9221d07b59370db0911550fdddc9ef3ba760109ba384b3ad7ba5747aa50e0b9832bf39cbf5244de38af8c273d497597be8d4e5575d13a580584436621bb5b7878d23991a6221381af19ef2be71e2c7dea6e5fc9dbe0039ccb02d13d978eebdd411727ee7faed65ca6c872bf9c37322ede378709e9f6a61a1b07c7ceeb94b7719d78a8a3d8221695ba"}]}], "4011c6ed3ec831c0a859df4fd6a1cf59a90c42b433580b288a28728fb104cc462f4e92a1a4d50c2d9d75ce8b5ae9b1d6e9a4a79cae905957835e850585441d5cb5c76b06ad60a5a9003ebacf0d40fb6c636fd81af39f9d170ef5af99cd3e3e7ff54f71ca5d83d2b122ebbbc1333a2c811bc4095b572ebbcb83561044b2794ae54b33e99f48eac0eb"}}}}}}, 0xfca) 05:19:36 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) 05:19:36 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f0000000000003f0000000000", 0x32) 05:19:36 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f0000000000002a0000000000", 0x32) 05:19:36 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x1fffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 05:19:36 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:19:36 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000400000000000", 0x32) [ 2295.120045][T13282] ref_ctr_offset mismatch. inode: 0x4824 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfffffff6 05:19:36 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f0000000000002b0000000000", 0x32) 05:19:36 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) [ 2295.387826][T13274] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2295.400344][T13274] CPU: 1 PID: 13274 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2295.409065][T13274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2295.419250][T13274] Call Trace: [ 2295.422554][T13274] dump_stack+0x1fb/0x318 [ 2295.426938][T13274] dump_header+0xd8/0x960 [ 2295.431306][T13274] oom_kill_process+0xee/0x370 [ 2295.436363][T13274] out_of_memory+0x5dc/0x900 [ 2295.440982][T13274] try_charge+0x128f/0x18a0 [ 2295.445563][T13274] __memcg_kmem_charge_memcg+0x37/0x140 [ 2295.451295][T13274] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2295.456952][T13274] __memcg_kmem_charge+0x105/0x340 [ 2295.462195][T13274] __alloc_pages_nodemask+0x29a/0x5d0 [ 2295.467852][T13274] alloc_pages_current+0x2db/0x500 [ 2295.473005][T13274] get_zeroed_page+0x17/0x40 [ 2295.477642][T13274] __pud_alloc+0x37/0x210 [ 2295.481997][T13274] copy_page_range+0x2600/0x2950 [ 2295.487081][T13274] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2295.492704][T13274] ? lockdep_hardirqs_on+0x4a5/0x7a0 [ 2295.498011][T13274] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2295.503503][T13274] ? trace_hardirqs_on_caller+0x74/0x80 [ 2295.509096][T13274] ? __sanitizer_cov_trace_const_cmp8+0x1/0x90 [ 2295.515300][T13274] dup_mmap+0x9f1/0xdf0 [ 2295.519481][T13274] dup_mm+0x9e/0x340 [ 2295.523403][T13274] copy_process+0x2080/0x57b0 [ 2295.528227][T13274] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2295.533756][T13274] _do_fork+0x13e/0x660 [ 2295.537927][T13274] ? retint_kernel+0x2b/0x2b [ 2295.542536][T13274] ? trace_hardirqs_on_caller+0x74/0x80 [ 2295.548225][T13274] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2295.553710][T13274] __x64_sys_clone+0x20b/0x250 [ 2295.558498][T13274] do_syscall_64+0xf7/0x1c0 [ 2295.563033][T13274] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2295.568935][T13274] RIP: 0033:0x45c479 [ 2295.572834][T13274] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2295.592672][T13274] RSP: 002b:00007fe0b78f1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2295.601187][T13274] RAX: ffffffffffffffda RBX: 00007fe0b78f26d4 RCX: 000000000045c479 [ 2295.609173][T13274] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 2295.617168][T13274] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2295.625417][T13274] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2295.634071][T13274] R13: 0000000000000074 R14: 00000000004c2d06 R15: 000000000076bf2c [ 2295.642438][T13274] memory: usage 307200kB, limit 307200kB, failcnt 17210 [ 2295.649748][T13274] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2295.656992][T13274] Memory cgroup stats for /syz4: [ 2295.657782][T13274] anon 118583296 [ 2295.657782][T13274] file 16384 [ 2295.657782][T13274] kernel_stack 29048832 [ 2295.657782][T13274] slab 52596736 [ 2295.657782][T13274] sock 0 [ 2295.657782][T13274] shmem 73728 [ 2295.657782][T13274] file_mapped 0 [ 2295.657782][T13274] file_dirty 0 [ 2295.657782][T13274] file_writeback 0 [ 2295.657782][T13274] anon_thp 0 [ 2295.657782][T13274] inactive_anon 786432 [ 2295.657782][T13274] active_anon 117854208 [ 2295.657782][T13274] inactive_file 0 [ 2295.657782][T13274] active_file 0 [ 2295.657782][T13274] unevictable 0 [ 2295.657782][T13274] slab_reclaimable 7704576 [ 2295.657782][T13274] slab_unreclaimable 44892160 [ 2295.657782][T13274] pgfault 250041 [ 2295.657782][T13274] pgmajfault 0 [ 2295.657782][T13274] workingset_refault 3762 [ 2295.657782][T13274] workingset_activate 1782 [ 2295.657782][T13274] workingset_nodereclaim 0 [ 2295.657782][T13274] pgrefill 142196 [ 2295.657782][T13274] pgscan 159797 [ 2295.657782][T13274] pgsteal 20105 [ 2295.752977][T13274] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=19448,uid=0 [ 2295.768885][T13274] Memory cgroup out of memory: Killed process 19448 (syz-executor.4) total-vm:74704kB, anon-rss:160kB, file-rss:35816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 2295.794340][ T1143] oom_reaper: reaped process 19448 (syz-executor.4), now anon-rss:0kB, file-rss:34856kB, shmem-rss:0kB [ 2295.879922][T13271] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2295.890559][T13271] CPU: 1 PID: 13271 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2295.899289][T13271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2295.909465][T13271] Call Trace: [ 2295.912906][T13271] dump_stack+0x1fb/0x318 [ 2295.917268][T13271] dump_header+0xd8/0x960 [ 2295.921731][T13271] oom_kill_process+0xee/0x370 [ 2295.926519][T13271] out_of_memory+0x5dc/0x900 [ 2295.931131][T13271] try_charge+0x128f/0x18a0 [ 2295.935699][T13271] mem_cgroup_try_charge+0x216/0x550 [ 2295.941112][T13271] mem_cgroup_try_charge_delay+0x25/0xa0 [ 2295.946750][T13271] wp_page_copy+0x35f/0x1c50 [ 2295.951367][T13271] do_wp_page+0x5e4/0x16d0 [ 2295.955783][T13271] ? __kasan_check_write+0x14/0x20 [ 2295.961013][T13271] ? do_raw_spin_lock+0x103/0x7b0 [ 2295.966027][T13271] ? handle_mm_fault+0x235a/0x2900 [ 2295.971200][T13271] handle_mm_fault+0x241f/0x2900 [ 2295.976158][T13271] do_user_addr_fault+0x588/0xaf0 [ 2295.981205][T13271] do_page_fault+0x13b/0x250 [ 2295.985790][T13271] page_fault+0x39/0x40 [ 2295.989951][T13271] RIP: 0033:0x413c37 [ 2295.993856][T13271] Code: ff ff ff 48 0f 45 d3 b9 22 00 02 00 45 31 c9 48 89 d6 48 89 95 68 ff ff ff 8b 95 60 ff ff ff 31 ff e8 5d 88 04 00 48 83 f8 ff <48> 89 85 78 ff ff ff 44 8b 95 38 ff ff ff 0f 84 c8 02 00 00 48 83 [ 2296.013706][T13271] RSP: 002b:00007ffeb3531060 EFLAGS: 00010213 [ 2296.019939][T13271] RAX: 00007fe0b78b1000 RBX: 0000000000020000 RCX: 000000000045c4ca [ 2296.027937][T13271] RDX: 0000000000000003 RSI: 0000000000021000 RDI: 0000000000000000 [ 2296.036025][T13271] RBP: 00007ffeb3531140 R08: ffffffffffffffff R09: 0000000000000000 [ 2296.044112][T13271] R10: 0000000000020022 R11: 0000000000000246 R12: 00007ffeb3531230 [ 2296.052210][T13271] R13: 0000000000001000 R14: 0000000000000001 R15: 000000000076bfcc 05:19:37 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) [ 2296.123343][T13271] memory: usage 307192kB, limit 307200kB, failcnt 17220 [ 2296.142763][T13271] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2296.156918][T13271] Memory cgroup stats for /syz4: [ 2296.157008][T13271] anon 118431744 [ 2296.157008][T13271] file 16384 [ 2296.157008][T13271] kernel_stack 29048832 [ 2296.157008][T13271] slab 52596736 [ 2296.157008][T13271] sock 0 [ 2296.157008][T13271] shmem 73728 [ 2296.157008][T13271] file_mapped 0 [ 2296.157008][T13271] file_dirty 0 [ 2296.157008][T13271] file_writeback 0 [ 2296.157008][T13271] anon_thp 0 [ 2296.157008][T13271] inactive_anon 786432 [ 2296.157008][T13271] active_anon 117719040 [ 2296.157008][T13271] inactive_file 0 [ 2296.157008][T13271] active_file 0 [ 2296.157008][T13271] unevictable 0 [ 2296.157008][T13271] slab_reclaimable 7704576 [ 2296.157008][T13271] slab_unreclaimable 44892160 [ 2296.157008][T13271] pgfault 250041 [ 2296.157008][T13271] pgmajfault 0 [ 2296.157008][T13271] workingset_refault 3762 [ 2296.157008][T13271] workingset_activate 1782 [ 2296.157008][T13271] workingset_nodereclaim 0 [ 2296.157008][T13271] pgrefill 142296 [ 2296.157008][T13271] pgscan 159929 [ 2296.157008][T13271] pgsteal 20105 [ 2296.317958][T13271] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=19364,uid=0 05:19:37 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) 05:19:37 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x4000a0}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2296.363110][T13271] Memory cgroup out of memory: Killed process 19364 (syz-executor.4) total-vm:74704kB, anon-rss:160kB, file-rss:35816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 2296.539261][T13306] ref_ctr_offset mismatch. inode: 0x47ec offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfffffff6 05:19:38 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @remote}}) write$tun(r0, &(0x7f00000021c0)={@void, @val={0x9}, @mpls={[], @ipv6=@icmpv6={0x0, 0x6, "9eef7b", 0xf98, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x3, 0x0, 0x0, 0x0, {0x0, 0x6, "6595c3", 0x0, 0x0, 0x0, @mcast2, @loopback, [@dstopts={0x11, 0x13, [], [@padn={0x22, 0x1, [0x0]}, @enc_lim, @ra, @calipso={0x7, 0x30, {0x0, 0xa, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}}, @calipso={0x7, 0x40, {0x0, 0xe, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, @hao={0xc9, 0x10, @mcast2}, @jumbo, @pad1]}, @srh={0x2, 0xc, 0x4, 0x6, 0x0, 0x0, 0x0, [@loopback, @loopback, @remote, @mcast2, @local, @mcast2]}, @hopopts={0x0, 0x1b8, [], [@ra, @generic={0x0, 0xdbb, "0cad4f4a7eeb53720a5107b6d8001a2f2241086745756559ca43dcc86c24645dd1ca87e3caf5413013c6baee7f151d411bad8f23a85fadfe0f959c12d3393193f4499171ba7b0fdee3a48548863719a05490befc514e21c91ea0c4bcc0e488e1cec20d2c2a5a69ce3dd47d41718560907c58078035d2a51850b0d85282b4a9ab5626b195d85d2727ed7047b647859a72011ff3fa524341909f841651f63701526c6a7e741f3bded9c25d978a77f334d12931fdd5484306ec3d6b268311f46917b7e42efa149511bafa5415d17ac02ab8937249a68b2e3fddb941b0040ced142c2afedcbec1039d40f4923ea3d4475ac561a6a0e869569dd13e736bf127eacb110f8d010329fccadf8e48b27819c823ca0f507f87b3d63ef1869cba2fe3deb0ad1dbaa1a343ab0a856f3e248c6af4ddbfc11824031ce2beeae0991b79382da8b02e0d25715845fc86df5a6279d54d675789e58df953992123c28c532058750c5978a819ddaadbcbe1d7fc264cb688b91668e116227771f36e2a8eb8b7bc364dbda1b3225c6bf9d82ae1e69fe54b17ff692f8b47718b508b8a4e10735bcb55f90616e50d6ba8851388d0f1b39957374ddc9efb243ac2a2bc436e867f3e1499e62d9d158ac22d4d0350b45d1ff2db14ff9507defa68bd37bc5a2e4f7988329171dd59db16a044b748fb6e05e3ca8f863b2ddd8623495f0c3d183e1b610263f17d7629921562a42a3c45a515a30a2c3edc574dff264f881f61393447a1fd773a20e494ac3afc0df59da758af735fbd5e6ad689e95675e29c15617764084f5b6f4732435f63ccb423df6442ad322600e21be45296fd27ca9e08ee7f442a688a32817404d9300ce4a70c2b75ca422b2173a52e9a800f5e520f349525b4c493701ae68ae0efc5e117b9a20735e47c37ccd977686b30d6cabb18f8e7c07ef9721f7daaf4b2c1fd02ec9a2e6e2fd458fa93e4f54d96d5e25ebaca4f322994ae737ee0181b9fac284e952b71fa18ecc7f1c3752a6385a596c094d36654008db0a2a785bf55bcb973d3c5e45ea9ca7506c10ecc0472fd4dd568e38548e87f8557d90290d8a8985cfa43853de5ff75d5a6d8f697c2a6a727675ea5aa1779b1cc98b4ff9556933c7bfa3ae59ada5c8d49191cbea2f2b457dd53c62a4dd257e808b3804cd18a95d566a818797fdc09f4b607dc97b634a9d9e447cc2252f51dd8ad9f5a10ccf32b7154992623957d963731bc4331adfc90c48361e4e2239892c82ff9260ad221c2e83c2352095d95a3d44a402e874edaa8a304f2e1c3d6a383a0515eb5657589a67691a22f10b89fd74123f7cec086d434da40ba509b0dbdf1fa82f4b16f9f3e6df6b0b28c3a85ab272e50e064fc37f681fcb5cfa0c0899a9b88d0a483281032cb16a80202b96cfe473ba073fcb9a6eeeee0032afe23506facba3ed1d11608d21a580ab87eeef70d18d9331eae104f6d77a4bc96bce642815485f513bb71ddc560bc31e995aba9faccd7d1bf74c8fe2b5d7137e3b771a2f408ac06d24bad2f7f4c8f6d7d977d7248415ccbd3420688ff681cf9b00724b6981b2555b86bce142c5d3bef47ebf75e989b337cb8cb98ed24402a98a4224685ceb2ded92f347e5192903dff7f6ed980cbf1413b8eb68474a9abac3fb206ef1ebe0d08dd999c9ecf811d0706d0a705a23ae530d3775e978159dc3c73b86dcd18a61e1c6c8b810041fbd80e0a4c9ff8a73933bb3dae152514ced9ee050e059c6f1bd0dbf2e3517ee3c2d770c296e6596290cf800508715da0799efced72be1ab153bec534129279639ba1afde05179952bf9e80133865b60c5669ef3b6972483e2936ac87a69c8e296a0c24cc0b2ce8583c99414ce7d7309c404b0652f27e6911fdfb59877366fa8754e716e50aa99cd04cbf7eb2c8e118b1a17d9965d6611dc65ac8c6b3a4d5d3df3097c4163c354509b50df0cc2daf0291bbd384a34dec960fd84a67cb30b761ee8161bb25d389bd20e15bfcf7f5edd77005e96e90c5a9bbacd7b3f9f5bbdb880f0a7e1254572b86cb28b3c310ba3052d3785b024ed3f3fafabf1393cf2d882b8bacca30d69adc024baede50d9b0bc2ffcd2bf5c6fef2fc290390162b563b8e846d7b615115818623113f01a1c216b9f588b65db63a459bcfce53020debb6de6e746ef2f9f1c8276ba8995e1bd02d3194e9875e1692ea0255743ba2175c4a804f57a4c19a2c7a4f8f36557878deba2d485aa67c2f36ccbb582f3c569e5d00fe8636857f30854abea6758389bcc832d0de97635ea41e42efa0b7c06fd4f84deeaebccfa8852e3c5582ade34fbe462b5244156d4545bd32377c65e3b0303879f8cc8f177056e39f99591dbaf1b2640f9b68c4cf3989fdd442cb1298d62ce43a21c56bc9556eb27431c04ed337fcd37c26387772677c25c7be21ee74d087c7b88457f30b34a493acb519295f38f4b9bc6764fcbd763d4f9e061d0fd8cb7800e2e0ec18d0fbfdbddc9af8d817b3cf16ce82c91f184f5c8184736203e1bcdb4b8c03a2176926cac0ba9fcf7e21604973d53ee3fc38263e80cea9b1cd9a5016d3e03141426a6802e0926485e8afff7cf8be9bdd2ce685128a7631314c4414a6ade6a85975c1b2958d9c52e455174ca71562eaf6102654466c66f5d3e251e6cae5efd91a88a2513f0587d80b9aafd1936b43beb4054bc35f1c42c0381618bbba181f0de8f4e7aa15f87bc7bb4609f88eadbb83bcc13f8caf7eca20a938c35378f8d3a810a7463d8a2487a157871a7402ab05b54bed456fb2d4c440976ccb4e724a20ba1941f3b3db4f8a185982bd719362b7e190052b5579835d1da2adcfdbec002fdb5f7b187fd365eb601432bf984ad6ee59e13aafba08485997587417b70f8cdf4f7370f04d94df49e135ed3012b87e50b93b27c78e1409f05a4bc0b75e6322068de9b0af459fdc40e3649fb2a7fb1296e00e7d48315705ecbb7815fedb45b8773309489e47aaa4009952604df5d6cd57ec310fc387ecdb296c11376715286df3d15f651310461e83c2ae6d407db6f81784b291e6c8f42907dd4c473cb72dedeb930668d6e5efd95bd1f69d9e818a744557689f7106d0d2a3c3e6f79c98559f9c31ca32307011fa3d70963cc2801babc9a23f73f5fa4bcd04285927f6ef7c5099a4620b85ca8dff2a56fe8aac89949dac74cf869739610d87068e3d32fdba1d5b7460b7857249091cb62b6d9f824ffb9b88a02ea4926da7b8b672ad08ec8c7508a3c5ba901e7c8c8a19e63bbc148a8bb307c6f5d87c736c9d6bcfaabdc7da7102a8bc466c6c11c0bf1973aaf9bc181f996b8aa726dc952dd26df33d6b2aa8de037308df7935ef3390e5939fd9cdf2044b40422197fac93f1762ad342d293162c109f39a369e48977af8ea32a7a098fd9cd7cd979b41a104b8359038cd6741a73968c72d09e9b9869d8dc5fc36b9bfdc89b8cffcede960561a9d1e4aa2453f712caecd2a4206947d3588190e3433bdb87a9241e08686dc78f00162f8239d660b74d42ae1d534ffc3a51fc308f98a5ac00f4da9bdcee4e6d0bf627d17366691a3ab8569b730ad31dcc5324c8835b19b65a11845a03434e10329c5feeeb1088b13a3bc3fe65c3eb6e549003d8d211b87823a44910b2a42e340dd2176a17a2e6ebb45cc59baa9a3bbfd74e6ee8d2c512a825292bdd7abe5ff7ede61b74376e5bc37faf8d69346fa32708df690b2d5b5f18727e4bdb899718e38dae959bb56d95ac153beb1426f3cca03105d5fed56e597822bfc31bb284a9848f1b6b9a1910ad2af8b76887cdd2b1de1f81cd542e0c889e89737d61f5e50ef964205a3b4c77c72271f83015e34989d60ef6d0d6c307902975d5dbe90a23ee1cde956cf70135c91a199d9f75500dc95604b9e7eb365ea858d90377601bad95e07a0f156ffc02778365315b67093aebe32a2a5f00ba8b0eae6fb0414eabe117fd590bc39e9208b4137977b5a8610462f2e83cff2b16edcb444b5d33035d0a80bcb1da228247cad6c11369c5026c5a8320d97cbac232b0ecc0b201552e0f41ab143040324217ad67e8606b34a3349e4ef0c34f9cf56d5b6d157c09b178b358491eb270093a99f522afa3aedaf5dc705fe1842b12515dfe1650dd92ab489bed299677eeff81da531569a3ad832ae273a0b47627561a35da92a6c1b161dbf496248f04feb5a407d99968d6ba0174f453d94708be5a57d82b980bd7751b4a9590dc7b4d38c912a8571ebc39150f7e52efad66cb6d3996710bc5a3e89576182a6a1e15d95dbd74c1ab791bee657547ffb645feb8566ed8db97003f1ff2312946a0404c8dfc0f0a240d8320795c83e66f1429eb56db9ba6e1cee43cbc9e95bd10ceccf1f2ff6b8264ed4e83928e0c5056ad07ba0dad0bb21bec76d7b6ee05a2f0bac88f17004e2e299ccb2679099cc838e25f78685509b69d3164c1fae4c538e683af818d223e8806f50da7504008173b9fc69eafb649dc4b516e4554edbe8c9a0ba46db39c962af343e9caada22d55e3d7ad01e5e5d7d146edfc3a93ce8afde8416b8e9a929b8d88909e11554f1b934a98be2d6e6e0ae2ff66f10be722958a0c0c3766f69d590fc56ed8ae47c289413d62310e8022369e8102d0407bfd30c103fb743c81360752a71f36be5a511c43ebdb493d96a7b2eb80494a028f6cc76a2d0eb0aa1f1392bb50a2ba71384f071473d0774e425dd2d212b537f8f654458e0a5d300780c3d29ddcabe9fdd95c14e6cbd924d1aad9eaa2e00d45278609ef27fdec8d81c9221d07b59370db0911550fdddc9ef3ba760109ba384b3ad7ba5747aa50e0b9832bf39cbf5244de38af8c273d497597be8d4e5575d13a580584436621bb5b7878d23991a6221381af19ef2be71e2c7dea6e5fc9dbe0039ccb02d13d978eebdd411727ee7faed65ca6c872bf9c37322ede378709e9f6a61a1b07c7ceeb94b7719d78a8a3d8221695ba"}]}], "4011c6ed3ec831c0a859df4fd6a1cf59a90c42b433580b288a28728fb104cc462f4e92a1a4d50c2d9d75ce8b5ae9b1d6e9a4a79cae905957835e850585441d5cb5c76b06ad60a5a9003ebacf0d40fb6c636fd81af39f9d170ef5af99cd3e3e7ff54f71ca5d83d2b122ebbbc1333a2c811bc4095b572ebbcb83561044b2794ae54b33e99f48eac0eb"}}}}}}, 0xfca) 05:19:38 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000410000000000", 0x32) 05:19:38 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) 05:19:38 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f0000000000002c0000000000", 0x32) 05:19:38 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(0x0, 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:19:38 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x1000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 05:19:38 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000420000000000", 0x32) 05:19:38 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f0000000000002d0000000000", 0x32) [ 2297.326443][T13325] ref_ctr_offset mismatch. inode: 0x4836 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfffffff6 05:19:38 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(0x0, 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:19:38 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) 05:19:38 executing program 1: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) [ 2297.786995][T13345] syz-executor.4 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=0, oom_score_adj=1000 [ 2297.798824][T13345] CPU: 0 PID: 13345 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2297.807506][T13345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2297.817665][T13345] Call Trace: [ 2297.821002][T13345] dump_stack+0x1fb/0x318 [ 2297.825353][T13345] dump_header+0xd8/0x960 [ 2297.829710][T13345] oom_kill_process+0xee/0x370 [ 2297.834505][T13345] out_of_memory+0x5dc/0x900 [ 2297.839126][T13345] try_charge+0x128f/0x18a0 [ 2297.843706][T13345] __memcg_kmem_charge_memcg+0x37/0x140 [ 2297.849279][T13345] kmem_getpages+0x3f2/0x930 [ 2297.853893][T13345] cache_grow_begin+0x7e/0x2e0 [ 2297.858673][T13345] ? __cpuset_node_allowed+0x18d/0x510 [ 2297.864162][T13345] fallback_alloc+0x124/0x1c0 [ 2297.868871][T13345] ____cache_alloc_node+0x229/0x250 [ 2297.874211][T13345] kmem_cache_alloc+0x163/0x2e0 [ 2297.879079][T13345] ? anon_vma_fork+0xf7/0x540 [ 2297.883789][T13345] anon_vma_fork+0xf7/0x540 [ 2297.888315][T13345] ? dup_mmap+0x64e/0xdf0 [ 2297.892673][T13345] dup_mmap+0x6a8/0xdf0 [ 2297.896867][T13345] dup_mm+0x9e/0x340 [ 2297.900777][T13345] copy_process+0x2080/0x57b0 [ 2297.905536][T13345] _do_fork+0x13e/0x660 [ 2297.909714][T13345] ? retint_kernel+0x2b/0x2b [ 2297.914326][T13345] ? trace_hardirqs_on_caller+0x74/0x80 [ 2297.919893][T13345] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2297.925384][T13345] __x64_sys_clone+0x20b/0x250 [ 2297.930207][T13345] do_syscall_64+0xf7/0x1c0 [ 2297.934748][T13345] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2297.940664][T13345] RIP: 0033:0x45c479 [ 2297.944573][T13345] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2297.964440][T13345] RSP: 002b:00007fe0b78f1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2297.972867][T13345] RAX: ffffffffffffffda RBX: 00007fe0b78f26d4 RCX: 000000000045c479 05:19:39 executing program 1: mkdir(0x0, 0x0) [ 2297.981154][T13345] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 2297.989274][T13345] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2297.997268][T13345] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2298.005263][T13345] R13: 0000000000000074 R14: 00000000004c2d06 R15: 000000000076bf2c [ 2298.015091][T13345] memory: usage 307200kB, limit 307200kB, failcnt 17259 [ 2298.022257][T13345] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2298.029487][T13345] Memory cgroup stats for /syz4: [ 2298.030220][T13345] anon 118427648 [ 2298.030220][T13345] file 16384 [ 2298.030220][T13345] kernel_stack 29048832 [ 2298.030220][T13345] slab 52596736 [ 2298.030220][T13345] sock 0 [ 2298.030220][T13345] shmem 73728 [ 2298.030220][T13345] file_mapped 0 [ 2298.030220][T13345] file_dirty 0 [ 2298.030220][T13345] file_writeback 0 [ 2298.030220][T13345] anon_thp 0 [ 2298.030220][T13345] inactive_anon 786432 [ 2298.030220][T13345] active_anon 117719040 [ 2298.030220][T13345] inactive_file 0 [ 2298.030220][T13345] active_file 0 [ 2298.030220][T13345] unevictable 0 [ 2298.030220][T13345] slab_reclaimable 7704576 [ 2298.030220][T13345] slab_unreclaimable 44892160 [ 2298.030220][T13345] pgfault 250272 [ 2298.030220][T13345] pgmajfault 0 [ 2298.030220][T13345] workingset_refault 3762 [ 2298.030220][T13345] workingset_activate 1782 [ 2298.030220][T13345] workingset_nodereclaim 0 [ 2298.030220][T13345] pgrefill 142527 [ 2298.030220][T13345] pgscan 160160 [ 2298.030220][T13345] pgsteal 20105 [ 2298.124672][T13345] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=19251,uid=0 [ 2298.141021][T13345] Memory cgroup out of memory: Killed process 19251 (syz-executor.4) total-vm:74704kB, anon-rss:160kB, file-rss:35816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 2298.240936][ T1143] oom_reaper: reaped process 19251 (syz-executor.4), now anon-rss:0kB, file-rss:34856kB, shmem-rss:0kB [ 2298.328922][T13344] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2298.339881][T13344] CPU: 0 PID: 13344 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2298.348610][T13344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2298.358669][T13344] Call Trace: [ 2298.361980][T13344] dump_stack+0x1fb/0x318 [ 2298.366340][T13344] dump_header+0xd8/0x960 [ 2298.370694][T13344] oom_kill_process+0xee/0x370 [ 2298.375494][T13344] out_of_memory+0x5dc/0x900 [ 2298.380118][T13344] try_charge+0x128f/0x18a0 [ 2298.384698][T13344] mem_cgroup_try_charge+0x216/0x550 [ 2298.390024][T13344] mem_cgroup_try_charge_delay+0x25/0xa0 [ 2298.395685][T13344] wp_page_copy+0x35f/0x1c50 [ 2298.400332][T13344] do_wp_page+0x5e4/0x16d0 [ 2298.404759][T13344] ? __kasan_check_write+0x14/0x20 [ 2298.409886][T13344] ? do_raw_spin_lock+0x103/0x7b0 [ 2298.415096][T13344] ? handle_mm_fault+0x235a/0x2900 [ 2298.420253][T13344] handle_mm_fault+0x241f/0x2900 [ 2298.425257][T13344] do_user_addr_fault+0x588/0xaf0 [ 2298.430325][T13344] do_page_fault+0x13b/0x250 [ 2298.434948][T13344] page_fault+0x39/0x40 [ 2298.439109][T13344] RIP: 0033:0x413c37 [ 2298.443183][T13344] Code: ff ff ff 48 0f 45 d3 b9 22 00 02 00 45 31 c9 48 89 d6 48 89 95 68 ff ff ff 8b 95 60 ff ff ff 31 ff e8 5d 88 04 00 48 83 f8 ff <48> 89 85 78 ff ff ff 44 8b 95 38 ff ff ff 0f 84 c8 02 00 00 48 83 [ 2298.462798][T13344] RSP: 002b:00007ffeb3531060 EFLAGS: 00010213 [ 2298.468965][T13344] RAX: 00007fe0b78b1000 RBX: 0000000000020000 RCX: 000000000045c4ca [ 2298.476946][T13344] RDX: 0000000000000003 RSI: 0000000000021000 RDI: 0000000000000000 [ 2298.484923][T13344] RBP: 00007ffeb3531140 R08: ffffffffffffffff R09: 0000000000000000 [ 2298.492921][T13344] R10: 0000000000020022 R11: 0000000000000246 R12: 00007ffeb3531230 [ 2298.500925][T13344] R13: 0000000000001000 R14: 0000000000000001 R15: 000000000076bfcc [ 2298.511644][T13344] memory: usage 307044kB, limit 307200kB, failcnt 17275 [ 2298.518617][T13344] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2298.525537][T13344] Memory cgroup stats for /syz4: [ 2298.525624][T13344] anon 118292480 [ 2298.525624][T13344] file 16384 [ 2298.525624][T13344] kernel_stack 29011968 [ 2298.525624][T13344] slab 52596736 [ 2298.525624][T13344] sock 0 [ 2298.525624][T13344] shmem 73728 [ 2298.525624][T13344] file_mapped 0 [ 2298.525624][T13344] file_dirty 0 [ 2298.525624][T13344] file_writeback 0 [ 2298.525624][T13344] anon_thp 0 [ 2298.525624][T13344] inactive_anon 786432 [ 2298.525624][T13344] active_anon 117719040 [ 2298.525624][T13344] inactive_file 0 [ 2298.525624][T13344] active_file 0 [ 2298.525624][T13344] unevictable 0 [ 2298.525624][T13344] slab_reclaimable 7704576 [ 2298.525624][T13344] slab_unreclaimable 44892160 [ 2298.525624][T13344] pgfault 250272 [ 2298.525624][T13344] pgmajfault 0 [ 2298.525624][T13344] workingset_refault 3762 [ 2298.525624][T13344] workingset_activate 1782 [ 2298.525624][T13344] workingset_nodereclaim 0 [ 2298.525624][T13344] pgrefill 142725 [ 2298.525624][T13344] pgscan 160358 [ 2298.525624][T13344] pgsteal 20105 [ 2298.620180][T13344] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=13077,uid=0 [ 2298.646251][T13344] Memory cgroup out of memory: Killed process 13077 (syz-executor.4) total-vm:74968kB, anon-rss:176kB, file-rss:35800kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 2298.667945][ T1143] oom_reaper: reaped process 13077 (syz-executor.4), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB 05:19:40 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @remote}}) write$tun(r0, &(0x7f00000021c0)={@void, @val={0x9}, @mpls={[], @ipv6=@icmpv6={0x0, 0x6, "9eef7b", 0xf98, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x3, 0x0, 0x0, 0x0, {0x0, 0x6, "6595c3", 0x0, 0x0, 0x0, @mcast2, @loopback, [@dstopts={0x11, 0x13, [], [@padn={0x1, 0x0, [0x0]}, @enc_lim, @ra, @calipso={0x7, 0x30, {0x0, 0xa, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}}, @calipso={0x7, 0x40, {0x0, 0xe, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, @hao={0xc9, 0x10, @mcast2}, @jumbo, @pad1]}, @srh={0x2, 0xc, 0x4, 0x6, 0x0, 0x0, 0x0, [@loopback, @loopback, @remote, @mcast2, @local, @mcast2]}, @hopopts={0x0, 0x1b8, [], [@ra, @generic={0x0, 0xdbb, "0cad4f4a7eeb53720a5107b6d8001a2f2241086745756559ca43dcc86c24645dd1ca87e3caf5413013c6baee7f151d411bad8f23a85fadfe0f959c12d3393193f4499171ba7b0fdee3a48548863719a05490befc514e21c91ea0c4bcc0e488e1cec20d2c2a5a69ce3dd47d41718560907c58078035d2a51850b0d85282b4a9ab5626b195d85d2727ed7047b647859a72011ff3fa524341909f841651f63701526c6a7e741f3bded9c25d978a77f334d12931fdd5484306ec3d6b268311f46917b7e42efa149511bafa5415d17ac02ab8937249a68b2e3fddb941b0040ced142c2afedcbec1039d40f4923ea3d4475ac561a6a0e869569dd13e736bf127eacb110f8d010329fccadf8e48b27819c823ca0f507f87b3d63ef1869cba2fe3deb0ad1dbaa1a343ab0a856f3e248c6af4ddbfc11824031ce2beeae0991b79382da8b02e0d25715845fc86df5a6279d54d675789e58df953992123c28c532058750c5978a819ddaadbcbe1d7fc264cb688b91668e116227771f36e2a8eb8b7bc364dbda1b3225c6bf9d82ae1e69fe54b17ff692f8b47718b508b8a4e10735bcb55f90616e50d6ba8851388d0f1b39957374ddc9efb243ac2a2bc436e867f3e1499e62d9d158ac22d4d0350b45d1ff2db14ff9507defa68bd37bc5a2e4f7988329171dd59db16a044b748fb6e05e3ca8f863b2ddd8623495f0c3d183e1b610263f17d7629921562a42a3c45a515a30a2c3edc574dff264f881f61393447a1fd773a20e494ac3afc0df59da758af735fbd5e6ad689e95675e29c15617764084f5b6f4732435f63ccb423df6442ad322600e21be45296fd27ca9e08ee7f442a688a32817404d9300ce4a70c2b75ca422b2173a52e9a800f5e520f349525b4c493701ae68ae0efc5e117b9a20735e47c37ccd977686b30d6cabb18f8e7c07ef9721f7daaf4b2c1fd02ec9a2e6e2fd458fa93e4f54d96d5e25ebaca4f322994ae737ee0181b9fac284e952b71fa18ecc7f1c3752a6385a596c094d36654008db0a2a785bf55bcb973d3c5e45ea9ca7506c10ecc0472fd4dd568e38548e87f8557d90290d8a8985cfa43853de5ff75d5a6d8f697c2a6a727675ea5aa1779b1cc98b4ff9556933c7bfa3ae59ada5c8d49191cbea2f2b457dd53c62a4dd257e808b3804cd18a95d566a818797fdc09f4b607dc97b634a9d9e447cc2252f51dd8ad9f5a10ccf32b7154992623957d963731bc4331adfc90c48361e4e2239892c82ff9260ad221c2e83c2352095d95a3d44a402e874edaa8a304f2e1c3d6a383a0515eb5657589a67691a22f10b89fd74123f7cec086d434da40ba509b0dbdf1fa82f4b16f9f3e6df6b0b28c3a85ab272e50e064fc37f681fcb5cfa0c0899a9b88d0a483281032cb16a80202b96cfe473ba073fcb9a6eeeee0032afe23506facba3ed1d11608d21a580ab87eeef70d18d9331eae104f6d77a4bc96bce642815485f513bb71ddc560bc31e995aba9faccd7d1bf74c8fe2b5d7137e3b771a2f408ac06d24bad2f7f4c8f6d7d977d7248415ccbd3420688ff681cf9b00724b6981b2555b86bce142c5d3bef47ebf75e989b337cb8cb98ed24402a98a4224685ceb2ded92f347e5192903dff7f6ed980cbf1413b8eb68474a9abac3fb206ef1ebe0d08dd999c9ecf811d0706d0a705a23ae530d3775e978159dc3c73b86dcd18a61e1c6c8b810041fbd80e0a4c9ff8a73933bb3dae152514ced9ee050e059c6f1bd0dbf2e3517ee3c2d770c296e6596290cf800508715da0799efced72be1ab153bec534129279639ba1afde05179952bf9e80133865b60c5669ef3b6972483e2936ac87a69c8e296a0c24cc0b2ce8583c99414ce7d7309c404b0652f27e6911fdfb59877366fa8754e716e50aa99cd04cbf7eb2c8e118b1a17d9965d6611dc65ac8c6b3a4d5d3df3097c4163c354509b50df0cc2daf0291bbd384a34dec960fd84a67cb30b761ee8161bb25d389bd20e15bfcf7f5edd77005e96e90c5a9bbacd7b3f9f5bbdb880f0a7e1254572b86cb28b3c310ba3052d3785b024ed3f3fafabf1393cf2d882b8bacca30d69adc024baede50d9b0bc2ffcd2bf5c6fef2fc290390162b563b8e846d7b615115818623113f01a1c216b9f588b65db63a459bcfce53020debb6de6e746ef2f9f1c8276ba8995e1bd02d3194e9875e1692ea0255743ba2175c4a804f57a4c19a2c7a4f8f36557878deba2d485aa67c2f36ccbb582f3c569e5d00fe8636857f30854abea6758389bcc832d0de97635ea41e42efa0b7c06fd4f84deeaebccfa8852e3c5582ade34fbe462b5244156d4545bd32377c65e3b0303879f8cc8f177056e39f99591dbaf1b2640f9b68c4cf3989fdd442cb1298d62ce43a21c56bc9556eb27431c04ed337fcd37c26387772677c25c7be21ee74d087c7b88457f30b34a493acb519295f38f4b9bc6764fcbd763d4f9e061d0fd8cb7800e2e0ec18d0fbfdbddc9af8d817b3cf16ce82c91f184f5c8184736203e1bcdb4b8c03a2176926cac0ba9fcf7e21604973d53ee3fc38263e80cea9b1cd9a5016d3e03141426a6802e0926485e8afff7cf8be9bdd2ce685128a7631314c4414a6ade6a85975c1b2958d9c52e455174ca71562eaf6102654466c66f5d3e251e6cae5efd91a88a2513f0587d80b9aafd1936b43beb4054bc35f1c42c0381618bbba181f0de8f4e7aa15f87bc7bb4609f88eadbb83bcc13f8caf7eca20a938c35378f8d3a810a7463d8a2487a157871a7402ab05b54bed456fb2d4c440976ccb4e724a20ba1941f3b3db4f8a185982bd719362b7e190052b5579835d1da2adcfdbec002fdb5f7b187fd365eb601432bf984ad6ee59e13aafba08485997587417b70f8cdf4f7370f04d94df49e135ed3012b87e50b93b27c78e1409f05a4bc0b75e6322068de9b0af459fdc40e3649fb2a7fb1296e00e7d48315705ecbb7815fedb45b8773309489e47aaa4009952604df5d6cd57ec310fc387ecdb296c11376715286df3d15f651310461e83c2ae6d407db6f81784b291e6c8f42907dd4c473cb72dedeb930668d6e5efd95bd1f69d9e818a744557689f7106d0d2a3c3e6f79c98559f9c31ca32307011fa3d70963cc2801babc9a23f73f5fa4bcd04285927f6ef7c5099a4620b85ca8dff2a56fe8aac89949dac74cf869739610d87068e3d32fdba1d5b7460b7857249091cb62b6d9f824ffb9b88a02ea4926da7b8b672ad08ec8c7508a3c5ba901e7c8c8a19e63bbc148a8bb307c6f5d87c736c9d6bcfaabdc7da7102a8bc466c6c11c0bf1973aaf9bc181f996b8aa726dc952dd26df33d6b2aa8de037308df7935ef3390e5939fd9cdf2044b40422197fac93f1762ad342d293162c109f39a369e48977af8ea32a7a098fd9cd7cd979b41a104b8359038cd6741a73968c72d09e9b9869d8dc5fc36b9bfdc89b8cffcede960561a9d1e4aa2453f712caecd2a4206947d3588190e3433bdb87a9241e08686dc78f00162f8239d660b74d42ae1d534ffc3a51fc308f98a5ac00f4da9bdcee4e6d0bf627d17366691a3ab8569b730ad31dcc5324c8835b19b65a11845a03434e10329c5feeeb1088b13a3bc3fe65c3eb6e549003d8d211b87823a44910b2a42e340dd2176a17a2e6ebb45cc59baa9a3bbfd74e6ee8d2c512a825292bdd7abe5ff7ede61b74376e5bc37faf8d69346fa32708df690b2d5b5f18727e4bdb899718e38dae959bb56d95ac153beb1426f3cca03105d5fed56e597822bfc31bb284a9848f1b6b9a1910ad2af8b76887cdd2b1de1f81cd542e0c889e89737d61f5e50ef964205a3b4c77c72271f83015e34989d60ef6d0d6c307902975d5dbe90a23ee1cde956cf70135c91a199d9f75500dc95604b9e7eb365ea858d90377601bad95e07a0f156ffc02778365315b67093aebe32a2a5f00ba8b0eae6fb0414eabe117fd590bc39e9208b4137977b5a8610462f2e83cff2b16edcb444b5d33035d0a80bcb1da228247cad6c11369c5026c5a8320d97cbac232b0ecc0b201552e0f41ab143040324217ad67e8606b34a3349e4ef0c34f9cf56d5b6d157c09b178b358491eb270093a99f522afa3aedaf5dc705fe1842b12515dfe1650dd92ab489bed299677eeff81da531569a3ad832ae273a0b47627561a35da92a6c1b161dbf496248f04feb5a407d99968d6ba0174f453d94708be5a57d82b980bd7751b4a9590dc7b4d38c912a8571ebc39150f7e52efad66cb6d3996710bc5a3e89576182a6a1e15d95dbd74c1ab791bee657547ffb645feb8566ed8db97003f1ff2312946a0404c8dfc0f0a240d8320795c83e66f1429eb56db9ba6e1cee43cbc9e95bd10ceccf1f2ff6b8264ed4e83928e0c5056ad07ba0dad0bb21bec76d7b6ee05a2f0bac88f17004e2e299ccb2679099cc838e25f78685509b69d3164c1fae4c538e683af818d223e8806f50da7504008173b9fc69eafb649dc4b516e4554edbe8c9a0ba46db39c962af343e9caada22d55e3d7ad01e5e5d7d146edfc3a93ce8afde8416b8e9a929b8d88909e11554f1b934a98be2d6e6e0ae2ff66f10be722958a0c0c3766f69d590fc56ed8ae47c289413d62310e8022369e8102d0407bfd30c103fb743c81360752a71f36be5a511c43ebdb493d96a7b2eb80494a028f6cc76a2d0eb0aa1f1392bb50a2ba71384f071473d0774e425dd2d212b537f8f654458e0a5d300780c3d29ddcabe9fdd95c14e6cbd924d1aad9eaa2e00d45278609ef27fdec8d81c9221d07b59370db0911550fdddc9ef3ba760109ba384b3ad7ba5747aa50e0b9832bf39cbf5244de38af8c273d497597be8d4e5575d13a580584436621bb5b7878d23991a6221381af19ef2be71e2c7dea6e5fc9dbe0039ccb02d13d978eebdd411727ee7faed65ca6c872bf9c37322ede378709e9f6a61a1b07c7ceeb94b7719d78a8a3d8221695ba"}]}], "4011c6ed3ec831c0a859df4fd6a1cf59a90c42b433580b288a28728fb104cc462f4e92a1a4d50c2d9d75ce8b5ae9b1d6e9a4a79cae905957835e850585441d5cb5c76b06ad60a5a9003ebacf0d40fb6c636fd81af39f9d170ef5af99cd3e3e7ff54f71ca5d83d2b122ebbbc1333a2c811bc4095b572ebbcb83561044b2794ae54b33e99f48eac0eb"}}}}}}, 0xfca) 05:19:40 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000430000000000", 0x32) 05:19:40 executing program 1: mkdir(0x0, 0x0) 05:19:40 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f0000000000002e0000000000", 0x32) 05:19:40 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x2000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 05:19:40 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(0x0, 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:19:40 executing program 1: mkdir(0x0, 0x0) [ 2299.250702][T13370] ref_ctr_offset mismatch. inode: 0x47f5 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfffffff6 05:19:40 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f0000000000002f0000000000", 0x32) 05:19:40 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000280)="1c0000001a009b8a140000003b9b301f000000000000440000000000", 0x32) 05:19:40 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(0x0, 0x0, 0x112) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) 05:19:40 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000d40), 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000001c0)) set_thread_area(0x0) pivot_root(0x0, 0x0) [ 2299.934872][T13393] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2299.947868][T13393] CPU: 1 PID: 13393 Comm: syz-executor.1 Not tainted 5.6.0-rc3-syzkaller #0 [ 2299.956719][T13393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2299.966794][T13393] Call Trace: [ 2299.970096][T13393] dump_stack+0x1fb/0x318 [ 2299.974478][T13393] dump_header+0xd8/0x960 [ 2299.979019][T13393] oom_kill_process+0xee/0x370 [ 2299.983945][T13393] out_of_memory+0x5dc/0x900 [ 2299.988555][T13393] try_charge+0x128f/0x18a0 [ 2299.993246][T13393] __memcg_kmem_charge_memcg+0x37/0x140 [ 2299.998815][T13393] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2300.004395][T13393] __memcg_kmem_charge+0x105/0x340 [ 2300.009518][T13393] __alloc_pages_nodemask+0x29a/0x5d0 [ 2300.014917][T13393] alloc_pages_current+0x2db/0x500 [ 2300.020036][T13393] pte_alloc_one+0x1f/0x180 [ 2300.024540][T13393] __pte_alloc+0x20/0x2f0 [ 2300.028874][T13393] copy_page_range+0x2434/0x2950 [ 2300.033811][T13393] ? lockdep_hardirqs_on+0x4a5/0x7a0 [ 2300.039090][T13393] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2300.044585][T13393] ? trace_hardirqs_on_caller+0x74/0x80 [ 2300.050162][T13393] ? init_admin_reserve+0xc0/0xc0 [ 2300.055266][T13393] dup_mmap+0x9f1/0xdf0 [ 2300.059464][T13393] dup_mm+0x9e/0x340 [ 2300.063392][T13393] copy_process+0x2080/0x57b0 [ 2300.068097][T13393] ? debug_smp_processor_id+0x9/0x20 [ 2300.073561][T13393] _do_fork+0x13e/0x660 [ 2300.077875][T13393] ? retint_kernel+0x2b/0x2b [ 2300.082488][T13393] ? trace_hardirqs_on_caller+0x74/0x80 [ 2300.088036][T13393] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2300.093510][T13393] __x64_sys_clone+0x20b/0x250 [ 2300.098296][T13393] do_syscall_64+0xf7/0x1c0 [ 2300.102818][T13393] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2300.108716][T13393] RIP: 0033:0x45c479 [ 2300.112610][T13393] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2300.132218][T13393] RSP: 002b:00007fea86ba9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2300.140633][T13393] RAX: ffffffffffffffda RBX: 00007fea86baa6d4 RCX: 000000000045c479 [ 2300.148602][T13393] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 2300.156570][T13393] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2300.164543][T13393] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2300.172513][T13393] R13: 0000000000000074 R14: 00000000004c2d06 R15: 000000000076bf2c [ 2300.183354][T13393] memory: usage 307200kB, limit 307200kB, failcnt 12938 [ 2300.190642][T13393] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2300.197627][T13393] Memory cgroup stats for /syz1: [ 2300.198518][T13393] anon 117641216 [ 2300.198518][T13393] file 0 [ 2300.198518][T13393] kernel_stack 28422144 [ 2300.198518][T13393] slab 54370304 [ 2300.198518][T13393] sock 131072 [ 2300.198518][T13393] shmem 0 [ 2300.198518][T13393] file_mapped 135168 [ 2300.198518][T13393] file_dirty 135168 [ 2300.198518][T13393] file_writeback 0 [ 2300.198518][T13393] anon_thp 0 [ 2300.198518][T13393] inactive_anon 516096 [ 2300.198518][T13393] active_anon 117342208 [ 2300.198518][T13393] inactive_file 4096 [ 2300.198518][T13393] active_file 0 [ 2300.198518][T13393] unevictable 0 [ 2300.198518][T13393] slab_reclaimable 10002432 [ 2300.198518][T13393] slab_unreclaimable 44367872 [ 2300.198518][T13393] pgfault 242121 [ 2300.198518][T13393] pgmajfault 0 [ 2300.198518][T13393] workingset_refault 2112 [ 2300.198518][T13393] workingset_activate 561 [ 2300.198518][T13393] workingset_nodereclaim 0 [ 2300.198518][T13393] pgrefill 104343 [ 2300.198518][T13393] pgscan 105691 [ 2300.198518][T13393] pgsteal 3527 [ 2300.295262][T13393] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=12083,uid=0 [ 2300.311870][T13393] Memory cgroup out of memory: Killed process 12083 (syz-executor.1) total-vm:74704kB, anon-rss:156kB, file-rss:35808kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2300.380168][T13396] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2300.391066][T13396] CPU: 0 PID: 13396 Comm: syz-executor.4 Not tainted 5.6.0-rc3-syzkaller #0 [ 2300.399739][T13396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2300.409790][T13396] Call Trace: [ 2300.413084][T13396] dump_stack+0x1fb/0x318 [ 2300.417422][T13396] dump_header+0xd8/0x960 [ 2300.421757][T13396] oom_kill_process+0xee/0x370 [ 2300.426522][T13396] out_of_memory+0x5dc/0x900 [ 2300.431124][T13396] try_charge+0x128f/0x18a0 [ 2300.435668][T13396] __memcg_kmem_charge_memcg+0x37/0x140 [ 2300.441208][T13396] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2300.446766][T13396] __memcg_kmem_charge+0x105/0x340 [ 2300.451888][T13396] dup_task_struct+0x244/0x7d0 [ 2300.456662][T13396] copy_process+0x552/0x57b0 [ 2300.461258][T13396] ? debug_smp_processor_id+0x9/0x20 [ 2300.466545][T13396] ? check_preemption_disabled+0x44/0x260 [ 2300.472274][T13396] ? debug_smp_processor_id+0x9/0x20 [ 2300.477566][T13396] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2300.483026][T13396] ? trace_hardirqs_off+0x74/0x80 [ 2300.488061][T13396] ? rcu_irq_exit_irqson+0xc3/0x110 [ 2300.493276][T13396] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2300.498736][T13396] ? retint_kernel+0x2b/0x2b [ 2300.503362][T13396] _do_fork+0x13e/0x660 [ 2300.507681][T13396] ? retint_kernel+0x2b/0x2b [ 2300.512463][T13396] __x64_sys_clone+0x20b/0x250 [ 2300.517292][T13396] do_syscall_64+0xf7/0x1c0 [ 2300.521963][T13396] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2300.527868][T13396] RIP: 0033:0x45c479 [ 2300.531770][T13396] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2300.551377][T13396] RSP: 002b:00007fe0b78f1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2300.559791][T13396] RAX: ffffffffffffffda RBX: 00007fe0b78f26d4 RCX: 000000000045c479 [ 2300.567765][T13396] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 2300.575754][T13396] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2300.583731][T13396] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2300.591705][T13396] R13: 0000000000000074 R14: 00000000004c2d06 R15: 000000000076bf2c [ 2300.601330][T13396] memory: usage 307200kB, limit 307200kB, failcnt 17324 [ 2300.608350][T13396] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2300.615535][T13396] Memory cgroup stats for /syz4: [ 2300.616315][T13396] anon 118558720 [ 2300.616315][T13396] file 16384 [ 2300.616315][T13396] kernel_stack 29011968 [ 2300.616315][T13396] slab 52596736 [ 2300.616315][T13396] sock 0 [ 2300.616315][T13396] shmem 73728 [ 2300.616315][T13396] file_mapped 0 [ 2300.616315][T13396] file_dirty 0 [ 2300.616315][T13396] file_writeback 0 [ 2300.616315][T13396] anon_thp 0 [ 2300.616315][T13396] inactive_anon 786432 [ 2300.616315][T13396] active_anon 117719040 [ 2300.616315][T13396] inactive_file 0 [ 2300.616315][T13396] active_file 0 [ 2300.616315][T13396] unevictable 0 [ 2300.616315][T13396] slab_reclaimable 7704576 [ 2300.616315][T13396] slab_unreclaimable 44892160 [ 2300.616315][T13396] pgfault 250470 [ 2300.616315][T13396] pgmajfault 0 [ 2300.616315][T13396] workingset_refault 3795 [ 2300.616315][T13396] workingset_activate 1782 [ 2300.616315][T13396] workingset_nodereclaim 0 [ 2300.616315][T13396] pgrefill 143091 [ 2300.616315][T13396] pgscan 160689 [ 2300.616315][T13396] pgsteal 20105 [ 2300.711962][T13396] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=11007,uid=0 [ 2300.728274][T13396] Memory cgroup out of memory: Killed process 11007 (syz-executor.4) total-vm:74968kB, anon-rss:176kB, file-rss:35800kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 2404.799132][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 2404.806223][ C1] (detected by 1, t=10502 jiffies, g=371957, q=34) [ 2404.812956][ C1] rcu: All QSes seen, last rcu_preempt kthread activity 10502 (4295177603-4295167101), jiffies_till_next_fqs=1, root ->qsmask 0x0 [ 2404.826322][ C1] syz-executor.1 R running task 24824 13393 9215 0x80004002 [ 2404.834253][ C1] Call Trace: [ 2404.837558][ C1] [ 2404.840551][ C1] sched_show_task+0x411/0x560 [ 2404.845399][ C1] rcu_sched_clock_irq+0x188c/0x1aa0 [ 2404.850826][ C1] update_process_times+0x12d/0x180 [ 2404.856244][ C1] tick_sched_timer+0x263/0x420 [ 2404.861112][ C1] ? tick_setup_sched_timer+0x3e0/0x3e0 [ 2404.866806][ C1] __hrtimer_run_queues+0x3f3/0x840 [ 2404.872044][ C1] hrtimer_interrupt+0x37c/0xda0 [ 2404.877159][ C1] ? debug_smp_processor_id+0x9/0x20 [ 2404.882469][ C1] smp_apic_timer_interrupt+0x109/0x280 [ 2404.888702][ C1] apic_timer_interrupt+0xf/0x20 [ 2404.893813][ C1] [ 2404.896764][ C1] RIP: 0010:lock_acquire+0x1ae/0x250 [ 2404.902045][ C1] Code: c1 e8 03 42 80 3c 30 00 74 0c 48 c7 c7 50 d3 2a 89 e8 56 67 58 00 48 83 3d ae f7 ce 07 00 0f 84 9c 00 00 00 48 8b 7d c0 57 9d <0f> 1f 44 00 00 48 83 c4 30 5b 41 5c 41 5d 41 5e 41 5f 5d c3 44 89 [ 2404.921909][ C1] RSP: 0018:ffffc9001db56e18 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 [ 2404.930498][ C1] RAX: 1ffffffff1255a6a RBX: 0000000000000000 RCX: b9f151b2d437fdaa [ 2404.938721][ C1] RDX: dffffc0000000000 RSI: ffff888097772db8 RDI: 0000000000000286 [ 2404.946714][ C1] RBP: ffffc9001db56e70 R08: dffffc0000000000 R09: fffffbfff1406515 [ 2404.954858][ C1] R10: fffffbfff1406515 R11: 0000000000000000 R12: 0000000000000000 [ 2404.962847][ C1] R13: 0000000000000000 R14: dffffc0000000000 R15: ffffffff892d9948 [ 2404.970889][ C1] rcu_lock_acquire+0x2e/0x40 [ 2404.975599][ C1] ? rcu_lock_acquire+0x9/0x40 [ 2404.980374][ C1] list_lru_count_one+0x4f/0x2d0 [ 2404.985481][ C1] super_cache_count+0x185/0x2a0 [ 2404.990570][ C1] do_shrink_slab+0xd5/0x5d0 [ 2404.995300][ C1] ? radix_tree_lookup+0x198/0x1c0 [ 2405.000436][ C1] shrink_slab_memcg+0x247/0x490 [ 2405.005415][ C1] shrink_slab+0x7a/0x290 [ 2405.009776][ C1] ? mem_cgroup_iter+0x3f0/0x590 [ 2405.014733][ C1] ? mem_cgroup_iter+0x3f0/0x590 [ 2405.019803][ C1] shrink_node_memcgs+0x2af/0x5b0 [ 2405.024891][ C1] shrink_node+0xb6b/0x1970 [ 2405.029632][ C1] shrink_zones+0x275/0x8a0 [ 2405.034323][ C1] ? vmpressure_prio+0x31/0x120 [ 2405.039373][ C1] do_try_to_free_pages+0x215/0xbb0 [ 2405.044632][ C1] ? _raw_spin_unlock_irq+0x64/0x80 [ 2405.049985][ C1] try_to_free_mem_cgroup_pages+0x33a/0x660 [ 2405.055948][ C1] try_charge+0x5bd/0x18a0 [ 2405.060460][ C1] __memcg_kmem_charge_memcg+0x37/0x140 [ 2405.066132][ C1] ? get_mem_cgroup_from_mm+0x19b/0x1b0 [ 2405.071965][ C1] __memcg_kmem_charge+0x105/0x340 [ 2405.077107][ C1] __alloc_pages_nodemask+0x29a/0x5d0 [ 2405.082533][ C1] alloc_pages_current+0x2db/0x500 [ 2405.087663][ C1] pte_alloc_one+0x1f/0x180 [ 2405.092332][ C1] __pte_alloc+0x20/0x2f0 [ 2405.096864][ C1] copy_page_range+0x2434/0x2950 [ 2405.102015][ C1] ? lockdep_hardirqs_on+0x4a5/0x7a0 [ 2405.107310][ C1] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2405.112798][ C1] ? trace_hardirqs_on_caller+0x74/0x80 [ 2405.118397][ C1] ? init_admin_reserve+0xc0/0xc0 [ 2405.123593][ C1] dup_mmap+0x9f1/0xdf0 [ 2405.127786][ C1] dup_mm+0x9e/0x340 [ 2405.131710][ C1] copy_process+0x2080/0x57b0 [ 2405.136588][ C1] ? debug_smp_processor_id+0x9/0x20 [ 2405.142049][ C1] _do_fork+0x13e/0x660 [ 2405.146208][ C1] ? retint_kernel+0x2b/0x2b [ 2405.150819][ C1] ? trace_hardirqs_on_caller+0x74/0x80 [ 2405.156376][ C1] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2405.161892][ C1] __x64_sys_clone+0x20b/0x250 [ 2405.166887][ C1] do_syscall_64+0xf7/0x1c0 [ 2405.171523][ C1] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2405.177414][ C1] RIP: 0033:0x45c479 [ 2405.181495][ C1] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2405.201119][ C1] RSP: 002b:00007fea86ba9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2405.209674][ C1] RAX: ffffffffffffffda RBX: 00007fea86baa6d4 RCX: 000000000045c479 [ 2405.217662][ C1] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 2405.225655][ C1] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 2405.233892][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2405.241883][ C1] R13: 0000000000000074 R14: 00000000004c2d06 R15: 000000000076bf2c [ 2405.249899][ C1] rcu: rcu_preempt kthread starved for 10502 jiffies! g371957 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 2405.261181][ C1] rcu: RCU grace-period kthread stack dump: [ 2405.267084][ C1] rcu_preempt R running task 28424 10 2 0x80004000 [ 2405.275270][ C1] Call Trace: [ 2405.278576][ C1] __schedule+0x87f/0xcd0 [ 2405.282999][ C1] schedule+0x188/0x210 [ 2405.287174][ C1] schedule_timeout+0x14f/0x240 [ 2405.292128][ C1] ? run_local_timers+0x120/0x120 [ 2405.297182][ C1] rcu_gp_kthread+0xe8d/0x17e0 [ 2405.301978][ C1] kthread+0x332/0x350 [ 2405.306062][ C1] ? rcu_report_qs_rsp+0x140/0x140 [ 2405.311187][ C1] ? kthread_blkcg+0xe0/0xe0 [ 2405.315794][ C1] ret_from_fork+0x24/0x30